Merge branch 'wso2-extensions:master' into fix-recaptcha-bugs

components/org.wso2.carbon.identity.account.suspension.notification.task/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>identity-governance</artifactId>
         <groupId>org.wso2.carbon.identity.governance</groupId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.api.user.governance/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.user.governance</artifactId>
-    <version>1.8.61-SNAPSHOT</version>
+    <version>1.8.70-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>WSO2 Carbon -  User Rest Governance API</name>
     <description>WSO2 Carbon - User Rest Governance API</description>

components/org.wso2.carbon.identity.api.user.governance/src/gen/java/org/wso2/carbon/identity/user/endpoint/dto/LiteUserRegistrationRequestDTO.java

@@ -28,7 +28,7 @@ public class LiteUserRegistrationRequestDTO  {
   private String realm = null;
 
   public enum PreferredChannelEnum {
-     Mobile,  Email, 
+     Mobile,  Email, SMS
   };
 
   private PreferredChannelEnum preferredChannel = null;

components/org.wso2.carbon.identity.api.user.governance/src/main/java/org/wso2/carbon/identity/user/endpoint/Constants.java

@@ -45,6 +45,10 @@ public final class Constants {
 
     public static final String CORRELATION_ID_MDC = "Correlation-ID";
 
+    public static final String PREFERRED_CHANNEL_CLAIM_URI = "http://wso2.org/claims/identity/preferredChannel";
+    public static final String MOBILE_CLAIM_URI = "http://wso2.org/claims/mobile";
+    public static final String EMAIL_CLAIM_URI = "http://wso2.org/claims/emailaddress";
+
     // Response Configurations.
     public static final String ENABLE_DETAILED_API_RESPONSE =
             "SelfRegistration.API.EnableDetailedResponseBody";

components/org.wso2.carbon.identity.api.user.governance/src/main/java/org/wso2/carbon/identity/user/endpoint/impl/LiteApiServiceImpl.java

@@ -93,7 +93,7 @@ public Response litePost(LiteUserRegistrationRequestDTO liteUserRegistrationRequ
         try {
             notificationResponseBean = userSelfRegistrationManager
                     .registerLiteUser(user,
-                            Utils.getClaims(liteUserRegistrationRequestDTO.getClaims()),
+                            Utils.getClaims(liteUserRegistrationRequestDTO),
                             Utils.getProperties(properties));
         } catch (IdentityRecoveryClientException e) {
             if (LOG.isDebugEnabled()) {

components/org.wso2.carbon.identity.api.user.governance/src/main/java/org/wso2/carbon/identity/user/endpoint/impl/ResendCodeApiServiceImpl.java

@@ -80,8 +80,8 @@ public Response resendCodePost(ResendCodeRequestDTO resendCodeRequestDTO) {
         if (notificationResponseBean == null) {
             ErrorDTO errorDTO = new ErrorDTO();
             errorDTO.setRef(Utils.getCorrelation());
-            errorDTO.setMessage("This service is not yet implemented.");
-            return Response.status(Response.Status.NOT_IMPLEMENTED).entity(errorDTO).build();
+            errorDTO.setMessage("User recovery data is not found. Please re-initiate the recovery flow.");
+            return Response.status(Response.Status.BAD_REQUEST).entity(errorDTO).build();
         }
 
         //when notifications internally managed key might not be set.

components/org.wso2.carbon.identity.api.user.governance/src/main/java/org/wso2/carbon/identity/user/endpoint/util/Utils.java

@@ -39,6 +39,7 @@
 import org.wso2.carbon.identity.user.endpoint.dto.ClaimDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.CodeValidateInfoResponseDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.ErrorDTO;
+import org.wso2.carbon.identity.user.endpoint.dto.LiteUserRegistrationRequestDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.PropertyDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.ResendCodeRequestDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.SelfRegistrationUserDTO;
@@ -278,6 +279,76 @@ public static Claim[] getClaims(List<ClaimDTO> claimDTOs) {
         }
     }
 
