Merge pull request #8478 from woocommerce/feat/8453-role-eligibility

REST API: Check role eligibility after authentication without WPCom

Author: itsmeichigo

Networking/Networking.xcodeproj/project.pbxproj

@@ -721,6 +721,7 @@
 		DEC51AF92769A212009F3DF4 /* SystemStatus+Settings.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEC51AF82769A212009F3DF4 /* SystemStatus+Settings.swift */; };
 		DEC51AFB2769C66B009F3DF4 /* SystemStatusMapperTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEC51AFA2769C66B009F3DF4 /* SystemStatusMapperTests.swift */; };
 		DEC51B02276AFB35009F3DF4 /* SystemStatus+DropinMustUsePlugin.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEC51B01276AFB34009F3DF4 /* SystemStatus+DropinMustUsePlugin.swift */; };
+		DEF13C5029629EEA0024A02B /* user-complete-without-data.json in Resources */ = {isa = PBXBuildFile; fileRef = DEF13C4F29629EEA0024A02B /* user-complete-without-data.json */; };
 		DEFBA74E29485A7600C35BA9 /* RESTRequest.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEFBA74D29485A7600C35BA9 /* RESTRequest.swift */; };
 		DEFBA7542949CE6600C35BA9 /* RequestProcessor.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEFBA7532949CE6600C35BA9 /* RequestProcessor.swift */; };
 		DEFBA7562949D17400C35BA9 /* DefaultRequestAuthenticatorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = DEFBA7552949D17300C35BA9 /* DefaultRequestAuthenticatorTests.swift */; };
@@ -1513,6 +1514,7 @@
 		DEC51AF82769A212009F3DF4 /* SystemStatus+Settings.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SystemStatus+Settings.swift"; sourceTree = "<group>"; };
 		DEC51AFA2769C66B009F3DF4 /* SystemStatusMapperTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SystemStatusMapperTests.swift; sourceTree = "<group>"; };
 		DEC51B01276AFB34009F3DF4 /* SystemStatus+DropinMustUsePlugin.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SystemStatus+DropinMustUsePlugin.swift"; sourceTree = "<group>"; };
+		DEF13C4F29629EEA0024A02B /* user-complete-without-data.json */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.json; path = "user-complete-without-data.json"; sourceTree = "<group>"; };
 		DEFBA74D29485A7600C35BA9 /* RESTRequest.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RESTRequest.swift; sourceTree = "<group>"; };
 		DEFBA7532949CE6600C35BA9 /* RequestProcessor.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RequestProcessor.swift; sourceTree = "<group>"; };
 		DEFBA7552949D17300C35BA9 /* DefaultRequestAuthenticatorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DefaultRequestAuthenticatorTests.swift; sourceTree = "<group>"; };
@@ -2296,6 +2298,7 @@
 				74ABA1C6213F19FD00FFAD30 /* top-performers-month.json */,
 				74ABA1C7213F19FE00FFAD30 /* top-performers-year.json */,
 				FE28F6E726842D57004465C7 /* user-complete.json */,
+				DEF13C4F29629EEA0024A02B /* user-complete-without-data.json */,
 				7495AACE225D366D00801A89 /* variation-as-product.json */,
 				02A26F192744F5FC008E4EDB /* wc-site-settings-partial.json */,
 				D800DA0D25EFEC21001E13CE /* wcpay-connection-token.json */,
@@ -3087,6 +3090,7 @@
 				CC80E3F92948C8BC00D5FF45 /* site-visits-quarter.json in Resources */,
 				020D07C223D858BB00FD9580 /* media-upload.json in Resources */,
 				31A451D127863A2E00FE81AA /* stripe-account-rejected-other.json in Resources */,
+				DEF13C5029629EEA0024A02B /* user-complete-without-data.json in Resources */,
 				74ABA1CA213F19FE00FFAD30 /* top-performers-year.json in Resources */,
 				31A451CF27863A2E00FE81AA /* stripe-account-rejected-terms-of-service.json in Resources */,
 				DE2E8EA9295416C9002E4B14 /* wordpress-site-info.json in Resources */,

