Merge branch 'wso2-extensions:master' into return-error-code-for-pwd-…

…policy-violation

.github/workflows/coverage-generator.yml

@@ -0,0 +1,177 @@
+name: Code Coverage Generator
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Daily 22:00 UTC (3.30 AM SL time).
+    - cron: '00 22 * * *'
+
+jobs:
+  build-source:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Adopt JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: "adopt"
+
+      - name: Build with Maven
+        run: |
+          mvn clean install -U -B -Dmaven.test.skip=true
+
+      - name: Cache source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+
+  oidc-conformance-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Get the latest Jacoco report URL
+        id: get-artifact-url-oidc
+        run: |
+          GITHUB_API_URL="https://api.github.com"
+          OWNER="wso2"
+          REPO="product-is"
+          WORKFLOW_ID="oidc-conformance-test.yml"
+          GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+
+          # Get the latest successful workflow run
+          WORKFLOW_RUNS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/runs?status=success&per_page=1")
+          RUN_ID=$(echo $WORKFLOW_RUNS | jq -r '.workflow_runs[0].id')
+
+          if [ "$RUN_ID" == "null" ]; then
+            echo "No successful workflow runs found"
+            exit 1
+          fi
+
+          # Get the artifacts for the workflow run
+          ARTIFACTS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")
+          ARTIFACT_URL=$(echo $ARTIFACTS | jq -r '.artifacts[] | select(.name == "jacoco-xml") | .archive_download_url')
+
+          if [ "$ARTIFACT_URL" == "null" ]; then
+            echo "Artifact not found"
+            exit 1
+          fi
+
+          echo "::set-output name=artifact-url::$ARTIFACT_URL"
+
+      - name: Download latest Jacoco report
+        run: |
+          curl -L -o artifact-oidc.zip \
+          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          ${{ steps.get-artifact-url-oidc.outputs.artifact-url }}
+
+      - name: Unzip Jacoco report
+        run: |
+          unzip artifact-oidc.zip -d ./artifacts-oidc
+
+      - name: Upload coverage reports to Codecov for OIDC
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-oidc/jacoco.xml
+          flags: conformance-oidc
+          disable_search: true
+
+  fapi-conformance-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Get the latest Jacoco report URL
+        id: get-artifact-url-fapi
+        run: |
+          GITHUB_API_URL="https://api.github.com"
+          OWNER="wso2"
+          REPO="product-is"
+          WORKFLOW_ID="fapi-oidc-conformance-test.yml"
+          GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+
+          # Get the latest successful workflow run
+          WORKFLOW_RUNS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/runs?status=success&per_page=1")
+          RUN_ID=$(echo $WORKFLOW_RUNS | jq -r '.workflow_runs[0].id')
+
+          if [ "$RUN_ID" == "null" ]; then
+            echo "No successful workflow runs found"
+            exit 1
+          fi
+
+          # Get the artifacts for the workflow run
+          ARTIFACTS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$GITHUB_API_URL/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")
+          ARTIFACT_URL=$(echo $ARTIFACTS | jq -r '.artifacts[] | select(.name == "jacoco-xml") | .archive_download_url')
+
+          if [ "$ARTIFACT_URL" == "null" ]; then
+            echo "Artifact not found"
+            exit 1
+          fi
+
+          echo "::set-output name=artifact-url::$ARTIFACT_URL"
+
+      - name: Download the latest Jacoco report
+        run: |
+          curl -L -o artifact-fapi.zip \
+          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          ${{ steps.get-artifact-url-fapi.outputs.artifact-url }}
+
+      - name: Unzip Jacoco report
+        run: |
+          unzip artifact-fapi.zip -d ./artifacts-fapi
+
+      - name: Upload coverage reports to Codecov for FAPI
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-fapi/jacoco.xml
+          flags: conformance-fapi
+          disable_search: true
+
+  integration-test-report:
+    needs: build-source
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Restore source code
+        uses: actions/cache@v4
+        with:
+          path: .
+          key: ${{ runner.os }}-source-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-source-
+
+      - name: Download integration Jacoco XML report
+        run: |
+          mkdir artifacts-integration
+          curl -L -o ./artifacts-integration/jacoco.xml https://wso2.org/jenkins/job/products/job/product-is/lastSuccessfulBuild/artifact/modules/integration/tests-integration/tests-backend/target/jacoco/coverage/jacoco.xml
+
+      - name: Upload coverage reports to Codecov for integration tests
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./artifacts-integration/jacoco.xml
+          flags: integration
+          disable_search: true

