[master] Improve code for next release

[AqeelMuhammad]

Purpose

This pull request fixes the bugs and improves the code in the modified files.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced endpoint validation to only accept properly formatted requests, improving system stability and security.

[coderabbitai]

Walkthrough

Adds HTTP method validation to two AJAX processor JSP files. Each file now checks that incoming requests use POST method; non-POST requests receive HTTP 405 (Method Not Allowed) response and terminate early.

Changes

Cohort / File(s)	Summary
AJAX Processor POST Validation components/identity-mgt/.../validator_ajaxprocessor.jsp, components/user-store/.../validateconnection-ajaxprocessor.jsp	Added HTTP method guard to reject non-POST requests with HTTP 405 response, ensuring early termination of non-conformant requests before processing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Two guards stand firm at the JSP door,
POST-only warriors, nothing more,
Rejecting GET with a 405 call,
Keeping the AJAX processors tall! 🛡️

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is largely incomplete, providing only one sentence without addressing most required template sections like Goals, Approach, Testing, Security checks, and other critical information.	Complete the description template with detailed information about the security issue being fixed, the approach taken, testing performed, and security validation steps.
Title check	❓ Inconclusive	The title is vague and generic, using a non-descriptive phrase 'Improve code' that doesn't convey what the actual changes accomplish.	Provide a more specific title that describes the security improvement, such as 'Add HTTP method validation to AJAX processors' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@components/identity-mgt/org.wso2.carbon.identity.mgt.ui/src/main/resources/web/identity-mgt/validator_ajaxprocessor.jsp`:
- Around line 28-32: The current method guard rejects non-POST requests by
checking request.getMethod() and returning 405, which will break email
confirmation links that use GET; update the logic around the request.getMethod()
check (the POST-only guard) to allow both "GET" and "POST" for confirmation
token validation or explicitly confirm that all callers were migrated to POST
and revert to POST-only; specifically, modify the conditional that uses
request.getMethod() so it accepts "get" as well as "post" (or implement an
explicit migration/feature flag path) and ensure any downstream token processing
continues to work for both methods.

[Copilot]

Pull request overview

This PR adds HTTP method validation to two JSP “ajaxprocessor” endpoints to reject non-POST requests.

Changes:

• Added request method checks to return 405 for non-POST requests in validateconnection-ajaxprocessor.jsp.
• Added request method checks to return 405 for non-POST requests in validator_ajaxprocessor.jsp.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
components/user-store/org.wso2.carbon.identity.user.store.configuration.ui/src/main/resources/web/userstore_config/validateconnection-ajaxprocessor.jsp	Enforces POST-only access for the DB connection validation endpoint.
components/identity-mgt/org.wso2.carbon.identity.mgt.ui/src/main/resources/web/identity-mgt/validator_ajaxprocessor.jsp	Enforces POST-only access for the confirmation-link validator/redirect endpoint.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.15%. Comparing base (41bb1de) to head (f098674).
⚠️ Report is 29 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7708      +/-   ##
============================================
+ Coverage     50.90%   51.15%   +0.25%     
+ Complexity    19632    19443     -189     
============================================
  Files          2144     2144              
  Lines        126562   127305     +743     
  Branches      25769    26054     +285     
============================================
+ Hits          64426    65125     +699     
+ Misses        53866    53833      -33     
- Partials       8270     8347      +77     

Flag	Coverage Δ
unit	35.73% <ø> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.