Skip to content

Add push device update endpoints to allowed endpoints#7927

Closed
VihangaMunasinghe wants to merge 5 commits into
wso2:archive_IS-7.3from
VihangaMunasinghe:master
Closed

Add push device update endpoints to allowed endpoints#7927
VihangaMunasinghe wants to merge 5 commits into
wso2:archive_IS-7.3from
VihangaMunasinghe:master

Conversation

@VihangaMunasinghe

@VihangaMunasinghe VihangaMunasinghe commented Mar 26, 2026

Copy link
Copy Markdown

Purpose

The new push device update endpoint (POST /devices/{deviceId}/update) added in identity-api-user needs to be registered in the resource access control configuration. Without this, the endpoint would be blocked by the framework's access control layer.

Related Issue

Related PRs

Goals

  • Allow the new push device update endpoint to be accessible from both tenant and organization contexts without authentication (same as the existing registration and removal endpoints), since the request itself is authenticated via a signed JWT token.

Approach

  • Added two new <Resource> entries in resource-access-control-v2.xml.j2:
    • Organization context: (.*)/o/api/users/v1/me/push/devices/(.*)/update with secured="false" for POST.
    • Tenant context: (.*)/api/users/v1/me/push/devices/(.*)/update with secured="false" for POST.
  • Follows the same pattern as the existing /remove endpoint entries.

User stories

As a mobile app user, I want the device update endpoint to be accessible so that I can update my device's push notification token or device name.

Release note

Added the push device update endpoint (/devices/{deviceId}/update) to the allowed endpoints in the resource access control configuration.

Documentation

N/A - Internal framework configuration change. No user-facing documentation impact.

Training

N/A

Certification

N/A - Configuration change with no impact on certification content.

Marketing

N/A

Automation tests

  • Unit tests
    N/A - Configuration file change only.
  • Integration tests
    N/A

Security checks

Samples

N/A

Migrations (if applicable)

No migrations required. Existing deployments will pick up the new resource access control entries on upgrade.

Learning

Followed the existing pattern used by the /remove endpoint for registering unsecured push device endpoints in both organization and tenant contexts.

@coderabbitai

coderabbitai Bot commented Mar 26, 2026

Copy link
Copy Markdown
Contributor
📝 Walkthrough

Walkthrough

Updated copyright year to 2026 in a resource access control configuration file. Added two new unsecured POST endpoints for a Push Device Management API that allow device updates in both organization and non-organization contexts within the identity management system.

Changes

Cohort / File(s) Summary
Resource Access Control Configuration
features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2
Updated copyright year from 2023-2025 to 2023-2026. Added unsecured POST endpoints for Push Device Management API device update operations in organization ((.*)/o/api/users/v1/me/push/devices/(.*)/update) and non-organization ((.*)/api/users/v1/me/push/devices/(.*)/update) contexts.
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding push device update endpoints to the allowed endpoints list in the resource access control configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check ✅ Passed The pull request description is comprehensive and well-structured, addressing most required template sections with relevant details.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud

Copy link
Copy Markdown

@codecov

codecov Bot commented Mar 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.00%. Comparing base (435ea70) to head (288263d).
⚠️ Report is 14 commits behind head on master.

Additional details and impacted files
@@             Coverage Diff              @@
##             master    #7927      +/-   ##
============================================
+ Coverage     52.97%   53.00%   +0.02%     
+ Complexity    20311    20306       -5     
============================================
  Files          2142     2142              
  Lines        124976   124826     -150     
  Branches      24882    24823      -59     
============================================
- Hits          66211    66166      -45     
+ Misses        50641    50535     -106     
- Partials       8124     8125       +1     
Flag Coverage Δ
unit 37.55% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant