Merge branch 'trunk' into feat/8453-check-role-eligibility

Author: itsmeichigo

Experiments/Experiments/DefaultFeatureFlagService.swift

@@ -58,6 +58,8 @@ public struct DefaultFeatureFlagService: FeatureFlagService {
         case .applicationPasswordAuthenticationForSiteCredentialLogin:
             // Enable this to test application password authentication (WIP)
             return false
+        case .generateAllVariations:
+            return buildConfig == .localDeveloper || buildConfig == .alpha
         default:
             return true
         }

Experiments/Experiments/FeatureFlag.swift

@@ -137,4 +137,8 @@ public enum FeatureFlag: Int {
     /// Whether application password authentication should be used when a user logs in with site credentials.
     ///
     case applicationPasswordAuthenticationForSiteCredentialLogin
+
+    /// Allows merchants to create all variations from a single button
+    ///
+    case generateAllVariations
 }

Networking/Networking.xcodeproj/project.pbxproj

@@ -6,7 +6,7 @@ import enum Alamofire.AFError
 public enum ApplicationPasswordUseCaseError: Error {
     case duplicateName
     case applicationPasswordsDisabled
-    case invalidSiteAddress
+    case failedToConstructLoginOrAdminURLUsingSiteAddress
 }
 
 public struct ApplicationPassword {
@@ -77,7 +77,7 @@ final public class DefaultApplicationPasswordUseCase: ApplicationPasswordUseCase
             guard let loginURL = URL(string: siteAddress + Constants.loginPath),
                   let adminURL = URL(string: siteAddress + Constants.adminPath) else {
                 DDLogWarn("⚠️ Cannot construct login URL and admin URL for site \(siteAddress)")
-                throw ApplicationPasswordUseCaseError.invalidSiteAddress
+                throw ApplicationPasswordUseCaseError.failedToConstructLoginOrAdminURLUsingSiteAddress
             }
             // Prepares the authenticator with username and password
             let authenticator = CookieNonceAuthenticator(username: username,

Networking/Networking/ApplicationPassword/ApplicationPasswordUseCase.swift

@@ -0,0 +1,90 @@
+enum RequestAuthenticatorError: Error {
+    case applicationPasswordUseCaseNotAvailable
+    case applicationPasswordNotAvailable
+}
+
+/// Authenticates request
+///
+public struct RequestAuthenticator {
+    /// Credentials.
+    ///
+    let credentials: Credentials?
+
+    /// The use case to handle authentication with application passwords.
+    ///
+    private let applicationPasswordUseCase: ApplicationPasswordUseCase?
+
+    /// Sets up the authenticator with optional credentials and application password use case.
+    /// `applicationPasswordUseCase` can be injected for unit tests.
+    ///
+    init(credentials: Credentials?, applicationPasswordUseCase: ApplicationPasswordUseCase? = nil) {
+        self.credentials = credentials
+        let useCase: ApplicationPasswordUseCase? = {
+            if let applicationPasswordUseCase {
+                return applicationPasswordUseCase
+            } else if case let .wporg(username, password, siteAddress) = credentials {
+                return try? DefaultApplicationPasswordUseCase(username: username,
+                                                              password: password,
+                                                              siteAddress: siteAddress)
+            } else {
+                return nil
+            }
+        }()
+        self.applicationPasswordUseCase = useCase
+    }
+
+    func authenticate(_ urlRequest: URLRequest) throws -> URLRequest {
+        if isRestAPIRequest(urlRequest) {
+            return try authenticateUsingApplicationPasswordIfPossible(urlRequest)
+        } else {
+            return try authenticateUsingWPCOMTokenIfPossible(urlRequest)
+        }
+    }
+
+    func generateApplicationPassword() async throws {
+        guard let applicationPasswordUseCase else {
+            throw RequestAuthenticatorError.applicationPasswordUseCaseNotAvailable
+        }
+        let _ = try await applicationPasswordUseCase.generateNewPassword()
+        return
+    }
+
+    /// Checks whether the given URLRequest is eligible for retyring
+    ///
+    func shouldRetry(_ urlRequest: URLRequest) -> Bool {
+        isRestAPIRequest(urlRequest)
+    }
+}
+
+private extension RequestAuthenticator {
+    /// To check whether the given URLRequest is a REST API request
+    /// 
+    func isRestAPIRequest(_ urlRequest: URLRequest) -> Bool {
+        guard case let .wporg(_, _, siteAddress) = credentials,
+              let url = urlRequest.url,
+              url.absoluteString.hasPrefix(siteAddress.trimSlashes() + "/" + RESTRequest.Settings.basePath) else {
+            return false
+        }
+        return true
+    }
+
+    /// Attempts creating a request with WPCOM token if possible.
+    ///
+    func authenticateUsingWPCOMTokenIfPossible(_ urlRequest: URLRequest) throws -> URLRequest {
+        guard case let .wpcom(_, authToken, _) = credentials else {
+            return UnauthenticatedRequest(request: urlRequest).asURLRequest()
+        }
+
+        return AuthenticatedDotcomRequest(authToken: authToken, request: urlRequest).asURLRequest()
+    }
+
+    /// Attempts creating a request with application password if possible.
+    ///
+    func authenticateUsingApplicationPasswordIfPossible(_ urlRequest: URLRequest) throws -> URLRequest {
+        guard let applicationPassword = applicationPasswordUseCase?.applicationPassword else {
+            throw RequestAuthenticatorError.applicationPasswordNotAvailable
+        }
+
+        return AuthenticatedRESTRequest(applicationPassword: applicationPassword, request: urlRequest).asURLRequest()
+    }
+}

