Facilitate 'Ask Password' Email Resend and Alter 'Reset Password' Button Logic

[AfraHussaindeen]

Purpose

Improve the user experience and administrative control within the "Ask Password" flow and in forced password reset option.

Proposed solution:

• "Ask Password" Flow Enhancement: A "Resend" option is presented alongside the warning message related to the account lock reasoning, allowing administrators to resend the password setup email. Furthermore, a "Set Password" option (functionally equivalent to a forced password reset, but with revamped wording and only the setting password option - email sending will be excluded) is also provided, enabling administrators to directly set the user's password.

When the account locking is enabled (Ask password flow)

When the account locking is disabled (Ask password flow)

• Forced password reset Enhancement:

  • A "Resend" option is presented alongside the warning message related to the account lock reasoning, allowing administrators to resend
    

  • Currently, the forced password reset button is disabled when an account is locked. This logic is altered such that the "Reset Password" button is enabled when the account lock reason is [PENDING_ADMIN_FORCED_USER_PASSWORD_RESET](https://github.com/wso2-extensions/identity-governance/blob/f3724207c5e81cfed310a186a7effe32135fa06b/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/IdentityMgtConstants.java#L55 ) which is related to the password update scenario.

Related issues

• Support for administrators to manage pending email and mobile confirmations product-is#23659

To be merged after

• Unlock user accounts during admin-initiated password resets based on lock reason and support reinitiating the ask password flow wso2-extensions/identity-governance#936

TODO :

• E2E

Checklist

• e2e cypress tests locally verified. (for internal contributers)
• Manual test round performed and verified.
• UX/UI review done on the final implementation.
• Documentation provided. (Add links if there are any)
• Relevant backend changes deployed and verified
• Unit tests provided. (Add links if there are any)
• Integration tests provided. (Add links if there are any)

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines
• Ran FindSecurityBugs plugin and verified report
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 41.85%. Comparing base (913fa68) to head (176e2c4).
Report is 135 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7992   +/-   ##
=======================================
  Coverage   41.85%   41.85%           
=======================================
  Files          42       42           
  Lines         939      939           
  Branches      238      238           
=======================================
  Hits          393      393           
+ Misses        546      502   -44     
- Partials        0       44   +44     

Flag	Coverage Δ
@wso2is/core	41.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 12 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pavinduLakshan]

Let's add changeset too.

[wso2-jenkins-bot]

🦋 Changeset detected

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.