Merge branch 'trunk' into woomob-1252-sync-coordinator-store-sync-date-on-site

Author: joshheald

Modules/Sources/Networking/Model/SiteAPI.swift

@@ -45,7 +45,17 @@ public struct SiteAPI: Decodable, Equatable, GeneratedFakeable {
         }
 
         let siteAPIContainer = try decoder.container(keyedBy: SiteAPIKeys.self)
-        let namespaces = siteAPIContainer.failsafeDecodeIfPresent([String].self, forKey: .namespaces) ?? []
+
+        /// Some third-party plugins (like CoCart API) alter the response of `namespaces` field into a dictionary instead of array.
+        /// This workaround transforms the unexpected dictionary to extract the values in the dictionary.
+        let namespaces = siteAPIContainer.failsafeDecodeIfPresent(
+            targetType: [String].self,
+            forKey: .namespaces,
+            alternativeTypes: [
+                .dictionary(transform: { Array($0.values) })
+            ]
+        ) ?? []
+
         let authentication = try? siteAPIContainer.decode(Authentication.self, forKey: .authentication)
         let applicationPasswordAvailable = authentication?.applicationPasswords?.endpoints?.authorization != nil
 

Modules/Sources/NetworkingCore/Extensions/KeyedDecodingContainer+Woo.swift

@@ -6,6 +6,7 @@ public enum AlternativeDecodingType<T> {
     case string(transform: (String) -> T)
     case bool(transform: (Bool) -> T)
     case integer(transform: (Int) -> T)
+    case dictionary(transform: ([String: String]) -> T)
 }
 
 // MARK: - KeyedDecodingContainer: Bulletproof JSON Decoding.
@@ -60,6 +61,10 @@ public extension KeyedDecodingContainer {
                 if let result = failsafeDecodeIfPresent(integerForKey: key) {
                     return transform(result)
                 }
+            case .dictionary(let transform):
+                if let result = failsafeDecodeIfPresent([String: String].self, forKey: key) {
+                    return transform(result)
+                }
             }
         }
         return nil

Modules/Sources/NetworkingCore/Network/AlamofireNetwork.swift

@@ -15,6 +15,12 @@ public struct JetpackSite: Equatable {
     }
 }
 
+public enum RequestAuthenticationMode: String {
+    case appPasswords = "app_passwords"
+    case appPasswordsWithJetpack = "app_passwords_with_jetpack" // switching to app password for Jetpack sites
+    case jetpackTunnel = "jetpack_tunnel"
+}
+
 extension Alamofire.MultipartFormData: MultipartFormData {
     public func append(_ data: Data, withName name: String) {
         self.append(data, withName: name, fileName: nil, mimeType: nil)
@@ -24,6 +30,10 @@ extension Alamofire.MultipartFormData: MultipartFormData {
 /// AlamofireWrapper: Encapsulates all of the Alamofire OP's
 ///
 public class AlamofireNetwork: Network {
+
+    /// authentication mode for requests
+    public private(set) var authenticationMode: RequestAuthenticationMode?
+
     /// Lazy-initialized session manager. Use ensuresSessionManagerIsInitialized=true to avoid race conditions with concurrent requests.
     private lazy var alamofireSession: Alamofire.Session = {
         let sessionConfiguration = URLSessionConfiguration.default
@@ -88,6 +98,18 @@ public class AlamofireNetwork: Network {
         } else if ensuresSessionManagerIsInitialized {
             self.alamofireSession = makeSession(configuration: URLSessionConfiguration.default)
         }
+
+        let authenticationMode: RequestAuthenticationMode? = {
+            switch credentials {
+            case .wporg, .applicationPassword:
+                return .appPasswords
+            case .wpcom:
+                return .jetpackTunnel
+            case .none:
+                return nil
+            }
+        }()
+        updateAuthenticationMode(authenticationMode)
     }
 
     public func updateAppPasswordSwitching(enabled: Bool) {
@@ -98,6 +120,7 @@ public class AlamofireNetwork: Network {
             requestConverter = RequestConverter(siteAddress: nil)
             requestAuthenticator.updateAuthenticator(DefaultRequestAuthenticator(credentials: credentials))
             requestAuthenticator.delegate = nil
+            updateAuthenticationMode(.jetpackTunnel)
         }
     }
 
@@ -276,6 +299,7 @@ private extension AlamofireNetwork {
                     requestConverter = RequestConverter(siteAddress: nil)
                     requestAuthenticator.updateAuthenticator(DefaultRequestAuthenticator(credentials: credentials))
                     requestAuthenticator.delegate = nil
+                    updateAuthenticationMode(.jetpackTunnel)
                     return
                 }
                 requestConverter = RequestConverter(siteAddress: site.siteAddress)
@@ -286,8 +310,15 @@ private extension AlamofireNetwork {
                 ))
                 requestAuthenticator.delegate = self
                 errorHandler.resetFailureCount(for: site.siteID) // reset failure count
+                updateAuthenticationMode(.appPasswordsWithJetpack)
             }
     }
+
+    func updateAuthenticationMode(_ mode: RequestAuthenticationMode?) {
+        DispatchQueue.main.async { [weak self] in
+            self?.authenticationMode = mode
+        }
+    }
 }
 
