Add Push device progressive enrollment auth script

.github/workflows/pr-builder.yml

@@ -36,6 +36,8 @@ jobs:
             ${{ runner.os }}-maven-${{ env.cache-name }}-
             ${{ runner.os }}-maven-
             ${{ runner.os }}-
+      - name: Clear Maven Cache for commons-compress
+        run: rm -rf ~/.m2/repository/org/wso2/orbit/org/apache/commons/commons-compress/1.26.1.wso2v1
       - name: Build with Maven
         run: mvn clean install -U -B
       - name: Generate coverage report

components/action-mgt/org.wso2.carbon.identity.action.execution/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -133,6 +133,7 @@
                             org.wso2.carbon.identity.rule.management.exception; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.rule.management.model; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.rule.management.service; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.rule.management.util; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.central.log.mgt.utils;
                             version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon; version="${carbon.kernel.package.import.version.range}",

components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/ActionManagementDAOImpl.java

@@ -348,7 +348,7 @@ private EndpointConfig populateEndpoint(Map<String, String> propertiesFromDB) th
 
         Authentication authentication;
         Authentication.Type authnType =
-                Authentication.Type.valueOf(propertiesFromDB.remove(ActionMgtConstants.AUTHN_TYPE_PROPERTY));
+                Authentication.Type.valueOfName(propertiesFromDB.remove(ActionMgtConstants.AUTHN_TYPE_PROPERTY));
         switch (authnType) {
             case BASIC:
                 authentication = new Authentication.BasicAuthBuilder(

components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/Authentication.java

@@ -64,6 +64,20 @@ public String getName() {
 
             return name;
         }
+
+        public static Type valueOfName(String name) {
+
+            if (name == null || name.isEmpty()) {
+                throw new IllegalArgumentException("Authentication type cannot be null or empty.");
+            }
+
+            for (Type type : Type.values()) {
+                if (type.name.equalsIgnoreCase(name)) {
+                    return type;
+                }
+            }
+            throw new IllegalArgumentException("Invalid authentication type: " + name);
+        }
     }
 
     /**

components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/util/ActionManagementAuditLogger.java

@@ -22,11 +22,14 @@
 import org.json.JSONObject;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.action.management.exception.ActionMgtException;
 import org.wso2.carbon.identity.action.management.model.ActionDTO;
 import org.wso2.carbon.identity.action.management.model.Authentication;
 import org.wso2.carbon.identity.action.management.model.EndpointConfig;
 import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.rule.management.model.Rule;
+import org.wso2.carbon.identity.rule.management.util.AuditLogBuilderForRule;
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.carbon.utils.AuditLog;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
@@ -47,7 +50,7 @@ public class ActionManagementAuditLogger {
      * @param operation Operation associated with the state change.
      * @param actionDTO Action object to be logged.
      */
-    public void printAuditLog(Operation operation, ActionDTO actionDTO) {
+    public void printAuditLog(Operation operation, ActionDTO actionDTO) throws ActionMgtException {
 
         if (!LoggerUtils.isEnableV2AuditLogs()) {
             return;
@@ -96,7 +99,7 @@ private void buildAuditLog(Operation operation, JSONObject data) {
      * @param actionDTO Action to be logged.
      * @return audit log data.
      */
-    private JSONObject createAuditLogEntry(ActionDTO actionDTO) {
+    private JSONObject createAuditLogEntry(ActionDTO actionDTO) throws ActionMgtException {
 
         JSONObject data = new JSONObject();
         data.put(LogConstants.ACTION_TYPE_FIELD, actionDTO.getType() != null ? actionDTO.getType() : JSONObject.NULL);
@@ -112,9 +115,24 @@ private JSONObject createAuditLogEntry(ActionDTO actionDTO) {
         if (actionDTO.getProperties() != null && !actionDTO.getProperties().isEmpty()) {
             data.put(LogConstants.ACTION_PROPERTIES, getPropertiesData(actionDTO.getProperties()));
         }
+        if (actionDTO.getActionRule() != null && actionDTO.getActionRule().getRule() != null) {
+            data.put(LogConstants.ACTION_RULE, getRuleData(actionDTO.getActionRule().getRule()));
+        }
         return data;
     }
 