Networking/Networking/Mapper/UserMapper.swift

@@ -16,7 +16,11 @@ struct UserMapper: Mapper {
             .siteID: siteID
         ]
 
-        return try decoder.decode(UserEnvelope.self, from: response).user
+        do {
+            return try decoder.decode(UserEnvelope.self, from: response).user
+        } catch {
+            return try decoder.decode(User.self, from: response)
+        }
     }
 }
 

Networking/Networking/Remote/UserRemote.swift

@@ -14,7 +14,7 @@ public final class UserRemote: Remote {
             "context": "edit",
             "fields": "id,username,id_wpcom,email,first_name,last_name,nickname,roles"
         ]
-        let request = JetpackRequest(wooApiVersion: .none, method: .get, siteID: siteID, path: path, parameters: parameters)
+        let request = JetpackRequest(wooApiVersion: .none, method: .get, siteID: siteID, path: path, parameters: parameters, availableAsRESTRequest: true)
         let mapper = UserMapper(siteID: siteID)
 
         enqueue(request, mapper: mapper, completion: completion)

Networking/Networking/Requests/RESTRequest.swift

@@ -47,7 +47,9 @@ struct RESTRequest: URLRequestConvertible {
     /// Returns a URLRequest instance representing the current REST API Request.
     ///
     func asURLRequest() throws -> URLRequest {
-        let components = [siteURL, Settings.basePath, wooApiVersion.path, path].map { $0.trimSlashes() }
+        let components = [siteURL, Settings.basePath, wooApiVersion.path, path]
+            .map { $0.trimSlashes() }
+            .filter { $0.isEmpty == false }
         let url = try components.joined(separator: "/").asURL()
         let request = try URLRequest(url: url, method: method)
         switch method {

Networking/NetworkingTests/Mapper/UserMapperTests.swift

@@ -7,8 +7,24 @@ import XCTest
 final class UserMapperTests: XCTestCase {
     private let testSiteID: Int64 = 123
 
-    func test_User_fields_are_properly_parsed() {
-        guard let user = mapUserFromMockResponse() else {
+    func test_User_fields_are_properly_parsed_with_data_envelope() {
+        guard let user = mapUserFromMockResponseWithDataEnvelope() else {
+            XCTFail()
+            return
+        }
+
+        XCTAssertEqual(user.localID, 1)
+        XCTAssertEqual(user.username, "test-username")
+        XCTAssertEqual(user.firstName, "Test")
+        XCTAssertEqual(user.lastName, "User")
+        XCTAssertEqual(user.email, "[email protected]")
+        XCTAssertEqual(user.nickname, "User's Nickname")
+        XCTAssertEqual(user.roles, ["administrator"])
+        XCTAssertEqual(user.siteID, testSiteID)
+    }
+
+    func test_User_fields_are_properly_parsed_without_data_envelope() {
+        guard let user = mapUserFromMockResponseWithoutDataEnvelope() else {
             XCTFail()
             return
         }
@@ -25,7 +41,7 @@ final class UserMapperTests: XCTestCase {
 }
 
 private extension UserMapperTests {
-    func mapUserFromMockResponse() -> User? {
+    func mapUserFromMockResponseWithDataEnvelope() -> User? {
         // Note: the JSON content is shortened due to the "fields" parameter
         // usage in UserRemote.
         guard let response = Loader.contentsOf("user-complete") else {
@@ -34,4 +50,14 @@ private extension UserMapperTests {
 
         return try? UserMapper(siteID: testSiteID).map(response: response)
     }
+
+    func mapUserFromMockResponseWithoutDataEnvelope() -> User? {
+        // Note: the JSON content is shortened due to the "fields" parameter
+        // usage in UserRemote.
+        guard let response = Loader.contentsOf("user-complete-without-data") else {
+            return nil
+        }
+
+        return try? UserMapper(siteID: testSiteID).map(response: response)
+    }
 }

