Skip to content

Add validation for admin password reset config updates. #6664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add validation for admin password reset config updates. #6664

wants to merge 6 commits into from
+329 −7

Conversation

Malith-19
Copy link
Contributor

@Malith-19 Malith-19 commented Apr 4, 2025
edited
Loading

Purpose

  • $subject

Related issues

Approach

  • With changes now only one of the below governance configs can be enabled for a given time,
    • Email Link - Recovery.AdminPasswordReset.RecoveryLink
    • Email OTP - Recovery.AdminPasswordReset.OTP
    • Offline - Recovery.AdminPasswordReset.Offline
    • SMS OTP - Recovery.AdminPasswordReset.SMSOTP
  • Additionally this will compare the current configuration if user not updating all configs at once.
    • For example, now user will not able enable email OTP option when email Link is already enabled.
  • Config correction method is added to always enable one admin force password config and when all configs are disabled email link will be enabled by default.

After merge

@Malith-19 Malith-19 self-assigned this Apr 4, 2025
@codecov Codecov
Copy link

codecov bot commented Apr 4, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 81.81818% with 16 lines in your changes missing coverage. Please review.

Project coverage is 48.35%. Comparing base (37686de) to head (e91aa1e).
Report is 68 commits behind head on master.

Files with missing lines Patch % Lines
.../org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java 46.42% 11 Missing and 4 partials ⚠️
...rg/wso2/carbon/idp/mgt/util/IdPManagementUtil.java 98.33% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #6664      +/-   ##
============================================
+ Coverage     48.20%   48.35%   +0.14%     
- Complexity    16407    16468      +61     
============================================
  Files          1830     1833       +3     
  Lines        109630   111852    +2222     
  Branches      20646    21035     +389     
============================================
+ Hits          52849    54083    +1234     
- Misses        49552    50451     +899     
- Partials       7229     7318      +89
Flag Coverage Δ
unit 32.08% <81.81%> (+0.11%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Malith-19 Malith-19 mentioned this pull request Apr 4, 2025
Open
10 tasks
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14263683130

@Malith-19 Malith-19 mentioned this pull request Apr 4, 2025
Open
@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14263683130
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14266111360

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14266111360
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Apr 4, 2025
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/14266111360

Malith-19
Malith-19 commented Apr 16, 2025
View reviewed changes
...gt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementUtil.java Outdated
Comment on lines 556 to 560
if(isMultipleConfigsEnabled(configs)) {
throw IdPManagementUtil.handleClientException(
IdPManagementConstants.ErrorMessage.ERROR_CODE_INVALID_CONNECTOR_CONFIGURATION,
"Enabling admin forced password reset option while other options are enabled is not allowed");
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we are only allowing to enable only one config for a given time and returning email link enabled when all configs are disabled, do we need to add additional validation to ensure that user not disabling all configs?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can do that validation at this level, let's validate from here and return proper client error. Otherwise as we do the correction, it might looks the previous action didn't committed properly.

Copy link
Contributor Author

@Malith-19 Malith-19 Apr 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added from e91aa1e

Malith-19
Malith-19 commented Apr 16, 2025
View reviewed changes
components/idp-mgt/org.wso2.carbon.idp.mgt/src/test/resources/dbscripts/h2.sql
@@ -598,7 +598,7 @@ CREATE TABLE IF NOT EXISTS IDP_METADATA (
DISPLAY_NAME VARCHAR(255),
TENANT_ID INTEGER DEFAULT -1,
PRIMARY KEY (ID),
CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
-- CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this constraint since with the config correction get call tries to update the admin forced password email link config to true while mocked IDP properties are passed rather than the real IDP properties from the database.

@Malith-19 Malith-19 requested review from Copilot and removed request for jenkins-is-staging April 16, 2025 09:45
Copilot
Copilot AI reviewed Apr 16, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds validations for admin password reset configuration updates to ensure that only one of the possible options (Email Link, Email OTP, Offline, SMS OTP) is enabled at a time, and provides automatic correction when all are disabled. Key changes include the introduction of new validation methods in IdPManagementUtil, updates to test cases in IdPManagementUtilTest, and corresponding constant and DAO modifications to support the new logic.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File Description
components/idp-mgt/org.wso2.carbon.idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/util/IdPManagementUtilTest.java Added tests and helper methods for validating admin password reset configurations; contains a variable naming typo.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementUtil.java Introduced new validation methods for admin password reset options.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java Added new constants for the admin password reset configurations.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java Updated DAO logic to read the new admin reset configurations and to auto-correct them if necessary.
Files not reviewed (1)
  • components/idp-mgt/org.wso2.carbon.idp.mgt/src/test/resources/dbscripts/h2.sql: Language not supported
Comments suppressed due to low confidence (1)

components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java:6241

  • [nitpick] For consistency with other parts of the code, consider using the predefined TRUE_STRING constant instead of String.valueOf(true) when setting the property value.
adminForcedPasswordResetProperty.setValue(String.valueOf(true));

sadilchamishka
sadilchamishka previously approved these changes Apr 17, 2025
View reviewed changes
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Malith-19 Malith-19 mentioned this pull request Apr 17, 2025
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

@sadilchamishka sadilchamishka sadilchamishka left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Malith-19 Malith-19

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Malith-19 @jenkins-is-staging @sadilchamishka