diff --git a/.gitignore b/.gitignore index 95ceb189..3824f4c4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .prism.log +.stdy.log _dev __pycache__ diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 54c4d98a..8f3e0a49 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.14.1" + ".": "0.15.0" } \ No newline at end of file diff --git a/.stats.yml b/.stats.yml index 54a51889..8d650530 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ configured_endpoints: 40 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/sent%2Fsent-dm-2d0bb64dc84ba67ee91db6ff81424a968c5ddea4d2844ba67fc9b4b27881d60f.yml -openapi_spec_hash: 8e1d6bc2a6c6afef625e2bdcdf28ac63 +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/sent%2Fsent-dm-b9d5392f76567f3c219b68513f40298b104194fc752749cceed8ff1f3e402210.yml +openapi_spec_hash: a1030316ecacd3a9a45ef974a754ea66 config_hash: d8e8429147c4e214ff53c11e7ab2a1a6 diff --git a/CHANGELOG.md b/CHANGELOG.md index 43395fab..f1bb6748 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## 0.15.0 (2026-03-24) + +Full Changelog: [v0.14.1...v0.15.0](https://github.com/sentdm/sent-dm-python/compare/v0.14.1...v0.15.0) + +### Features + +* **api:** api update ([1b808cf](https://github.com/sentdm/sent-dm-python/commit/1b808cf0f33936836ad7588857056d95fc18bd79)) +* **api:** api update ([93500f0](https://github.com/sentdm/sent-dm-python/commit/93500f067df17cbb5ca0384b4d5a2600f699dfda)) + + +### Bug Fixes + +* sanitize endpoint path params ([7931fda](https://github.com/sentdm/sent-dm-python/commit/7931fda88ab2bfb29cf3fd9f0622e2304bccf662)) + + +### Chores + +* **internal:** update gitignore ([0697f78](https://github.com/sentdm/sent-dm-python/commit/0697f7822f07efe9479e262a4c8e5281f07ff374)) + ## 0.14.1 (2026-03-17) Full Changelog: [v0.14.0...v0.14.1](https://github.com/sentdm/sent-dm-python/compare/v0.14.0...v0.14.1) diff --git a/pyproject.toml b/pyproject.toml index 23b2b07f..97f5f4fe 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "sentdm" -version = "0.14.1" +version = "0.15.0" description = "The official Python library for the sent-dm API" dynamic = ["readme"] license = "Apache-2.0" diff --git a/src/sent_dm/_utils/__init__.py b/src/sent_dm/_utils/__init__.py index dc64e29a..10cb66d2 100644 --- a/src/sent_dm/_utils/__init__.py +++ b/src/sent_dm/_utils/__init__.py @@ -1,3 +1,4 @@ +from ._path import path_template as path_template from ._sync import asyncify as asyncify from ._proxy import LazyProxy as LazyProxy from ._utils import ( diff --git a/src/sent_dm/_utils/_path.py b/src/sent_dm/_utils/_path.py new file mode 100644 index 00000000..4d6e1e4c --- /dev/null +++ b/src/sent_dm/_utils/_path.py @@ -0,0 +1,127 @@ +from __future__ import annotations + +import re +from typing import ( + Any, + Mapping, + Callable, +) +from urllib.parse import quote + +# Matches '.' or '..' where each dot is either literal or percent-encoded (%2e / %2E). +_DOT_SEGMENT_RE = re.compile(r"^(?:\.|%2[eE]){1,2}$") + +_PLACEHOLDER_RE = re.compile(r"\{(\w+)\}") + + +def _quote_path_segment_part(value: str) -> str: + """Percent-encode `value` for use in a URI path segment. + + Considers characters not in `pchar` set from RFC 3986 §3.3 to be unsafe. + https://datatracker.ietf.org/doc/html/rfc3986#section-3.3 + """ + # quote() already treats unreserved characters (letters, digits, and -._~) + # as safe, so we only need to add sub-delims, ':', and '@'. + # Notably, unlike the default `safe` for quote(), / is unsafe and must be quoted. + return quote(value, safe="!$&'()*+,;=:@") + + +def _quote_query_part(value: str) -> str: + """Percent-encode `value` for use in a URI query string. + + Considers &, = and characters not in `query` set from RFC 3986 §3.4 to be unsafe. + https://datatracker.ietf.org/doc/html/rfc3986#section-3.4 + """ + return quote(value, safe="!$'()*+,;:@/?") + + +def _quote_fragment_part(value: str) -> str: + """Percent-encode `value` for use in a URI fragment. + + Considers characters not in `fragment` set from RFC 3986 §3.5 to be unsafe. + https://datatracker.ietf.org/doc/html/rfc3986#section-3.5 + """ + return quote(value, safe="!