+    /**
+     * Retrieve rule data to be logged.
+     * All the rule expression values will be masked.
+     *
+     * @param rule rule to be logged.
+     * @return rule data.
+     */
+    private String getRuleData(Rule rule) {
+
+        return AuditLogBuilderForRule.buildRuleValue(rule);
+    }
+
     /**
      * Create audit log data with action type and ID.
      *
@@ -263,6 +281,7 @@ private static class LogConstants {
         public static final String ACCESS_TOKEN_FIELD = "AccessToken";
         public static final String API_KEY_HEADER_FIELD = "ApiKeyHeader";
         public static final String API_KEY_VALUE_FIELD = "ApiKeyValue";
+        public static final String ACTION_RULE = "Rule";
     }
 }
 

components/action-mgt/org.wso2.carbon.identity.action.management/src/test/java/org/wso2/carbon/identity/action/management/util/ActionManagementAuditLoggerTest.java

@@ -28,15 +28,22 @@
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.identity.action.management.exception.ActionMgtException;
 import org.wso2.carbon.identity.action.management.model.Action;
 import org.wso2.carbon.identity.action.management.model.ActionDTO;
+import org.wso2.carbon.identity.action.management.model.ActionRule;
 import org.wso2.carbon.identity.action.management.model.Authentication;
 import org.wso2.carbon.identity.action.management.model.EndpointConfig;
 import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
 import org.wso2.carbon.identity.certificate.management.model.Certificate;
 import org.wso2.carbon.identity.common.testng.WithCarbonHome;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.rule.management.model.ANDCombinedRule;
+import org.wso2.carbon.identity.rule.management.model.Expression;
+import org.wso2.carbon.identity.rule.management.model.ORCombinedRule;
+import org.wso2.carbon.identity.rule.management.model.Value;
+import org.wso2.carbon.identity.rule.management.util.AuditLogBuilderForRule;
 import org.wso2.carbon.utils.AuditLog;
 
 import java.lang.reflect.Field;
@@ -168,6 +175,7 @@ public Object[][] actionDataProvider() {
                                 .authentication(new Authentication.BearerAuthBuilder(TEST_ACCESS_TOKEN).build())
                                 .build())
                         .properties(actionProperties)
+                        .rule(ActionRule.create(buildMockORCombinedRule()))
                         .build()
                 },
                 // Create object without properties
@@ -199,6 +207,7 @@ public Object[][] actionDataProvider() {
                                         TEST_API_KEY_VALUE).build())
                                 .build())
                         .properties(updatedActionProperties)
+                        .rule(ActionRule.create(buildMockORCombinedRule()))
                         .build()
                 },
                 {ActionManagementAuditLogger.Operation.UPDATE,
@@ -249,14 +258,15 @@ public Object[][] actionDataProvider() {
 
     @Test(dataProvider = "actionDataProvider")
     public void testPrintAuditLogWithAction(ActionManagementAuditLogger.Operation operation, ActionDTO actionDTO)
-            throws NoSuchFieldException, IllegalAccessException {
+            throws NoSuchFieldException, IllegalAccessException, ActionMgtException {
 
         auditLogger.printAuditLog(operation, actionDTO);
         AuditLog.AuditLogBuilder capturedArg = captureTriggerAuditLogEventArgs();
 
         Assert.assertNotNull(capturedArg);
         assertActionData(capturedArg, actionDTO);
         assertAuditLoggerData(capturedArg, operation.getLogAction());
+
     }
 
     @Test
@@ -333,7 +343,7 @@ private String extractField(String fieldName, AuditLog.AuditLogBuilder auditLogB
      * @throws IllegalAccessException if the provided field is not accessible.
      */
     private void assertActionData(AuditLog.AuditLogBuilder auditLogBuilder, ActionDTO actionDTO)
-            throws NoSuchFieldException, IllegalAccessException {
+            throws NoSuchFieldException, IllegalAccessException, ActionMgtException {
 
