Add API client functions for RecoveryAPI V2 and on demand migration for new configs.

[RushanNanayakkara]

Proposed changes in this pull request

-Adds the API client functions for RecoveryAPI V2.

• Add on demand migration implementation for newly introduced configs under "SMS OTP For Password Recovery" feature.
• Other improvements required for the same feature.

Related Issues

• https://github.com/wso2-enterprise/iam-product-management/issues/51
• https://github.com/wso2-enterprise/iam-engineering/issues/534

Related PRs

• Validate Password Recovery Connector Configuration Updates identity-api-server#621
• Sms otp pw recovery wso2-extensions/identity-governance#824
• Integration tests for SMS OTP for Password Recovery Feature product-is#20557

When should this PR be merged

Should be merged along with all other related PRs for the feature since there are inter dependencies.

Follow up actions

• Test if users who have had the password recovery option enabled have the feature enabled after the version upgrade.

Checklist (for reviewing)

General

• Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
• Is the PR labeled correctly?

Functionality

• Are all requirements met? Compare implemented functionality with the requirements specification.
• Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.

Code

• Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
• Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
• Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.

Tests

• Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
• If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
• If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?

Security

• Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
• Are all UI and API inputs run through forms or serializers?
• Are all external inputs validated and sanitized appropriately?
• Does all branching logic have a default case?
• Does this solution handle outliers and edge cases gracefully?
• Are all external communications secured and restricted to SSL?

Documentation

• Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes should be documented.
• Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented.
• Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/9547516936

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/9547516936
Status: failure

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/9557845940

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/9557845940
Status: failure

[bhagyasakalanka]

Do we really need to define two different variables for localVarAccept and localVarContentType?

[RushanNanayakkara]

Imo having these two in two variables makes the code clearer opposed to having this inside the parameter list of invokeAPI function call.

[bhagyasakalanka]

Shall we switch the attributes order in with equals method to prevent possible null pointers

[bhagyasakalanka]

Check other places as well

[RushanNanayakkara]

Addressed with f5e241a

[bhagyasakalanka]

Can we move these variables to a constant class and refer every places these are used. I can see few places where we have defined these as private variables.

[RushanNanayakkara]

Moved to IdPManagementConstants with f5e241a

[bhagyasakalanka]

We should move these to a common constant class

[RushanNanayakkara]

Moved to IdPManagementConstants with f5e241a

[bhagyasakalanka]

Have we added these configs to identity.xml, identity.xml.j2 and default.json files?

[RushanNanayakkara]

No. These are governance configs which are stored in the database as resident IDP properties.

[bhagyasakalanka]

Can we use the approach use in other response classes to implement this toString method? using a StringBuilder

[RushanNanayakkara]

Addressed with 8132e60

[bhagyasakalanka]

As a practice, we add these configs to identity.xml file as well. Shall we add this to identity.xml file?

[RushanNanayakkara]

Addressed with 8132e60