Add phone number null checking in deprecated method and add tests

JoaoSouMoreira · JoaoSouMoreira · commit 8bd77fa37b36 · 2025-08-05T09:49:53.000-04:00
diff --git a/src/main/java/com/auth0/client/auth/AuthAPI.java b/src/main/java/com/auth0/client/auth/AuthAPI.java
@@ -1397,9 +1397,6 @@ public Request<CreatedOtpResponse> addOtpAuthenticator(String mfaToken) {
 
 
     private BaseRequest<CreatedOobResponse> createBaseOobRequest(String mfaToken, List<String> oobChannels) {
-        Asserts.assertNotNull(mfaToken, "mfa token");
-        Asserts.assertNotNull(oobChannels, "OOB channels");
-
         String url = baseUrl
             .newBuilder()
             .addPathSegment("mfa")
@@ -1443,7 +1440,14 @@ private BaseRequest<CreatedOobResponse> createBaseOobRequest(String mfaToken, Li
      */
     @Deprecated
     public Request<CreatedOobResponse> addOobAuthenticator(String mfaToken, List<String> oobChannels, String phoneNumber) {
+        Asserts.assertNotNull(mfaToken, "mfa token");
+        Asserts.assertNotNull(oobChannels, "OOB channels");
+        if (oobChannels.contains("sms") || oobChannels.contains("voice")) {
+            Asserts.assertNotNull(phoneNumber, "phone number");
+        }
+
         BaseRequest<CreatedOobResponse> request = createBaseOobRequest(mfaToken, oobChannels);
+
         if (phoneNumber != null) {
             request.addParameter("phone_number", phoneNumber);
         }
@@ -1474,6 +1478,8 @@ public Request<CreatedOobResponse> addOobAuthenticator(String mfaToken, List<Str
      * @see <a href="https://auth0.com/docs/secure/multi-factor-authentication/authenticate-using-ropg-flow-with-mfa/enroll-challenge-sms-voice-authenticators#enroll-with-sms-or-voice">Enroll with SMS or voice</a>
      */
     public Request<CreatedOobResponse> addOobAuthenticator(String mfaToken, List<String> oobChannels, String phoneNumber, String emailAddress) {
+        Asserts.assertNotNull(mfaToken, "mfa token");
+        Asserts.assertNotNull(oobChannels, "OOB channels");
         if (oobChannels.contains("sms") || oobChannels.contains("voice")) {
             Asserts.assertNotNull(phoneNumber, "phone number");
         }
diff --git a/src/test/java/com/auth0/client/auth/AuthAPITest.java b/src/test/java/com/auth0/client/auth/AuthAPITest.java
@@ -1541,24 +1541,33 @@ public void addOtpAuthenticatorRequest() throws Exception {
         assertThat(response.getRecoveryCodes(), notNullValue());
     }
 
+    @SuppressWarnings("deprecation")
     @Test
-    public void addOobAuthenticatorThrowsWhenTokenNull() {
+    public void addOobAuthenticatorDeprecatedThrowsWhenTokenNull() {
         verifyThrows(IllegalArgumentException.class,
-            () -> api.addOobAuthenticator(null, Collections.singletonList("otp"), null, null),
+            () -> api.addOobAuthenticator(null, Collections.singletonList("auth0"), null),
             "'mfa token' cannot be null!");
     }
 
     @SuppressWarnings("deprecation")
     @Test
-    public void addOobAuthenticatorThrowsWhenChannelsNull() {
+    public void addOobAuthenticatorDeprecatedThrowsWhenChannelsNull() {
         verifyThrows(IllegalArgumentException.class,
             () -> api.addOobAuthenticator("mfaToken", null, null),
             "'OOB channels' cannot be null!");
     }
 
     @SuppressWarnings("deprecation")
     @Test
-    public void addOobAuthenticatorRequest() throws Exception {
+    public void addOobAuthenticatorDeprecatedThrowsWhenPhoneNumberNull() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.addOobAuthenticator("mfaToken", Collections.singletonList("sms"), null),
+            "'phone number' cannot be null!");
+    }
+
+    @SuppressWarnings("deprecation")
+    @Test
+    public void addOobAuthenticatorDeprecatedRequest() throws Exception {
         Request<CreatedOobResponse> request = api.addOobAuthenticator("mfaToken", Collections.singletonList("sms"), "phone-number");
 
         server.jsonResponse(AUTH_OOB_AUTHENTICATOR_RESPONSE, 200);
@@ -1581,22 +1590,92 @@ public void addOobAuthenticatorRequest() throws Exception {
         assertThat(response.getRecoveryCodes(), notNullValue());
     }
 
+    @Test
+    public void addOobAuthenticatorThrowsWhenTokenNull() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.addOobAuthenticator(null, Collections.singletonList("auth0"), null, null),
+            "'mfa token' cannot be null!");
+    }
+
+
+    @Test
+    public void addOobAuthenticatorThrowsWhenChannelsNull() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.addOobAuthenticator("mfaToken", null, null, null),
+            "'OOB channels' cannot be null!");
+    }
+
     @Test
     public void addOobAuthenticatorThrowsWhenPhoneNumberNull() {
         verifyThrows(IllegalArgumentException.class,
             () -> api.addOobAuthenticator("mfaToken", Collections.singletonList("sms"), null, null),
             "'phone number' cannot be null!");
     }
 
