wso2-extensions · RushanNanayakkara · May 17, 2024 · May 16, 2024
diff --git a/...rg/wso2/carbon/identity/multi/attribute/login/constants/MultiAttributeLoginConstants.java b/...rg/wso2/carbon/identity/multi/attribute/login/constants/MultiAttributeLoginConstants.java
@@ -24,7 +24,6 @@
 public class MultiAttributeLoginConstants {
 
     public static final String USERNAME_CLAIM_URI = "http://wso2.org/claims/username";
-    public static final String MULTI_ATTRIBUTE_USER_IDENTIFIER_CLAIM_URI = "internal.user.identifier.claim.uri";
 
     public static final String MULTI_ATTRIBUTE_LOGIN_PROPERTY = "account.multiattributelogin.handler.enable";
     public static final String ALLOWED_LOGIN_ATTRIBUTES = "account.multiattributelogin.handler.allowedattributes";

diff --git a/components/org.wso2.carbon.identity.recovery/pom.xml b/components/org.wso2.carbon.identity.recovery/pom.xml
@@ -128,10 +128,6 @@
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.input.validation.mgt</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.wso2.carbon.identity.governance</groupId>
-            <artifactId>org.wso2.carbon.identity.multi.attribute.login.service</artifactId>
-        </dependency>
     </dependencies>
 
     <build>
@@ -186,8 +182,6 @@
                             org.apache.commons.logging.*; version="${commons-logging.osgi.version.range}",
                             org.wso2.carbon.identity.multi.attribute.login.mgt.*;
                             version="${carbon.identity.framework.imp.pkg.version.range}",
-                            org.wso2.carbon.identity.multi.attribute.login.service;
-                            version="${identity.governance.imp.pkg.version.range}",
                         </Import-Package>
                         <DynamicImport-Package>*</DynamicImport-Package>
                     </instructions>

diff --git a/...y.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/...y.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
@@ -307,8 +307,6 @@ public enum ErrorMessages {
         ERROR_CODE_STORING_RECOVERY_FLOW_DATA("20063", "Error while storing recovery data."),
         ERROR_CODE_UPDATING_RECOVERY_FLOW_DATA("20064", "Error while updating recovery data."),
         ERROR_CODE_NO_HASHING_ALGO_FOR_CODE("20065", "Error while hashing the code."),
-        ERROR_CODE_MULTIPLE_CLAIMS_WITH_MULTI_ATTRIBUTE_URI("20066", "Multiple claims not allowed " +
-                "when user identifier claim is used."),
 
         ERROR_CODE_ERROR_RETRIVING_CLAIM("18004", "Error when retrieving the locale claim of user '%s' of '%s' domain."),
         ERROR_CODE_RECOVERY_DATA_NOT_FOUND_FOR_USER("18005", "Recovery data not found."),
@@ -682,8 +680,6 @@ public static class ConnectorConfig {
                 ".Password.MaxFailedAttempts";
         public static final String RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS = "Recovery.Notification" +
                 ".Password.MaxResendAttempts";
-        public static final String PASSWORD_RECOVERY_EMAIL_LINK_ENABLE = "Recovery.Notification.Password.emailLink.Enable";
-        public static final String PASSWORD_RECOVERY_SMS_OTP_ENABLE = "Recovery.Notification.Password.smsOtp.Enable";
     }
 
     public static class DBConstants {

diff --git a/...ecovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java b/...ecovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
@@ -74,6 +74,8 @@ public int getOrder() {
     public Map<String, String> getPropertyNameMapping() {
 
         Map<String, String> nameMapping = new HashMap<>();
+        nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
+                "Notification based password recovery");
         nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SEND_OTP_IN_EMAIL,
                 "Send OTP in e-mail");
         nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_USE_UPPERCASE_CHARACTERS_IN_OTP,
@@ -125,10 +127,6 @@ public Map<String, String> getPropertyNameMapping() {
                 "Max failed attempts for password recovery");
         nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS,
                 "Max resend attempts for password recovery");
-        nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE,
-                "Notification based password recovery via an email");
-        nameMapping.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE,
-                "Notification based password recovery using SMS OTP");
         return nameMapping;
     }
 
@@ -177,6 +175,7 @@ public Map<String, String> getPropertyDescriptionMapping() {
     public String[] getPropertyNames() {
 
         List<String> properties = new ArrayList<>();
+        properties.add(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY);
         properties.add(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SEND_OTP_IN_EMAIL);
         properties.add(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_USE_UPPERCASE_CHARACTERS_IN_OTP);
         properties.add(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_USE_LOWERCASE_CHARACTERS_IN_OTP);
@@ -203,14 +202,13 @@ public String[] getPropertyNames() {
         properties.add(IdentityRecoveryConstants.ConnectorConfig.ENABLE_AUTO_LGOIN_AFTER_PASSWORD_RESET);
         properties.add(IdentityRecoveryConstants.ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_FAILED_ATTEMPTS);
         properties.add(IdentityRecoveryConstants.ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS);
-        properties.add(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE);
-        properties.add(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE);
         return properties.toArray(new String[0]);
     }
 
