fix(forms): validate required bridge message fields (MAGE-484) (#437)

evan-masseau · claude · evan-masseau · commit f7d631a0bca7 · 2026-04-14T17:22:44.000-04:00
* fix(forms): throw on missing required fields in bridge message parsing

Add a requireString() extension on JSONObject that throws
IllegalArgumentException when a required field is missing or empty.
The existing catch-and-log in KlaviyoNativeBridge.postMessage() prevents
malformed events from propagating to the host app.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* test: verify warning log when CTA has no Android route

The empty-android-route test verified that neither the lifecycle handler
nor DeepLinking were invoked, but didn't verify the warning log fires.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* fix: make FormDisappeared tolerant of missing fields to prevent stuck overlays

FormDisappeared now uses optString instead of requireString so that
dismiss() always fires even if the JS bridge sends malformed data.
Also fixes test assertions to verify log level rather than exact message
content, per project guidelines.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* refactor(forms): move lifecycle validation from bridge parsing to event dispatch

Parsing now always uses optString() with empty defaults so SDK-internal
actions (present overlay, dismiss, handle deep links) are never blocked
by missing metadata. Validation of formId/formName/buttonLabel is done
in KlaviyoNativeBridge's show/close/deepLink methods right before
dispatching FormLifecycleEvent to the host app callback.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* fix: address PR review nits — remove redundant optString defaults, use level-only log assertions

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* fix(forms): allow empty buttonLabel on CTA events

A CTA button with no text label is still a valid click event.
Only formId and formName are required non-empty for the lifecycle callback.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* docs(forms): fix lifecycle event timing documentation

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* fix(forms): improve test validity and assertions

Co-Authored-By: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;

* docs(forms): remove internal implementation details from public API docs

Co-Authored-By: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/sdk/forms-core/src/main/java/com/klaviyo/forms/FormLifecycleEvent.kt b/sdk/forms-core/src/main/java/com/klaviyo/forms/FormLifecycleEvent.kt
@@ -23,22 +23,33 @@ sealed interface FormLifecycleEvent {
 
     /**
      * Triggered when a form is shown to the user.
+     *
+     * Fired after the SDK has initiated form presentation.
      */
     data class FormShown(
         override val formId: String,
         override val formName: String
     ) : FormLifecycleEvent
 
     /**
-     * Triggered when a form is dismissed (closed) by the user.
+     * Triggered when a form is dismissed by the user.
+     *
+     * Fired after the SDK has initiated form dismissal. Fires for
+     * user-initiated dismissals (e.g. tapping outside, close button).
+     * Does not fire when the SDK tears down the form internally
+     * (session timeouts, aborts).
      */
     data class FormDismissed(
         override val formId: String,
         override val formName: String
     ) : FormLifecycleEvent
 
