Update AlamofireNetwork to support application password experiment (#16027)

itsmeichigo · web-flow · commit 75aeefa13540 · 2025-08-28T09:16:01.000+07:00
diff --git a/Modules/Sources/Experiments/DefaultFeatureFlagService.swift b/Modules/Sources/Experiments/DefaultFeatureFlagService.swift
@@ -100,6 +100,8 @@ public struct DefaultFeatureFlagService: FeatureFlagService {
             return true
         case .pointOfSaleHistoricalOrdersi1:
             return buildConfig == .localDeveloper || buildConfig == .alpha
+        case .applicationPasswordExperiment:
+            return buildConfig == .localDeveloper || buildConfig == .alpha
         case .pointOfSaleLocalCatalogi1:
             return buildConfig == .localDeveloper || buildConfig == .alpha
         default:
diff --git a/Modules/Sources/Experiments/FeatureFlag.swift b/Modules/Sources/Experiments/FeatureFlag.swift
@@ -207,6 +207,10 @@ public enum FeatureFlag: Int {
     ///
     case pointOfSaleHistoricalOrdersi1
 
+    /// Enables switching Jetpack requests to use application password
+    ///
+    case applicationPasswordExperiment
+
     /// Enables Local Catalog i1 in Point of Sale.
     /// It syncs products and variations to local storage and display them in POS for quick access.
     ///
diff --git a/Modules/Sources/Networking/Model/Site.swift b/Modules/Sources/Networking/Model/Site.swift
@@ -1,5 +1,6 @@
 import Foundation
 import Codegen
+import struct NetworkingCore.JetpackSite
 
 /// Represents a WordPress.com Site.
 ///
@@ -93,7 +94,7 @@ public struct Site: Decodable, Equatable, Hashable, GeneratedFakeable, Generated
     public let hasSSOEnabled: Bool
 
     /// Whether application password authentication is available
-    /// periphery: ignore - to be used as part of WOOMOB-1123
+    ///
     public let applicationPasswordAvailable: Bool
 
     /// Decodable Conformance.
@@ -322,6 +323,10 @@ public extension Site {
     var isPrivateWPCOMSite: Bool {
         return isWordPressComStore && (visibility == .privateSite)
     }
+
+    func toJetpackSite() -> JetpackSite {
+        JetpackSite(siteID: siteID, siteAddress: url, applicationPasswordAvailable: applicationPasswordAvailable)
+    }
 }
 
 private extension Site {
diff --git a/Modules/Sources/NetworkingCore/ApplicationPassword/ApplicationPasswordUseCase.swift b/Modules/Sources/NetworkingCore/ApplicationPassword/ApplicationPasswordUseCase.swift
@@ -61,7 +61,6 @@ final public class DefaultApplicationPasswordUseCase: ApplicationPasswordUseCase
     }
 
     /// Internal initializer
-    /// periphery: ignore - used in future PR for WOOMOB-1123
     init(type: AuthenticationType,
          network: Network,
          keychain: Keychain = Keychain(service: WooConstants.keychainServiceName)) {
diff --git a/Modules/Sources/NetworkingCore/ApplicationPassword/RequestAuthenticator.swift b/Modules/Sources/NetworkingCore/ApplicationPassword/RequestAuthenticator.swift
@@ -37,26 +37,51 @@ public struct DefaultRequestAuthenticator: RequestAuthenticator {
     ///
     private let applicationPasswordUseCase: ApplicationPasswordUseCase?
 
