Set threshold for app password generation failures

Author: itsmeichigo

Modules/Sources/NetworkingCore/ApplicationPassword/RequestProcessor.swift

@@ -1,8 +1,13 @@
 import Alamofire
 import Foundation
 
+enum AppPasswordFailureReason {
+    case notSupported
+    case unknown
+}
+
 protocol RequestProcessorDelegate: AnyObject {
-    func didFailToAuthenticateRequestWithApplicationPassword(siteID: Int64)
+    func didFailToAuthenticateRequestWithAppPassword(siteID: Int64, reason: AppPasswordFailureReason)
 }
 
 /// Authenticates and retries requests
@@ -80,12 +85,15 @@ private extension RequestProcessor {
                 // Post a notification for tracking
                 notificationCenter.post(name: .ApplicationPasswordsGenerationFailed, object: error, userInfo: nil)
 
-                let shouldRetry = await checkIfRetryingGenerationIsNeeded(error: error)
+                let shouldRetry = await checkIfRetryingGenerationIsNeeded(for: error)
                 if shouldRetry {
                     generateApplicationPassword()
                 } else {
                     isAuthenticating = false
                     completeRequests(false)
+                    if let currentSiteID {
+                        notifyFailure(error, for: currentSiteID)
+                    }
                 }
             }
         }
@@ -94,8 +102,8 @@ private extension RequestProcessor {
     /// Checks error code to retry or mark site as unsupported for app password.
     /// Returns whether retry is needed.
     @MainActor
-    func checkIfRetryingGenerationIsNeeded(error: Error) async -> Bool {
-        guard let currentSiteID else {
+    func checkIfRetryingGenerationIsNeeded(for error: Error) async -> Bool {
+        guard currentSiteID != nil else {
             return false
         }
         switch error {
@@ -107,21 +115,30 @@ private extension RequestProcessor {
             } catch {
                 return false
             }
-        case NetworkError.notFound:
-            /// Site doesn't support application password
-            delegate?.didFailToAuthenticateRequestWithApplicationPassword(siteID: currentSiteID)
-            return false
-        case let networkError as NetworkError:
-            if let code = networkError.errorCode,
-               Constants.disabledCodes.contains(code) {
-                delegate?.didFailToAuthenticateRequestWithApplicationPassword(siteID: currentSiteID)
-            }
-            return false
         default:
             return false
         }
     }
 
+    func notifyFailure(_ error: Error, for siteID: Int64) {
+        let reason: AppPasswordFailureReason = {
+            switch error {
+            case NetworkError.notFound:
+                return .notSupported
+            case let networkError as NetworkError:
+                if let code = networkError.errorCode,
+                   AppPasswordConstants.disabledCodes.contains(code) {
+                    return .notSupported
+                }
+                return .unknown
+            default:
+                return .unknown
+            }
+        }()
+        
+        delegate?.didFailToAuthenticateRequestWithAppPassword(siteID: siteID, reason: reason)
+    }
+
     func shouldRetry(_ error: Error) -> Bool {
         switch error {
         case RequestAuthenticatorError.applicationPasswordNotAvailable,
@@ -142,15 +159,6 @@ private extension RequestProcessor {
     }
 }
 
-private extension RequestProcessor {
-    enum Constants {
-        static let disabledCodes = [
-            "application_passwords_disabled",
-            "application_passwords_disabled_for_user"
-        ]
-    }
-}
-
 // MARK: - Application Password Notifications
 //
 public extension NSNotification.Name {

Modules/Sources/NetworkingCore/Network/AlamofireNetwork.swift

@@ -48,6 +48,9 @@ public class AlamofireNetwork: Network {
 
     private var subscription: AnyCancellable?
 
+    /// Keeps track of failure counts for each site when switching to direct requests
+    private var appPasswordFailures: [Int64: Int] = [:]
+
     /// Public Initializer
     ///
     ///
@@ -215,19 +218,41 @@ private extension AlamofireNetwork {
                     network: self
                 ))
                 requestAuthenticator.delegate = self
+                appPasswordFailures.removeValue(forKey: site.siteID) // reset failure count
             }
     }
 }
 
 // MARK: `RequestProcessorDelegate` conformance
 //
 extension AlamofireNetwork: RequestProcessorDelegate {
-    func didFailToAuthenticateRequestWithApplicationPassword(siteID: Int64) {
-        let currentList = userDefaults.applicationPasswordUnsupportedList
-        userDefaults.applicationPasswordUnsupportedList = currentList + [siteID]
+    func didFailToAuthenticateRequestWithAppPassword(siteID: Int64, reason: AppPasswordFailureReason) {
+        switch reason {
+        case .notSupported:
+            let currentList = userDefaults.applicationPasswordUnsupportedList
+            userDefaults.applicationPasswordUnsupportedList = currentList + [siteID]
+        case .unknown:
+            let currentFailureCount = appPasswordFailures[siteID] ?? 0
+            let updatedCount = currentFailureCount + 1
+            if updatedCount == AppPasswordConstants.requestFailureThreshold {
+                let currentList = userDefaults.applicationPasswordUnsupportedList
+                userDefaults.applicationPasswordUnsupportedList = currentList + [siteID]
+            }
+            appPasswordFailures[siteID] = updatedCount
+        }
     }
 }
 