     /**
-     * Triggered when a user taps a call-to-action (CTA) button in the form.
+     * Triggered when a user taps a call-to-action (CTA) button in a form
+     * that has a deep link URL configured.
+     *
+     * Fired after the SDK has initiated deep link navigation. Not emitted
+     * if no deep link URL is configured for the CTA.
      *
      * @property buttonLabel The text label of the CTA button.
      * @property deepLinkUrl The deep link URI configured for the CTA.
diff --git a/sdk/forms-core/src/main/java/com/klaviyo/forms/FormLifecycleHandler.kt b/sdk/forms-core/src/main/java/com/klaviyo/forms/FormLifecycleHandler.kt
@@ -6,8 +6,9 @@ package com.klaviyo.forms
  * Implement this interface to receive notifications when in-app form lifecycle events occur.
  *
  * **Threading:** The handler is always invoked on the main thread.
- * Avoid performing long-running or blocking work in this handler, as it may delay
- * form presentation or dismissal.
+ * Lifecycle callbacks fire after the SDK has already initiated the corresponding
+ * action (presentation, dismissal, or deep link navigation). Avoid performing
+ * long-running or blocking work in this handler, as it runs on the main thread.
  *
  * Example usage:
  * ```
diff --git a/sdk/forms/src/main/java/com/klaviyo/forms/bridge/KlaviyoNativeBridge.kt b/sdk/forms/src/main/java/com/klaviyo/forms/bridge/KlaviyoNativeBridge.kt
@@ -96,6 +96,14 @@ internal class KlaviyoNativeBridge : NativeBridge {
      */
     private fun show(bridgeMessage: FormWillAppear) {
         Registry.get<PresentationManager>().present()
+
+        if (bridgeMessage.formId.isEmpty() || bridgeMessage.formName.isEmpty()) {
+            Registry.log.warning(
+                "FormWillAppear missing required fields, skipping lifecycle callback"
+            )
+            return
+        }
+
         invokeFormLifecycleHandler(
             FormLifecycleEvent.FormShown(bridgeMessage.formId, bridgeMessage.formName)
         )
@@ -129,6 +137,14 @@ internal class KlaviyoNativeBridge : NativeBridge {
         }
 
         DeepLinking.handleDeepLink(deepLinkUri)
+
+        if (message.formId.isEmpty() || message.formName.isEmpty()) {
+            Registry.log.warning(
+                "OpenDeepLink missing required fields, skipping lifecycle callback"
+            )
+            return
+        }
+
         invokeFormLifecycleHandler(
             FormLifecycleEvent.FormCtaClicked(
                 formId = message.formId,
@@ -144,6 +160,14 @@ internal class KlaviyoNativeBridge : NativeBridge {
      */
     private fun close(bridgeMessage: FormDisappeared) {
         Registry.get<PresentationManager>().dismiss()
+
+        if (bridgeMessage.formId.isEmpty() || bridgeMessage.formName.isEmpty()) {
+            Registry.log.warning(
+                "FormDisappeared missing required fields, skipping lifecycle callback"
+            )
+            return
+        }
+
         invokeFormLifecycleHandler(
             FormLifecycleEvent.FormDismissed(bridgeMessage.formId, bridgeMessage.formName)
         )
diff --git a/sdk/forms/src/test/java/com/klaviyo/forms/FormLifecycleHandlerTest.kt b/sdk/forms/src/test/java/com/klaviyo/forms/FormLifecycleHandlerTest.kt
@@ -154,20 +154,25 @@ internal class FormLifecycleHandlerTest : BaseTest() {
     @Test
     fun `callback is not invoked when no callback is registered`() {
         // Simulate form shown message without registering a callback
-        val message = """{"type":"formWillAppear", "data":{"formId":"$testFormId"}}"""
+        val message = """{"type":"formWillAppear", "data":{"formId":"$testFormId","formName":"$testFormName"}}"""
         nativeBridge.postMessage(message)
 
         // Verify PresentationManager was called but no exception thrown
         verify { mockPresentationManager.present() }
     }
 
     @Test
-    fun `formDisappeared without data delegates dismiss with empty context fields`() {
-        Klaviyo.registerFormLifecycleHandler(FormLifecycleHandler { _ -> })
+    fun `formDisappeared without data still dismisses but skips lifecycle callback`() {
+        var callbackInvoked = false
+        Klaviyo.registerFormLifecycleHandler(FormLifecycleHandler { _ -> callbackInvoked = true })
 
         nativeBridge.postMessage("""{"type":"formDisappeared"}""")
 
+        // FormDisappeared uses tolerant parsing so dismiss always fires
         verify { mockPresentationManager.dismiss() }
+        // Missing formId/formName means the lifecycle callback should be skipped