         Field dataField = AuditLog.AuditLogBuilder.class.getDeclaredField("data");
         dataField.setAccessible(true);
@@ -352,6 +362,8 @@ private void assertActionData(AuditLog.AuditLogBuilder auditLogBuilder, ActionDT
                 actionDTO.getEndpoint().getAuthentication() != null &&
                 actionDTO.getEndpoint().getAuthentication().getType() != null ?
                 actionDTO.getEndpoint().getAuthentication().getType().getName() : null;
+        String rule = actionDTO.getActionRule() != null ?
+                AuditLogBuilderForRule.buildRuleValue(actionDTO.getActionRule().getRule()) : null;
 
         assertField(id != null, dataMap, "ActionId", id);
         assertField(name != null, dataMap, "ActionName", name);
@@ -361,19 +373,30 @@ private void assertActionData(AuditLog.AuditLogBuilder auditLogBuilder, ActionDT
         assertField(uri != null, endpointConfigMap, "EndpointUri", uri);
         assertField(authenticationScheme != null, endpointConfigMap, "AuthenticationScheme",
                 authenticationScheme);
+        assertField(rule != null, dataMap, "Rule", rule);
 
         if (authenticationScheme != null) {
             switch (actionDTO.getEndpoint().getAuthentication().getType()) {
                 case BASIC:
-                    assertMasked(endpointConfigMap.get("Username").toString());
-                    assertMasked(endpointConfigMap.get("Password").toString());
+                    assertField(true, endpointConfigMap, "Username",
+                            LoggerUtils.getMaskedContent(actionDTO.getEndpoint().getAuthentication()
+                                    .getProperty(Authentication.Property.USERNAME).getValue()));
+                    assertField(true, endpointConfigMap, "Password",
+                            LoggerUtils.getMaskedContent(actionDTO.getEndpoint().getAuthentication()
+                                    .getProperty(Authentication.Property.PASSWORD).getValue()));
                     break;
                 case BEARER:
-                    assertMasked(endpointConfigMap.get("AccessToken").toString());
+                    assertField(true, endpointConfigMap, "AccessToken",
+                            LoggerUtils.getMaskedContent(actionDTO.getEndpoint().getAuthentication()
+                                    .getProperty(Authentication.Property.ACCESS_TOKEN).getValue()));
                     break;
                 case API_KEY:
-                    assertMasked(endpointConfigMap.get("ApiKeyHeader").toString());
-                    assertMasked(endpointConfigMap.get("ApiKeyValue").toString());
+                    assertField(true, endpointConfigMap, "ApiKeyHeader",
+                            LoggerUtils.getMaskedContent(actionDTO.getEndpoint().getAuthentication()
+                                    .getProperty(Authentication.Property.HEADER).getValue()));
+                    assertField(true, endpointConfigMap, "ApiKeyValue",
+                            LoggerUtils.getMaskedContent(actionDTO.getEndpoint().getAuthentication()
+                                    .getProperty(Authentication.Property.VALUE).getValue()));
                     break;
                 case NONE:
                 default:
@@ -382,10 +405,15 @@ private void assertActionData(AuditLog.AuditLogBuilder auditLogBuilder, ActionDT
         }
 
         if (actionDTO.getProperties() != null && actionDTO.getProperty(PASSWORD_SHARING_TYPE_PROPERTY_NAME) != null) {
-            assertMasked(propertiesMap.get(PASSWORD_SHARING_TYPE_PROPERTY_NAME).toString());
+            assertField(propertiesMap.get(PASSWORD_SHARING_TYPE_PROPERTY_NAME) != null, propertiesMap,
+                    PASSWORD_SHARING_TYPE_PROPERTY_NAME, LoggerUtils.getMaskedContent(actionDTO.getProperties()
+                            .get(PASSWORD_SHARING_TYPE_PROPERTY_NAME).toString()));
         }
+
         if (actionDTO.getProperties() != null && actionDTO.getProperty(CERTIFICATE_PROPERTY_NAME) != null) {
-            assertMasked(propertiesMap.get(CERTIFICATE_PROPERTY_NAME).toString());
+            assertField(propertiesMap.get(CERTIFICATE_PROPERTY_NAME) != null, propertiesMap,
+                    CERTIFICATE_PROPERTY_NAME, LoggerUtils.getMaskedContent(actionDTO.getProperties()
+                            .get(CERTIFICATE_PROPERTY_NAME).toString()));
         }
     }
 
