Apply fixes from patches to identity components

modules/distribution/product/src/main/assembly/bin.xml

@@ -712,6 +712,17 @@
  <include>client-registration#v0.17.war</include>
  </includes>
  </fileSet>
+ <fileSet>
+ <directory>
+ ../../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps
+ </directory>
+ <outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
+ </outputDirectory>
+ <includes>
+ <include>api#identity#auth#v1.1.war</include>
+ </includes>
+ </fileSet>
+
 
 
  <!-- Copy sample calculator api webapp-->

modules/distribution/product/src/main/extensions/basicauth.jsp

@@ -16,6 +16,9 @@
  ~ under the License.
  --%>
 
+<%@ page import="org.apache.cxf.jaxrs.client.Client" %>
+<%@ page import="org.apache.cxf.configuration.jsse.TLSClientParameters" %>
+<%@ page import="org.apache.cxf.transport.http.HTTPConduit" %>
 <%@ page import="org.apache.cxf.jaxrs.client.JAXRSClientFactory" %>
 <%@ page import="org.apache.cxf.jaxrs.provider.json.JSONProvider" %>
 <%@ page import="org.apache.cxf.jaxrs.client.WebClient" %>
@@ -47,6 +50,12 @@
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApplicationDataRetrievalClientException" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClient" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %>
+<%@ page import="org.wso2.carbon.utils.CustomHostNameVerifier" %>
+<%@ page import="javax.net.ssl.HostnameVerifier" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.ALLOW_ALL" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.DEFAULT_AND_LOCALHOST" %>
+<%@ page import="static org.wso2.carbon.CarbonConstants.HOST_NAME_VERIFIER" %>
+<%@ page import="org.apache.http.conn.ssl.AllowAllHostnameVerifier" %>
 
 <jsp:directive.include file="includes/init-loginform-action-url.jsp"/>
 <jsp:directive.include file="plugins/basicauth-extensions.jsp"/>
@@ -206,6 +215,32 @@
 
  SelfUserRegistrationResource selfUserRegistrationResource = JAXRSClientFactory
  .create(url, SelfUserRegistrationResource.class, providers);
+
+ Client client = WebClient.client(selfUserRegistrationResource);
+ HTTPConduit conduit = WebClient.getConfig(client).getHttpConduit();
+ TLSClientParameters tlsParams = conduit.getTlsClientParameters();
+ if (tlsParams == null) {
+ tlsParams = new TLSClientParameters();
+ }
+ HostnameVerifier allowAllHostnameVerifier = new AllowAllHostnameVerifier();
+ if (EndpointConfigManager.isHostnameVerificationEnabled()) {
+ if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) {
+ /*
+ * If hostname verifier is set to DefaultAndLocalhost, allow following domains in addition to the
+ * hostname:
+ * ["::1", "127.0.0.1", "localhost", "localhost.localdomain"]
+ */
+ tlsParams.setHostnameVerifier(new CustomHostNameVerifier());
+ } else if (ALLOW_ALL.equals(System.getProperty(HOST_NAME_VERIFIER))) {
+ // If hostname verifier is set to AllowAll, disable hostname verification.
+ tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
+ }
+ } else {
+ // Disable hostname verification
+ tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
+ }
+ conduit.setTlsClientParameters(tlsParams);
+
  WebClient.client(selfUserRegistrationResource).header("Authorization", header);
  Response selfRegistrationResponse = selfUserRegistrationResource.regenerateCode(selfRegistrationRequest);
  if (selfRegistrationResponse != null && selfRegistrationResponse.getStatus() == HttpStatus.SC_CREATED) {
@@ -233,7 +268,13 @@
  }
  %>
 
- <% if (Boolean.parseBoolean(loginFailed)) { %>
+ <% if (StringUtils.equals(request.getParameter("errorCode"), IdentityCoreConstants.USER_ACCOUNT_LOCKED_ERROR_CODE) &&
+ StringUtils.equals(request.getParameter("remainingAttempts"), "0") ) { %>
+ <div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
+ <%=AuthenticationEndpointUtil.i18n(resourceBundle, "error.user.account.locked.incorrect.login.attempts")%>
+ </div>
+ <% } else if (Boolean.parseBoolean(loginFailed) &&
+ !errorCode.equals(IdentityCoreConstants.USER_ACCOUNT_NOT_CONFIRMED_ERROR_CODE)) { %>
  <div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
  <%= AuthenticationEndpointUtil.i18n(resourceBundle, errorMessage) %>
  </div>