+        assert(!callbackInvoked) { "Lifecycle callback should not fire when form metadata is missing" }
+        verify { spyLog.warning(any()) }
     }
 
     @Test
@@ -178,7 +183,7 @@ internal class FormLifecycleHandlerTest : BaseTest() {
         Klaviyo.registerFormLifecycleHandler(FormLifecycleHandler { _ -> })
 
         nativeBridge.postMessage(
-            """{"type":"openDeepLink","data":{"android":"https://example.com","formId":"$testFormId"}}"""
+            """{"type":"openDeepLink","data":{"android":"https://example.com","formId":"$testFormId","formName":"$testFormName","buttonLabel":"Shop Now"}}"""
         )
 
         verify { mockThreadHelper.runOnUiThread(any()) }
diff --git a/sdk/forms/src/test/java/com/klaviyo/forms/bridge/KlaviyoNativeBridgeTest.kt b/sdk/forms/src/test/java/com/klaviyo/forms/bridge/KlaviyoNativeBridgeTest.kt
@@ -114,21 +114,43 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
     }
 
     @Test
-    fun `formWillAppear triggers show`() {
+    fun `formWillAppear with no data still presents but skips lifecycle callback`() {
         /**
          * @see com.klaviyo.forms.bridge.KlaviyoNativeBridge.show
          */
+        val mockLifecycleHandler = mockk<FormLifecycleHandler>(relaxed = true)
+        Registry.register<FormLifecycleHandler>(mockLifecycleHandler)
+
         postMessage("""{"type":"formWillAppear"}""")
         verify { mockPresentationManager.present() }
+        verify(exactly = 0) { mockLifecycleHandler.onFormLifecycleEvent(any()) }
+        verify { spyLog.warning(any()) }
+
+        Registry.unregister<FormLifecycleHandler>()
     }
 
     @Test
     fun `formWillAppear triggers show with IDs`() {
         /**
          * @see com.klaviyo.forms.bridge.KlaviyoNativeBridge.show
          */
-        postMessage("""{"type":"formWillAppear", "data":{"formId":"64CjgW"}}""")
+        postMessage(
+            """{"type":"formWillAppear", "data":{"formId":"64CjgW","formName":"Test Form"}}"""
+        )
+        verify { mockPresentationManager.present() }
+    }
+
+    @Test
+    fun `formWillAppear with missing formId still presents but skips lifecycle callback`() {
+        val mockLifecycleHandler = mockk<FormLifecycleHandler>(relaxed = true)
+        Registry.register<FormLifecycleHandler>(mockLifecycleHandler)
+
+        postMessage("""{"type":"formWillAppear","data":{"formName":"Test Form"}}""")
         verify { mockPresentationManager.present() }
+        verify(exactly = 0) { mockLifecycleHandler.onFormLifecycleEvent(any()) }
+        verify { spyLog.warning(any()) }
+
+        Registry.unregister<FormLifecycleHandler>()
     }
 
     @Test
@@ -264,7 +286,8 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
             "ios": "klaviyotest://settings",
             "android": "klaviyotest://settings",
             "formId": "64CjgW",
-            "formName": "Test Form"
+            "formName": "Test Form",
+            "buttonLabel": "Click Me"
           }
         }
     """.trimIndent()
@@ -290,7 +313,10 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
               "type": "openDeepLink",
               "data": {
                 "ios": "klaviyotest://settings",
-                "android": ""
+                "android": "",
+                "formId": "64CjgW",
+                "formName": "Test Form",
+                "buttonLabel": "Click Me"
               }
             }
         """.trimIndent()
@@ -305,6 +331,31 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
 
         verify(exactly = 0) { mockLifecycleHandler.onFormLifecycleEvent(any()) }
         verify(exactly = 0) { DeepLinking.handleDeepLink(any<Uri>()) }
+        verify { spyLog.warning(any()) }
+
+        Registry.unregister<FormLifecycleHandler>()
+    }
+
+    @Test
+    fun `openDeepLink with missing buttonLabel still navigates and fires lifecycle callback`() {
+        val message = """{"type":"openDeepLink","data":{"android":"klaviyotest://settings","formId":"64CjgW","formName":"Test Form"}}"""
+
+        mockkObject(DeepLinking)
+        every { DeepLinking.handleDeepLink(any<Uri>()) } returns Unit
+
+        val events = mutableListOf<FormLifecycleEvent>()
+        val callback = FormLifecycleHandler { event -> events.add(event) }
+        Registry.register<FormLifecycleHandler>(callback)
+
+        postMessage(message)
+
+        verify { DeepLinking.handleDeepLink(mockUri) }
+        assertEquals(1, events.size)
+        val ctaEvent = events[0] as FormLifecycleEvent.FormCtaClicked
