Add validation for admin password reset config updates.

[Malith-19]

Purpose

• $subject

Related issues

• Unification of forced password reset over OTP product-is#23660

Approach

• With changes now only one of the below governance configs can be enabled for a given time,
  • Email Link - Recovery.AdminPasswordReset.RecoveryLink
  • Email OTP - Recovery.AdminPasswordReset.OTP
  • Offline - Recovery.AdminPasswordReset.Offline
  • SMS OTP - Recovery.AdminPasswordReset.SMSOTP
• Additionally this will compare the current configuration if user not updating all configs at once.
  • For example, now user will not able enable email OTP option when email Link is already enabled.
• Config correction method is added to always enable one admin force password config and when all configs are disabled email link will be enabled by default. Please note that this config correction will not persist the corrected value but correction will happen when getting the governance configs.

After merge

• Use this validation method to validate the configs in the governance repo [1].
  [1] https://github.com/wso2-extensions/identity-governance/blob/381c5fffa0d694db0fdecdb1ec17aab40a1adb42/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/IdentityGovernanceServiceImpl.java#L76

[codecov]

Codecov Report

Attention: Patch coverage is 80.89888% with 17 lines in your changes missing coverage. Please review.

Project coverage is 48.36%. Comparing base (37686de) to head (db10f4b).
Report is 101 commits behind head on master.

Files with missing lines	Patch %	Lines
.../org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java	44.82%	12 Missing and 4 partials ⚠️
...rg/wso2/carbon/idp/mgt/util/IdPManagementUtil.java	98.33%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #6664      +/-   ##
============================================
+ Coverage     48.20%   48.36%   +0.15%     
- Complexity    16407    16497      +90     
============================================
  Files          1830     1833       +3     
  Lines        109630   111940    +2310     
  Branches      20646    21040     +394     
============================================
+ Hits          52849    54139    +1290     
- Misses        49552    50482     +930     
- Partials       7229     7319      +90     

Flag	Coverage Δ
unit	32.10% <80.89%> (+0.13%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14263683130

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14263683130
Status: failure

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14266111360

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14266111360
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/14266111360

[Copilot]

Pull Request Overview

This PR adds validations for admin password reset configuration updates to ensure that only one of the possible options (Email Link, Email OTP, Offline, SMS OTP) is enabled at a time, and provides automatic correction when all are disabled. Key changes include the introduction of new validation methods in IdPManagementUtil, updates to test cases in IdPManagementUtilTest, and corresponding constant and DAO modifications to support the new logic.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File	Description
components/idp-mgt/org.wso2.carbon.idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/util/IdPManagementUtilTest.java	Added tests and helper methods for validating admin password reset configurations; contains a variable naming typo.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementUtil.java	Introduced new validation methods for admin password reset options.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java	Added new constants for the admin password reset configurations.
components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java	Updated DAO logic to read the new admin reset configurations and to auto-correct them if necessary.

Files not reviewed (1)

• components/idp-mgt/org.wso2.carbon.idp.mgt/src/test/resources/dbscripts/h2.sql: Language not supported

Comments suppressed due to low confidence (1)

components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java:6241

• [nitpick] For consistency with other parts of the code, consider using the predefined TRUE_STRING constant instead of String.valueOf(true) when setting the property value.

adminForcedPasswordResetProperty.setValue(String.valueOf(true));

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14539455833

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14539455833
Status: failure

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14551029871

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14551029871
Status: failure

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14565985058

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14565985058
Status: failure

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/14569950349

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/14569950349
Status: failure

[Malith-19]

Integration test runner only fails due to UserMeSuccessTestBase as per the last run in the fork which is intermittent and not related to this code changes.