Hanlde ASK password OTP failures and redirect to password reset page

Author: sadilchamishka

components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticator.java

@@ -94,6 +94,7 @@
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.ACCOUNT_IS_LOCKED;
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.ACCOUNT_LOCKED_REASON;
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.ACCOUNT_PENDING_APPROVAL;
+import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.ASK_PASSWORD_VIA_OTP;
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.AUTHENTICATOR_BASIC;
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.AUTHENTICATOR_MESSAGE;
 import static org.wso2.carbon.identity.application.authenticator.basicauth.BasicAuthenticatorConstants.DISPLAY_PASSWORD;
@@ -448,6 +449,33 @@ protected void initiateAuthenticationRequest(HttpServletRequest request,
                             URLEncoder.encode(reason, BasicAuthenticatorConstants.UTF_8);
                     setAuthenticatorErrorMessage(getErrorMessage(errorCode, FORCED_PASSWORD_RESET_VIA_OTP),
                             context);
+                } else if (errorCode.equals(IdentityCoreConstants.ASK_PASSWORD_SET_PASSWORD_VIA_OTP_ERROR_CODE)) {
+                    String username = request.getParameter(USER_NAME);
+                    String tenantDomain = getTenantDomainFromUserName(context, username);
+
+                    // Setting callback so that the user is prompted to login after setting password.
+                    String callback;
+                    try {
+                        callback = ServiceURLBuilder.create().addPath(loginPage).build().getAbsolutePublicURL();
+                    } catch (URLBuilderException e) {
+                        throw new IdentityRuntimeException(
+                                "Error while building callback url for context: " + loginPage, e);
+                    }
+                    callback = callback + ("?" + queryParams)
+                            + BasicAuthenticatorConstants.AUTHENTICATORS + getName() + ":" +
+                            BasicAuthenticatorConstants.LOCAL;
+                    String reason = RecoveryScenarios.ASK_PASSWORD_VIA_EMAIL_OTP.name();
+
+                    redirectURL = recoveryPage + CONFIRM_RECOVERY_DO +
+                            BasicAuthenticatorConstants.USER_NAME_PARAM + URLEncoder.encode(username,
+                            BasicAuthenticatorConstants.UTF_8) + BasicAuthenticatorConstants.TENANT_DOMAIN_PARAM +
+                            URLEncoder.encode(tenantDomain, BasicAuthenticatorConstants.UTF_8) +
+                            BasicAuthenticatorConstants.CONFIRMATION_PARAM + URLEncoder.encode(password,
+                            BasicAuthenticatorConstants.UTF_8) + BasicAuthenticatorConstants.CALLBACK_PARAM +
+                            URLEncoder.encode(callback, BasicAuthenticatorConstants.UTF_8) +
+                            BasicAuthenticatorConstants.REASON_PARAM +
+                            URLEncoder.encode(reason, BasicAuthenticatorConstants.UTF_8);
+                    setAuthenticatorErrorMessage(getErrorMessage(errorCode, ASK_PASSWORD_VIA_OTP), context);
                 } else if (errorCode.equals(
                         IdentityCoreConstants.USER_ACCOUNT_PENDING_APPROVAL_ERROR_CODE)) {
                     retryParam = BasicAuthenticatorConstants.AUTH_FAILURE_PARAM + "true" +

components/org.wso2.carbon.identity.application.authenticator.basicauth/src/main/java/org/wso2/carbon/identity/application/authenticator/basicauth/BasicAuthenticatorConstants.java

@@ -81,6 +81,7 @@ public abstract class BasicAuthenticatorConstants {
             " password via OTP.";
     public static final String FORCED_PASSWORD_RESET_VIA_EMAIL = "The admin has forced user to " +
             "reset password via Email.";
+    public static final String ASK_PASSWORD_VIA_OTP = "User is requested to set the password via OTP.";
 
     /**
      * Constants related to log management.

pom.xml

@@ -380,11 +380,11 @@
         <carbon.base.imp.pkg.version.range>[1.0.0, 2.0.0)</carbon.base.imp.pkg.version.range>
 
         <!-- Carbon Identity Framework version -->
-        <carbon.identity.framework.version>7.8.331</carbon.identity.framework.version>
+        <carbon.identity.framework.version>7.8.334-SNAPSHOT</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.19.14, 8.0.0)
         </carbon.identity.framework.imp.pkg.version.range>
 
-        <identity.governance.version>1.8.23</identity.governance.version>
+        <identity.governance.version>1.11.107-SNAPSHOT</identity.governance.version>
         <identity.governance.imp.pkg.version.range>[1.5.89, 3.0.0)</identity.governance.imp.pkg.version.range>
 
         <osgi.framework.imp.pkg.version.range>[1.7.0, 2.0.0)</osgi.framework.imp.pkg.version.range>