Introduce password reset completion property in authentication context

[NipuniBhagya]

This pull request introduces support for tracking the completion status of the password reset flow within the authentication framework. The main changes add a new attribute and expose it to the JavaScript authentication context, enabling scripts to check and access the password reset completion state.

Enhancements for password reset flow tracking:

• Added a new boolean field passwordResetComplete to the AuthenticationContext class to mark whether the password reset flow is completed.
• Introduced the constant JS_PASSWORD_RESET_COMPLETE in FrameworkConstants.JSAttributes for consistent referencing in JavaScript contexts.

JavaScript context integration:

• Updated JsAuthenticationContext to expose JS_PASSWORD_RESET_COMPLETE as a member, allowing scripts to check its presence and retrieve its value. [1] [2]
• Included JS_PASSWORD_RESET_COMPLETE in the list of available JavaScript member keys in JsAuthenticationContext, making it accessible for scripting and introspection.### Proposed changes in this pull request

[List all changes you want to add here. If you fixed an issue, please
add a reference to that issue as well.]

When should this PR be merged

[Please describe any preconditions that need to be addressed before we
can merge this pull request.]

Follow up actions

[List any possible follow-up actions here; for instance, testing data
migrations, software that we need to install on staging and production
environments.]

Developer Checklist (Mandatory)

• Complete the Developer Checklist in the related product-is issue to track any behavioral change or migration impact.

Checklist (for reviewing)

General

• Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
• Is the PR labeled correctly?

Functionality

• Are all requirements met? Compare implemented functionality with the requirements specification.
• Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.

Code

• Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
• Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
• Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.

Tests

• Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
• If this is a bug fix, are tests for the issue in place? There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.
• If this is a new feature or a significant change to an existing feature? has the manual testing spreadsheet been updated with instructions for manual testing?

Security

• Confirm this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.
• Are all UI and API inputs run through forms or serializers?
• Are all external inputs validated and sanitized appropriately?
• Does all branching logic have a default case?
• Does this solution handle outliers and edge cases gracefully?
• Are all external communications secured and restricted to SSL?

Documentation

• Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes should be documented.
• Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented.
• Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.

Summary by CodeRabbit

Release Notes

• New Features
  • Added password reset completion tracking to the authentication framework, enabling better management of password reset flows.

[wso2-engineering]

Log Improvement Suggestion No: 1

Suggested change

	case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
	return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE) != null;
	case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
	return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE) != null;
	boolean isPasswordResetComplete = getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE) != null;
	if (log.isDebugEnabled()) {
	log.debug("Checking if password reset is complete: " + isPasswordResetComplete);
	}
	return isPasswordResetComplete;

[wso2-engineering]

Log Improvement Suggestion No: 2

Suggested change

	case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
	return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE);
	case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
	return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE);
	Object passwordResetStatus = getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE);
	if (log.isDebugEnabled()) {
	log.debug("Retrieved password reset complete status from authentication context");
	}
	return passwordResetStatus;

[wso2-engineering]

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

• The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
• Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

• Review all AI-generated comments for accuracy and relevance.
• Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.

Comment	Accepted (Y/N)	Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2

[coderabbitai]

Walkthrough

These changes introduce password reset completion tracking to the authentication framework by adding a private field to AuthenticationContext, defining a corresponding constant in FrameworkConstants, and exposing it through the JavaScript authentication context wrapper for script-based authentication flows.

Changes

Cohort / File(s)	Summary
Core Property Implementation ...authentication/framework/context/AuthenticationContext.java, ...authentication/framework/util/FrameworkConstants.java	Added passwordResetComplete field to AuthenticationContext and corresponding JS_PASSWORD_RESET_COMPLETE constant to JSAttributes inner class.
JavaScript Exposure ...authentication/framework/config/model/graph/js/JsAuthenticationContext.java	Exposed the new password reset complete property in JavaScript wrapper by adding handling to hasMember(), getMember(), and getMemberKeys() methods.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A password reset, complete and clean,
Through context's path, now clearly seen!
The rabbit hops through constants bright,
JavaScript wrapper shines so right,
One field to track what users do! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description explains the changes made but lacks most required template sections like Purpose, Goals, Approach, Release notes, Documentation, Testing details, and Security checks.	Complete the required PR description template sections including Purpose with issue links, Goals, Approach, Release notes, Documentation impact, and detail the testing and security verification performed.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: introducing a password reset completion property in the authentication context.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/context/AuthenticationContext.java (1)

1-2: ⚠️ Potential issue | 🟡 Minor

Update the copyright year range to include 2026.

The copyright header shows 2013-2023 but since this file is being modified, it should be updated to 2013-2026. As per coding guidelines, all Java files should contain the appropriate license header with copyright year as the current year or a range ending in the current year.