modules/distribution/product/src/main/extensions/header.jsp

@@ -31,6 +31,9 @@
 
 <%
  String tenant = request.getParameter("tenantDomain");
+ if (tenant == null) {
+ tenant = request.getParameter("TenantDomain");
+ }
  if (tenant == null) {
  String cb = request.getParameter("callback");
  cb = StringUtils.replace(cb, " ", "");
@@ -39,7 +42,7 @@
  String decodedValue = uri.getQuery();
  String[] params = decodedValue.split("&");
  for (String param : params) {
- if (param.startsWith("tenantDomain=")) {
+ if (param.startsWith("tenantDomain=") || param.startsWith("TenantDomain=")) {
  String[] keyVal = param.split("=");
  tenant = keyVal[1];
  }

modules/distribution/product/src/main/extensions/login.jsp

@@ -142,28 +142,6 @@
  String username = null;
  String usernameIdentifier = null;
 
- if (isIdentifierFirstLogin(inputType)) {
- String authAPIURL = application.getInitParameter(Constants.AUTHENTICATION_REST_ENDPOINT_URL);
- if (StringUtils.isBlank(authAPIURL)) {
- authAPIURL = IdentityUtil.getServerURL("/api/identity/auth/v1.1/", true, true);
- }
- if (!authAPIURL.endsWith("/")) {
- authAPIURL += "/";
- }
- authAPIURL += "context/" + request.getParameter("sessionDataKey");
- String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL);
- Gson gson = new Gson();
- Map<String, Object> parameters = gson.fromJson(contextProperties, Map.class);
- if (parameters != null) {
- username = (String) parameters.get("username");
- usernameIdentifier = (String) parameters.get("username");
- } else {
- String redirectURL = "error.do";
- response.sendRedirect(redirectURL);
- return;
- }
- }
-
  // Login context request url.
  String sessionDataKey = request.getParameter("sessionDataKey");
  String appName = request.getParameter("sp");

modules/distribution/product/src/main/extensions/privacy-policy-content.jsp

@@ -16,7 +16,7 @@
  ~ under the License.
 --%>
 
-<%-- page content -->
+<%-- page content --%>
 <div class="ui grid">
  <div class="two column row"></div>
  <div class="four wide computer four wide tablet column">

modules/distribution/product/src/main/extensions/self-registration-with-verification.jsp

@@ -27,6 +27,9 @@
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementServiceUtil" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointUtil" %>
+<%@ page import="org.wso2.carbon.identity.recovery.IdentityRecoveryConstants" %>
+<%@ page import="org.wso2.carbon.identity.base.IdentityRuntimeException" %>
+<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApiException" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.api.ReCaptchaApi" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.ReCaptchaProperties" %>
@@ -107,6 +110,22 @@
  return;
  }
 
+ try {
+ if (StringUtils.isNotBlank(callback) && !Utils.validateCallbackURL(callback, tenantDomain,
+ IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
+ request.setAttribute("error", true);
+ request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
+ "Callback.url.format.invalid"));
+ request.getRequestDispatcher("error.jsp").forward(request, response);
+ return;
+ }
+ } catch (IdentityRuntimeException e) {
+ request.setAttribute("error", true);
+ request.setAttribute("errorMsg", e.getMessage());
+ request.getRequestDispatcher("error.jsp").forward(request, response);
+ return;
+ }
+
  if (StringUtils.isBlank(callback)) {
  callback = IdentityManagementEndpointUtil.getUserPortalUrl(
  application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain);

modules/distribution/product/src/main/resources/conf/infer.json

@@ -136,5 +136,13 @@
  "broker.transport.amqp.enabled": false,
  "apim.throttling.enable_policy_deployment": false
  }
+ },
+ "authenticationendpoint.enable_shortened_urls": {
+ "false": {
+ "authentication.endpoint.redirect_params.filter_policy": "exclude",
+ "authentication.endpoint.redirect_params.parameters": [
+ "loggedInUser"
+ ]
+ }
  }
 }

modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/pom.xml

@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com) All Rights Reserved.
+ ~
+ ~ WSO2 LLC. licenses this file to you under the Apache License,
+ ~ Version 2.0 (the "License"); you may not use this file except
+ ~ in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>am-features</artifactId>
+ <groupId>org.wso2.am</groupId>
+ <version>4.3.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint.feature</artifactId>
+ <packaging>pom</packaging>
+ <name>WSO2 Identity - Authentication REST API Endpoint Feature</name>
+ <description>WSO2 Identity - Authentication REST API endpoint Feature</description>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-project-info-reports-plugin</artifactId>
+ <reportSets>
+ <reportSet>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </reportSet>
+ </reportSets>
+ </plugin>
+ </plugins>
+ </reporting>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy</id>
+ <phase>package</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+ <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
+ <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+ <overWrite>true</overWrite>
+ <type>war</type>
+ <outputDirectory>${basedir}/src/main/resources/</outputDirectory>
+ <destFileName>api#identity#auth#v1.1.war</destFileName>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-resources</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>src/main/resources</outputDirectory>
+ <resources>
+ <resource>
+ <directory>resources</directory>
+ <includes>
+ <include>api#identity#auth#v1.1.war</include>
+ <include>p2.inf</include>
+ <include>build.properties</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.wso2.maven</groupId>
+ <artifactId>carbon-p2-plugin</artifactId>
+ <version>1.5.3</version>
+ <executions>
+ <execution>
+ <id>p2-feature-generation</id>
+ <phase>package</phase>
+ <goals>
+ <goal>p2-feature-gen</goal>
+ </goals>
+ <configuration>
+ <id>org.wso2.carbon.identity.local.auth.api.endpoint</id>
+ <propertiesFile>../etc/feature.properties</propertiesFile>
+ <adviceFile>
+ <properties>
+ <propertyDef>org.wso2.carbon.p2.category.type:server
+ </propertyDef>
+ <propertyDef>org.eclipse.equinox.p2.type.group:false
+ </propertyDef>
+ </properties>
+ </adviceFile>
+ <bundles>
+ <bundleDef>
+ org.wso2.carbon.identity.local.auth.api:org.wso2.carbon.identity.local.auth.api.core:${org.wso2.carbon.identity.local.auth.api.version}
+ </bundleDef>
+ </bundles>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+ <artifactId>org.wso2.carbon.api.server.local.auth.api</artifactId>
+ <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+ <artifactId>org.wso2.carbon.identity.local.auth.api.core</artifactId>
+ <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.wso2.carbon.identity.local.auth.api</groupId>
+ <artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
+ <type>war</type>
+ <version>${org.wso2.carbon.identity.local.auth.api.version}</version>
+ </dependency>
+
+ </dependencies>
+
+</project>

modules/features/product/org.wso2.carbon.identity.local.auth.api.endpoint.feature/src/main/resources/p2.inf

@@ -0,0 +1,5 @@
+instructions.configure = \
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/);\
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/);\
+org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.identity.local.auth.api.endpoint_${feature.version}/api#identity#auth#v1.1.war,target:${installFolder}/../../deployment/server/webapps/api#identity#auth#v1.1.war,overwrite:true);\

modules/p2-profile/product/pom.xml

@@ -304,6 +304,9 @@
  <featureArtifactDef>
  org.wso2.am:org.wso2.am.security.feature:${apimserver.version}
  </featureArtifactDef>
+ <featureArtifactDef>
+ org.wso2.am:org.wso2.carbon.identity.local.auth.api.endpoint.feature:${apimserver.version}
+ </featureArtifactDef>
 
  <featureArtifactDef>
  org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.cache.invalidation.feature:${carbon.apimgt.version}
@@ -1030,6 +1033,10 @@
  <id>org.wso2.carbon.identity.data.publisher.application.authentication.server.feature.group</id>
  <version>${carbon.identity-data-publisher-application-authentication.version}</version>
  </feature>
+ <feature>
+ <id>org.wso2.carbon.identity.local.auth.api.endpoint.feature.group</id>
+ <version>${apimserver.version}</version>
+ </feature>
 
 
  <feature>

pom.xml

@@ -1328,6 +1328,7 @@
  <carbon.identity-data-publisher-oauth.version>1.6.10</carbon.identity-data-publisher-oauth.version>
  <carbon.identity-user-ws.version>5.7.5</carbon.identity-user-ws.version>
  <carbon.identity-inbound-auth-openid.version>5.9.8</carbon.identity-inbound-auth-openid.version>
+ <org.wso2.carbon.identity.local.auth.api.version>2.5.6</org.wso2.carbon.identity.local.auth.api.version>
  <carbon.identity-local-auth-basicauth.version>6.7.32</carbon.identity-local-auth-basicauth.version>
  <carbon.identity-outbound-auth-samlsso.version>5.8.11</carbon.identity-outbound-auth-samlsso.version>
  <carbon.identity-metadata-saml2.version>1.7.70</carbon.identity-metadata-saml2.version>