+    @Test
+    public void addOobAuthenticatorThrowsWhenPhoneNumberNullWithVoiceChannel() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.addOobAuthenticator("mfaToken", Collections.singletonList("voice"), null, null),
+            "'phone number' cannot be null!");
+    }
+
     @Test
     public void addOobAuthenticatorThrowsWhenEmailNull() {
         verifyThrows(IllegalArgumentException.class,
             () -> api.addOobAuthenticator("mfaToken", Collections.singletonList("email"), null, null),
             "'email address' cannot be null!");
     }
 
+    @Test
+    public void addOobAuthenticatorRequestWithPhoneNumber() throws Exception {
+        Request<CreatedOobResponse> request = api.addOobAuthenticator("mfaToken", Collections.singletonList("sms"), "phone-number", null);
+
+        server.jsonResponse(AUTH_OOB_AUTHENTICATOR_RESPONSE, 200);
+        CreatedOobResponse response = request.execute().getBody();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath(HttpMethod.POST, "/mfa/associate"));
+        assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
+
+        Map<String, Object> body = bodyFromRequest(recordedRequest);
+        assertThat(body, hasEntry("authenticator_types", Collections.singletonList("oob")));
+        assertThat(body, hasEntry("oob_channels", Collections.singletonList("sms")));
+        assertThat(body, hasEntry("phone_number", "phone-number"));
+
+        assertThat(response, is(notNullValue()));
+        assertThat(response.getAuthenticatorType(), not(emptyOrNullString()));
+        assertThat(response.getOobChannel(), not(emptyOrNullString()));
+        assertThat(response.getOobCode(), not(emptyOrNullString()));
+        assertThat(response.getBarcodeUri(), not(emptyOrNullString()));
+        assertThat(response.getRecoveryCodes(), notNullValue());
+    }
+
     @Test
     public void addOobAuthenticatorRequestWithEmail() throws Exception {
+        Request<CreatedOobResponse> request = api.addOobAuthenticator("mfaToken", Collections.singletonList("email"), null, "email-address");
+
+        server.jsonResponse(AUTH_OOB_AUTHENTICATOR_RESPONSE, 200);
+        CreatedOobResponse response = request.execute().getBody();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath(HttpMethod.POST, "/mfa/associate"));
+        assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
+
+        Map<String, Object> body = bodyFromRequest(recordedRequest);
+        assertThat(body, hasEntry("authenticator_types", Collections.singletonList("oob")));
+        assertThat(body, hasEntry("oob_channels", Collections.singletonList("email")));
+        assertThat(body, hasEntry("email", "email-address"));
+
+        assertThat(response, is(notNullValue()));
+        assertThat(response.getAuthenticatorType(), not(emptyOrNullString()));
+        assertThat(response.getOobChannel(), not(emptyOrNullString()));
+        assertThat(response.getOobCode(), not(emptyOrNullString()));
+        assertThat(response.getBarcodeUri(), not(emptyOrNullString()));
+        assertThat(response.getRecoveryCodes(), notNullValue());
+    }
+
+    @Test
+    public void addOobAuthenticatorRequestWithMultipleChannels() throws Exception {
         Request<CreatedOobResponse> request = api.addOobAuthenticator("mfaToken", Arrays.asList("sms", "email"), "phone-number", "email-address");
 
         server.jsonResponse(AUTH_OOB_AUTHENTICATOR_RESPONSE, 200);
@@ -1620,6 +1699,29 @@ public void addOobAuthenticatorRequestWithEmail() throws Exception {
         assertThat(response.getRecoveryCodes(), notNullValue());
     }
 
+    @Test
+    public void addOobAuthenticatorRequestWithAuth0Channel() throws Exception {
+        Request<CreatedOobResponse> request = api.addOobAuthenticator("mfaToken", Collections.singletonList("auth0"), null, "email-address");
+
+        server.jsonResponse(AUTH_OOB_AUTHENTICATOR_RESPONSE, 200);
+        CreatedOobResponse response = request.execute().getBody();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath(HttpMethod.POST, "/mfa/associate"));
+        assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
+
+        Map<String, Object> body = bodyFromRequest(recordedRequest);
+        assertThat(body, hasEntry("authenticator_types", Collections.singletonList("oob")));
+        assertThat(body, hasEntry("oob_channels", Collections.singletonList("auth0")));
+
+        assertThat(response, is(notNullValue()));
+        assertThat(response.getAuthenticatorType(), not(emptyOrNullString()));
+        assertThat(response.getOobChannel(), not(emptyOrNullString()));
+        assertThat(response.getOobCode(), not(emptyOrNullString()));
+        assertThat(response.getBarcodeUri(), not(emptyOrNullString()));
+        assertThat(response.getRecoveryCodes(), notNullValue());
+    }
+
     @Test
     public void listAuthenticatorsThrowsWhenTokenNull() {
         verifyThrows(IllegalArgumentException.class,
