From 220b1e76479f851cd823920c4b0aa95a9274f82f Mon Sep 17 00:00:00 2001
From: JeethJJ <jihanjeed49@gmail.com>
Date: Wed, 17 Jan 2024 15:07:08 +0530
Subject: [PATCH 1/2] Add validation for https proxy to avoid proxyPort from
 being added to regex.

---
 .../recovery/connector/RecoveryConfigImpl.java      | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
index e5df69d756..2085bfcd3a 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
@@ -17,6 +17,8 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.wso2.carbon.identity.application.common.model.Property;
+import org.wso2.carbon.identity.core.ServiceURLBuilder;
+import org.wso2.carbon.identity.core.URLBuilderException;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.governance.IdentityGovernanceException;
 import org.wso2.carbon.identity.governance.IdentityMgtConstants;
@@ -358,6 +360,17 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
             enableUsernameRecoveryReCaptcha = userNameRecoveryReCaptcha;
         }
         if (StringUtils.isNotEmpty(recoveryCallbackRegexProperty)) {
+            try {
+                int proxyPort = ServiceURLBuilder.create().build().getPort();
+                if (proxyPort == 443 && recoveryCallbackRegexProperty.contains("https")
+                        && recoveryCallbackRegexProperty.contains(":443\\")) {
+                    // remove 443 if added to the regex since it's the proxy port.
+                    recoveryCallbackRegexProperty = recoveryCallbackRegexProperty + "|" +
+                            recoveryCallbackRegexProperty.replace(":443\\", "\\");
+                }
+            } catch (URLBuilderException e) {
+                throw new IdentityGovernanceException(e);
+            }
             recoveryCallbackRegex = recoveryCallbackRegexProperty;
         }
         if (StringUtils.isNotEmpty(adminPasswordResetAutoLoginProperty)) {

From 6416f39dcac540d019fcad6ff765f491abec711b Mon Sep 17 00:00:00 2001
From: JeethJJ <jihanjeed49@gmail.com>
Date: Thu, 18 Jan 2024 11:51:15 +0530
Subject: [PATCH 2/2] Add proxy port and protocol to variables.

---
 .../identity/recovery/connector/RecoveryConfigImpl.java   | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
index 2085bfcd3a..32435975b0 100644
--- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
+++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/connector/RecoveryConfigImpl.java
@@ -235,6 +235,8 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
         String enableAdminPasswordResetAutoLoginProperty = "false";
         String recoveryMaxFailedAttempts = "3";
         String recoveryMaxResendAttempts = "5";
+        int httpsProxyPort = 443;
+        String secureHttpProtocol = "https";
 
         String notificationBasedPasswordRecovery = IdentityUtil.getProperty(
                 IdentityRecoveryConstants.ConnectorConfig.NOTIFICATION_BASED_PW_RECOVERY);
@@ -362,11 +364,11 @@ public Properties getDefaultPropertyValues(String tenantDomain) throws IdentityG
         if (StringUtils.isNotEmpty(recoveryCallbackRegexProperty)) {
             try {
                 int proxyPort = ServiceURLBuilder.create().build().getPort();
-                if (proxyPort == 443 && recoveryCallbackRegexProperty.contains("https")
-                        && recoveryCallbackRegexProperty.contains(":443\\")) {
+                if (proxyPort == httpsProxyPort && recoveryCallbackRegexProperty.contains(secureHttpProtocol)
+                        && recoveryCallbackRegexProperty.contains(":" + httpsProxyPort + "\\")) {
                     // remove 443 if added to the regex since it's the proxy port.
                     recoveryCallbackRegexProperty = recoveryCallbackRegexProperty + "|" +
-                            recoveryCallbackRegexProperty.replace(":443\\", "\\");
+                            recoveryCallbackRegexProperty.replace(":" + httpsProxyPort + "\\", "\\");
                 }
             } catch (URLBuilderException e) {
                 throw new IdentityGovernanceException(e);