From 6e10a48fb15446b51f35017cc9d6890aa12c3c3f Mon Sep 17 00:00:00 2001
From: rushannanayakkara <rushannana@gmail.com>
Date: Wed, 31 Jan 2024 15:22:50 +0530
Subject: [PATCH] Move realm name availability check before user search and
 adding blank check.

---
 .../endpoint/impl/RecoverPasswordApiServiceImpl.java  | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/RecoverPasswordApiServiceImpl.java b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/RecoverPasswordApiServiceImpl.java
index 1cbb5a138b..fbda950c9f 100644
--- a/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/RecoverPasswordApiServiceImpl.java
+++ b/components/org.wso2.carbon.identity.api.user.recovery/src/main/java/org/wso2/carbon/identity/recovery/endpoint/impl/RecoverPasswordApiServiceImpl.java
@@ -21,6 +21,7 @@
 import org.wso2.carbon.identity.recovery.internal.IdentityRecoveryServiceDataHolder;
 import org.wso2.carbon.identity.recovery.password.NotificationPasswordRecoveryManager;
 import org.wso2.carbon.identity.recovery.util.Utils;
+import org.wso2.carbon.user.core.util.UserCoreUtil;
 
 import javax.ws.rs.core.Response;
 
@@ -51,6 +52,10 @@ public Response recoverPasswordPost(RecoveryInitiatingRequestDTO recoveryInitiat
             // If multi attribute login is enabled, resolve the user before sending recovery notification sending.
             if (IdentityRecoveryServiceDataHolder.getInstance().getMultiAttributeLoginService()
                     .isEnabled(user.getTenantDomain())) {
+                if (StringUtils.isNotBlank(user.getRealm())) {
+                    String userDomainQualifiedUsername = UserCoreUtil.addDomainToName(user.getUsername(), user.getRealm());
+                    user.setUsername(userDomainQualifiedUsername);
+                }
                 ResolvedUserResult resolvedUserResult =
                         IdentityRecoveryServiceDataHolder.getInstance().getMultiAttributeLoginService()
                                 .resolveUser(user.getUsername(), user.getTenantDomain());
@@ -58,11 +63,7 @@ public Response recoverPasswordPost(RecoveryInitiatingRequestDTO recoveryInitiat
                         equals(resolvedUserResult.getResolvedStatus())) {
                     User resolvedUser = new User();
                     resolvedUser.setUserName(resolvedUserResult.getUser().getUsername());
-                    if (StringUtils.isBlank(user.getRealm())) {
-                        resolvedUser.setUserStoreDomain(resolvedUserResult.getUser().getUserStoreDomain());
-                    } else {
-                        resolvedUser.setUserStoreDomain(user.getRealm());
-                    }
+                    resolvedUser.setUserStoreDomain(resolvedUserResult.getUser().getUserStoreDomain());
                     resolvedUser.setTenantDomain(resolvedUserResult.getUser().getTenantDomain());
                     notificationResponseBean =
                             notificationPasswordRecoveryManager.sendRecoveryNotification(resolvedUser, type, notify,