     @Override
     public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityGovernanceException {
 
+        String enableNotificationBasedPasswordRecovery = "false";
         String enableSendOTPInEmail = "false";
         String useUppercaseCharactersInOTP = StringUtils.EMPTY;
         String useLowercaseCharactersInOTP = StringUtils.EMPTY;
@@ -239,9 +237,9 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
         String recoveryMaxResendAttempts = "5";
         int httpsProxyPort = 443;
         String secureHttpProtocol = "https";
-        String enableEmailNotificationBasedPasswordRecovery = "false";
-        String enableSMSNotificationBasedPasswordRecovery = "false";
 
+        String notificationBasedPasswordRecovery = IdentityUtil.getProperty(
+                IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY);
         String sendOTPInEmailProperty = IdentityUtil.getProperty(
                 IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SEND_OTP_IN_EMAIL);
         String useUppercaseCharactersInOTPProperty = IdentityUtil.getProperty(
@@ -293,17 +291,16 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
                 ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_FAILED_ATTEMPTS);
         String maxResendAttempts = IdentityUtil.getProperty(IdentityRecoveryConstants.
                 ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS);
-        String emailNotificationBasedPasswordRecovery = IdentityUtil.getProperty(
-                IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE);
-        String smsNotificationBasedPasswordRecovery = IdentityUtil.getProperty(
-                IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE);
 
         if (StringUtils.isNotEmpty(expiryTimeSMSOTPProperty)) {
             expiryTimeSMSOTP = expiryTimeSMSOTPProperty;
         }
         if (StringUtils.isNotEmpty(smsOtpRegexProperty)) {
             smsOtpRegex = smsOtpRegexProperty;
         }
+        if (StringUtils.isNotEmpty(notificationBasedPasswordRecovery)) {
+            enableNotificationBasedPasswordRecovery = notificationBasedPasswordRecovery;
+        }
         if (StringUtils.isNotEmpty(sendOTPInEmailProperty)) {
             enableSendOTPInEmail = sendOTPInEmailProperty;
         }
@@ -387,14 +384,10 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
         if (StringUtils.isNotEmpty(maxResendAttempts)) {
             recoveryMaxResendAttempts = maxResendAttempts;
         }
-        if (StringUtils.isNotEmpty(emailNotificationBasedPasswordRecovery)) {
-            enableEmailNotificationBasedPasswordRecovery = emailNotificationBasedPasswordRecovery;
-        }
-        if (StringUtils.isNotEmpty(smsNotificationBasedPasswordRecovery)) {
-            enableSMSNotificationBasedPasswordRecovery = smsNotificationBasedPasswordRecovery;
-        }
 
         Map<String, String> defaultProperties = new HashMap<>();
+        defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
+                enableNotificationBasedPasswordRecovery);
         defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SEND_OTP_IN_EMAIL,
                 enableSendOTPInEmail);
         defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_USE_UPPERCASE_CHARACTERS_IN_OTP,
@@ -446,10 +439,6 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
                 .RECOVERY_NOTIFICATION_PASSWORD_MAX_FAILED_ATTEMPTS, recoveryMaxFailedAttempts);
         defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig
                 .RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS, recoveryMaxResendAttempts);
-        defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE,
-                enableEmailNotificationBasedPasswordRecovery);
-        defaultProperties.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE,
-                enableSMSNotificationBasedPasswordRecovery);
 
         Properties properties = new Properties();
         properties.putAll(defaultProperties);
@@ -468,6 +457,9 @@ public Map<String, Property> getMetaData() {
 
         Map<String, Property> meta = new HashMap<>();
 
+        meta.put(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
+                getPropertyObject(IdentityMgtConstants.DataTypes.BOOLEAN.getValue()));
+
         meta.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SEND_OTP_IN_EMAIL,
                 getPropertyObject(IdentityMgtConstants.DataTypes.BOOLEAN.getValue()));
 
@@ -543,15 +535,6 @@ public Map<String, Property> getMetaData() {
         meta.put(IdentityRecoveryConstants.ConnectorConfig.RECOVERY_NOTIFICATION_PASSWORD_MAX_RESEND_ATTEMPTS,
                 getPropertyObject(IdentityMgtConstants.DataTypes.INTEGER.getValue()));
 
