Add unit tests for internal/didit KYC client (CreateSession, GetSessionDecision)

[Jagadeeshftw]

📌 Description

internal/didit/client.go wraps the Didit KYC API (CreateSession POSTs to /v2/session/, GetSessionDecision GETs /v2/session/{id}/decision/, both with x-api-key auth and a 30s timeout) but has no test file. KYC drives the kyc.go handler and gates user verification.

💡 Why it matters: Verification status decisions depend on correctly parsing Didit responses; untested parsing risks misclassifying users' KYC state.

🧩 Requirements and context

• Use httptest.Server to assert the x-api-key header, method, path, and workflow_id payload.
• Cover a successful session creation and decision retrieval with realistic JSON.
• Cover Didit error bodies and non-2xx responses, asserting the captured raw body for debugging.
• Verify the 30s client timeout via a slow server and context deadline.
• No real Didit network access.

Non-functional requirements

• Must be secure, tested, and documented.
• Should be efficient and easy to review.

🛠️ Suggested execution

1. Fork the repo and create a branch

git checkout -b test/didit-client

2. Implement changes

• Write/modify the relevant source: refactor NewClient to accept a base URL for tests if needed
• Write comprehensive tests: internal/didit/client_test.go
• Add documentation: GoDoc on response parsing
• Include GoDoc comments on the status mapping
• Validate security assumptions: API key must not be logged

3. Test and commit

• Run tests:

go test ./internal/didit/...

• Cover edge cases: error body, timeout, malformed JSON
• Include test output and security notes in the PR description.

Example commit message

test(didit): cover KYC session creation and decision parsing

✅ Acceptance criteria

• Header/method/path/payload asserted for both calls
• Success and error responses covered
• Timeout behavior tested
• No real network calls

🔒 Security notes

Confirms the x-api-key is sent but never logged; ensures error bodies captured for debugging do not leak into client responses.

📋 Guidelines

• Minimum 95% test coverage
• Clear documentation
• Timeframe: 96 hours

[xx7412421-cloud]

Hi, I would like to work on this issue if it is still available.

Planned approach:

• Review internal/didit/client.go first so the tests assert the current request paths, headers, payloads, timeout behavior, and response parsing exactly.
• Add internal/didit/client_test.go using httptest.Server only; no real Didit network calls.
• Cover successful session creation, decision retrieval, non-2xx/error bodies, malformed JSON where applicable, and timeout behavior.
• Ensure the API key is asserted on requests but never logged or exposed in test output.
• Run go test ./internal/didit/... and include the result in the PR.

I will wait for assignment before opening a PR so the work follows the GrantFox workflow.

[clintjeff2]

Hello, I have 6 years of experience working on tasks like this and handling similar challenges across backend, frontend, and smart-contract development. I have carefully read and fully understood the task requirements, and I am confident I can deliver a clean, efficient, and well-tested solution promptly. I always ensure high-quality implementation, maintainability, and adherence to best practices.

Pull request in 5 hours.