$&'()*+,;=:@/?") + + +def _interpolate( + template: str, + values: Mapping[str, Any], + quoter: Callable[[str], str], +) -> str: + """Replace {name} placeholders in `template`, quoting each value with `quoter`. + + Placeholder names are looked up in `values`. + + Raises: + KeyError: If a placeholder is not found in `values`. + """ + # re.split with a capturing group returns alternating + # [text, name, text, name, ..., text] elements. + parts = _PLACEHOLDER_RE.split(template) + + for i in range(1, len(parts), 2): + name = parts[i] + if name not in values: + raise KeyError(f"a value for placeholder {{{name}}} was not provided") + val = values[name] + if val is None: + parts[i] = "null" + elif isinstance(val, bool): + parts[i] = "true" if val else "false" + else: + parts[i] = quoter(str(values[name])) + + return "".join(parts) + + +def path_template(template: str, /, **kwargs: Any) -> str: + """Interpolate {name} placeholders in `template` from keyword arguments. + + Args: + template: The template string containing {name} placeholders. + **kwargs: Keyword arguments to interpolate into the template. + + Returns: + The template with placeholders interpolated and percent-encoded. + + Safe characters for percent-encoding are dependent on the URI component. + Placeholders in path and fragment portions are percent-encoded where the `segment` + and `fragment` sets from RFC 3986 respectively are considered safe. + Placeholders in the query portion are percent-encoded where the `query` set from + RFC 3986 §3.3 is considered safe except for = and & characters. + + Raises: + KeyError: If a placeholder is not found in `kwargs`. + ValueError: If resulting path contains /./ or /../ segments (including percent-encoded dot-segments). + """ + # Split the template into path, query, and fragment portions. + fragment_template: str | None = None + query_template: str | None = None + + rest = template + if "#" in rest: + rest, fragment_template = rest.split("#", 1) + if "?" in rest: + rest, query_template = rest.split("?", 1) + path_template = rest + + # Interpolate each portion with the appropriate quoting rules. + path_result = _interpolate(path_template, kwargs, _quote_path_segment_part) + + # Reject dot-segments (. and ..) in the final assembled path. The check + # runs after interpolation so that adjacent placeholders or a mix of static + # text and placeholders that together form a dot-segment are caught. + # Also reject percent-encoded dot-segments to protect against incorrectly + # implemented normalization in servers/proxies. + for segment in path_result.split("/"): + if _DOT_SEGMENT_RE.match(segment): + raise ValueError(f"Constructed path {path_result!r} contains dot-segment {segment!r} which is not allowed") + + result = path_result + if query_template is not None: + result += "?" + _interpolate(query_template, kwargs, _quote_query_part) + if fragment_template is not None: + result += "#" + _interpolate(fragment_template, kwargs, _quote_fragment_part) + + return result diff --git a/src/sent_dm/_version.py b/src/sent_dm/_version.py index c3a21db6..cd5e9c21 100644 --- a/src/sent_dm/_version.py +++ b/src/sent_dm/_version.py @@ -1,4 +1,4 @@ # File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. __title__ = "sent_dm" -__version__ = "0.14.1" # x-release-please-version +__version__ = "0.15.0" # x-release-please-version diff --git a/src/sent_dm/resources/contacts.py b/src/sent_dm/resources/contacts.py index 33f0ec31..62d75d20 100644 --- a/src/sent_dm/resources/contacts.py +++ b/src/sent_dm/resources/contacts.py @@ -8,7 +8,7 @@ from ..types import contact_list_params, contact_create_params, contact_delete_params, contact_update_params from .._types import Body, Omit, Query, Headers, NoneType, NotGiven, omit, not_given -from .._utils import maybe_transform, strip_not_given, async_maybe_transform +from .._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -133,7 +133,7 @@ def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -189,7 +189,7 @@ def update( **(extra_headers or {}), } return