-        meta.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE,
-                getPropertyObject(IdentityMgtConstants.DataTypes.BOOLEAN.getValue()));
-
-        meta.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE,
-                getPropertyObject(IdentityMgtConstants.DataTypes.BOOLEAN.getValue()));
-
-        meta.put(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_REGEX,
-                getPropertyObject(IdentityMgtConstants.DataTypes.STRING.getValue()));
-
         return meta;
     }
 

diff --git a/...a/org/wso2/carbon/identity/recovery/internal/service/impl/UserAccountRecoveryManager.java b/...a/org/wso2/carbon/identity/recovery/internal/service/impl/UserAccountRecoveryManager.java
@@ -31,9 +31,6 @@
 import org.wso2.carbon.identity.event.IdentityEventException;
 import org.wso2.carbon.identity.event.event.Event;
 import org.wso2.carbon.identity.governance.service.notification.NotificationChannels;
-import org.wso2.carbon.identity.multi.attribute.login.constants.MultiAttributeLoginConstants;
-import org.wso2.carbon.identity.multi.attribute.login.mgt.MultiAttributeLoginService;
-import org.wso2.carbon.identity.multi.attribute.login.mgt.ResolvedUserResult;
 import org.wso2.carbon.identity.recovery.IdentityRecoveryClientException;
 import org.wso2.carbon.identity.recovery.IdentityRecoveryConstants;
 import org.wso2.carbon.identity.recovery.IdentityRecoveryException;
@@ -300,32 +297,6 @@ public String getUsernameByClaims(Map<String, String> claims, String tenantDomai
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getMessage(),
                     null);
         }
-
-        MultiAttributeLoginService multiAttributeLoginService = IdentityRecoveryServiceDataHolder.getInstance()
-                .getMultiAttributeLoginService();
-
-        if (multiAttributeLoginService.isEnabled(tenantDomain) && claims.containsKey(MultiAttributeLoginConstants
-                .MULTI_ATTRIBUTE_USER_IDENTIFIER_CLAIM_URI)) {
-            /* Multiple claims are not allowed when user identifier claim is enabled since identifier claim cannot be
-             used in combination with other claims. */
-            if (claims.keySet().size() > 1) {
-                String errorCode = Utils.prependOperationScenarioToErrorCode(
-                        IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_CLAIMS_WITH_MULTI_ATTRIBUTE_URI
-                                .getCode(), IdentityRecoveryConstants.USER_ACCOUNT_RECOVERY);
-               throw Utils.handleClientException(errorCode,
-                        IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_CLAIMS_WITH_MULTI_ATTRIBUTE_URI
-                                .getMessage(), null);
-            }
-            // Resolve the user with the multi attribute login service.
-            ResolvedUserResult resolvedUserResult = multiAttributeLoginService.resolveUser(
-                    claims.get(MultiAttributeLoginConstants.MULTI_ATTRIBUTE_USER_IDENTIFIER_CLAIM_URI), tenantDomain);
-            if (resolvedUserResult != null && ResolvedUserResult.UserResolvedStatus.SUCCESS
-                    .equals(resolvedUserResult.getResolvedStatus())) {
-                return resolvedUserResult.getUser().getDomainQualifiedUsername();
-            }
-            return StringUtils.EMPTY;
-        }
-
         int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
         try {
             ArrayList<org.wso2.carbon.user.core.common.User> resultedUserList = new ArrayList<>();

diff --git a/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java b/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java
@@ -630,7 +630,10 @@ private String extractNotificationChannelDetails(String recoveryChannels, int ch
      */
     private void validateConfigurations(String tenantDomain) throws IdentityRecoveryException {
 
-        if (!isNotificationBasedRecoveryEnabled(tenantDomain)) {
+        boolean isRecoveryEnable = Boolean.parseBoolean(
+                Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
+                        tenantDomain));
+        if (!isRecoveryEnable) {
             throw Utils.handleClientException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PASSWORD_RECOVERY_WITH_NOTIFICATIONS_NOT_ENABLED,
                     null);
@@ -671,13 +674,9 @@ private boolean isNotificationBasedRecoveryEnabled(String tenantDomain) throws I
 
         // Check whether the challenge question based recovery is enabled.
         try {
-            boolean isEmailRecoveryEnable = Boolean.parseBoolean(
-                    Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE,
-                            tenantDomain));
-            boolean isSMSOtpRecoveryEnable = Boolean.parseBoolean(
-                    Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE,
+            return Boolean.parseBoolean(
+                    Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
                             tenantDomain));
-            return isEmailRecoveryEnable || isSMSOtpRecoveryEnable;
         } catch (IdentityRecoveryServerException e) {
             // Prepend scenario to the thrown exception.
             String errorCode = Utils

diff --git a/.../java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/.../java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
@@ -507,13 +507,9 @@ private void validateCallback(Property[] properties, String tenantDomain) throws
      */
     private void validatePasswordRecoveryConfiguration(String tenantDomain) throws IdentityRecoveryException {
 
-        boolean isEmailRecoveryEnable = Boolean.parseBoolean(
-                Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_EMAIL_LINK_ENABLE,
+        boolean isRecoveryEnable = Boolean.parseBoolean(
+                Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY,
                         tenantDomain));
-        boolean isSMSOtpRecoveryEnable = Boolean.parseBoolean(
-                Utils.getRecoveryConfigs(IdentityRecoveryConstants.ConnectorConfig.PASSWORD_RECOVERY_SMS_OTP_ENABLE,
-                        tenantDomain));
-        boolean isRecoveryEnable = isEmailRecoveryEnable || isSMSOtpRecoveryEnable;
         if (!isRecoveryEnable) {
             throw Utils.handleClientException(
                     IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOTIFICATION_BASED_PASSWORD_RECOVERY_NOT_ENABLE,