 // MARK: Helper methods for error handling

Modules/Sources/Storage/GRDB/GRDBManager.swift

@@ -3,6 +3,7 @@ import GRDB
 
 public protocol GRDBManagerProtocol {
     var databaseConnection: GRDBDatabaseConnection { get }
+    func reset() throws
 }
 
 public protocol GRDBDatabaseConnection: DatabaseReader & DatabaseWriter {}
@@ -27,6 +28,31 @@ public final class GRDBManager: GRDBManagerProtocol {
         self.databaseConnection = try DatabaseQueue()
         try migrateIfNeeded()
     }
+
+    /// Resets the database by deleting all data from all tables
+    /// Used when user logs out to ensure no data leaks between sessions
+    public func reset() throws {
+        try databaseConnection.write { db in
+            // Disable foreign key constraints temporarily to avoid dependency issues
+            try db.execute(sql: "PRAGMA foreign_keys = OFF")
+
+            // Get all user tables (excluding sqlite internal tables)
+            let tableNames = try String.fetchAll(db, sql: """
+                SELECT name FROM sqlite_master
+                WHERE type = 'table'
+                AND name NOT LIKE 'sqlite_%'
+                AND name NOT LIKE 'grdb_%'
+            """)
+
+            // Delete all data from each table
+            for tableName in tableNames {
+                try db.execute(sql: "DELETE FROM \(tableName)")
+            }
+
+            // Re-enable foreign key constraints
+            try db.execute(sql: "PRAGMA foreign_keys = ON")
+        }
+    }
 }
 
 private extension GRDBManager {

Modules/Sources/Yosemite/Base/StoresManager.swift

@@ -1,5 +1,6 @@
 import Combine
 import Foundation
+import enum NetworkingCore.RequestAuthenticationMode
 
 /// Abstracts the Stores coordination
 ///
@@ -53,6 +54,9 @@ public protocol StoresManager {
     ///
     var isAuthenticatedWithoutWPCom: Bool { get }
 
+    /// Authentication mode for network requests
+    var requestAuthenticationMode: RequestAuthenticationMode? { get }
+
     /// Publishes signal that indicates if the user is currently logged in with credentials.
     ///
     var isLoggedInPublisher: AnyPublisher<Bool, Never> { get }

Modules/Sources/Yosemite/Model/Mocks/MockStoresManager.swift

@@ -1,5 +1,6 @@
 import Combine
 import Storage
+import enum NetworkingCore.RequestAuthenticationMode
 
 public class MockStoresManager: StoresManager {
 
@@ -223,6 +224,10 @@ public class MockStoresManager: StoresManager {
         false
     }
 
+    public var requestAuthenticationMode: RequestAuthenticationMode? {
+        .jetpackTunnel
+    }
+
     public var needsDefaultStore: Bool {
         sessionManager.defaultStoreID == nil
     }

Modules/Tests/NetworkingTests/Mapper/SiteAPIMapperTests.swift

@@ -5,7 +5,7 @@ import XCTest
 
 /// SiteAPIMapperTests Unit Tests
 ///
-class SiteAPIMapperTests: XCTestCase {
+final class SiteAPIMapperTests: XCTestCase {
 
     /// Dummy Site ID.
     ///
@@ -54,6 +54,18 @@ class SiteAPIMapperTests: XCTestCase {
         XCTAssertEqual(apiSettings?.namespaces, dummyBrokenNamespaces)
         XCTAssertEqual(apiSettings?.highestWooVersion, WooAPIVersion.none)
     }
+
+    /// Verifies the SiteSetting fields are parsed correctly.
+    ///
+    func test_SiteSetting_with_malformed_namespaces_fields_are_properly_parsed() {
+        let apiSettings = mapLoadSiteAPIResponseWithMalformedNamespaces()
+
+        XCTAssertNotNil(apiSettings)
+        XCTAssertEqual(apiSettings?.siteID, dummySiteID)
+        XCTAssertNotNil(apiSettings?.namespaces)
+        XCTAssertEqual(apiSettings?.namespaces.sorted(), dummyNamespaces.sorted())
+        XCTAssertEqual(apiSettings?.highestWooVersion, WooAPIVersion.mark3)
+    }
 }
 
 
@@ -88,4 +100,10 @@ private extension SiteAPIMapperTests {
     func mapLoadBrokenSiteAPIResponse() -> SiteAPI? {
         return mapSiteAPIData(from: "site-api-no-woo")
     }
+
+    /// Returns the SiteAPIMapper output with malformed namespaces
+    ///
+    func mapLoadSiteAPIResponseWithMalformedNamespaces() -> SiteAPI? {
+        return mapSiteAPIData(from: "site-api-malformed")
+    }
 }