Networking/NetworkingTests/Responses/user-complete-without-data.json

@@ -0,0 +1,11 @@
+{
+    "id": 1,
+    "username": "test-username",
+    "first_name": "Test",
+    "last_name": "User",
+    "email": "[email protected]",
+    "nickname": "User's Nickname",
+    "roles": [
+        "administrator"
+    ]
+}

WooCommerce/Classes/Authentication/AuthenticationManager.swift

@@ -51,6 +51,11 @@ class AuthenticationManager: Authentication {
     /// Keep strong reference of the use case to check for application password availability if necessary.
     private var applicationPasswordUseCase: ApplicationPasswordUseCase?
 
+    /// Keep strong reference of the use case to check for role eligibility if necessary.
+    private lazy var roleEligibilityUseCase: RoleEligibilityUseCase = {
+        .init(stores: ServiceLocator.stores)
+    }()
+
     init(storageManager: StorageManagerType = ServiceLocator.storageManager,
          featureFlagService: FeatureFlagService = ServiceLocator.featureFlagService,
          analytics: Analytics = ServiceLocator.analytics) {
@@ -829,9 +834,12 @@ private extension AuthenticationManager {
                                  with: applicationPasswordUseCase,
                                  in: navigationController) { [weak self] in
             guard let self else { return }
-            // TODO: check for role eligibility & check for Woo
-            // navigates to home screen immediately with a placeholder store ID
-            self.startStorePicker(with: WooConstants.placeholderStoreID, in: navigationController)
+            self.checkRoleEligibility(in: navigationController) { [weak self] in
+                guard let self else { return }
+                // TODO: check for Woo
+                // navigates to home screen immediately with a placeholder store ID
+                self.startStorePicker(with: WooConstants.placeholderStoreID, in: navigationController)
+            }
         }
     }
 
@@ -854,17 +862,85 @@ private extension AuthenticationManager {
                 // show generic error
                 await MainActor.run {
                     DDLogError("⛔️ Error generating application password: \(error)")
-                    let alert = FancyAlertViewController.makeApplicationPasswordAlert(retryAction: { [weak self] in
-                        self?.checkApplicationPassword(for: siteURL, with: useCase, in: navigationController, onSuccess: onSuccess)
-                    }, restartLoginAction: {
-                        ServiceLocator.stores.deauthenticate()
-                        navigationController.popToRootViewController(animated: true)
-                    })
+                    let alert = FancyAlertViewController.makeSiteCredentialLoginAlert(
+                        message: Localization.applicationPasswordError,
+                        retryAction: { [weak self] in
+                            self?.checkApplicationPassword(for: siteURL, with: useCase, in: navigationController, onSuccess: onSuccess)
+                        },
+                        restartLoginAction: {
+                            ServiceLocator.stores.deauthenticate()
+                            navigationController.popToRootViewController(animated: true)
+                        }
+                    )
+                    navigationController.present(alert, animated: true)
+                }
+            }
+        }
+    }
+
+    /// Checks role eligibility for the logged in user with the site address saved in the credentials.
+    /// Placeholder store ID is used because we are checking for users logging in with site credentials.
+    ///
+    func checkRoleEligibility(in navigationController: UINavigationController, onSuccess: @escaping () -> Void) {
+        roleEligibilityUseCase.checkEligibility(for: WooConstants.placeholderStoreID) { [weak self] result in
+            guard let self else { return }
+            switch result {
+            case .success:
+                onSuccess()
+            case .failure(let error):
+                if case let RoleEligibilityError.insufficientRole(errorInfo) = error {
+                    self.showRoleErrorScreen(for: WooConstants.placeholderStoreID,
+                                             errorInfo: errorInfo,
+                                             in: navigationController,
+                                             onSuccess: onSuccess)
+                } else {
+                    // show generic error
+                    DDLogError("⛔️ Error checking role eligibility: \(error)")
+                    let alert = FancyAlertViewController.makeSiteCredentialLoginAlert(
+                        message: Localization.roleEligibilityCheckError,
+                        retryAction: { [weak self] in
+                            self?.checkRoleEligibility(in: navigationController, onSuccess: onSuccess)
+                        },
+                        restartLoginAction: {
+                            ServiceLocator.stores.deauthenticate()
+                            navigationController.popToRootViewController(animated: true)
+                        }
+                    )
                     navigationController.present(alert, animated: true)
                 }
             }
         }
     }
+
+    /// Shows a Role Error page using the provided error information.
+    ///
+    func showRoleErrorScreen(for siteID: Int64,
+                             errorInfo: StorageEligibilityErrorInfo,
+                             in navigationController: UINavigationController,
+                             onSuccess: @escaping () -> Void) {
+        let errorViewModel = RoleErrorViewModel(siteID: siteID, title: errorInfo.name, subtitle: errorInfo.humanizedRoles, useCase: self.roleEligibilityUseCase)
+        let errorViewController = RoleErrorViewController(viewModel: errorViewModel)
+
+        errorViewModel.onSuccess = onSuccess
+        errorViewModel.onDeauthenticationRequest = {
+            ServiceLocator.stores.deauthenticate()
+            navigationController.popToRootViewController(animated: true)
+        }
+        navigationController.show(errorViewController, sender: self)
+    }
+}
+
+private extension AuthenticationManager {
+    enum Localization {
+        static let applicationPasswordError = NSLocalizedString(
+            "Error fetching application password for your site.",
+            comment: "Error message displayed when application password cannot be fetched after authentication."
+        )
+        static let roleEligibilityCheckError = NSLocalizedString(
+            "Error fetching user information.",
+            comment: "Error message displayed when user information cannot be fetched after authentication."
+        )
+    }
 }
 