self._patch( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), body=maybe_transform( { "default_channel": default_channel, @@ -300,7 +300,7 @@ def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), body=maybe_transform(body, contact_delete_params.ContactDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -418,7 +418,7 @@ async def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -474,7 +474,7 @@ async def update( **(extra_headers or {}), } return await self._patch( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), body=await async_maybe_transform( { "default_channel": default_channel, @@ -585,7 +585,7 @@ async def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/contacts/{id}", + path_template("/v3/contacts/{id}", id=id), body=await async_maybe_transform(body, contact_delete_params.ContactDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout diff --git a/src/sent_dm/resources/messages.py b/src/sent_dm/resources/messages.py index 530970a5..5c047c84 100644 --- a/src/sent_dm/resources/messages.py +++ b/src/sent_dm/resources/messages.py @@ -8,7 +8,7 @@ from ..types import message_send_params from .._types import Body, Omit, Query, Headers, NotGiven, SequenceNotStr, omit, not_given -from .._utils import maybe_transform, strip_not_given, async_maybe_transform +from .._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -77,7 +77,7 @@ def retrieve_activities( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/messages/{id}/activities", + path_template("/v3/messages/{id}/activities", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -114,7 +114,7 @@ def retrieve_status( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/messages/{id}", + path_template("/v3/messages/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -245,7 +245,7 @@ async def retrieve_activities( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/messages/{id}/activities", + path_template("/v3/messages/{id}/activities", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -282,7 +282,7 @@ async def retrieve_status( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/messages/{id}", + path_template("/v3/messages/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), diff --git a/src/sent_dm/resources/numbers.py b/src/sent_dm/resources/numbers.py index 9fd74efb..96cf09e2 100644 --- a/src/sent_dm/resources/numbers.py +++ b/src/sent_dm/resources/numbers.py @@ -5,7 +5,7 @@ import httpx from .._types import Body, Omit, Query, Headers, NotGiven, omit, not_given -from .._utils import strip_not_given +from .._utils import path_template, strip_not_given from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -72,7 +72,7 @@ def lookup( raise ValueError(f"Expected a non-empty value for `phone_number` but received {phone_number!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/numbers/lookup/{phone_number}", + path_template("/v3/numbers/lookup/{phone_number}", phone_number=phone_number), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -132,7 +132,7 @@ async def lookup( raise ValueError(f"Expected a non-empty value for `phone_number` but received {phone_number!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/numbers/lookup/{phone_number}", + path_template("/v3/numbers/lookup/{phone_number}", phone_number=phone_number), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), diff --git a/src/sent_dm/resources/profiles/campaigns.py b/src/sent_dm/resources/profiles/campaigns.py index 84eb0131..dc8f3084 100644 --- a/src/sent_dm/resources/profiles/campaigns.py +++ b/src/sent_dm/resources/profiles/campaigns.py @@ -5,7 +5,7 @@ import httpx from ..._types import Body, Omit, Query, Headers, NoneType, NotGiven, omit, not_given -from ..._utils import maybe_transform, strip_not_given, async_maybe_transform +from ..._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from ..._compat import cached_property from ..._resource import SyncAPIResource, AsyncAPIResource from ..._response import ( @@ -91,7 +91,7 @@ def create( **(extra_headers or {}), } return self._post( - f"/v3/profiles/{profile_id}/campaigns", + path_template("/v3/profiles/{profile_id}/campaigns", profile_id=profile_id), body=maybe_transform( { "campaign": campaign, @@ -154,7 +154,9 @@ def update( **(extra_headers or {}), } return self._put( - f"/v3/profiles/{profile_id}/campaigns/{campaign_id}", + path_template( + "/v3/profiles/{profile_id}/campaigns/{campaign_id}", profile_id=profile_id, campaign_id=campaign_id + ), body=maybe_transform( { "campaign": campaign, @@ -197,7 +199,7 @@ def list( raise ValueError(f"Expected a non-empty value for `profile_id` but received {profile_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/profiles/{profile_id}/campaigns", + path_template("/v3/profiles/{profile_id}/campaigns", profile_id=profile_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -241,7 +243,9 @@ def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/profiles/{profile_id}/campaigns/{campaign_id}", + path_template( + "/v3/profiles/{profile_id}/campaigns/{campaign_id}", profile_id=profile_id, campaign_id=campaign_id + ), body=maybe_transform(body, campaign_delete_params.CampaignDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -318,7 +322,7 @@ async def create( **(extra_headers or {}), } return await self._post( - f"/v3/profiles/{profile_id}/campaigns", + path_template("/v3/profiles/{profile_id}/campaigns", profile_id=profile_id), body=await async_maybe_transform( { "campaign": campaign, @@ -381,7 +385,9 @@ async def update( **(extra_headers or {}), } return await self._put( - f"/v3/profiles/{profile_id}/campaigns/{campaign_id}", + path_template( + "/v3/profiles/{profile_id}/campaigns/{campaign_id}", profile_id=profile_id, campaign_id=campaign_id + ), body=await async_maybe_transform( { "campaign": campaign, @@ -424,7 +430,7 @@ async def list( raise ValueError(f"Expected a non-empty value for `profile_id` but received {profile_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/profiles/{profile_id}/campaigns", + path_template("/v3/profiles/{profile_id}/campaigns", profile_id=profile_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -468,7 +474,9 @@ async def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/profiles/{profile_id}/campaigns/{campaign_id}", + path_template( + "/v3/profiles/{profile_id}/campaigns/{campaign_id}", profile_id=profile_id, campaign_id=campaign_id + ), body=await async_maybe_transform(body, campaign_delete_params.CampaignDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout diff --git a/src/sent_dm/resources/profiles/profiles.py b/src/sent_dm/resources/profiles/profiles.py index bbfcd9e0..6f88305b 100644 --- a/src/sent_dm/resources/profiles/profiles.py +++ b/src/sent_dm/resources/profiles/profiles.py @@ -13,7 +13,7 @@ profile_complete_params, ) from ..._types import Body, Omit, Query, Headers, NoneType, NotGiven, omit, not_given -from ..._utils import maybe_transform, strip_not_given, async_maybe_transform +from ..._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from ..._compat import cached_property from .campaigns import ( CampaignsResource, @@ -261,7 +261,7 @@ def retrieve( raise ValueError(f"Expected a non-empty value for `profile_id` but received {profile_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -395,7 +395,7 @@ def update( **(extra_headers or {}), } return self._patch( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), body=maybe_transform( { "allow_contact_sharing": allow_contact_sharing, @@ -496,7 +496,7 @@ def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), body=maybe_transform(body, profile_delete_params.ProfileDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -566,7 +566,7 @@ def complete( **(extra_headers or {}), } return self._post( - f"/v3/profiles/{profile_id}/complete", + path_template("/v3/profiles/{profile_id}/complete", profile_id=profile_id), body=maybe_transform( { "web_hook_url": web_hook_url, @@ -802,7 +802,7 @@ async def retrieve( raise ValueError(f"Expected a non-empty value for `profile_id` but received {profile_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -936,7 +936,7 @@ async def update( **(extra_headers or {}), } return await self._patch( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), body=await