Merge pull request #766 from Rashmini/recovery-api-v1-disable

Disable current recovery service
wso2-extensions · Sep 27, 2023 · c0f6d2f · c0f6d2f
2 parents 3065e40 + c66a1f3
commit c0f6d2f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/...y.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/...y.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
@@ -374,6 +374,7 @@ public enum ErrorMessages {
                 "User account recovery validation failed for user account: '%s'"),
         ERROR_CODE_INVALID_RECOVERY_FLOW_ID("UAR-10015", "Invalid confirmation code : '%s'."),
         ERROR_CODE_EXPIRED_RECOVERY_FLOW_ID("UAR-10016", "Expired confirmation code : '%s'."),
+        ERROR_CODE_API_DISABLED("UAR-10017", "Recovery API is disabled."),
         ERROR_CODE_NO_RECOVERY_FLOW_DATA("UAR-10018", "No recovery flow data found for "
                 + "recovery flow id : '%s'."),
         ERROR_CODE_ERROR_STORING_RECOVERY_DATA("UAR-15001", "Error storing user recovery data"),

diff --git a/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java b/.../carbon/identity/recovery/internal/service/impl/password/PasswordRecoveryManagerImpl.java
@@ -23,6 +23,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.application.common.model.User;
+import org.wso2.carbon.identity.base.IdentityConstants;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.event.IdentityEventException;
@@ -189,6 +190,11 @@ public PasswordRecoverDTO notify(String recoveryCode, String channelId, String t
     public PasswordResetCodeDTO confirm(String confirmationCode, String tenantDomain, Map<String, String> properties)
             throws IdentityRecoveryException {
 
+        if (!Boolean.parseBoolean(IdentityUtil.getProperty(
+                IdentityConstants.Recovery.RECOVERY_V1_API_ENABLE))) {
+            throw Utils.handleClientException(
+                    IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_API_DISABLED, null);
+        }
         validateTenantDomain(tenantDomain);
         UserAccountRecoveryManager userAccountRecoveryManager = UserAccountRecoveryManager.getInstance();
         // Get Recovery data.
@@ -290,6 +296,11 @@ public PasswordResetCodeDTO confirm(String otp, String confirmationCode, String
     public SuccessfulPasswordResetDTO reset(String resetCode, char[] password, Map<String, String> properties)
             throws IdentityRecoveryException {
 
+        if (!Boolean.parseBoolean(IdentityUtil.getProperty(
+                IdentityConstants.Recovery.RECOVERY_V1_API_ENABLE))) {
+            throw Utils.handleClientException(
+                    IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_API_DISABLED, null);
+        }
         // Validate the password.
         if (ArrayUtils.isEmpty(password)) {
             throw Utils.handleClientException(