 // MARK: - ViewModel Factory

WooCommerce/Classes/Authentication/Navigation Exceptions/RoleErrorViewController.swift

@@ -5,6 +5,8 @@ import WordPressAuthenticator
 /// RoleErrorOutput enables communication from the view model to the view controller.
 /// Note that it's important for the view model to weakly retain the view controller.
 protocol RoleErrorOutput: AnyObject {
+    func updatePrimaryButtonState(loading: Bool)
+
     /// Updates title and subtitle label text with latest content.
     func refreshTitleLabels()
 
@@ -26,7 +28,7 @@ class RoleErrorViewController: UIViewController {
     @IBOutlet weak var descriptionLabel: UILabel!
     @IBOutlet weak var linkButton: UIButton!
 
-    @IBOutlet weak var primaryActionButton: UIButton!
+    @IBOutlet weak var primaryActionButton: ButtonActivityIndicator!
     @IBOutlet weak var secondaryActionButton: UIButton!
 
     // MARK: Properties
@@ -111,6 +113,7 @@ class RoleErrorViewController: UIViewController {
 
     func configurePrimaryActionButton() {
         primaryActionButton.applyPrimaryButtonStyle()
+        primaryActionButton.indicator.color = .white
         primaryActionButton.setTitle(viewModel.primaryButtonTitle, for: .normal)
         primaryActionButton.on(.touchUpInside) { [weak self] _ in
             self?.viewModel.didTapPrimaryButton()
@@ -170,6 +173,14 @@ class RoleErrorViewController: UIViewController {
 // MARK: - RoleErrorOutput
 
 extension RoleErrorViewController: RoleErrorOutput {
+    func updatePrimaryButtonState(loading: Bool) {
+        if loading {
+            primaryActionButton.showActivityIndicator()
+        } else {
+            primaryActionButton.hideActivityIndicator()
+        }
+    }
+
     func refreshTitleLabels() {
         // these are the only components that may change on runtime, e.g. the role changed
         // to something else, but still incorrect; or the user updated their display name.