+// MARK: - Constants for direct request error handling
+enum AppPasswordConstants {
+    // flag site as disabled after threshold is reached
+    static let requestFailureThreshold = 10
+    static let disabledCodes = [
+        "application_passwords_disabled",
+        "application_passwords_disabled_for_user"
+    ]
+}
+
 private extension DataRequest {
     /// Validates only for `RESTRequest`
     ///
@@ -279,7 +304,6 @@ extension UserDefaults {
     }
 
     enum Key: String {
-        /// This key is shared with the UI layer, so ensure to keep it in-sync with `UserDefaults+Woo`.
         case applicationPasswordUnsupportedList
     }
 }

Modules/Sources/NetworkingCore/Network/NetworkError.swift

@@ -134,7 +134,6 @@ extension NetworkError: CustomStringConvertible {
 
 struct NetworkErrorResponse: Decodable {
     let code: String?
-    let message: String?
 
     init(from decoder: Decoder) throws {
         let container = try decoder.container(keyedBy: CodingKeys.self)
@@ -145,14 +144,12 @@ struct NetworkErrorResponse: Decodable {
             }
             return try container.decodeIfPresent(String.self, forKey: .code)
         }()
-        self.message = try container.decodeIfPresent(String.self, forKey: .message)
     }
 
     /// Coding Keys
     ///
     private enum CodingKeys: String, CodingKey {
         case error
         case code
-        case message
     }
 }

Modules/Tests/NetworkingTests/ApplicationPassword/RequestProcessorTests.swift

@@ -322,7 +322,8 @@ final class RequestProcessorTests: XCTestCase {
         // Then
         XCTAssertFalse(shouldRetry.retryRequired)
         waitUntil {
-            mockDelegate.didFailToAuthenticateRequestForSiteID == 123
+            mockDelegate.didFailToAuthenticateRequestForSiteID == 123 &&
+            mockDelegate.didFailToAuthenticateRequestWithReason == .notSupported
         }
     }
 
@@ -354,7 +355,8 @@ final class RequestProcessorTests: XCTestCase {
         // Then
         XCTAssertFalse(shouldRetry.retryRequired)
         waitUntil {
-            mockDelegate.didFailToAuthenticateRequestForSiteID == 123
+            mockDelegate.didFailToAuthenticateRequestForSiteID == 123 &&
+            mockDelegate.didFailToAuthenticateRequestWithReason == .notSupported
         }
     }
 
@@ -386,7 +388,8 @@ final class RequestProcessorTests: XCTestCase {
         // Then
         XCTAssertFalse(shouldRetry.retryRequired)
         waitUntil {
-            mockDelegate.didFailToAuthenticateRequestForSiteID == 123
+            mockDelegate.didFailToAuthenticateRequestForSiteID == 123 &&
+            mockDelegate.didFailToAuthenticateRequestWithReason == .notSupported
         }
     }
 
@@ -395,10 +398,12 @@ final class RequestProcessorTests: XCTestCase {
         let session = Alamofire.Session(configuration: URLSessionConfiguration.default)
         let request = try mockRequest()
         let wpcomCredentials = Networking.Credentials.wpcom(username: "test", authToken: "token", siteAddress: "test.com")
+        let mockDelegate = MockRequestProcessorDelegate()
 
         mockRequestAuthenticator.credentials = wpcomCredentials
         mockRequestAuthenticator.jetpackSiteID = 123
         sut.updateAuthenticator(mockRequestAuthenticator)
+        sut.delegate = mockDelegate
 
         let genericError = NSError(domain: "TestError", code: 500, userInfo: nil)
         mockRequestAuthenticator.mockErrorWhileGeneratingPassword = genericError
@@ -414,6 +419,10 @@ final class RequestProcessorTests: XCTestCase {
         // Then
         XCTAssertFalse(shouldRetry.retryRequired)
         XCTAssertFalse(mockRequestAuthenticator.deleteApplicationPasswordCalled)
+        waitUntil {
+            mockDelegate.didFailToAuthenticateRequestForSiteID == 123 &&
+            mockDelegate.didFailToAuthenticateRequestWithReason == .unknown
+        }
     }
 
     func test_request_not_retried_when_password_deletion_fails_after_409_error_with_wpcom_authentication() throws {
@@ -522,8 +531,10 @@ private class MockRequest: Alamofire.DataRequest, @unchecked Sendable {
 
 private class MockRequestProcessorDelegate: RequestProcessorDelegate {
     private(set) var didFailToAuthenticateRequestForSiteID: Int64?
+    private(set) var didFailToAuthenticateRequestWithReason: AppPasswordFailureReason?
 
-    func didFailToAuthenticateRequestWithApplicationPassword(siteID: Int64) {
+    func didFailToAuthenticateRequestWithAppPassword(siteID: Int64, reason: AppPasswordFailureReason) {
         didFailToAuthenticateRequestForSiteID = siteID
+        didFailToAuthenticateRequestWithReason = reason
     }
 }