.github/workflows/pr-builder.yml

@@ -50,3 +50,4 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files : target/site/jacoco/jacoco.xml
+          flags: unit

codecov.yml

@@ -1,16 +1,24 @@
-
 codecov:
   require_ci_to_pass: yes
   notify:
     wait_for_ci: yes
+  max_report_age: false
+
 coverage:
   status:
-    project:
-      default:
-        enabled: yes
-        threshold: null
-        target: auto
-    patch:
-      default:
-        target: 80%
-        threshold: 40%
+    project: off
+    patch: off
+
+flag_management:
+  default_rules:
+    carryforward: true
+  individual_flags:
+    - name: unit
+      statuses:
+        - type: project
+          target: auto
+          threshold: null
+        - type: patch
+          target: 80%
+          threshold: 40%
+

components/org.wso2.carbon.identity.account.suspension.notification.task/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>identity-governance</artifactId>
         <groupId>org.wso2.carbon.identity.governance</groupId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.api.user.governance/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.user.governance</artifactId>
-    <version>1.11.15-SNAPSHOT</version>
+    <version>1.11.17-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>WSO2 Carbon -  User Rest Governance API</name>
     <description>WSO2 Carbon - User Rest Governance API</description>

components/org.wso2.carbon.identity.api.user.recovery/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.user.recovery</artifactId>
-    <version>1.11.15-SNAPSHOT</version>
+    <version>1.11.17-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>WSO2 Carbon - Identity Management Recovery Rest API</name>
     <description>WSO2 Carbon - Identity Management Recovery Rest API</description>

components/org.wso2.carbon.identity.auth.attribute.handler/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.captcha/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.governance/pom.xml

@@ -18,7 +18,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.11.15-SNAPSHOT</version>
+        <version>1.11.17-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/IdentityGovernanceServiceImpl.java

@@ -56,6 +56,9 @@ public class IdentityGovernanceServiceImpl implements IdentityGovernanceService
     private static final String EMAIL_LINK_PASSWORD_RECOVERY_PROPERTY
             = "Recovery.Notification.Password.emailLink.Enable";
     private static final String SMS_OTP_PASSWORD_RECOVERY_PROPERTY = "Recovery.Notification.Password.smsOtp.Enable";
+    private static final String USERNAME_RECOVERY_ENABLE = "Recovery.Notification.Username.Enable";
+    private  static final String USERNAME_RECOVERY_EMAIL_ENABLE = "Recovery.Notification.Username.Email.Enable";
+    private static final String USERNAME_RECOVERY_SMS_ENABLE = "Recovery.Notification.Username.SMS.Enable";
     private static final String FALSE_STRING = "false";
 
     public void updateConfiguration(String tenantDomain, Map<String, String> configurationDetails)
@@ -70,6 +73,7 @@ public void updateConfiguration(String tenantDomain, Map<String, String> configu
             updateEmailOTPNumericPropertyValue(configurationDetails);
             IdPManagementUtil.validatePasswordRecoveryPropertyValues(configurationDetails);
             updatePasswordRecoveryPropertyValues(configurationDetails, identityMgtProperties);
+            updateUsernameRecoveryPropertyValues(configurationDetails, identityMgtProperties);
             for (IdentityProviderProperty identityMgtProperty : identityMgtProperties) {
                 IdentityProviderProperty prop = new IdentityProviderProperty();
                 String key = identityMgtProperty.getName();
@@ -407,4 +411,63 @@ private void updatePasswordRecoveryPropertyValues(Map<String, String> configurat
             }
         }
     }
+
+    /**
+     * This method updates the username recovery property values based on the new configurations.
+     *
+     * @param configurationDetails    Updating configuration details of the resident identity provider.
+     * @param identityMgtProperties   Identity management properties of the resident identity provider.
+     */
+    private void updateUsernameRecoveryPropertyValues(Map<String, String> configurationDetails,
+                                                      IdentityProviderProperty[] identityMgtProperties) {
+
+        if (configurationDetails.containsKey(USERNAME_RECOVERY_ENABLE) ||
+                configurationDetails.containsKey(USERNAME_RECOVERY_EMAIL_ENABLE) ||
+                configurationDetails.containsKey(USERNAME_RECOVERY_SMS_ENABLE)) {
+
+            String usernameRecoveryProp = configurationDetails.get(USERNAME_RECOVERY_ENABLE);
+            String usernameRecoveryEmailProp = configurationDetails.get(USERNAME_RECOVERY_EMAIL_ENABLE);
+            String usernameRecoverySmsProp = configurationDetails.get(USERNAME_RECOVERY_SMS_ENABLE);
+
+            boolean usernameRecoveryProperty = Boolean.parseBoolean(usernameRecoveryProp);
+            boolean usernameRecoveryEmailProperty = Boolean.parseBoolean(usernameRecoveryEmailProp);
+            boolean usernameRecoverySmsProperty = Boolean.parseBoolean(usernameRecoverySmsProp);
+
+            if(usernameRecoveryProperty) {
+                configurationDetails.put(USERNAME_RECOVERY_EMAIL_ENABLE,
+                        String.valueOf(usernameRecoveryEmailProperty ||
+                                StringUtils.isBlank(usernameRecoveryEmailProp)));
+                configurationDetails.put(USERNAME_RECOVERY_SMS_ENABLE,
+                        String.valueOf(usernameRecoverySmsProperty ||
+                                StringUtils.isBlank(usernameRecoverySmsProp)));
+            } else if (StringUtils.isBlank(usernameRecoveryProp)) {
+                // Connector is not explicitly enabled or disabled. The connector state is derived from new and existing
+                // configurations.
+                boolean isUsernameEmailRecoveryCurrentlyEnabled = false;
+                boolean isUsernameSmsRecoveryCurrentlyEnabled = false;
+                for (IdentityProviderProperty identityMgtProperty : identityMgtProperties) {
+                    if (USERNAME_RECOVERY_EMAIL_ENABLE.equals(identityMgtProperty.getName())) {
+                        isUsernameEmailRecoveryCurrentlyEnabled = Boolean.parseBoolean(identityMgtProperty.getValue());
+                    } else if (USERNAME_RECOVERY_SMS_ENABLE.equals(identityMgtProperty.getName())) {
+                        isUsernameSmsRecoveryCurrentlyEnabled = Boolean.parseBoolean(identityMgtProperty.getValue());
+                    }
+                }
+                boolean enableUsernameEmailRecovery = usernameRecoveryEmailProperty ||
+                        ( StringUtils.isBlank(usernameRecoveryEmailProp) &&
+                                isUsernameEmailRecoveryCurrentlyEnabled );
+                boolean enableUsernameSmsRecovery = usernameRecoverySmsProperty ||
+                        ( StringUtils.isBlank(usernameRecoverySmsProp) &&
+                                isUsernameSmsRecoveryCurrentlyEnabled );
+                configurationDetails.put(USERNAME_RECOVERY_EMAIL_ENABLE,
+                        String.valueOf(enableUsernameEmailRecovery));
+                configurationDetails.put(USERNAME_RECOVERY_SMS_ENABLE,
+                        String.valueOf(enableUsernameSmsRecovery));
+                configurationDetails.put(USERNAME_RECOVERY_ENABLE,
+                        String.valueOf(enableUsernameEmailRecovery || enableUsernameSmsRecovery));
+            } else {
+                configurationDetails.put(USERNAME_RECOVERY_EMAIL_ENABLE, FALSE_STRING);
+                configurationDetails.put(USERNAME_RECOVERY_SMS_ENABLE, FALSE_STRING);
+            }
+        }
+    }
 }