Issues with "Updates all authentication methods by replacing them with the given ones."

[elja]

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

There an API that supposed to update all MFA factors for a given user. Here is URL to the documentation: https://auth0.com/docs/api/management/v2#!/Users/put_authentication_methods

First of all, documentation itself is invalid. It has an example with a payload that is an object "{}", however if you send an object to the API it will respond with error:

Auth0::BadRequest ({"statusCode":400,"error":"Bad Request","message":"Payload validation error: 'Expected type array but found type object'.","errorCode":"invalid_body"})

Okay, but now if we send an array instead it will be send to the API as empty body. Moreover payload argument will be mutated. This is due how HTTProxy mixin work (auth0/mixins/httpproxy.rb):

%i(get post post_file put patch delete delete_with_body).each do |method|
  define_method(method) do |uri, body = {}, extra_headers = {}|
    body = body.delete_if { |_, v| v.nil? }
    token = get_token()
    authorization_header(token) unless token.nil?
    request_with_retry(method, uri, body, extra_headers)
  end
end

take a look on this line:

body = body.delete_if { |_, v| v.nil? }

Since body is an Array and not a ruby Hash, all elements will be filtered from here, original array will be mutated and empty body to be send to the API. This is definitely a bug that need to be fixed.

There is a similar issue listed here, but it's a bit different: #309

I think the line should be changed to be something like:

body = body.dup.delete_if { |_, v| v.nil? } if body.kind_of?(Hash)

Reproduction

Request:

auth0_payload = {"type"=>"totp", "totp_secret"=>"MY_SECRET_ENCODED_IN_BASE32"}
auth0_client.update_all_user_authentication_methods(user.idp_sub, auth0_payload)

Error
Auth0::BadRequest ({"statusCode":400,"error":"Bad Request","message":"Payload validation error: 'Expected type array but found type object'.","errorCode":"invalid_body"})

OR if you do the following:

auth0_payload = [{"type"=>"totp", "totp_secret"=>"MY_SECRET_ENCODED_IN_BASE32"}]
auth0_client.update_all_user_authentication_methods(user.idp_sub, auth0_payload)

it will make auth0_payload to became empty array, and empty body will be send to the API

Additional context

No response

ruby-auth0 version

5.12.0

Ruby version

2.7.2+ (doesn't really matter)

[stevehobbsdev]

Thanks for your patience here @elja - I'm taking a look into this very shortly.