async_maybe_transform( { "allow_contact_sharing": allow_contact_sharing, @@ -1037,7 +1037,7 @@ async def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/profiles/{profile_id}", + path_template("/v3/profiles/{profile_id}", profile_id=profile_id), body=await async_maybe_transform(body, profile_delete_params.ProfileDeleteParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -1107,7 +1107,7 @@ async def complete( **(extra_headers or {}), } return await self._post( - f"/v3/profiles/{profile_id}/complete", + path_template("/v3/profiles/{profile_id}/complete", profile_id=profile_id), body=await async_maybe_transform( { "web_hook_url": web_hook_url, diff --git a/src/sent_dm/resources/templates.py b/src/sent_dm/resources/templates.py index 174f768d..dad2549a 100644 --- a/src/sent_dm/resources/templates.py +++ b/src/sent_dm/resources/templates.py @@ -13,7 +13,7 @@ template_update_params, ) from .._types import Body, Omit, Query, Headers, NoneType, NotGiven, omit, not_given -from .._utils import maybe_transform, strip_not_given, async_maybe_transform +from .._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -158,7 +158,7 @@ def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -223,7 +223,7 @@ def update( **(extra_headers or {}), } return self._put( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), body=maybe_transform( { "category": category, @@ -345,7 +345,7 @@ def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), body=maybe_transform( { "delete_from_meta": delete_from_meta, @@ -488,7 +488,7 @@ async def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -553,7 +553,7 @@ async def update( **(extra_headers or {}), } return await self._put( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), body=await async_maybe_transform( { "category": category, @@ -675,7 +675,7 @@ async def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/templates/{id}", + path_template("/v3/templates/{id}", id=id), body=await async_maybe_transform( { "delete_from_meta": delete_from_meta, diff --git a/src/sent_dm/resources/users.py b/src/sent_dm/resources/users.py index 588e2a67..df44de73 100644 --- a/src/sent_dm/resources/users.py +++ b/src/sent_dm/resources/users.py @@ -6,7 +6,7 @@ from ..types import user_invite_params, user_remove_params, user_update_role_params from .._types import Body, Omit, Query, Headers, NoneType, NotGiven, omit, not_given -from .._utils import maybe_transform, strip_not_given, async_maybe_transform +from .._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -73,7 +73,7 @@ def retrieve( raise ValueError(f"Expected a non-empty value for `user_id` but received {user_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -213,7 +213,7 @@ def remove( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), body=maybe_transform(body, user_remove_params.UserRemoveParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -267,7 +267,7 @@ def update_role( **(extra_headers or {}), } return self._patch( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), body=maybe_transform( { "role": role, @@ -333,7 +333,7 @@ async def retrieve( raise ValueError(f"Expected a non-empty value for `user_id` but received {user_id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -473,7 +473,7 @@ async def remove( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), body=await async_maybe_transform(body, user_remove_params.UserRemoveParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -527,7 +527,7 @@ async def update_role( **(extra_headers or {}), } return await self._patch( - f"/v3/users/{user_id}", + path_template("/v3/users/{user_id}", user_id=user_id), body=await async_maybe_transform( { "role": role, diff --git a/src/sent_dm/resources/webhooks.py b/src/sent_dm/resources/webhooks.py index 814b8841..00f1c1b0 100644 --- a/src/sent_dm/resources/webhooks.py +++ b/src/sent_dm/resources/webhooks.py @@ -16,7 +16,7 @@ webhook_toggle_status_params, ) from .._types import Body, Omit, Query, Headers, NoneType, NotGiven, SequenceNotStr, omit, not_given -from .._utils import maybe_transform, strip_not_given, async_maybe_transform +from .._utils import