wso2 · RushanNanayakkara · May 14, 2024 · Mar 21, 2024 · Apr 2, 2024 · Apr 5, 2024
diff --git a/.changeset/quick-pears-impress.md b/.changeset/quick-pears-impress.md
@@ -0,0 +1,6 @@
+---
+"@wso2is/features": minor
+"@wso2is/console": patch
+---
+
+Add SMS OTP configurations for the password recovery connector edit page.
diff --git a/apps/console/src/extensions/i18n/models/extensions.ts b/apps/console/src/extensions/i18n/models/extensions.ts
@@ -3035,10 +3035,24 @@ export interface Extensions {
                     form: {
                         fields: {
                             enable: FormAttributes;
+                            enableSMSBasedRecovery: FormAttributes;
+                            enableEmailBasedRecovery: FormAttributes;
                             expiryTime: FormAttributes;
                             notifySuccess: FormAttributes;
-                        };
-                    };
+                            maxResendCount: FormAttributes;
+                            maxFailedAttemptCount: FormAttributes;
+                            smsOtpExpiryTime: FormAttributes;
+                            passwordRecoveryOtpUseUppercase: FormAttributes;
+                            passwordRecoveryOtpUseLowercase: FormAttributes;
+                            passwordRecoveryOtpUseNumeric: FormAttributes;
+                            passwordRecoveryOtpLength: FormAttributes;
+                        };
+                    };
+                    recoveryOptionSubHeadingEmailLink: string;
+                    recoveryOptionSubHeadingSMS: string;
+                    recoveryOptionHeading: string;
+                    otpConfigHeading: string;
+                    failedAttemptConfigHeading: string;
                     connectorDescription: string;
                     heading: string;
                     notification: {

diff --git a/apps/console/src/extensions/i18n/resources/en-US/extensions.ts b/apps/console/src/extensions/i18n/resources/en-US/extensions.ts
@@ -3554,6 +3554,10 @@ export const extensions: Extensions = {
                                 hint: "Enabling this will let the users reset their password using an email.",
                                 label: "Enable"
                             },
+                            enableSMSBasedRecovery: {
+                                hint: "This specifies whether to send an SMS OTP to the mobile.",
+                                label: "Enable SMS based recovery"
+                            },
                             expiryTime: {
                                 hint: "Password recovery link expiry time in minutes.",
                                 label: "Recovery link expiry time",
@@ -3573,9 +3577,80 @@ export const extensions: Extensions = {
                                     "This specifies whether to notify the user via an email when password " +
                                     "recovery is successful.",
                                 label: "Notify on successful recovery"
+                            },
+                            maxResendCount: {
+                                hint: "Password recovery maximum resend count.",
+                                label: "Maximum resend attempts count",
+                                placeholder: "Enter max resend count",
+                                validations: {
+                                    invalid: "Password recovery OTP resend count should be an integer.",
+                                    empty: "Password recovery OTP resend count cannot be empty.",
+                                    range:
+                                        "Password recovery OTP resend count should be between 1 & 5.",
+                                    maxLengthReached:
+                                        "Password recovery OTP resend count should be a number with 1 digits."
+                                }
+                            },
+                            maxFailedAttemptCount: {
+                                hint: "Password recovery maximum failed attempt count.",
+                                label: "Max failed attempts count",
+                                placeholder: "Enter max failed attempts",
+                                validations: {
+                                    invalid: "Password recovery max failed attempts count should be an integer.",
+                                    empty: "Password recovery max failed attempts count cannot be empty.",
+                                    range:
+                                        "Password recovery max failed attempts count should be between 1 & 10.",
+                                    maxLengthReached:
+                                        "Password recovery max failed attempts count should be a number with less than 3 digits."
+                                }
+                            },
+                            smsOtpExpiryTime: {
+                                hint: "Password recovery OTP expiry time in minutes.",
+                                label: "Password recovery OTP expiry time",
+                                placeholder: "Enter expiry time",
+                                validations: {
+                                    invalid: "Password recovery OTP expiry time should be an integer.",
+                                    empty: "Password recovery OTP expiry time cannot be empty.",
+                                    range:
+                                        "Password recovery OTP expiry time should be between 1 minute & 1440 minutes " +
+                                        "(1 day).",
+                                    maxLengthReached:
+                                        "Password recovery OTP expiry time should be a number with 4 or less digits."
+                                }
+                            },
+                            passwordRecoveryOtpUseUppercase: {
+                                hint: "This specifies whether to use upper case characters in the password recovery otp code.",
+                                label: "Include upper case letters"
+                            },
+                            passwordRecoveryOtpUseLowercase: {
+                                hint: "This specifies whether to use lower case characters in the password recovery otp code.",
+                                label: "Include lower case letters"
+                            },
+                            passwordRecoveryOtpUseNumeric: {
+                                hint: "This specifies whether to use numeric characters in the password recovery otp code.",
+                                label: "Include numeric characters"
+                            },
+                            passwordRecoveryOtpLength: {
+                                hint: "Password recovery OTP length in characters",
+                                label: "Password recovery OTP code length",
+                                placeholder: "Enter OTP code length",
+                                validations: {
+                                    empty: "Password recovery OTP length cannot be empty.",
+                                    maxLengthReached:
+                                        "Password recovery OTP length should be between 6 and 10 characters."
+                                }
+                            },
+                            enableEmailBasedRecovery: {
+                                hint: "This specifies whether to send an recovery link to the email address.",
+                                label: "Enable email link based recovery"
                             }
                         }
                     },
+                    recoveryOptionSubHeadingEmailLink: "Email Link",
+                    recoveryOptionSubHeadingSMS: "SMS OTP",
+                    recoveryOptionHeading: "Recovery Option Selection",
+                    otpConfigHeading: "OTP Code Configuration",
+                    failedAttemptConfigHeading: "Recovery Attempts Limitation",
                     connectorDescription: "Enable self-service password recovery for users " + "on the login page.",
                     heading: "Password Recovery",
                     notification: {
@@ -3589,8 +3664,7 @@ export const extensions: Extensions = {
                         }
                     },
                     subHeading:
-                        "Enable self-service password recovery for users " +
-                        "on the login page.\nThe user will receive a password reset link via email upon request."
+                    "Enable self-service password recovery for users on the login page."
                 },
                 subHeading: "Account Recovery related settings."
             },