Modules/Tests/NetworkingTests/Network/AlamofireNetworkTests.swift

@@ -668,6 +668,142 @@ final class AlamofireNetworkTests: XCTestCase {
         let networkError = result.1 as? NetworkError
         XCTAssertEqual(networkError?.errorCode, "failed")
     }
+
+    // MARK: - Authentication Mode Tests
+
+    func test_authenticationMode_is_appPasswords_for_wporg_credentials() {
+        // Given
+        let wporgCredentials = Credentials.wporg(username: "user", password: "pass", siteAddress: "https://example.com")
+
+        // When
+        let network = AlamofireNetwork(credentials: wporgCredentials, sessionManager: createSessionWithMockURLProtocol())
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should be set")
+        DispatchQueue.main.async {
+            XCTAssertEqual(network.authenticationMode, .appPasswords)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_is_appPasswords_for_applicationPassword_credentials() {
+        // Given
+        let appPasswordCredentials = Credentials.applicationPassword(username: "user", password: "pass", siteAddress: "https://example.com")
+
+        // When
+        let network = AlamofireNetwork(credentials: appPasswordCredentials, sessionManager: createSessionWithMockURLProtocol())
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should be set")
+        DispatchQueue.main.async {
+            XCTAssertEqual(network.authenticationMode, .appPasswords)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_is_jetpackTunnel_for_wpcom_credentials() {
+        // Given
+        let wpcomCredentials = createWPComCredentials()
+
+        // When
+        let network = AlamofireNetwork(credentials: wpcomCredentials, sessionManager: createSessionWithMockURLProtocol())
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should be set")
+        DispatchQueue.main.async {
+            XCTAssertEqual(network.authenticationMode, .jetpackTunnel)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_is_nil_for_no_credentials() {
+        // When
+        let network = AlamofireNetwork(credentials: nil, sessionManager: createSessionWithMockURLProtocol())
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should be set")
+        DispatchQueue.main.async {
+            XCTAssertNil(network.authenticationMode)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_changes_to_appPasswordsWithJetpack_when_app_password_switching_enabled() {
+        // Given
+        let siteID: Int64 = 123
+        let wpcomCredentials = createWPComCredentials()
+        let network = createNetworkWithSelectedSite(siteID: siteID, credentials: wpcomCredentials, userDefaults: userDefaults)
+
+        // When - Enable app password switching
+        network.updateAppPasswordSwitching(enabled: true)
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should change")
+        DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
+            XCTAssertEqual(network.authenticationMode, .appPasswordsWithJetpack)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_reverts_to_jetpackTunnel_when_app_password_switching_disabled() {
+        // Given
+        let siteID: Int64 = 456
+        let wpcomCredentials = createWPComCredentials()
+        let network = createNetworkWithSelectedSite(siteID: siteID, credentials: wpcomCredentials, userDefaults: userDefaults)
+
+        // When - Enable then disable app password switching
+        network.updateAppPasswordSwitching(enabled: true)
+        network.updateAppPasswordSwitching(enabled: false)
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should revert")
+        DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
+            XCTAssertEqual(network.authenticationMode, .jetpackTunnel)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_remains_jetpackTunnel_when_site_flagged_as_unsupported() {
+        // Given
+        let siteID: Int64 = 789
+        let wpcomCredentials = createWPComCredentials()
+        userDefaults.applicationPasswordUnsupportedList = [String(siteID): Date()]
+        let network = createNetworkWithSelectedSite(siteID: siteID, credentials: wpcomCredentials, userDefaults: userDefaults)
+
+        // When - Enable app password switching for an unsupported site
+        network.updateAppPasswordSwitching(enabled: true)
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should remain jetpackTunnel")
+        DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
+            XCTAssertEqual(network.authenticationMode, .jetpackTunnel)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
+
+    func test_authenticationMode_does_not_change_for_non_wpcom_credentials() {
+        // Given
+        let wporgCredentials = Credentials.wporg(username: "user", password: "pass", siteAddress: "https://example.com")
+        let network = AlamofireNetwork(credentials: wporgCredentials, sessionManager: createSessionWithMockURLProtocol())
+
+        // When - Try to enable app password switching (should have no effect)
+        network.updateAppPasswordSwitching(enabled: true)
+
+        // Then
+        let expectation = XCTestExpectation(description: "Authentication mode should remain unchanged")
+        DispatchQueue.main.asyncAfter(deadline: .now() + 0.1) {
+            XCTAssertEqual(network.authenticationMode, .appPasswords)
+            expectation.fulfill()
+        }
+        wait(for: [expectation], timeout: 1.0)
+    }
 }
 
 private extension AlamofireNetworkTests {

Modules/Tests/NetworkingTests/Responses/site-api-malformed.json

@@ -0,0 +1,23 @@
+{
+  "data": {
+    "namespaces": {
+      "0": "oembed\/1.0",
+      "1": "akismet\/v1",
+      "2": "jetpack\/v4",
+      "3": "wpcom\/v2",
+      "4": "wc\/v1",
+      "5": "wc\/v2",
+      "6": "wc\/v3",
+      "7": "wc-pb\/v3",
+      "8": "wp\/v2"
+    },
+    "authentication": [],
+    "_links": {
+      "help": [
+        {
+          "href": "http:\/\/v2.wp-api.org\/"
+        }
+      ]
+    }
+  }
+}