- * Copyright (c) 2013-2023, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2013-2026, WSO2 LLC. (http://www.wso2.com).

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/JsAuthenticationContext.java (1)

1-2: ⚠️ Potential issue | 🟡 Minor

Update the copyright year range to include 2026.

- * Copyright (c) 2022, WSO2 LLC. (http://www.wso2.com).
+ * Copyright (c) 2022-2026, WSO2 LLC. (http://www.wso2.com).

🤖 Fix all issues with AI agents

In
`@components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/JsAuthenticationContext.java`:
- Around line 81-82: The code reads JS_PASSWORD_RESET_COMPLETE from the generic
properties map (getWrapped().getProperty(...)) which is disconnected from the
dedicated boolean field passwordResetComplete on AuthenticationContext; after
adding a typed getter/setter on AuthenticationContext (e.g.,
isPasswordResetComplete()/setPasswordResetComplete(boolean)), update
JsAuthenticationContext to call the typed accessor instead of
getWrapped().getProperty(...) — replace usages in hasMember/getMember for
FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE (and the other
occurrences noted) to use getWrapped().isPasswordResetComplete() (or the exact
getter name you added) and adjust any null checks accordingly.

In
`@components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/context/AuthenticationContext.java`:
- Around line 128-132: The private field passwordResetComplete in
AuthenticationContext is unused (JsAuthenticationContext reads
JS_PASSWORD_RESET_COMPLETE from the properties map) — either remove the dead
field or add proper accessors and switch JsAuthenticationContext to use them:
add getPasswordResetComplete() and setPasswordResetComplete(boolean) to
AuthenticationContext and update JsAuthenticationContext.getMember() and
hasMember() to call
getWrapped().getPasswordResetComplete()/setPasswordResetComplete(...) instead of
getWrapped().getProperty(JS_PASSWORD_RESET_COMPLETE); if the properties map
approach is intended, delete the passwordResetComplete field to avoid confusion.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Property map access is disconnected from the passwordResetComplete field in AuthenticationContext.

Both hasMember and getMember use getWrapped().getProperty(...) to read from the generic properties map. However, AuthenticationContext declares a dedicated private boolean passwordResetComplete field (with no getter/setter). These two mechanisms are disconnected — setting the boolean field won't affect what getProperty() returns, and vice versa.

If getter/setter methods are added to AuthenticationContext (as suggested in the related comment), update these to use the typed accessor:

Proposed fix using the typed accessor

 // In hasMember:
 case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
-    return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE) != null;
+    return true;

 // In getMember:
 case FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE:
-    return getWrapped().getProperty(FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE);
+    return getWrapped().isPasswordResetComplete();

Also applies to: 126-127

🤖 Prompt for AI Agents

In
`@components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/graph/js/JsAuthenticationContext.java`
around lines 81 - 82, The code reads JS_PASSWORD_RESET_COMPLETE from the generic
properties map (getWrapped().getProperty(...)) which is disconnected from the
dedicated boolean field passwordResetComplete on AuthenticationContext; after
adding a typed getter/setter on AuthenticationContext (e.g.,
isPasswordResetComplete()/setPasswordResetComplete(boolean)), update
JsAuthenticationContext to call the typed accessor instead of
getWrapped().getProperty(...) — replace usages in hasMember/getMember for
FrameworkConstants.JSAttributes.JS_PASSWORD_RESET_COMPLETE (and the other
occurrences noted) to use getWrapped().isPasswordResetComplete() (or the exact
getter name you added) and adjust any null checks accordingly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

The passwordResetComplete field is unused — JsAuthenticationContext reads from the properties map instead.

The new private boolean passwordResetComplete field has no getter or setter methods. Meanwhile, JsAuthenticationContext.getMember() and hasMember() use getWrapped().getProperty(JS_PASSWORD_RESET_COMPLETE), which reads from the generic parameters map — not this field. The field is effectively dead code.

Either add proper accessor methods and use them in JsAuthenticationContext:

Option A: Add getter/setter and use the field

In AuthenticationContext.java, add accessors:

  private boolean passwordResetComplete;
+
+ /**
+  * Check whether the password reset flow is completed.
+  *
+  * `@return` true if the password reset flow is completed.
+  */
+ public boolean isPasswordResetComplete() {
+     return passwordResetComplete;
+ }
+
+ /**
+  * Set whether the password reset flow is completed.
+  *
+  * `@param` passwordResetComplete true if the password reset flow is completed.
+  */
+ public void setPasswordResetComplete(boolean passwordResetComplete) {
+     this.passwordResetComplete = passwordResetComplete;
+ }

Then update JsAuthenticationContext to use the field directly (see related comment on that file).