+    private let siteAddress: String?
+
     /// Sets up the authenticator with optional credentials and application password use case.
     /// `applicationPasswordUseCase` can be injected for unit tests.
     ///
-    init(credentials: Credentials?, applicationPasswordUseCase: ApplicationPasswordUseCase? = nil) {
+    init(credentials: Credentials?,
+         selectedSite: JetpackSite? = nil,
+         applicationPasswordUseCase: ApplicationPasswordUseCase? = nil,
+         network: Network? = nil) {
         self.credentials = credentials
-        let useCase: ApplicationPasswordUseCase? = {
+
+        self.applicationPasswordUseCase  = {
             if let applicationPasswordUseCase {
                 return applicationPasswordUseCase
-            } else if case let .wporg(username, password, siteAddress) = credentials {
+            }
+            switch credentials {
+            case let .some(.wporg(username, password, siteAddress)):
                 return try? DefaultApplicationPasswordUseCase(username: username,
                                                               password: password,
                                                               siteAddress: siteAddress)
-            } else if let credentials,
-                      case .applicationPassword(_, _, let siteAddress) = credentials {
+            case .some(.applicationPassword(_, _, let siteAddress)):
                 return OneTimeApplicationPasswordUseCase(siteAddress: siteAddress)
-            } else {
+            case .some(.wpcom):
+                guard let network, let selectedSite else {
+                    return nil
+                }
+                return DefaultApplicationPasswordUseCase(
+                    type: .wpcom(siteID: selectedSite.siteID),
+                    network: network
+                )
+            default:
                 return nil
             }
         }()
-        self.applicationPasswordUseCase = useCase
+
+        self.siteAddress = {
+            switch credentials {
+            case let .some(.wporg(_, _, siteAddress)):
+                return siteAddress
+            case let .some(.applicationPassword(_, _, siteAddress)):
+                return siteAddress
+            default:
+                return selectedSite?.siteAddress
+            }
+        }()
     }
 
     /// Authenticates the provided urlRequest using the `credentials`
@@ -93,16 +118,6 @@ private extension DefaultRequestAuthenticator {
     /// To check whether the given URLRequest is a REST API request
     ///
     func isRestAPIRequest(_ urlRequest: URLRequest) -> Bool {
-        let siteAddress: String? = {
-            switch credentials {
-            case let .wporg(_, _, siteAddress):
-                return siteAddress
-            case let .applicationPassword(_, _, siteAddress):
-                return siteAddress
-            default:
-                return nil
-            }
-        }()
         guard let siteAddress,
               let url = urlRequest.url,
               url.absoluteString.hasPrefix(siteAddress.trimSlashes() + "/" + RESTRequest.Settings.basePath) else {
diff --git a/Modules/Sources/NetworkingCore/ApplicationPassword/RequestConverter.swift b/Modules/Sources/NetworkingCore/ApplicationPassword/RequestConverter.swift
@@ -3,22 +3,12 @@ import Alamofire
 /// Converter to convert Jetpack tunnel requests into REST API requests if needed
 ///
 struct RequestConverter {
-    let credentials: Credentials?
+    let siteAddress: String?
 
     func convert(_ request: URLRequestConvertible) -> URLRequestConvertible {
         if request is RESTRequest {
             return request
         }
-        let siteAddress: String? = {
-            switch credentials {
-            case let .wporg(_, _, siteAddress):
-                return siteAddress
-            case let .applicationPassword(_, _, siteAddress):
-                return siteAddress
-            default:
-                return nil
-            }
-        }()
         guard let convertibleRequest = request as? RESTRequestConvertible,
               let siteAddress,
               let restRequest = convertibleRequest.asRESTRequest(with: siteAddress) else {
diff --git a/Modules/Sources/NetworkingCore/ApplicationPassword/RequestProcessor.swift b/Modules/Sources/NetworkingCore/ApplicationPassword/RequestProcessor.swift
@@ -8,7 +8,7 @@ final class RequestProcessor: RequestInterceptor {
 
     private var isAuthenticating = false
 
-    private let requestAuthenticator: RequestAuthenticator
+    private var requestAuthenticator: RequestAuthenticator
 
     private let notificationCenter: NotificationCenter
 
@@ -17,6 +17,10 @@ final class RequestProcessor: RequestInterceptor {
         self.requestAuthenticator = requestAuthenticator
         self.notificationCenter = notificationCenter
     }
+
+    func updateAuthenticator(_ authenticator: RequestAuthenticator) {
+        requestAuthenticator = authenticator
+    }
 }
 
 // MARK: Request Authentication
diff --git a/Modules/Sources/NetworkingCore/Network/AlamofireNetwork.swift b/Modules/Sources/NetworkingCore/Network/AlamofireNetwork.swift
@@ -2,6 +2,19 @@ import Combine
 import Foundation
 import Alamofire
 
+/// Helper type to observe selected site info
+public struct JetpackSite: Equatable {
+    let siteID: Int64
+    let siteAddress: String
+    let applicationPasswordAvailable: Bool
+
+    public init(siteID: Int64, siteAddress: String, applicationPasswordAvailable: Bool) {
+        self.siteID = siteID
+        self.siteAddress = siteAddress
+        self.applicationPasswordAvailable = applicationPasswordAvailable
+    }
+}
+
 extension Alamofire.MultipartFormData: MultipartFormData {
     public func append(_ data: Data, withName name: String) {
         self.append(data, withName: name, fileName: nil, mimeType: nil)
@@ -17,27 +30,59 @@ public class AlamofireNetwork: Network {
         return sessionManager
     }()
 
