feat: Send lockExcludedAuthPartners during auth lock for Resident Portal (#1566)

[Shushmitaaaa]

Implements the Angular/UI side of the authentication lock exclusion mechanism for the Resident Portal.
Problem
When a resident locks all auth types, they get deadlocked out of the portal with no way to recover.
Changes
lockunlockauth.component.ts — Modified updateAuthlockStatus() to attach lockExcludedAuthPartners: ["resident-partner"] to the lock payload, only for auth types listed in the exclusion config and only during lock (not unlock). Non-matching auth types behave exactly as before.
app-config.service.ts — Added mapping for resident.auth-types-groups.exclusion-for-resident-login and mosip-resident-service-partner-id from the backend config endpoint.
Acceptance Criteria covered

AC8 ✅ lockExcludedAuthPartners sent during lock operations
AC9 ✅ Partner ID sourced from mosip-resident-service-partner-id config, not hardcoded
AC10 ✅ Supported auth types driven by resident.auth-types-groups.exclusion-for-resident-login
AC11 ✅ If config absent, falls back to existing behavior
AC13 ✅ Unlock flow and non-excluded auth types untouched

Linked Issue: mosip/resident-services#1566

Summary by CodeRabbit

• Bug Fixes
  • Enhanced authentication lock/unlock status updates to properly consider application configuration for exclusion rules, ensuring authentication partner-specific exclusions are correctly applied when managing authentication methods.

[coderabbitai]

Warning

Rate limit exceeded

@Shushmitaaaa has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 44 minutes and 17 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 44 minutes and 17 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6cedc214-69af-464f-a1ee-c22789df640f

📥 Commits

Reviewing files that changed from the base of the PR and between 7f016da and 5560fe2.

📒 Files selected for processing (1)

• resident-ui/src/app/feature/uinservices/lockunlockauth/lockunlockauth.component.ts

Walkthrough

The updateAuthlockStatus method is refactored to derive lock exclusion behavior from application configuration. It now parses exclusion-supported authentication types and partner identifiers from the config, constructs combined auth keys, and conditionally adds lockExcludedAuthPartners metadata when pushing lock status updates for selected entries.

Changes

Cohort / File(s)	Summary
Lock Exclusion Logic resident-ui/src/app/feature/uinservices/lockunlockauth/lockunlockauth.component.ts	Refactored updateAuthlockStatus to read exclusion config (resident.auth-types-groups.exclusion-for-resident-login, mosip-resident-service-partner-id), compute combined authKey values for each auth entry, and conditionally append lockExcludedAuthPartners field containing resident partner ID when the entry is locked and supported for exclusion.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Feature: Allow resident services to log in even when all the modalities are locked #819: Directly implements the core feature of adding lockExcludedAuthPartners based on resident.auth-types-groups.exclusion-for-resident-login and mosip-resident-service-partner-id configuration in the resident UI lock/unlock authentication flow.
• [DMP 2026]: Allow resident services to log in even when all the modalities are locked resident-services#1566: Implements the same feature using identical configuration keys, representing the backend service counterpart for handling exclusion-supported authentication types.
• Feature: Allow resident services to log in even when all the modalities are locked resident-services#1534: Related to the Resident Service requirement for processing exclusion data sent from the UI during authentication lock operations.

Poem

🐰 A lock with nuance, a key with care,
Partner IDs whisper through config's air,
Auth types dance in exclusion's embrace,
Hopping logic keeps each entry in place! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: implementing lockExcludedAuthPartners functionality during auth lock operations in the Resident Portal.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@resident-ui/src/app/feature/uinservices/lockunlockauth/lockunlockauth.component.ts`:
- Around line 230-235: The JSON.parse of exclusionConfig can throw and must be
guarded: in lockunlockauth.component.ts around the
exclusionConfig/exclusionSupportedTypes assignment, wrap
JSON.parse(exclusionConfig) in a try/catch and fall back to an empty array on
error (and optionally log or warn via the component logger or AppConfig
service). Ensure you keep the current behavior when exclusionConfig is falsy,
and only replace the raw JSON.parse call that initializes
exclusionSupportedTypes with the safe parse + fallback logic while referencing
the existing exclusionConfig variable and exclusionSupportedTypes identifier.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 175c34ff-66dc-4eb0-9db8-f2532e784a3a

📥 Commits

Reviewing files that changed from the base of the PR and between d1f5528 and 7f016da.

📒 Files selected for processing (1)

• resident-ui/src/app/feature/uinservices/lockunlockauth/lockunlockauth.component.ts