Skip to content

Commit

Permalink
Validate update notification based password recovery configuration va…
Browse files Browse the repository at this point in the history 
…lues.
  • Loading branch information
@RushanNanayakkara
RushanNanayakkara committed Jun 13, 2024
1 parent 194b033 commit f6913de
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 1 deletion.
4 changes: 3 additions & 1 deletion ...a/org/wso2/carbon/identity/api/server/identity/governance/common/GovernanceConstants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@ public enum ErrorMessage {
ERROR_CODE_INCORRECT_CONNECTOR_NAME("50011", "Invalid connector name",
"Unable to find a connector with the name %s."),
ERROR_CODE_UNSUPPORTED_PROPERTY_NAME("50012", "Unsupported property is requested.",
"The property %s is not supported by this API.");
"The property %s is not supported by this API."),
ERROR_CODE_INVALID_CONNECTOR_CONFIGURATION("50013", "Invalid connector configuration.",
"The connector configuration is invalid. %s");

private final String code;
private final String message;
Expand Down
46 changes: 46 additions & 0 deletions ...rbon/identity/api/server/identity/governance/v1/core/ServerIdentityGovernanceService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package org.wso2.carbon.identity.api.server.identity.governance.v1.core;

import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
Expand Down Expand Up @@ -64,6 +65,10 @@
*/
public class ServerIdentityGovernanceService {

private static final String RECOVERY_NOTIFICATION_PASSWORD_PROPERTY = "Recovery.Notification.Password.Enable";
private static final String EMAIL_LINK_PASSWORD_RECOVERY_PROPERTY
= "Recovery.Notification.Password.emailLink.Enable";
private static final String SMS_OTP_PASSWORD_RECOVERY_PROPERTY = "Recovery.Notification.Password.smsOtp.Enable";
private static final Log LOG = LogFactory.getLog(ServerIdentityGovernanceService.class);

/**
Expand Down Expand Up @@ -296,6 +301,7 @@ public void updateGovernanceConnectorProperty(String categoryId, String connecto
for (PropertyReq propertyReqDTO : governanceConnector.getProperties()) {
configurationDetails.put(propertyReqDTO.getName(), propertyReqDTO.getValue());
}
validatePasswordRecoveryPropertyValues(configurationDetails);
identityGovernanceService.updateConfiguration(tenantDomain, configurationDetails);

} catch (IdentityGovernanceException e) {
Expand Down Expand Up @@ -508,4 +514,44 @@ private APIError handleNotFoundError(String resourceId,

return new APIError(status, errorResponse);
}

/**
* This method is used to update the password recovery property values.
*
* @param configurationDetails Configuration updates for governance configuration.
*/
private void validatePasswordRecoveryPropertyValues(Map<String, String> configurationDetails) {

if (configurationDetails.containsKey(RECOVERY_NOTIFICATION_PASSWORD_PROPERTY) ||
configurationDetails.containsKey(EMAIL_LINK_PASSWORD_RECOVERY_PROPERTY) ||
configurationDetails.containsKey(SMS_OTP_PASSWORD_RECOVERY_PROPERTY)) {
// Perform process only if notification based password recovery connector or options are updated.
String recNotPwProp = configurationDetails.get(RECOVERY_NOTIFICATION_PASSWORD_PROPERTY);
String emailLinkPwRecProp = configurationDetails.get(EMAIL_LINK_PASSWORD_RECOVERY_PROPERTY);
String smsOtpPwRecProp = configurationDetails.get(SMS_OTP_PASSWORD_RECOVERY_PROPERTY);
boolean recoveryNotificationPasswordProperty = Boolean.parseBoolean(recNotPwProp);
boolean smsOtpPasswordRecoveryProperty = Boolean.parseBoolean(emailLinkPwRecProp);
boolean emailLinkPasswordRecoveryProperty = Boolean.parseBoolean(smsOtpPwRecProp);

if (recoveryNotificationPasswordProperty &&
StringUtils.isNotBlank(emailLinkPwRecProp) && !emailLinkPasswordRecoveryProperty &&
StringUtils.isNotBlank(smsOtpPwRecProp) && !smsOtpPasswordRecoveryProperty) {
// Disabling all recovery options when recovery connector is enabled is not allowed.
// WARNING : Be mindful about compatibility of earlier recovery api versions when changing
// this behaviour.
throw handleBadRequestError(
GovernanceConstants.ErrorMessage.ERROR_CODE_INVALID_CONNECTOR_CONFIGURATION,
"Disabling all recovery options when recovery connector is enabled, is not allowed.");
}
if (StringUtils.isNotBlank(recNotPwProp) && !recoveryNotificationPasswordProperty &&
(emailLinkPasswordRecoveryProperty || smsOtpPasswordRecoveryProperty)) {
// Enabling any recovery options when connector is disabled is not allowed.
// WARNING : Be mindful about compatibility of earlier recovery api versions when changing
// this behaviour.
throw handleBadRequestError(
GovernanceConstants.ErrorMessage.ERROR_CODE_INVALID_CONNECTOR_CONFIGURATION,
"Enabling recovery options when connector is disabled, is not allowed.");
}
}
}
}
11 changes: 11 additions & 0 deletions findbugs-exclude-filter.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,4 +133,15 @@
<Bug pattern="IMPROPER_UNICODE" />
</Match>
</FindBugsFilter>
<!--
The following exclusions added because the find bug issue is false positive.
The method is used to update the password recovery property values.
-->
<FindBugsFilter>
<Match>
<Class name="org.wso2.carbon.identity.api.server.identity.governance.v1.core.ServerIdentityGovernanceService" />
<Method name="updatePasswordRecoveryPropertyValues" />
<Bug pattern="HARD_CODE_PASSWORD" />
</Match>
</FindBugsFilter>
</FindBugsFilter>

0 comments on commit f6913de

Please sign in to comment.