+    /**
+     * This method returns an array of claims generated from LiteUserRegistrationRequestDTO attributes.
+     *
+     * @param liteUserRegistrationRequestDTO LiteUserRegistrationRequestDTO
+     * @return Array of claims
+     */
+    public static Claim[] getClaims(LiteUserRegistrationRequestDTO liteUserRegistrationRequestDTO) {
+
+        List<ClaimDTO> claimDTOs = liteUserRegistrationRequestDTO.getClaims();
+        int preferredChannelClaimIndex = -1;
+        int emailClaimIndex = -1;
+        int mobileClaimIndex = -1;
+
+        for (int i = 0; i < claimDTOs.size(); i++) {
+            if (StringUtils.equals(Constants.PREFERRED_CHANNEL_CLAIM_URI, claimDTOs.get(i).getUri())) {
+                preferredChannelClaimIndex = i;
+                continue;
+            }
+            if (StringUtils.equals(Constants.EMAIL_CLAIM_URI, claimDTOs.get(i).getUri())) {
+                emailClaimIndex = i;
+                continue;
+            }
+            if (StringUtils.equals(Constants.MOBILE_CLAIM_URI, claimDTOs.get(i).getUri())) {
+                mobileClaimIndex = i;
+            }
+        }
+
+        if (liteUserRegistrationRequestDTO.getPreferredChannel() != null) {
+            if (preferredChannelClaimIndex == -1) {
+                // Create Preferred Channel claim if not available in list of claims.
+                ClaimDTO preferredChannelClaim = new ClaimDTO();
+                preferredChannelClaim.setUri(Constants.PREFERRED_CHANNEL_CLAIM_URI);
+                claimDTOs.add(preferredChannelClaim);
+                preferredChannelClaimIndex = claimDTOs.size() - 1;
+            }
+            // The correct value of the 'Mobile' PreferredChannel should be 'SMS'. The 'Mobile' value is
+            // still handled by the API to maintain backward compatibility.
+            if (LiteUserRegistrationRequestDTO.PreferredChannelEnum.Mobile ==
+                    liteUserRegistrationRequestDTO.getPreferredChannel()) {
+                claimDTOs.get(preferredChannelClaimIndex)
+                        .setValue(LiteUserRegistrationRequestDTO.PreferredChannelEnum.SMS.toString());
+            } else {
+                claimDTOs.get(preferredChannelClaimIndex)
+                        .setValue(liteUserRegistrationRequestDTO.getPreferredChannel().toString().toUpperCase());
+            }
+        }
+        if (StringUtils.isNotBlank(liteUserRegistrationRequestDTO.getEmail())) {
+            if (emailClaimIndex == -1) {
+                // Create Email claim if not available in list of claims.
+                ClaimDTO emailClaim = new ClaimDTO();
+                emailClaim.setUri(Constants.EMAIL_CLAIM_URI);
+                claimDTOs.add(emailClaim);
+                emailClaimIndex = claimDTOs.size() - 1;
+            }
+            claimDTOs.get(emailClaimIndex).setValue(liteUserRegistrationRequestDTO.getEmail());
+        }
+        if (StringUtils.isNotBlank(liteUserRegistrationRequestDTO.getMobile())) {
+            if (mobileClaimIndex == -1) {
+                // Create Mobile claim if not available in list of claims.
+                ClaimDTO mobileClaim = new ClaimDTO();
+                mobileClaim.setUri(Constants.MOBILE_CLAIM_URI);
+                claimDTOs.add(mobileClaim);
+                mobileClaimIndex = claimDTOs.size() - 1;
+            }
+            claimDTOs.get(mobileClaimIndex).setValue(liteUserRegistrationRequestDTO.getMobile());
+        }
+
+        return getClaims(claimDTOs);
+    }
+
     public static String[] getRoles(List<String> roleList) {
         if (roleList == null) {
             return new String[0];

components/org.wso2.carbon.identity.api.user.governance/src/test/java/org.wso2.carbon.identity.user.endpoint.Util/UtilsTest.java

@@ -19,19 +19,23 @@
 package org.wso2.carbon.identity.user.endpoint.Util;
 
 import com.beust.jcommander.internal.Lists;
+import org.apache.commons.lang.StringUtils;
 import org.wso2.carbon.identity.application.common.model.User;
 import static org.testng.Assert.assertNotNull;
 import static org.testng.Assert.assertEquals;
 
 import org.testng.annotations.Test;
+import org.wso2.carbon.identity.user.endpoint.Constants;
 import org.wso2.carbon.identity.user.endpoint.exceptions.BadRequestException;
 import org.wso2.carbon.identity.user.endpoint.exceptions.ConflictException;
 import org.wso2.carbon.identity.user.endpoint.dto.ClaimDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.ErrorDTO;
+import org.wso2.carbon.identity.user.endpoint.dto.LiteUserRegistrationRequestDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.PropertyDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.SelfRegistrationUserDTO;
 import org.wso2.carbon.identity.user.endpoint.dto.UserDTO;
 import org.wso2.carbon.identity.user.endpoint.util.Utils;
+import org.wso2.carbon.user.api.Claim;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -183,9 +187,28 @@ public void testGetClaims() {
 
         assertNotNull(Utils.getClaims(buildClaimDTO()), "Failed returning claims.");
         assertEquals(Utils.getClaims(buildClaimDTO()).length, 1);
-        assertEquals(Utils.getClaims(null).length, 0);
+        assertEquals(Utils.getClaims((List<ClaimDTO>) null).length, 0);
     }
 
+    @Test
+    public void testGetClaimsFromLiteUserRegistrationDTO() {
+
+        LiteUserRegistrationRequestDTO liteUserRegistrationRequestDTO = buildLiteUserRegistrationDTO();
+        Claim[] claims = Utils.getClaims(liteUserRegistrationRequestDTO);
+        for (Claim claim : claims) {
+            if (StringUtils.equals(Constants.PREFERRED_CHANNEL_CLAIM_URI, claim.getClaimUri())) {
+                assertEquals(claim.getValue(), "EMAIL");
+                continue;
+            }
+            if (StringUtils.equals(Constants.EMAIL_CLAIM_URI, claim.getClaimUri())) {
+                assertEquals(claim.getValue(), "[email protected]");
+                continue;
+            }
+            if (StringUtils.equals(Constants.MOBILE_CLAIM_URI, claim.getClaimUri())) {
+                assertEquals(claim.getValue(), "000000000");
+            }
+        }
+    }
 
     private List<ClaimDTO> buildClaimDTO() {
 
@@ -195,4 +218,13 @@ private List<ClaimDTO> buildClaimDTO() {
         List<ClaimDTO> claimDTOs = Lists.newArrayList(claimDTO);
         return claimDTOs;
     }
+
+    private LiteUserRegistrationRequestDTO buildLiteUserRegistrationDTO() {
+
+        LiteUserRegistrationRequestDTO liteUserRegistrationRequestDTO = new LiteUserRegistrationRequestDTO();
+        liteUserRegistrationRequestDTO.setEmail("[email protected]");
+        liteUserRegistrationRequestDTO.setMobile("000000000");
+        liteUserRegistrationRequestDTO.setPreferredChannel(LiteUserRegistrationRequestDTO.PreferredChannelEnum.Email);
+        return liteUserRegistrationRequestDTO;
+    }
 }

components/org.wso2.carbon.identity.api.user.governance/src/test/java/org/wso2/carbon/identity/user/endpoint/impl/ResendCodeApiServiceImplTest.java

@@ -95,11 +95,11 @@ public void testResendCodePost() throws IdentityRecoveryException {
         assertEquals(resendCodeApiService.resendCodePost(multipleResendCodeRequestDTO()).getStatus(), 201);
 
         mockedUtils.when(() -> Utils.getUserRecoveryData(recoveryScenarioResendCodeRequestDTO())).thenReturn(null);
-        assertEquals(resendCodeApiService.resendCodePost(recoveryScenarioResendCodeRequestDTO()).getStatus(), 501);
+        assertEquals(resendCodeApiService.resendCodePost(recoveryScenarioResendCodeRequestDTO()).getStatus(), 400);
 
         mockedUtils.when(() -> Utils.getUserRecoveryData(recoveryScenarioResendCodeRequestDTO())).thenReturn(
                 userRecoveryData);
-        assertEquals(resendCodeApiService.resendCodePost(recoveryScenarioResendCodeRequestDTO()).getStatus(), 501);
+        assertEquals(resendCodeApiService.resendCodePost(recoveryScenarioResendCodeRequestDTO()).getStatus(), 400);
         assertEquals(resendCodeApiService.resendCodePost(duplicateScenarioResendCodeRequestDTO()).getStatus(), 201);
     }
 
@@ -109,7 +109,7 @@ public void testIdentityRecoveryExceptioninResendCodePost() throws IdentityRecov
         Mockito.when(userSelfRegistrationManager.resendConfirmationCode(
                 Utils.getUser(resendCodeRequestDTO().getUser()),
                 Utils.getProperties(resendCodeRequestDTO().getProperties()))).thenThrow(new IdentityRecoveryException("Recovery Exception"));
-        assertEquals(resendCodeApiService.resendCodePost(resendCodeRequestDTO()).getStatus(), 501);
+        assertEquals(resendCodeApiService.resendCodePost(resendCodeRequestDTO()).getStatus(), 400);
     }
 
     @Test
@@ -118,7 +118,7 @@ public void testIdentityRecoveryClientExceptioninResendCodePost() throws Identit
         Mockito.when(userSelfRegistrationManager.resendConfirmationCode(
                 Utils.getUser(resendCodeRequestDTO().getUser()),
                 Utils.getProperties(resendCodeRequestDTO().getProperties()))).thenThrow(new IdentityRecoveryClientException("Recovery Exception"));
-        assertEquals(resendCodeApiService.resendCodePost(resendCodeRequestDTO()).getStatus(), 501);
+        assertEquals(resendCodeApiService.resendCodePost(resendCodeRequestDTO()).getStatus(), 400);
     }
 
     private ResendCodeRequestDTO resendCodeRequestDTO() {

components/org.wso2.carbon.identity.api.user.recovery/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.user.recovery</artifactId>
-    <version>1.8.61-SNAPSHOT</version>
+    <version>1.8.70-SNAPSHOT</version>
     <packaging>jar</packaging>
     <name>WSO2 Carbon - Identity Management Recovery Rest API</name>
     <description>WSO2 Carbon - Identity Management Recovery Rest API</description>

components/org.wso2.carbon.identity.auth.attribute.handler/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.captcha/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.captcha/src/main/java/org/wso2/carbon/identity/captcha/connector/recaptcha/EmailOTPCaptchaConnector.java

