It doesnt allow to login to myaccount or update user identifier value when login identifier set to mobile and optional field Reg Ex removed from claim

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.

http://wso2.github.io/

Apache License 2.0

742 stars 721 forks source link

It doesnt allow to login to myaccount or update user identifier value when login identifier set to mobile and optional field Reg Ex removed from claim #13281

Open ShanikaWickramasinghe opened 2 years ago

ShanikaWickramasinghe commented 2 years ago

How to reproduce:

Enable multi attribute login for mobile claim
List mobile claim and remove the default regular expression given in the system for mobile claim and keep it empty
Update
Will allow to update as this field is not a mandatory field
Access myaccount
Try to login by providing the mobile value set for admin user

https://user-images.githubusercontent.com/31848014/159155156-87bb44a8-12ff-41e9-b69e-2d40f0725f2f.mp4

Actual behavior: It doesn't allow to login for myaccount Also it doesnt allow to update the value for the claim to a value that doest match with reg ex. ( As I have removed reg ex validation it should allow me to update it for any value)

Environment information (Please complete the following information; remove any unnecessary fields) : IS 5.12.0 alpha 16 h2/default

nilasini commented 2 years ago

@ShanikaWickramasinghe according to the documentation it is expected to add regex pattern in order to use multi attribute feature "Once you have configured WSO2 Identity Server for multi attribute login, you need to provide regular expression for the allowed claims. Some claims have a default regex. If they don't, you need to provide it." [1] https://is.docs.wso2.com/en/5.12.0/learn/multi-attribute-login/

For the issue "updating the mobile number even after deleting the regex pattern throws error", if we remove the claim configuration from the ui then we are validating it with the default regex through the code. It is an expected behaviour.

ShanikaWickramasinghe commented 2 years ago

@nilasini This was a negative test case carried out to check the "Mandatory and optional fields related to the feature in the UI". Dont we need to make the reg ex then a mandatory field in the UI. As I feel Giving it as a optional field and allowing to update it successfully for a user by keeping empty without giving any UI restrictions during that time and later giving a error when trying to do the login will create a bad user experience.

Also as you have mentioned when the regex is removed from the UI if it validates with the default reg ex given in the code then it should allow the user to login right. As there will be a default reg ex which is operating underneath

nilasini commented 2 years ago

@ShanikaWickramasinghe yes I agreed with that point. For that shall we create an improvement and add it to [1].

[1] https://github.com/wso2/product-is/issues/12340

ShanikaWickramasinghe commented 2 years ago

@nilasini I added it under the improvements #12340 . So shall we keep this issue opened by changing the milestone and the project. So when addressing the issue they can refer to the detailed concern in the opened issue.