Merge pull request wso2#9947 from wso2/sync-pr-9843-to-next

[Sync][master -> next][wso2#9843]: Hide enable enhanced org authentication toggle in my account settings update view in console

Author: SujanSanjula96

.changeset/odd-rice-vanish.md

@@ -0,0 +1,7 @@
+---
+"@wso2is/admin.applications.v1": patch
+"@wso2is/identity-apps-core": patch
+"@wso2is/console": patch
+---
+
+Hide enable enhanced org authentication toggle in my account and add backend validations for system apps

features/admin.applications.v1/components/settings/shared-access.tsx

@@ -85,6 +85,10 @@ export const SharedAccess: FunctionComponent<SharedAccessPropsInterface> = (
     const isEnhancedOrganizationAuthenticationFeatureEnabled: boolean = useSelector((state: AppState) =>
         state?.config?.ui?.isEnhancedOrganizationAuthenticationFeatureEnabled);
 
+    const isMyAccount: boolean =
+        ApplicationManagementConstants.MY_ACCOUNT_CLIENT_ID === application?.clientId ||
+        ApplicationManagementConstants.MY_ACCOUNT_APP_NAME === application?.name;
+
     const statusToi18nKeyMap: Map<OperationStatus, { alertLevel: AlertLevels, i18nKey: string }> =
         new Map<OperationStatus, { alertLevel: AlertLevels, i18nKey: string }>([
             [ OperationStatus.SUCCESS, { alertLevel: AlertLevels.SUCCESS, i18nKey: "success" } ],
@@ -155,7 +159,7 @@ export const SharedAccess: FunctionComponent<SharedAccessPropsInterface> = (
                         )
                 }
             </EmphasizedSegment>
-            { isEnhancedOrganizationAuthenticationFeatureEnabled && (
+            { isEnhancedOrganizationAuthenticationFeatureEnabled && !isMyAccount && (
                 <EnhancedOrganizationLoginToggle
                     appId={ application.id }
                     isEnabled={ application.enhancedOrgAuthenticationEnabled ?? false }

identity-apps-core/components/org.wso2.identity.apps.common/src/main/java/org/wso2/identity/apps/common/listner/AppPortalApplicationMgtListener.java

@@ -20,14 +20,21 @@
 
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
+import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
 import org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.oauth.Error;
 import org.wso2.identity.apps.common.internal.AppsCommonDataHolder;
 
+import java.util.Arrays;
+import java.util.Optional;
 import java.util.Set;
 
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.OAUTH2;
+
 /**
  * App portal application management listener.
  */
@@ -64,7 +71,18 @@ public boolean isEnable() {
     public boolean doPreUpdateApplication(ServiceProvider serviceProvider, String tenantDomain, String userName)
         throws IdentityApplicationManagementException {
 
-        if (!isEnable() || IdentityApplicationManagementUtil.getAllowUpdateSystemApplicationThreadLocal()) {
+        if (!isEnable()) {
+            return true;
+        }
+
+        Optional<String> clientId = getOAuth2ClientId(serviceProvider);
+        if (clientId.isPresent() && IdentityTenantUtil.isSystemApplication(tenantDomain, clientId.get()) &&
+            serviceProvider.isEnhancedOrganizationAuthenticationEnabled()) {
+            throw new IdentityApplicationManagementClientException(Error.INVALID_UPDATE.getErrorCode(),
+                "Enabling enhanced organization authentication is not allowed for system applications.");
+        }
+
+        if (IdentityApplicationManagementUtil.getAllowUpdateSystemApplicationThreadLocal()) {
             return true;
         }
 
@@ -93,6 +111,17 @@ public boolean doPreDeleteApplication(String applicationName, String tenantDomai
             "Deletion of system applications are not allowed. Application name: " + applicationName);
     }
 
+    private Optional<String> getOAuth2ClientId(ServiceProvider serviceProvider) {
+
+        return Optional.ofNullable(serviceProvider.getInboundAuthenticationConfig())
+            .map(InboundAuthenticationConfig::getInboundAuthenticationRequestConfigs)
+            .map(Arrays::stream)
+            .flatMap(stream -> stream
+                .filter(cfg -> OAUTH2.equals(cfg.getInboundAuthType()))
+                .findFirst())
+            .map(InboundAuthenticationRequestConfig::getInboundAuthKey);
+    }
+
     private ServiceProvider getApplicationByResourceId(String resourceId, String tenantDomain)
         throws IdentityApplicationManagementException {
 

identity-apps-core/pom.xml

@@ -804,7 +804,7 @@
         <carbon.extension.identity.authenticator.version>3.0.0</carbon.extension.identity.authenticator.version>
         <org.wso2.carbon.identity.association.account>5.1.5</org.wso2.carbon.identity.association.account>
         <identity.extension.utils>1.0.8</identity.extension.utils>
-        <carbon.identity.framework.version>7.10.32</carbon.identity.framework.version>
+        <carbon.identity.framework.version>7.10.68</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.0.0, 8.0.0)</carbon.identity.framework.imp.pkg.version.range>
         <identity.organization.management.core.service.version>1.0.77
         </identity.organization.management.core.service.version>