@@ -406,16 +434,6 @@ private void assertField(boolean isFieldExist, Map<String, Object> dataMap, Stri
         }
     }
 
-    /**
-     * Assert masked data fields.
-     *
-     * @param value Value to be asserted.
-     */
-    private void assertMasked(String value) {
-
-        Assert.assertTrue(value.contains("*"));
-    }
-
     /**
      * Assert generic data fields in audit logger.
      *
@@ -443,5 +461,30 @@ private void assertAuditLoggerData(AuditLog.AuditLogBuilder auditLogBuilder,
                 break;
         }
     }
-}
 
+    /**
+     * Builds a mock {@link ORCombinedRule} with predefined expressions.
+     * The rule consists of:
+     * - An AND rule matching "application = testapp1" and "grantType = authorization_code".
+     * - An AND rule matching "application = testapp2".
+     * These are combined with OR logic.
+     *
+     * @return A mock {@link ORCombinedRule} instance.
+     */
+    private ORCombinedRule buildMockORCombinedRule() {
+        Expression expression1 = new Expression.Builder().field("application").operator("equals")
+                .value(new Value(Value.Type.REFERENCE, "testapp1")).build();
+
+        Expression expression2 = new Expression.Builder().field("grantType").operator("equals")
+                .value(new Value(Value.Type.STRING, "authorization_code")).build();
+        ANDCombinedRule andCombinedRule1 =
+                new ANDCombinedRule.Builder().addExpression(expression1).addExpression(expression2).build();
+
+        Expression expression3 = new Expression.Builder().field("application").operator("equals")
+                .value(new Value(Value.Type.REFERENCE, "testapp2")).build();
+        ANDCombinedRule andCombinedRule2 =
+                new ANDCombinedRule.Builder().addExpression(expression3).build();
+
+        return new ORCombinedRule.Builder().addRule(andCombinedRule1).addRule(andCombinedRule2).build();
+    }
+}

components/action-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/ai-services-mgt/org.wso2.carbon.identity.ai.service.mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>ai-services-mgt</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/ai-services-mgt/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.collection.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>api-resource-mgt</artifactId>
-        <version>7.7.167-SNAPSHOT</version>
+        <version>7.7.210-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.collection.mgt/src/main/java/org/wso2/carbon/identity/api/resource/collection/mgt/APIResourceCollectionManagerImpl.java

@@ -191,6 +191,10 @@ private APIResourceCollection cloneAPIResourceCollection(APIResourceCollection a
                 .type(apiResourceCollection.getType())
                 .readScopes(apiResourceCollection.getReadScopes())
                 .writeScopes(apiResourceCollection.getWriteScopes())
+                .legacyReadScopes(apiResourceCollection.getLegacyReadScopes())
+                .legacyWriteScopes(apiResourceCollection.getLegacyWriteScopes())
+                .viewFeatureScope(apiResourceCollection.getViewFeatureScope())
+                .editFeatureScope(apiResourceCollection.getEditFeatureScope())
                 .apiResources(apiResourceCollection.getApiResources())
                 .build();
     }

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.collection.mgt/src/main/java/org/wso2/carbon/identity/api/resource/collection/mgt/constant/APIResourceCollectionManagementConstants.java

@@ -54,6 +54,11 @@ public static class APIResourceCollectionConfigBuilderConstants {
         public static final String TYPE = "type";
         public static final String READ = "Read";
         public static final String FEATURE = "Feature";
+        public static final String VERSION = "version";
+        public static final String VIEW_FEATURE_SCOPE_SUFFIX = "_view";
+        public static final String EDIT_FEATURE_SCOPE_SUFFIX = "_edit";
+        public static final String CONSOLE_SCOPE_PREFIX = "console:";
+        public static final String COLLECTION_VERSION_V0 = "v0";
     }
 
     /**