SDKS-5116: Surface distinct wrong-number failure for Push Number Challenge

[vibhorgoswami]

JIRA Ticket

SDKS-5116

Description

This PR update the Ping Android mfa/push module so that AM 400 responses for wrong Push Number Challenge selections propagate as a distinct failure instead of being swallowed and returned as false.

Summary by CodeRabbit

• New Features
  • Added a dedicated exception for Push Number Challenge authentication failures (HTTP 400 with number challenge present).
• Bug Fixes
  • Updated Push authentication to throw the new exception and extract a helpful message from the response body.
  • Ensured Push notification approval propagates this exception unchanged (not wrapped as a generic error).
• Documentation
  • Clarified challenge approval behavior for “wrong Push Number Challenge selection.”
• Tests
  • Added unit tests covering the new 400/500 behaviors and verifying the exception is not wrapped during approval.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: dabaa322-612f-46c8-a031-f033da7a9c4b

📥 Commits

Reviewing files that changed from the base of the PR and between 84965af and 2d05a49.

📒 Files selected for processing (7)

• foundation/utils/src/main/kotlin/com/pingidentity/exception/ApiException.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PingAMPushResponder.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushClient.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushService.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/exception/PushNumberChallengeException.kt
• mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PingAMPushResponderTest.kt
• mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PushServiceTest.kt

✅ Files skipped from review due to trivial changes (1)

• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushClient.kt

🚧 Files skipped from review as they are similar to previous changes (6)

• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/exception/PushNumberChallengeException.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushService.kt
• foundation/utils/src/main/kotlin/com/pingidentity/exception/ApiException.kt
• mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PingAMPushResponderTest.kt
• mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PingAMPushResponder.kt
• mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PushServiceTest.kt

---

📝 Walkthrough

Walkthrough

ApiException is changed to an open class, enabling a new PushNumberChallengeException subclass that carries an HTTP status and message. PingAMPushResponder.authenticate throws this exception on HTTP 400 when a numbersChallenge is present and rethrows it explicitly; PushService.approveNotification also rethrows it unwrapped. PushClient KDoc is updated, and new unit tests cover all scenarios.

Changes

Push Number Challenge Exception Handling

Layer / File(s)	Summary
ApiException opened and PushNumberChallengeException introduced foundation/utils/src/main/kotlin/com/pingidentity/exception/ApiException.kt, mfa/push/src/main/kotlin/com/pingidentity/mfa/push/exception/PushNumberChallengeException.kt	ApiException is changed from class to open class and copyright updated to 2026. PushNumberChallengeException(status: Int, message: String) is added as a subclass, forwarding its fields to ApiException.
Exception thrown and rethrown in PingAMPushResponder and PushService mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PingAMPushResponder.kt, mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushService.kt, mfa/push/src/main/kotlin/com/pingidentity/mfa/push/PushClient.kt	PingAMPushResponder.authenticate throws PushNumberChallengeException on HTTP 400 when numbersChallenge is present, parses the error message from the response body, rethrows it in a dedicated catch block, and updates logger initialization. PushService.approveNotification adds a dedicated catch to rethrow PushNumberChallengeException unwrapped. PushClient KDoc documents the new failure path and removes an unused import.
Unit tests mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PingAMPushResponderTest.kt, mfa/push/src/test/kotlin/com/pingidentity/mfa/push/PushServiceTest.kt	PingAMPushResponderTest adds four new tests: 400+numbersChallenge throws PushNumberChallengeException with status 400, message extraction from response body, 400 without numbersChallenge returns false, and 500 returns false. PushServiceTest adds one new test asserting PushNumberChallengeException propagates unwrapped from approveNotification. Two existing tests receive a minor Date constructor fix.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop hop, a number went wrong,
The challenge replied with a 400 song.
No more swallowed in silence, no generic disgrace—
PushNumberChallengeException takes its place!
Open the class, let the subtype through,
The rabbit checks statuses—one, two, three, phew! 🎯

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: surfacing a distinct wrong-number failure for Push Number Challenge as a separate exception instead of masking it as a generic false return.
Description check	✅ Passed	The description includes all required sections (JIRA ticket link and description) and provides clear context about the change. It explains the problem, solution, and the benefit to callers.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch SDKS-5116

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 6.25000% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.08%. Comparing base (ed0f5d6) to head (2d05a49).

Files with missing lines	Patch %	Lines
...n/com/pingidentity/mfa/push/PingAMPushResponder.kt	9.09%	10 Missing ⚠️
...in/kotlin/com/pingidentity/mfa/push/PushService.kt	0.00%	2 Missing ⚠️
...mfa/push/exception/PushNumberChallengeException.kt	0.00%	2 Missing ⚠️
.../kotlin/com/pingidentity/exception/ApiException.kt	0.00%	1 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff              @@
##             develop     #211      +/-   ##
=============================================
- Coverage      44.12%   44.08%   -0.04%     
  Complexity      1393     1393              
=============================================
  Files            316      317       +1     
  Lines           9756     9769      +13     
  Branches        1495     1500       +5     
=============================================
+ Hits            4305     4307       +2     
- Misses          4887     4900      +13     
+ Partials         564      562       -2     

Flag	Coverage Δ
integration-tests	28.22% <6.25%> (-0.04%)	⬇️
unit-tests	26.00% <0.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.