+    private let credentials: Credentials?
+
+    private let selectedSite: AnyPublisher<JetpackSite?, Never>?
+
     /// Converter to convert Jetpack tunnel requests into REST API requests if applicable
     ///
-    private let requestConverter: RequestConverter
+    private var requestConverter: RequestConverter
 
     /// Authenticator to update requests authorization header if possible.
     ///
     private let requestAuthenticator: RequestProcessor
 
     public var session: URLSession { Session.default.session }
 
+    private var subscription: AnyCancellable?
+
     /// Public Initializer
     ///
     ///
-    public required init(credentials: Credentials?, sessionManager: Alamofire.Session? = nil) {
-        self.requestConverter = RequestConverter(credentials: credentials)
+    public required init(credentials: Credentials?,
+                         selectedSite: AnyPublisher<JetpackSite?, Never>? = nil,
+                         sessionManager: Alamofire.Session? = nil) {
+        self.credentials = credentials
+        self.selectedSite = selectedSite
+        self.requestConverter = {
+            let siteAddress: String? = {
+                switch credentials {
+                case let .wporg(_, _, siteAddress):
+                    return siteAddress
+                case let .applicationPassword(_, _, siteAddress):
+                    return siteAddress
+                default:
+                    return nil
+                }
+            }()
+            return RequestConverter(siteAddress: siteAddress)
+        }()
         self.requestAuthenticator = RequestProcessor(requestAuthenticator: DefaultRequestAuthenticator(credentials: credentials))
         if let sessionManager {
             self.alamofireSession = sessionManager
         }
     }
 
+    public func updateAppPasswordSwitching(enabled: Bool) {
+        guard let credentials, case .wpcom = credentials else { return }
+        if enabled, let selectedSite {
+            observeSelectedSite(selectedSite)
+        } else {
+            requestConverter = RequestConverter(siteAddress: nil)
+            requestAuthenticator.updateAuthenticator(DefaultRequestAuthenticator(credentials: credentials))
+        }
+    }
+
     /// Executes the specified Network Request. Upon completion, the payload will be sent back to the caller as a Data instance.
     ///
     /// - Important:
@@ -142,6 +187,27 @@ private extension AlamofireNetwork {
     func makeSession(configuration sessionConfiguration: URLSessionConfiguration) -> Alamofire.Session {
         Alamofire.Session(configuration: sessionConfiguration, interceptor: requestAuthenticator)
     }
+
+    /// Updates `requestConverter` and `requestAuthenticator` when selected site changes
+    ///
+    func observeSelectedSite(_ selectedSite: AnyPublisher<JetpackSite?, Never>) {
+        subscription = selectedSite
+            .removeDuplicates()
+            .sink { [weak self] site in
+                guard let self else { return }
+                guard let site, site.applicationPasswordAvailable else {
+                    requestConverter = RequestConverter(siteAddress: nil)
+                    requestAuthenticator.updateAuthenticator(DefaultRequestAuthenticator(credentials: credentials))
+                    return
+                }
+                requestConverter = RequestConverter(siteAddress: site.siteAddress)
+                requestAuthenticator.updateAuthenticator(DefaultRequestAuthenticator(
+                    credentials: credentials,
+                    selectedSite: site,
+                    network: self
+                ))
+            }
+    }
 }
 
 private extension DataRequest {
diff --git a/Modules/Tests/NetworkingTests/Network/DefaultRequestAuthenticatorTests.swift b/Modules/Tests/NetworkingTests/Network/DefaultRequestAuthenticatorTests.swift
@@ -134,6 +134,28 @@ final class DefaultRequestAuthenticatorTests: XCTestCase {
         await fulfillment(of: [exp], timeout: Constants.expectationTimeout)
     }
 