diff --git a/apps/console/src/public/deployment.config.json b/apps/console/src/public/deployment.config.json
@@ -172,6 +172,7 @@
         "appFaviconPath": "/assets/images/branding/favicon.ico",
         "isGOTEnabledForSuperTenantOnly": true,
         "showAppSwitchButton": true,
+        "showSmsOtpPwdRecoveryFeatureStatusChip": false,
         "features": {
             "administrators": {
                 "disabledFeatures": [],

diff --git a/features/admin.core.v1/configs/app.ts b/features/admin.core.v1/configs/app.ts
@@ -362,6 +362,8 @@ export class Config {
             productVersionConfig: window[ "AppUtils" ]?.getConfig()?.ui?.productVersionConfig,
             selfAppIdentifier: window[ "AppUtils" ]?.getConfig()?.ui?.selfAppIdentifier,
             showAppSwitchButton: window[ "AppUtils" ]?.getConfig()?.ui?.showAppSwitchButton,
+            showSmsOtpPwdRecoveryFeatureStatusChip:
+                window[ "AppUtils" ]?.getConfig()?.ui?.showSmsOtpPwdRecoveryFeatureStatusChip,
             systemAppsIdentifiers: window[ "AppUtils" ]?.getConfig()?.ui?.systemAppsIdentifiers,
             theme: window[ "AppUtils" ]?.getConfig()?.ui?.theme,
             useRoleClaimAsGroupClaim: window[ "AppUtils" ]?.getConfig()?.ui?.useRoleClaimAsGroupClaim

diff --git a/features/admin.core.v1/models/config.ts b/features/admin.core.v1/models/config.ts
@@ -450,6 +450,10 @@ export interface UIConfigInterface extends CommonUIConfigInterface<FeatureConfig
      * Configurations for IDP templates.
      */
     connectionTemplates?: any;
+    /**
+     * Config if beta tag should be displayed for sms otp for password recovery feature.
+     */
+    showSmsOtpPwdRecoveryFeatureStatusChip?: boolean;
 }
 
 /**

diff --git a/features/admin.core.v1/store/reducers/config.ts b/features/admin.core.v1/store/reducers/config.ts
@@ -262,6 +262,7 @@ export const commonConfigReducerInitialState: CommonConfigReducerStateInterface<
             productVersionConfig: null,
             selfAppIdentifier: "",
             showAppSwitchButton: undefined,
+            showSmsOtpPwdRecoveryFeatureStatusChip: undefined,
             systemAppsIdentifiers: [],
             theme: {
                 name: "",

diff --git a/features/admin.server-configurations.v1/constants/governance-connector-constants.ts b/features/admin.server-configurations.v1/constants/governance-connector-constants.ts
@@ -60,12 +60,40 @@ export class GovernanceConnectorConstants {
         EXPIRY_TIME_MAX_VALUE: number;
         EXPIRY_TIME_MIN_LENGTH: number;
         EXPIRY_TIME_MIN_VALUE: number;
+        MAX_FAILED_ATTEMPT_COUNT_MIN_LENGTH: number;
+        MAX_FAILED_ATTEMPT_COUNT_MAX_LENGTH: number;
+        MAX_FAILED_ATTEMPT_COUNT_MIN_VALUE: number;
+        MAX_FAILED_ATTEMPT_COUNT_MAX_VALUE: number;
+        MAX_RESEND_COUNT_MIN_LENGTH: number;
+        MAX_RESEND_COUNT_MAX_LENGTH: number;
+        MAX_RESEND_COUNT_MIN_VALUE: number;
+        MAX_RESEND_COUNT_MAX_VALUE: number;
+        SMS_OTP_EXPIRY_TIME_MAX_LENGTH: number;
+        SMS_OTP_EXPIRY_TIME_MAX_VALUE: number;
+        SMS_OTP_CODE_LENGTH_MAX_LENGTH: number;
+        SMS_OTP_CODE_LENGTH_MAX_VALUE: number;
+        SMS_OTP_CODE_LENGTH_MIN_LENGTH: number;
+        SMS_OTP_CODE_LENGTH_MIN_VALUE: number;
     } = {
 