path_template, maybe_transform, strip_not_given, async_maybe_transform from .._compat import cached_property from .._resource import SyncAPIResource, AsyncAPIResource from .._response import ( @@ -147,7 +147,7 @@ def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -200,7 +200,7 @@ def update( **(extra_headers or {}), } return self._put( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), body=maybe_transform( { "display_name": display_name, @@ -295,7 +295,7 @@ def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._delete( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -365,7 +365,7 @@ def list_events( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return self._get( - f"/v3/webhooks/{id}/events", + path_template("/v3/webhooks/{id}/events", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, @@ -423,7 +423,7 @@ def rotate_secret( **(extra_headers or {}), } return self._post( - f"/v3/webhooks/{id}/rotate-secret", + path_template("/v3/webhooks/{id}/rotate-secret", id=id), body=maybe_transform(body, webhook_rotate_secret_params.WebhookRotateSecretParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -473,7 +473,7 @@ def test( **(extra_headers or {}), } return self._post( - f"/v3/webhooks/{id}/test", + path_template("/v3/webhooks/{id}/test", id=id), body=maybe_transform( { "event_type": event_type, @@ -529,7 +529,7 @@ def toggle_status( **(extra_headers or {}), } return self._patch( - f"/v3/webhooks/{id}/toggle-status", + path_template("/v3/webhooks/{id}/toggle-status", id=id), body=maybe_transform( { "is_active": is_active, @@ -655,7 +655,7 @@ async def retrieve( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -708,7 +708,7 @@ async def update( **(extra_headers or {}), } return await self._put( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), body=await async_maybe_transform( { "display_name": display_name, @@ -803,7 +803,7 @@ async def delete( extra_headers = {"Accept": "*/*", **(extra_headers or {})} extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._delete( - f"/v3/webhooks/{id}", + path_template("/v3/webhooks/{id}", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout ), @@ -873,7 +873,7 @@ async def list_events( raise ValueError(f"Expected a non-empty value for `id` but received {id!r}") extra_headers = {**strip_not_given({"x-profile-id": x_profile_id}), **(extra_headers or {})} return await self._get( - f"/v3/webhooks/{id}/events", + path_template("/v3/webhooks/{id}/events", id=id), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, @@ -931,7 +931,7 @@ async def rotate_secret( **(extra_headers or {}), } return await self._post( - f"/v3/webhooks/{id}/rotate-secret", + path_template("/v3/webhooks/{id}/rotate-secret", id=id), body=await async_maybe_transform(body, webhook_rotate_secret_params.WebhookRotateSecretParams), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout @@ -981,7 +981,7 @@ async def test( **(extra_headers or {}), } return await self._post( - f"/v3/webhooks/{id}/test", + path_template("/v3/webhooks/{id}/test", id=id), body=await async_maybe_transform( { "event_type": event_type, @@ -1037,7 +1037,7 @@ async def toggle_status( **(extra_headers or {}), } return await self._patch( - f"/v3/webhooks/{id}/toggle-status", + path_template("/v3/webhooks/{id}/toggle-status", id=id), body=await async_maybe_transform( { "is_active": is_active, diff --git a/src/sent_dm/types/message_retrieve_activities_response.py b/src/sent_dm/types/message_retrieve_activities_response.py index 24d91aaf..42a9c0ef 100644 --- a/src/sent_dm/types/message_retrieve_activities_response.py +++ b/src/sent_dm/types/message_retrieve_activities_response.py @@ -29,7 +29,7 @@ class DataActivity(BaseModel): """ status: Optional[str] = None - """Activity status (e.g., ACCEPTED, PROCESSED, SENT, DELIVERED, FAILED)""" + """Activity status (e.g., QUEUED, PROCESSED, ROUTED, SENT, DELIVERED, FAILED)""" timestamp: Optional[datetime] = None """When this activity occurred""" diff --git a/src/sent_dm/types/message_send_response.py b/src/sent_dm/types/message_send_response.py index f399bc5e..4781013e 100644 --- a/src/sent_dm/types/message_send_response.py +++ b/src/sent_dm/types/message_send_response.py @@ -38,7 +38,10 @@ class Data(BaseModel): """Per-recipient message results""" status: Optional[str] = None - """Overall request status (e.g. "accepted")""" + """ + Overall request status: "QUEUED" when the batch has been accepted and published + to Kafka. + """ template_id: Optional[str] = None """Template ID that was used""" diff --git a/tests/test_utils/test_path.py b/tests/test_utils/test_path.py new file mode 100644 index 00000000..b28cd334 --- /dev/null +++ b/tests/test_utils/test_path.py @@ -0,0 +1,89 @@ +from __future__ import annotations + +from typing import Any + +import pytest + +from sent_dm._utils._path import path_template + + +@pytest.mark.parametrize( + "template, kwargs, expected", + [ + ("/v1/{id}", dict(id="abc"), "/v1/abc"), + ("/v1/{a}/{b}", dict(a="x", b="y"), "/v1/x/y"), + ("/v1/{a}{b}/path/{c}?val={d}#{e}", dict(a="x", b="y", c="z", d="u", e="v"), "/v1/xy/path/z?val=u#v"), + ("/{w}/{w}", dict(w="echo"), "/echo/echo"), + ("/v1/static", {}, "/v1/static"), + ("", {}, ""), + ("/v1/?q={n}&count=10", dict(n=42), "/v1/?q=42&count=10"), + ("/v1/{v}", dict(v=None), "/v1/null"), + ("/v1/{v}", dict(v=True), "/v1/true"), + ("/v1/{v}", dict(v=False), "/v1/false"), + ("/v1/{v}", dict(v=".hidden"), "/v1/.hidden"), # dot prefix ok + ("/v1/{v}", dict(v="file.txt"), "/v1/file.txt"), # dot in middle ok + ("/v1/{v}", dict(v="..."), "/v1/..."), # triple dot ok + ("/v1/{a}{b}", dict(a=".", b="txt"), "/v1/.txt"), # dot var combining with adjacent to be ok + ("/items?q={v}#{f}", dict(v=".", f=".."), "/items?q=.#.."), # dots in query/fragment are fine + ( + "/v1/{a}?query={b}", + dict(a="../../other/endpoint", b="a&bad=true"), + "/v1/..%2F..%2Fother%2Fendpoint?query=a%26bad%3Dtrue", + ), + ("/v1/{val}", dict(val="a/b/c"), "/v1/a%2Fb%2Fc"), + ("/v1/{val}", dict(val="a/b/c?query=value"), "/v1/a%2Fb%2Fc%3Fquery=value"), + ("/v1/{val}", dict(val="a/b/c?query=value&bad=true"), "/v1/a%2Fb%2Fc%3Fquery=value&bad=true"), + ("/v1/{val}", dict(val="%20"), "/v1/%2520"), # escapes escape sequences in input + # Query: slash and ? are safe, # is not + ("/items?q={v}", dict(v="a/b"), "/items?q=a/b"), + ("/items?q={v}", dict(v="a?b"), "/items?q=a?b"), + ("/items?q={v}", dict(v="a#b"), "/items?q=a%23b"), + ("/items?q={v}", dict(v="a b"), "/items?q=a%20b"), + # Fragment: slash and ? are safe + ("/docs#{v}", dict(v="a/b"), "/docs#a/b"), + ("/docs#{v}", dict(v="a?b"), "/docs#a?b"), + # Path: slash, ? and # are all encoded + ("/v1/{v}", dict(v="a/b"), "/v1/a%2Fb"), + ("/v1/{v}", dict(v="a?b"), "/v1/a%3Fb"), + ("/v1/{v}", dict(v="a#b"), "/v1/a%23b"), + # same var encoded differently by component + ( + "/v1/{v}?q={v}#{v}", + dict(v="a/b?c#d"), + "/v1/a%2Fb%3Fc%23d?q=a/b?c%23d#a/b?c%23d", + ), + ("/v1/{val}", dict(val="x?admin=true"), "/v1/x%3Fadmin=true"), # query injection + ("/v1/{val}", dict(val="x#admin"), "/v1/x%23admin"), # fragment injection + ], +) +def test_interpolation(template: str, kwargs: dict[str, Any], expected: str) -> None: + assert path_template(template, **kwargs) == expected + + +def test_missing_kwarg_raises_key_error() -> None: + with pytest.raises(KeyError, match="org_id"): + path_template("/v1/{org_id}") + + +@pytest.mark.parametrize( + "template, kwargs", + [ + ("{a}/path", dict(a=".")), + ("{a}/path", dict(a="..")), + ("/v1/{a}", dict(a=".")), + ("/v1/{a}", dict(a="..")), + ("/v1/{a}/path", dict(a=".")), + ("/v1/{a}/path", dict(a="..")), + ("/v1/{a}{b}", dict(a=".", b=".")), # adjacent vars → ".." + ("/v1/{a}.", dict(a=".")), # var + static → ".." + ("/v1/{a}{b}", dict(a="", b=".")), # empty + dot → "." + ("/v1/%2e/{x}", dict(x="ok")), # encoded dot in static text + ("/v1/%2e./{x}", dict(x="ok")), # mixed encoded ".." in static + ("/v1/.%2E/{x}", dict(x="ok")), # mixed encoded ".." in static + ("/v1/{v}?q=1", dict(v="..")), + ("/v1/{v}#frag", dict(v="..")), + ], +) +def test_dot_segment_rejected(template: str, kwargs: dict[str, Any]) -> None: + with pytest.raises(ValueError, match="dot-segment"): + path_template(template, **kwargs)