+    func test_authenticate_returns_REST_request_with_authorization_header_when_authenticated_with_wpcom_and_selected_site_is_provided() throws {
+        // Given
+        let siteURL = "https://test.com/"
+        let credentials: Credentials = .wpcom(username: "username", authToken: "auth_token", siteAddress: siteURL)
+        let selectedSite = JetpackSite(siteID: 123, siteAddress: siteURL, applicationPasswordAvailable: true)
+        let useCase = MockApplicationPasswordUseCase(mockApplicationPassword: applicationPassword)
+        let authenticator = DefaultRequestAuthenticator(credentials: credentials, selectedSite: selectedSite, applicationPasswordUseCase: useCase)
+        let wooAPIVersion = WooAPIVersion.mark1
+        let basePath = RESTRequest.Settings.basePath
+        let restRequest = RESTRequest(siteURL: siteURL, wooApiVersion: wooAPIVersion, method: .get, path: "test")
+
+        // When
+        let request = try restRequest.asURLRequest()
+        let updatedRequest = try authenticator.authenticate(request)
+
+        // Then
+        let expectedURL = "https://test.com/\(basePath)\(wooAPIVersion.path)test"
+        assertEqual(expectedURL, updatedRequest.url?.absoluteString)
+        let authorizationValue = try XCTUnwrap(updatedRequest.allHTTPHeaderFields?["Authorization"])
+        XCTAssertTrue(authorizationValue.hasPrefix("Basic"))
+    }
+
     func test_shouldRetry_returns_true_for_REST_request() throws {
         // Given
         let siteURL = "https://test.com/"
@@ -164,6 +186,23 @@ final class DefaultRequestAuthenticatorTests: XCTestCase {
         // Then
         XCTAssertFalse(authenticator.shouldRetry(request))
     }
+
+    func test_shouldRetry_returns_true_for_REST_request_when_authenticated_with_wpcom_credentials_and_selected_site_is_provided() throws {
+        // Given
+        let siteURL = "https://test.com/"
+        let credentials: Credentials = .wpcom(username: "username", authToken: "auth_token", siteAddress: siteURL)
+        let selectedSite = JetpackSite(siteID: 123, siteAddress: siteURL, applicationPasswordAvailable: true)
+        let useCase = MockApplicationPasswordUseCase(mockApplicationPassword: applicationPassword)
+        let authenticator = DefaultRequestAuthenticator(credentials: credentials, selectedSite: selectedSite, applicationPasswordUseCase: useCase)
+        let wooAPIVersion = WooAPIVersion.mark1
+        let restRequest = RESTRequest(siteURL: siteURL, wooApiVersion: wooAPIVersion, method: .get, path: "test")
+
+        // When
+        let request = try restRequest.asURLRequest()
+
+        // Then
+        XCTAssertTrue(authenticator.shouldRetry(request))
+    }
 }
 
 /// MOCK: application password use case
diff --git a/Modules/Tests/NetworkingTests/Network/RequestConverterTests.swift b/Modules/Tests/NetworkingTests/Network/RequestConverterTests.swift
diff --git a/WooCommerce/Classes/Yosemite/AuthenticatedState.swift b/WooCommerce/Classes/Yosemite/AuthenticatedState.swift
diff --git a/WooCommerce/Classes/Yosemite/DefaultStoresManager.swift b/WooCommerce/Classes/Yosemite/DefaultStoresManager.swift

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,6 @@ final public class DefaultApplicationPasswordUseCase: ApplicationPasswordUseCase`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`/// Internal initializer`
`64`		`- /// periphery: ignore - used in future PR for WOOMOB-1123`
`65`	`64`	`init(type: AuthenticationType,`
`66`	`65`	`network: Network,`
`67`	`66`	`keychain: Keychain = Keychain(service: WooConstants.keychainServiceName)) {`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ final class RequestProcessor: RequestInterceptor {`
`8`	`8`
`9`	`9`	`private var isAuthenticating = false`
`10`	`10`
`11`		`- private let requestAuthenticator: RequestAuthenticator`
	`11`	`+ private var requestAuthenticator: RequestAuthenticator`
`12`	`12`
`13`	`13`	`private let notificationCenter: NotificationCenter`
`14`	`14`
`@@ -17,6 +17,10 @@ final class RequestProcessor: RequestInterceptor {`
`17`	`17`	`self.requestAuthenticator = requestAuthenticator`
`18`	`18`	`self.notificationCenter = notificationCenter`
`19`	`19`	`}`
	`20`	`+`
	`21`	`+ func updateAuthenticator(_ authenticator: RequestAuthenticator) {`
	`22`	`+ requestAuthenticator = authenticator`
	`23`	`+ }`
`20`	`24`	`}`
`21`	`25`
`22`	`26`	`// MARK: Request Authentication`