From 2ba104bff2ee3912b40f0741b529fe4f5c5926ac Mon Sep 17 00:00:00 2001
From: Ashan Thamara Palihakkara
 <75057725+ashanthamara@users.noreply.github.com>
Date: Sun, 3 Dec 2023 22:28:04 +0530
Subject: [PATCH] Disregard callback url regex validation when accessurl is
 configured in the app

---
 .../recovery/IdentityRecoveryConstants.java   |  1 +
 .../NotificationPasswordRecoveryManager.java  | 12 ++++++----
 .../signup/UserSelfRegistrationManager.java   | 15 ++++++++-----
 .../carbon/identity/recovery/util/Utils.java  | 22 +++++++++++++++++++
 4 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
index 41a1c40cb7..4d12152d06 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java
@@ -142,6 +142,7 @@ public class IdentityRecoveryConstants {
     public static final String EXECUTE_ACTION = "ui.execute";
     public static final String UTF_8 = "UTF-8";
     public static final String CALLBACK = "callback";
+    public static final String ACCESS_URL = "accessUrl";
     public static final String IS_LITE_SIGN_UP = "isLiteSignUp";
     public static final String DEFAULT_CALLBACK_REGEX = ".*";
     public static final String IS_USER_PORTAL_URL = "isUserPortalURL";
diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
index 8ef023aa87..0628203361 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/password/NotificationPasswordRecoveryManager.java
@@ -484,12 +484,16 @@ private HashMap<String, String> buildPropertyMap(Property[] properties) {
     private void validateCallback(Property[] properties, String tenantDomain) throws IdentityRecoveryServerException {
 
         String callbackURL = null;
+        String appAccessURL = null;
         try {
             callbackURL = Utils.getCallbackURL(properties);
-            if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain,
-                    IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) {
-                throw Utils.handleServerException(
-                        IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL);
+            appAccessURL = Utils.getAccessUrl(properties);
+            if (StringUtils.isEmpty(appAccessURL) && !callbackURL.equals(appAccessURL)) {
+                if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain,
+                        IdentityRecoveryConstants.ConnectorConfig.RECOVERY_CALLBACK_REGEX)) {
+                    throw Utils.handleServerException(
+                            IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL);
+                }
             }
         } catch (URISyntaxException | UnsupportedEncodingException | IdentityEventException e) {
             throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID,
diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java
index b3229e407a..7c57b2d53c 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java
@@ -97,6 +97,7 @@
 
 import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
+import java.net.URISyntaxException;
 import java.text.SimpleDateFormat;
 import java.time.Instant;
 import java.util.ArrayList;
@@ -153,14 +154,18 @@ public NotificationResponseBean registerUser(User user, String password, Claim[]
 
         // Callback URL validation
         String callbackURL = null;
+        String appAccessUrl = null;
         try {
             callbackURL = Utils.getCallbackURLFromRegistration(properties);
-            if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain,
-                    IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
-                throw Utils.handleServerException(
-                        IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL);
+            appAccessUrl = Utils.getAccessUrl(properties);
+            if (StringUtils.isEmpty(appAccessUrl) && !callbackURL.equals(appAccessUrl)) {
+                if (StringUtils.isNotBlank(callbackURL) && !Utils.validateCallbackURL(callbackURL, tenantDomain,
+                        IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
+                    throw Utils.handleServerException(
+                            IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID, callbackURL);
+                }
             }
-        } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException e) {
+        } catch (MalformedURLException | UnsupportedEncodingException | IdentityEventException | URISyntaxException e) {
             throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_CALLBACK_URL_NOT_VALID,
                     callbackURL);
         }
diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java
index 24279506a9..2ec1ec0b39 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java
@@ -719,6 +719,28 @@ public static String getCallbackURL(org.wso2.carbon.identity.recovery.model.Prop
         return callbackURL;
     }
 
+    public static String getAccessUrl(org.wso2.carbon.identity.recovery.model.Property[] properties)
+            throws UnsupportedEncodingException, URISyntaxException {
+
+        if (properties == null) {
+            return null;
+        }
+        String accessURL = null;
+        for (org.wso2.carbon.identity.recovery.model.Property property : properties) {
+            if (IdentityRecoveryConstants.ACCESS_URL.equals(property.getKey())) {
+                accessURL = property.getValue();
+                break;
+            }
+        }
+
+        if (StringUtils.isNotBlank(accessURL)) {
+            URI uri = new URI(accessURL);
+            accessURL = new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null)
+                    .toString();
+        }
+        return accessURL;
+    }
+
     /**
      * Get whether this is tenant flow
      *