@@ -58,7 +58,7 @@ public class EmailOTPCaptchaConnector extends AbstractReCaptchaConnector {
 
     private static final Log log = LogFactory.getLog(EmailOTPCaptchaConnector.class);
     private static final String SECURED_DESTINATIONS = "/commonauth";
-    public static final String EMAIL_OTP_AUTHENTICATOR_NAME = "email-otp-authenticator";
+    public static final String EMAIL_OTP_AUTHENTICATOR_NAME = "EmailOTP";
     public static final String IS_REDIRECT_TO_EMAIL_OTP = "isRedirectToEmailOTP";
     public static final String RESEND_CODE = "resendCode";
     private static final String ON_FAIL_REDIRECT_URL = "/authenticationendpoint/email_otp.do";
@@ -127,7 +127,7 @@ public CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, S
         String sessionDataKey = servletRequest.getParameter(FrameworkUtils.SESSION_DATA_KEY);
         AuthenticationContext context = FrameworkUtils.getAuthenticationContextFromCache(sessionDataKey);
         String username = context.getLastAuthenticatedUser().getUserName();
-        String tenantDomain = getTenant(context, username);
+        String tenantDomain = context.getLastAuthenticatedUser().getTenantDomain();
 
         Property[] connectorConfigs = null;
         try {
@@ -223,7 +223,7 @@ public boolean isEmailRecaptchaEnabled(ServletRequest servletRequest) throws Cap
         }
 
         String username = context.getLastAuthenticatedUser().getUserName();
-        String tenantDomain = getTenant(context, username);
+        String tenantDomain = context.getLastAuthenticatedUser().getTenantDomain();
 
         Property[] connectorConfigs;
         try {
@@ -256,22 +256,6 @@ public boolean isEmailRecaptchaEnabled(ServletRequest servletRequest) throws Cap
         return CaptchaDataHolder.getInstance().isReCaptchaEnabled();
     }
 
-    /**
-     * Get tenant from authentication context or username.
-     *
-     * @param context   Authentication context.
-     * @param username  Username.
-     * @return          Derived tenant domain.
-     */
-    private String getTenant(AuthenticationContext context, String username) {
-
-        if (IdentityTenantUtil.isTenantedSessionsEnabled() || IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) {
-            return context.getUserTenantDomain();
-        } else {
-            return MultitenantUtils.getTenantDomain(username);
-        }
-    }
-
     /**
      * This method checks if all the authentication steps up to now have been performed by authenticators that
      * implements AuthenticationFlowHandler interface. If so, it returns true.

components/org.wso2.carbon.identity.governance/pom.xml

@@ -18,7 +18,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.governance</groupId>
         <artifactId>identity-governance</artifactId>
-        <version>1.8.61-SNAPSHOT</version>
+        <version>1.8.70-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/service/IdentityDataStoreService.java

@@ -104,6 +104,18 @@ List<String> listPaginatedUsersByClaimURIAndValue(List<ExpressionCondition> expr
     List<String> getUserNamesLessThanProvidedClaimValue(String claimURI, String claimValue,
                                                         int tenantId) throws IdentityException;
 
+    /**
+     * Get the list of usernames who have the claim value more than the provided claim value for a given claim URI.
+     *
+     * @param claimURI              Claim URI.
+     * @param claimValue            Claim value.
+     * @param tenantId              Tenant ID.
+     * @return                      List of usernames.
+     * @throws IdentityException    Identity exception.
+     */
+    List<String> getUserNamesMoreThanProvidedClaimValue(String claimURI, String claimValue,
+                                                        int tenantId) throws IdentityException;
+
     /**
      * Get the list of usernames who have the claim value between the provided claim values for a given claim URI.
      * @param claimURI              Claim URI.

components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/service/IdentityDataStoreServiceImpl.java

@@ -165,6 +165,13 @@ public List<String> getUserNamesLessThanProvidedClaimValue(String claimURI, Stri
         return identityDataStore.getUserNamesLessThanProvidedClaimValue(claimURI, claimValue, tenantId);
     }
 
+    @Override
+    public List<String> getUserNamesMoreThanProvidedClaimValue(String claimURI, String claimValue, int tenantId)
+            throws IdentityException {
+
+        return identityDataStore.getUserNamesMoreThanProvidedClaimValue(claimURI, claimValue, tenantId);
+    }
+
     @Override
     public List<String> getUserNamesBetweenProvidedClaimValues(String claimURI, String startValue, String endValue,
                                                                int tenantId) throws IdentityException {