Or, if using the generic properties map is the intended approach, remove the field entirely to avoid confusion.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/**
	* This attribute is used to mark whether the password reset flow is completed.
	*/
	private boolean passwordResetComplete;
	/**
	* This attribute is used to mark whether the password reset flow is completed.
	*/
	private boolean passwordResetComplete;
	/**
	* Check whether the password reset flow is completed.
	*
	* `@return` true if the password reset flow is completed.
	*/
	public boolean isPasswordResetComplete() {
	return passwordResetComplete;
	}
	/**
	* Set whether the password reset flow is completed.
	*
	* `@param` passwordResetComplete true if the password reset flow is completed.
	*/
	public void setPasswordResetComplete(boolean passwordResetComplete) {
	this.passwordResetComplete = passwordResetComplete;
	}

🤖 Prompt for AI Agents

In
`@components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/context/AuthenticationContext.java`
around lines 128 - 132, The private field passwordResetComplete in
AuthenticationContext is unused (JsAuthenticationContext reads
JS_PASSWORD_RESET_COMPLETE from the properties map) — either remove the dead
field or add proper accessors and switch JsAuthenticationContext to use them:
add getPasswordResetComplete() and setPasswordResetComplete(boolean) to
AuthenticationContext and update JsAuthenticationContext.getMember() and
hasMember() to call
getWrapped().getPasswordResetComplete()/setPasswordResetComplete(...) instead of
getWrapped().getProperty(JS_PASSWORD_RESET_COMPLETE); if the properties map
approach is intended, delete the passwordResetComplete field to avoid confusion.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

This PR aims to track password-reset flow completion in the authentication framework and expose that state to adaptive authentication JavaScript via the authentication context.

Changes:

• Added JS_PASSWORD_RESET_COMPLETE constant in FrameworkConstants.JSAttributes.
• Introduced a passwordResetComplete boolean field in AuthenticationContext.
• Exposed passwordResetComplete as a JS context member in JsAuthenticationContext (member presence, value access, and key listing).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
.../util/FrameworkConstants.java	Adds a JS attribute constant for passwordResetComplete.
.../context/AuthenticationContext.java	Adds a new boolean field intended to represent password reset completion state.
.../js/JsAuthenticationContext.java	Exposes the new flag to JS via hasMember, getMember, and getMemberKeys.

[Copilot]

AuthenticationContext introduces the passwordResetComplete field but does not provide any public getter/setter, and there are no internal references to it. As-is, the completion state cannot be set or read by framework code or exposed reliably to JS; add isPasswordResetComplete()/setPasswordResetComplete(boolean) (and, if JS reads via getProperty, keep the property map in sync in the setter).

[Copilot]

License header in this modified Java file ends at 2023, which doesn’t meet the repository requirement for updated files (year/range must end in 2026 and match the standard header format). Update the file header accordingly.

[Copilot]

hasMember checks getProperty(JS_PASSWORD_RESET_COMPLETE) != null, which makes context.passwordResetComplete disappear from the JS context unless some code explicitly sets the property. For a boolean state flag, scripts typically need a stable false default; consider always returning true here and have getMember return the boolean value (from a dedicated getter) rather than null/undefined.

[Copilot]

getMember(JS_PASSWORD_RESET_COMPLETE) currently returns getProperty(...), but nothing in this PR sets that property, and it may return null or a non-boolean type. To make this reliably usable from adaptive scripts, return a boolean derived from AuthenticationContext state (e.g., isPasswordResetComplete()), or ensure the property is always set to a Boolean before JS execution begins.

[Copilot]

New JS member passwordResetComplete is added to hasMember/getMember/getMemberKeys, but there are existing unit tests for JS context members (Nashorn/Graal). Add tests to verify the new member is exposed and returns the expected boolean value for both true and default/false cases.

[Copilot]

License header in this modified Java file uses an older year and format (2022, and doesn’t match the current standard header required for updated files). Update the header to the repository-standard 2026 Apache 2.0 header.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.66%. Comparing base (337e8b1) to head (b8a4079).
⚠️ Report is 94 commits behind head on master.

Files with missing lines	Patch %	Lines
...config/model/graph/js/JsAuthenticationContext.java	0.00%	2 Missing ⚠️

❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #7731      +/-   ##
============================================
- Coverage     51.19%   49.66%   -1.54%     
- Complexity    19663    20371     +708     
============================================
  Files          2151     2155       +4     
  Lines        126598   135238    +8640     
  Branches      26053    28316    +2263     
============================================
+ Hits          64808    67161    +2353     
- Misses        53519    59435    +5916     
- Partials       8271     8642     +371     

Flag	Coverage Δ
unit	36.07% <0.00%> (-0.09%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.