Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide rule-based password expiry for users missing required scopes #7224

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Hide rule-based password expiry for users missing required scopes #7224

wants to merge 3 commits into from
+31 −9

Conversation

PasinduYeshan
Copy link
Contributor

Purpose

The initial plan was to modify the token issuance logic to include these missing scopes in the console user token. However, this approach was revised. Instead of requiring these scopes, we decided to hide rule-based password expiry functionality for users without these permissions.

Screen.Recording.2024-12-19.at.10.13.58.mov

Related Issues

Related PRs

Checklist

  • e2e cypress tests locally verified. (for internal contributers)
  • Manual test round performed and verified.
  • UX/UI review done on the final implementation.
  • Documentation provided. (Add links if there are any)
  • Relevant backend changes deployed and verified
  • Unit tests provided. (Add links if there are any)
  • Integration tests provided. (Add links if there are any)

Security checks

@wso2-jenkins-bot
Copy link
Contributor

🦋 Changeset detected

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

@codecov Codecov
Copy link

codecov bot commented Dec 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 32.32%. Comparing base (332755b) to head (36632b6).
Report is 347 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #7224   +/-   ##
=======================================
  Coverage   32.32%   32.32%           
=======================================
  Files          42       42           
  Lines         897      897           
  Branches      221      204   -17     
=======================================
  Hits          290      290           
  Misses        607      607
Flag Coverage Δ
@wso2is/core 32.32% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

pavinduLakshan
pavinduLakshan reviewed Dec 20, 2024
View reviewed changes
apps/console/src/public/deployment.config.json Show resolved Hide resolved
features/admin.validation.v1/constants/validation-config-constants.ts
* These scopes are checked to determine whether to display the new rule-based password expiry configuration UI.
* If these scopes are not available, legacy password expiry configuration will be shown for backward compatibility.
*/
public static readonly RULE_BASED_PASSWORD_EXPIRY_REQUIRED_SCOPES: string[] = [
Copy link
Contributor

@pavinduLakshan pavinduLakshan Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add a new feature object for this in the deployment config instead, so that deployment config would be the single source for maintaining scopes on the frontend

features/admin.validation.v1/pages/validation-config-edit.tsx
@@ -137,6 +136,10 @@ export const ValidationConfigEditPage: FunctionComponent<MyAccountSettingsEditPa
const [ legacyPasswordPolicies, setLegacyPasswordPolicies ] = useState<ConnectorPropertyInterface[]>([]);

const isReadOnly: boolean = !useRequiredScopes(featureConfig?.governanceConnectors?.scopes?.update);
const hasScopesForRuleBasedPasswordExpiry: boolean =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's follow the convention.

Suggested change
const hasScopesForRuleBasedPasswordExpiry: boolean =
const hasRuleBasedPasswordExpiryReadPermissions: boolean =

features/admin.validation.v1/pages/validation-config-edit.tsx
@@ -137,6 +136,10 @@ export const ValidationConfigEditPage: FunctionComponent<MyAccountSettingsEditPa
const [ legacyPasswordPolicies, setLegacyPasswordPolicies ] = useState<ConnectorPropertyInterface[]>([]);

const isReadOnly: boolean = !useRequiredScopes(featureConfig?.governanceConnectors?.scopes?.update);
const hasScopesForRuleBasedPasswordExpiry: boolean =
useRequiredScopes(ValidationConfigConstants.RULE_BASED_PASSWORD_EXPIRY_REQUIRED_SCOPES);
const isRuleBasedPasswordExpiryDisabled: boolean = disabledFeatures?.includes("ruleBasedPasswordExpiry")
Copy link
Contributor

@pavinduLakshan pavinduLakshan Dec 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add "ruleBasedPasswordExpiry" string to the feature dictionary and use the constant here.

Ref. impl:

identity-apps/features/admin.applications.v1/constants/application-management.ts

Lines 70 to 88 in c3dc6bf

public static readonly FEATURE_DICTIONARY: Map<string, string> = new Map<string, string>()
.set("APPLICATION_ADD", "application.add")
.set("APPLICATION_EDIT", "application.edit")
.set("APPLICATION_EDIT_GENERAL_SETTINGS", "application.edit.generalSettings")
.set("APPLICATION_EDIT_ACCESS_CONFIG", "applications.edit.accessConfiguration")
.set("APPLICATION_EDIT_ATTRIBUTE_MAPPING", "applications.edit.attributeMapping")
.set("APPLICATION_EDIT_SIGN_ON_METHOD_CONFIG", "applications.edit.signOnMethodConfiguration")
.set("APPLICATION_EDIT_PROVISIONING_SETTINGS", "applications.edit.provisioningSettings")
.set("APPLICATION_EDIT_ADVANCED_SETTINGS", "applications.edit.advancedSettings")
.set("APPLICATION_SHARED_ACCESS", "applications.edit.sharedAccess")
.set("APPLICATION_EDIT_INFO", "applications.edit.info")
.set("FAPI_APP_CREATION", "applications.create.fapi")
.set("APPLICATION_NATIVE_AUTHENTICATION", "applications.native.authentication")
.set("APPLICATION_MYACCOUNT_SAAS_SETTINGS", "applications.myaccount.saasMyaccountSettings")
.set("APPLICATION_ADD_MANAGEMENT_APPLICATIONS", "applications.add.managementApplications")
.set("APPLICATIONS_SETTINGS", "applications.settings")
.set("TRUSTED_APPS", "applications.trustedApps")
.set("APPLICATION_ACCESSTOKEN_ATTRIBUTES", "applications.accessTokenAttributes")
.set("APPLICATION_OUTDATED_APP_BANNER", "applications.outdatedAppBanner");

features/admin.validation.v1/pages/validation-config-edit.tsx
if (!isRuleBasedPasswordExpiryDisabled) {
processedFormValues = {
...values,
passwordExpiryEnabled: passwordExpiryEnabled,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already added in L608, isn't it?

features/admin.validation.v1/pages/validation-config-edit.tsx
@@ -600,14 +603,21 @@ export const ValidationConfigEditPage: FunctionComponent<MyAccountSettingsEditPa
): void => {
if (hasPasswordExpiryRuleErrors) return;

const processedFormValues: ValidationFormInterface = {
let processedFormValues: ValidationFormInterface = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can keep this const and add new object properties.

const obj = {
a: "b",
c: "d"
}

obj.e = "f"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pavinduLakshan pavinduLakshan pavinduLakshan left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PasinduYeshan @wso2-jenkins-bot @pavinduLakshan