From 75b9b82e7909f102b71da380a92b3b639bb376aa Mon Sep 17 00:00:00 2001
From: Ashan Thamara Palihakkara
<75057725+ashanthamara@users.noreply.github.com>
Date: Sun, 26 Jan 2025 14:09:34 +0530
Subject: [PATCH 1/2] Add validations required to handle exception from
password action
---
.../org.wso2.carbon.identity.recovery/pom.xml | 4 ++
.../recovery/IdentityRecoveryConstants.java | 1 +
.../NotificationPasswordRecoveryManager.java | 49 ++++++++++++++++++-
pom.xml | 7 ++-
4 files changed, 59 insertions(+), 2 deletions(-)
diff --git a/components/org.wso2.carbon.identity.recovery/pom.xml b/components/org.wso2.carbon.identity.recovery/pom.xml
index 7590e1374..37e1164df 100644
--- a/components/org.wso2.carbon.identity.recovery/pom.xml
+++ b/components/org.wso2.carbon.identity.recovery/pom.xml
@@ -128,6 +128,10 @@
org.wso2.carbon.identity.framework
org.wso2.carbon.identity.input.validation.mgt
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.user.action
+
org.wso2.carbon.identity.governance
org.wso2.carbon.identity.multi.attribute.login.service
diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
index 53b3fa0ed..0c73b9601 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
@@ -329,6 +329,7 @@ public enum ErrorMessages {
ERROR_CODE_NO_HASHING_ALGO_FOR_CODE("20065", "Error while hashing the code."),
ERROR_CODE_MULTIPLE_CLAIMS_WITH_MULTI_ATTRIBUTE_URI("20066", "Multiple claims not allowed " +
"when user identifier claim is used."),
+ ERROR_CODE_INVALID_PASSWORD("20067", "Error while validating the password. %s"),
ERROR_CODE_ERROR_RETRIVING_CLAIM("18004", "Error when retrieving the locale claim of user '%s' of '%s' domain."),
ERROR_CODE_RECOVERY_DATA_NOT_FOUND_FOR_USER("18005", "Recovery data not found."),
diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
index 2b4b30871..d5e27e7ed 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
@@ -31,6 +31,8 @@
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.core.context.model.Flow;
+import org.wso2.carbon.identity.core.context.IdentityContext;
import org.wso2.carbon.identity.core.persistence.registry.RegistryResourceMgtService;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
@@ -57,9 +59,11 @@
import org.wso2.carbon.identity.recovery.store.JDBCRecoveryDataStore;
import org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore;
import org.wso2.carbon.identity.recovery.util.Utils;
+import org.wso2.carbon.identity.user.action.service.constant.UserActionError;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.UserStoreClientException;
import org.wso2.carbon.user.core.service.RealmService;
import java.io.UnsupportedEncodingException;
@@ -634,6 +638,7 @@ public User updateUserPassword(String code, String password, Property[] properti
} catch (IdentityRecoveryException e) {
userRecoveryData = userRecoveryDataStore.load(code);
}
+ updateIdentityContext(userRecoveryData);
validateCallback(properties, userRecoveryData.getUser().getTenantDomain());
publishEvent(userRecoveryData.getUser(), null, code, password, properties,
IdentityEventConstants.Event.PRE_ADD_NEW_PASSWORD, userRecoveryData);
@@ -727,6 +732,7 @@ public User updateUserPassword(String code, String confirmationCode, String pass
try {
userRecoveryData = userRecoveryDataStore.loadFromRecoveryFlowId(confirmationCode,
RecoverySteps.UPDATE_PASSWORD);
+ updateIdentityContext(userRecoveryData);
validateCallback(properties, userRecoveryData.getUser().getTenantDomain());
publishEvent(userRecoveryData.getUser(), null, null, password, properties,
IdentityEventConstants.Event.PRE_ADD_NEW_PASSWORD, userRecoveryData);
@@ -1026,10 +1032,15 @@ private void checkPasswordValidity(UserStoreException e, User user) throws Ident
IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_POLICY_VIOLATION.getCode(),
cause.getMessage(), e);
}
+
+ if (cause instanceof UserStoreClientException && ((UserStoreClientException) cause).getErrorCode()
+ .equals(UserActionError.PRE_UPDATE_PASSWORD_ACTION_EXECUTION_FAILED)) {
+ throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages
+ .ERROR_CODE_INVALID_PASSWORD, cause.getMessage(), cause);
+ }
cause = cause.getCause();
}
Utils.checkPasswordPatternViolation(e, user);
-
}
/**
@@ -1350,4 +1361,40 @@ private Property[] addMobileNumberToProperties(Property[] properties, String mob
newProperties[properties.length] = new Property(IdentityRecoveryConstants.SEND_TO, mobile);
return newProperties;
}
+
+ /**
+ * Updates the identity context for the current thread based on the provided user recovery data.\
+ *
+ * @param userRecoveryData User and recovery scenario information.
+ */
+ private void updateIdentityContext(UserRecoveryData userRecoveryData) {
+
+ RecoveryScenarios recoveryScenario = (RecoveryScenarios) userRecoveryData.getRecoveryScenario();
+ Flow flow;
+ switch (recoveryScenario) {
+ case NOTIFICATION_BASED_PW_RECOVERY:
+ flow = new Flow.Builder()
+ .name(Flow.Name.PASSWORD_RESET)
+ .initiatingPersona(Flow.InitiatingPersona.USER)
+ .build();
+ IdentityContext.getThreadLocalIdentityContext().setFlow(flow);
+ break;
+ case ADMIN_FORCED_PASSWORD_RESET_VIA_EMAIL_LINK:
+ flow = new Flow.Builder()
+ .name(Flow.Name.PASSWORD_RESET)
+ .initiatingPersona(Flow.InitiatingPersona.ADMIN)
+ .build();
+ IdentityContext.getThreadLocalIdentityContext().setFlow(flow);
+ break;
+ case ASK_PASSWORD:
+ flow = new Flow.Builder()
+ .name(Flow.Name.USER_REGISTRATION_INVITE_WITH_PASSWORD)
+ .initiatingPersona(Flow.InitiatingPersona.ADMIN)
+ .build();
+ IdentityContext.getThreadLocalIdentityContext().setFlow(flow);
+ break;
+ default:
+ break;
+ }
+ }
}
diff --git a/pom.xml b/pom.xml
index a125162bb..12ebaefbc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -495,6 +495,11 @@
org.wso2.carbon.identity.input.validation.mgt
${carbon.identity.framework.version}
+
+ org.wso2.carbon.identity.framework
+ org.wso2.carbon.identity.user.action
+ ${carbon.identity.framework.version}
+
org.wso2.carbon.identity.governance
org.wso2.carbon.identity.multi.attribute.login.service
@@ -700,7 +705,7 @@
[1.0.1, 2.0.0)
- 7.7.114
+ 7.7.144-SNAPSHOT
[7.3.6, 8.0.0)
From 8d045303674e5d2dc7e9add53ccd6b20a79b17fd Mon Sep 17 00:00:00 2001
From: Ashan Thamara Palihakkara
<75057725+ashanthamara@users.noreply.github.com>
Date: Mon, 27 Jan 2025 02:08:27 +0530
Subject: [PATCH 2/2] Update framework version
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index b661ada09..2b5f4373d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -705,7 +705,7 @@
[1.0.1, 2.0.0)
- 7.7.144-SNAPSHOT
+ 7.7.148
[7.3.6, 8.0.0)