         EXPIRY_TIME_MAX_LENGTH: 5,
         EXPIRY_TIME_MAX_VALUE: 10080,
         EXPIRY_TIME_MIN_LENGTH: 1,
-        EXPIRY_TIME_MIN_VALUE: 1
+        EXPIRY_TIME_MIN_VALUE: 1,
+        MAX_FAILED_ATTEMPT_COUNT_MAX_LENGTH: 2,
+        MAX_FAILED_ATTEMPT_COUNT_MAX_VALUE: 10,
+        MAX_FAILED_ATTEMPT_COUNT_MIN_LENGTH: 1,
+        MAX_FAILED_ATTEMPT_COUNT_MIN_VALUE: 1,
+        MAX_RESEND_COUNT_MAX_LENGTH: 1,
+        MAX_RESEND_COUNT_MAX_VALUE: 5,
+        MAX_RESEND_COUNT_MIN_LENGTH: 1,
+        MAX_RESEND_COUNT_MIN_VALUE: 1,
+        SMS_OTP_CODE_LENGTH_MAX_LENGTH: 2,
+        SMS_OTP_CODE_LENGTH_MAX_VALUE: 10,
+        SMS_OTP_CODE_LENGTH_MIN_LENGTH: 1,
+        SMS_OTP_CODE_LENGTH_MIN_VALUE: 6,
+        SMS_OTP_EXPIRY_TIME_MAX_LENGTH: 4,
+        SMS_OTP_EXPIRY_TIME_MAX_VALUE: 1440
     };
 
     /**

diff --git a/features/admin.server-configurations.v1/constants/server-configurations-constants.ts b/features/admin.server-configurations.v1/constants/server-configurations-constants.ts
@@ -238,6 +238,20 @@ export class ServerConfigurationsConstants {
 	public static readonly PASSWORD_RECOVERY_QUESTION_FORCED_ENABLE: string =
 		"Recovery.Question.Password.Forced.Enable";
 
+	public static readonly RECOVERY_EMAIL_LINK_ENABLE: string = "Recovery.Notification.Password.emailLink.Enable";
+	public static readonly RECOVERY_SMS_OTP_ENABLE: string = "Recovery.Notification.Password.smsOtp.Enable";
+	public static readonly RECOVERY_OTP_USE_UPPERCASE: string =
+		"Recovery.Notification.Password.OTP.UseUppercaseCharactersInOTP";
+
+	public static readonly RECOVERY_OTP_USE_LOWERCASE: string =
+		"Recovery.Notification.Password.OTP.UseLowercaseCharactersInOTP";
+
+	public static readonly RECOVERY_OTP_USE_NUMERIC: string = "Recovery.Notification.Password.OTP.UseNumbersInOTP";
+	public static readonly RECOVERY_OTP_LENGTH: string = "Recovery.Notification.Password.OTP.OTPLength";
+	public static readonly RECOVERY_MAX_RESEND_COUNT: string = "Recovery.Notification.Password.MaxResendAttempts";
+	public static readonly RECOVERY_MAX_FAILED_ATTEMPTS_COUNT: string =
+		"Recovery.Notification.Password.MaxFailedAttempts";
+
 	/**
 	 * Login policies - account locking API Keyword constants.
 	 */

diff --git a/features/admin.server-configurations.v1/forms/connector-form-factory.tsx b/features/admin.server-configurations.v1/forms/connector-form-factory.tsx
@@ -26,7 +26,7 @@ import { AnalyticsConfigurationForm } from "./analytics-form";
 import { AskPasswordForm } from "./ask-password";
 import { LoginAttemptSecurityConfigurationFrom } from "./login-attempt-security-form";
 import { MultiAttributeLoginForm } from "./multi-attribute-login";
-import { PasswordRecoveryConfigurationForm } from "./password-recovery-form";
+import { PasswordRecoveryConfigurationForm } from "./password-recovery-form/password-recovery-form";
 import { SelfRegistrationForm } from "./self-registration-form";
 import { UsernameRecoveryConfigurationForm } from "./username-recovery-form";
 import { AppState, FeatureConfigInterface, history } from "../../admin.core.v1";

diff --git a/features/admin.server-configurations.v1/forms/index.ts b/features/admin.server-configurations.v1/forms/index.ts
@@ -18,5 +18,5 @@
 
 export * from "./connector-form-factory";
 export * from "./login-attempt-security-form";
-export * from "./password-recovery-form";
+export * from "./password-recovery-form/password-recovery-form";
 export * from "./self-registration-form";