+        assertEquals("64CjgW", ctaEvent.formId)
+        assertEquals("Test Form", ctaEvent.formName)
+        assertEquals("", ctaEvent.buttonLabel)
+        assertEquals(mockUri, ctaEvent.deepLinkUrl)
 
         Registry.unregister<FormLifecycleHandler>()
     }
@@ -335,7 +386,7 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
 
         // CTA — formId+formName come from the bridge message itself
         postMessage(
-            """{"type":"openDeepLink","data":{"android":"klaviyotest://settings","formId":"abc","formName":"My Form"}}"""
+            """{"type":"openDeepLink","data":{"android":"klaviyotest://settings","formId":"abc","formName":"My Form","buttonLabel":"Shop Now"}}"""
         )
         assertEquals(3, events.size)
         val ctaEvent = events[2] as FormLifecycleEvent.FormCtaClicked
@@ -356,12 +407,36 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
     }
 
     @Test
-    fun `formDisappeared triggers dismiss with empty context when no data`() {
+    fun `formDisappeared with no data still dismisses but skips lifecycle callback`() {
         /**
+         * All message types use tolerant parsing (optString) so that SDK-internal actions
+         * always fire, preventing the user from getting stuck behind a full-screen overlay.
+         * Lifecycle callbacks are gated on valid metadata at the dispatch layer.
+         *
          * @see com.klaviyo.forms.bridge.KlaviyoNativeBridge.close
          */
+        val mockLifecycleHandler = mockk<FormLifecycleHandler>(relaxed = true)
+        Registry.register<FormLifecycleHandler>(mockLifecycleHandler)
+
         postMessage("""{"type":"formDisappeared"}""")
         verify { mockPresentationManager.dismiss() }
+        verify(exactly = 0) { mockLifecycleHandler.onFormLifecycleEvent(any()) }
+        verify { spyLog.warning(any()) }
+
+        Registry.unregister<FormLifecycleHandler>()
+    }
+
+    @Test
+    fun `formDisappeared with missing formId still dismisses but skips lifecycle callback`() {
+        val mockLifecycleHandler = mockk<FormLifecycleHandler>(relaxed = true)
+        Registry.register<FormLifecycleHandler>(mockLifecycleHandler)
+
+        postMessage("""{"type":"formDisappeared","data":{"formName":"Test Form"}}""")
+        verify { mockPresentationManager.dismiss() }
+        verify(exactly = 0) { mockLifecycleHandler.onFormLifecycleEvent(any()) }
+        verify { spyLog.warning(any()) }
+
+        Registry.unregister<FormLifecycleHandler>()
     }
 
     @Test
@@ -378,36 +453,19 @@ internal class KlaviyoNativeBridgeTest : BaseTest() {
     @Test
     fun `malformed message throws an error`() {
         postMessage("sawr a warewolf with a chinese menu inhis hands")
-
-        verify {
-            spyLog.error(
-                "Failed to relay webview message: sawr a warewolf with a chinese menu inhis hands",
-                any<JSONException>()
-            )
-        }
+        verify { spyLog.error(any(), any<JSONException>()) }
     }
 
     @Test
     fun `unknown type throws an error`() {
         postMessage("""{"type":"unknown"}""")
-
-        verify {
-            spyLog.error(
-                "Failed to relay webview message: {\"type\":\"unknown\"}",
-                any<IllegalStateException>()
-            )
-        }
+        verify { spyLog.error(any(), any<IllegalStateException>()) }
     }
 
     @Test
     fun `null message logs warning`() {
         postMessage(null)
 
-        verify {
-            spyLog.warning(
-                "Received null message from webview",
-                null
-            )
-        }
+        verify { spyLog.warning(any(), null) }
     }
 }
diff --git a/sdk/forms/src/test/java/com/klaviyo/forms/bridge/NativeBridgeMessageTest.kt b/sdk/forms/src/test/java/com/klaviyo/forms/bridge/NativeBridgeMessageTest.kt

Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,9 @@ package com.klaviyo.forms`
`6`	`6`	`* Implement this interface to receive notifications when in-app form lifecycle events occur.`
`7`	`7`	`*`
`8`	`8`	`* Threading: The handler is always invoked on the main thread.`
`9`		`- * Avoid performing long-running or blocking work in this handler, as it may delay`
`10`		`- * form presentation or dismissal.`
	`9`	`+ * Lifecycle callbacks fire after the SDK has already initiated the corresponding`
	`10`	`+ * action (presentation, dismissal, or deep link navigation). Avoid performing`
	`11`	`+ * long-running or blocking work in this handler, as it runs on the main thread.`
`11`	`12`	`*`
`12`	`13`	`* Example usage:`
`13`	`14`	* ```