Skip to content

Fix issue in resolving device registration cache from session data store before expiry#20

Merged
ashanthamara merged 1 commit into
wso2-extensions:mainfrom
ashanthamara:patch
Mar 20, 2026
Merged

Fix issue in resolving device registration cache from session data store before expiry#20
ashanthamara merged 1 commit into
wso2-extensions:mainfrom
ashanthamara:patch

Conversation

@ashanthamara

@ashanthamara ashanthamara commented Mar 19, 2026

Copy link
Copy Markdown
Contributor

Purpose

The main intension of this PR is to restrict the push device registration to a tight time frame once the QR code is displayed to the user(After the api/users/v1/me/push/discovery-data API endpoint).

We have restricted the time frame for 3mins by default. After that specific time frame, user will not be able to register his/her device as the device_registration_cache is considered as expired in the implementation. Hence they have to re-try the flow.

Also, with this change, since we are validating the expiresAt time, the cache objects which are already cached in the session store before deploying this fix will be considered as expired objects. As push device registrations should happen together at the most of the time, we have considered the occurrence of this case is highly unlikely.

Related PRs

Related issue

Copilot AI review requested due to automatic review settings March 19, 2026 18:17

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens the allowed window for push-device registration by introducing an explicit expiry for DeviceRegistrationRequestCacheEntry, so contexts recovered from the session store are rejected once the configured validity period has elapsed (default 180 seconds).

Changes:

  • Add an expiresAt-based expiry check to DeviceRegistrationRequestCacheEntry, configurable via PushAuthenticator.DeviceRegistrationContext.ValidityPeriod.
  • Update DeviceRegistrationContextManagerImpl to rely on the cache-entry’s own expiry logic (instead of IdentityCacheUtil) and reuse the same entry instance for cache + session store.
  • Add/extend unit tests around session-store fallback and cache-entry expiry; adjust JaCoCo exclusions accordingly.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
.../impl/DeviceRegistrationContextManagerImpl.java Switches to entry-based expiry and reuses the same cache-entry object for cache + session store.
.../cache/DeviceRegistrationRequestCacheEntry.java Introduces expiresAt expiry enforcement and reads configurable validity period.
.../constant/PushDeviceHandlerConstants.java Adds validity-period config key and default value (180s).
.../impl/DeviceRegistrationContextManagerImplTest.java Adds new tests for session-store miss/expired-entry scenarios and refactors constants.
.../cache/DeviceRegistrationRequestCacheEntryTest.java New unit tests validating expiry behavior and validity-period parsing/fallback.
components/.../pom.xml Adds OSGi import for framework.util and narrows JaCoCo cache exclusions.
.gitignore Adds IDE/system ignores and ignores target.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@jenkins-is-staging

Copy link
Copy Markdown

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/23311324344

@jenkins-is-staging

Copy link
Copy Markdown

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/23311324344
Status: failure

@jenkins-is-staging

Copy link
Copy Markdown

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/23311324344

@jenkins-is-staging

Copy link
Copy Markdown

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/23311324344
Status: failure

@ashanthamara
ashanthamara merged commit fac8543 into wso2-extensions:main Mar 20, 2026
6 checks passed
ZiyamSanthosh pushed a commit to ZiyamSanthosh/identity-notification-push-1 that referenced this pull request Apr 7, 2026
ZiyamSanthosh pushed a commit to ZiyamSanthosh/identity-notification-push-1 that referenced this pull request Apr 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants