Validate username in basic_auth helper

- Raise ValueError if username is empty
- Raise ValueError if username contains a colon character
  (colon is the RFC 7617 separator between username and password)
- Add two unit tests covering both invalid cases

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: mchades

src/adp_sdk/client/session.py

@@ -67,12 +67,19 @@ def basic_auth(username: str, password: str = "") -> str:
     """Build a Basic Authorization header value.
 
     Args:
-        username: The username.
+        username: The username. Must be non-empty and must not contain a colon.
         password: The password (defaults to empty string).
 
     Returns:
         A string in the format ``"Basic <base64(username:password)>"``.
+
+    Raises:
+        ValueError: If ``username`` is empty or contains a colon character.
     """
+    if not username:
+        raise ValueError("username must not be empty")
+    if ":" in username:
+        raise ValueError("username must not contain a colon character")
     credentials = base64.b64encode(f"{username}:{password}".encode()).decode()
     return f"Basic {credentials}"
 

tests/test_client_session.py

@@ -542,3 +542,11 @@ def test_basic_auth_round_trip(self) -> None:
         _, _, payload = auth.partition(" ")
         decoded = base64.b64decode(payload).decode()
         self.assertEqual(decoded, "user:pass")
+
+    def test_basic_auth_empty_username_raises(self) -> None:
+        with self.assertRaises(ValueError, msg="username must not be empty"):
+            basic_auth("")
+
+    def test_basic_auth_username_with_colon_raises(self) -> None:
+        with self.assertRaises(ValueError, msg="username must not contain a colon character"):
+            basic_auth("user:name", "pass")