Networking/Networking/ApplicationPassword/RequestAuthenticator.swift

@@ -0,0 +1,17 @@
+import Alamofire
+
+/// Converter to convert Jetpack tunnel requests into REST API requests if needed
+///
+struct RequestConverter {
+    let credentials: Credentials?
+
+    func convert(_ request: URLRequestConvertible) -> URLRequestConvertible {
+        guard let jetpackRequest = request as? JetpackRequest,
+              case let .wporg(_, _, siteAddress) = credentials,
+              let restRequest = jetpackRequest.asRESTRequest(with: siteAddress) else {
+            return request
+        }
+
+        return restRequest
+    }
+}

Networking/Networking/ApplicationPassword/RequestConverter.swift

@@ -0,0 +1,87 @@
+import Alamofire
+import Foundation
+
+/// Authenticates and retries requests
+///
+final class RequestProcessor {
+    private var requestsToRetry = [RequestRetryCompletion]()
+
+    private var isAuthenticating = false
+
+    private let requestAuthenticator: RequestAuthenticator
+
+    init(credentials: Credentials?) {
+        requestAuthenticator = RequestAuthenticator(credentials: credentials)
+    }
+}
+
+// MARK: Request Authentication
+//
+extension RequestProcessor: RequestAdapter {
+    func adapt(_ urlRequest: URLRequest) throws -> URLRequest {
+        return try requestAuthenticator.authenticate(urlRequest)
+    }
+}
+
+// MARK: Retrying Request
+//
+extension RequestProcessor: RequestRetrier {
+    func should(_ manager: Alamofire.SessionManager,
+                retry request: Alamofire.Request,
+                with error: Error,
+                completion: @escaping Alamofire.RequestRetryCompletion) {
+        guard
+            request.retryCount == 0, // Only retry once
+            let urlRequest = request.request,
+            requestAuthenticator.shouldRetry(urlRequest), // Retry only REST API requests that use application password
+            shouldRetry(error) // Retry only specific errors
+        else {
+            return completion(false, 0.0)
+        }
+
+        requestsToRetry.append(completion)
+        if !isAuthenticating {
+            generateApplicationPassword()
+        }
+    }
+}
+
+// MARK: Helpers
+//
+private extension RequestProcessor {
+    func generateApplicationPassword() {
+        Task(priority: .medium) {
+            isAuthenticating = true
+
+            do {
+                let _ = try await requestAuthenticator.generateApplicationPassword()
+                isAuthenticating = false
+                completeRequests(true)
+            } catch {
+                isAuthenticating = false
+                completeRequests(false)
+            }
+        }
+    }
+
+    func shouldRetry(_ error: Error) -> Bool {
+        // Need to generate application password
+        if .applicationPasswordNotAvailable == error as? RequestAuthenticatorError {
+            return true
+        }
+
+        // Failed authorization
+        if case .responseValidationFailed(reason: .unacceptableStatusCode(code: 401)) = error as? AFError {
+            return true
+        }
+
+        return false
+    }
+
+    func completeRequests(_ shouldRetry: Bool) {
+        requestsToRetry.forEach { (completion) in
+            completion(shouldRetry, 0.0)
+        }
+        requestsToRetry.removeAll()
+    }
+}

Networking/Networking/ApplicationPassword/RequestProcessor.swift

@@ -0,0 +1,11 @@
+import Foundation
+
+extension String {
+    /// Trims forward slash
+    ///
+    /// - Returns: String after removing prefix and suffix "/"
+    ///
+    func trimSlashes() -> String {
+        removingPrefix("/").removingSuffix("/")
+    }
+}

Networking/Networking/Extensions/String+URL.swift

@@ -8,8 +8,11 @@ struct CouponReportListMapper: Mapper {
     ///
     func map(response: Data) throws -> [CouponReport] {
         let decoder = JSONDecoder()
-        let reports = try decoder.decode(CouponReportsEnvelope.self, from: response).reports
-        return reports
+        do {
+            return try decoder.decode(CouponReportsEnvelope.self, from: response).reports
+        } catch {
+            return try decoder.decode([CouponReport].self, from: response)
+        }
     }
 }