Merge release/26.1 into trunk (#24746)

* Always load comment data when viewing comments from the notifications (#24737)

* fix: GutenbergKit uses correct REST API domain for application passwords (#24738)

* fix: GutenbergKit uses correct REST API domain for application passwords

The existing logic preferred application passwords over bearer tokens,
but did not apply same preference when setting the `siteApiRoot` domain.
The authentication header and root domain must be a compatible match in
order for authentication to succeed.

Failed authentication resulted in missing editor features and failed
upload requests.

* refactor: Improve WPCom REST API conditional logic naming and structure

* fix: Expand GutenbergKit REST API configuration (#24744)

* test: Assert EditorConfigurationTests REST API configuration

* fix: Jetpack-connected sites without an app password use WPCOM REST API

Mirror Gutenberg Mobile's authentication approach to improve stability
of self-hosted, Jetpack-connected sites lacking application passwords.

* Update app translations – `Localizable.strings`

* Update WordPress metadata translations

* Update Jetpack metadata translations

* Bump version number

---------

Co-authored-by: Tony Li <[email protected]>
Co-authored-by: David Calhoun <[email protected]>

Author: 3 people

Tests/KeystoneTests/Helpers/BlogBuilder.swift

@@ -2,6 +2,7 @@ import CoreData
 import Foundation
 import XCTest
 import WordPressData
+import WordPressShared
 
 @testable import WordPress
 
@@ -99,12 +100,12 @@ final class BlogBuilder {
         return self
     }
 
-    func withAnAccount(username: String = "test_user") -> Self {
+    func withAnAccount(username: String = "test_user", authToken: String = "authtoken") -> Self {
         // Add Account
         let account = NSEntityDescription.insertNewObject(forEntityName: WPAccount.entityName(), into: context) as! WPAccount
         account.displayName = "displayName"
         account.username = username
-        account.authToken = "authtoken"
+        account.authToken = authToken
         blog.account = account
 
         return self
@@ -224,6 +225,21 @@ final class BlogBuilder {
 
         return self
     }
+
+    func withApplicationPassword(_ password: String, using keychain: KeychainAccessible = KeychainUtils()) -> Self {
+        do {
+            try blog.setApplicationToken(password, using: keychain)
+        } catch {
+            XCTFail("Failed to set application password: \(error)")
+        }
+        return self
+    }
+
+    func with(restApiRootURL: String) -> Self {
+        blog.restApiRootURL = restApiRootURL
+
+        return self
+    }
 }
 
 extension Blog {

Tests/KeystoneTests/Tests/Features/Gutenberg/EditorConfigurationTests.swift

@@ -0,0 +1,137 @@
+import Testing
+import Foundation
+import CoreData
+import XCTest
+import WordPressData
+import GutenbergKit
+
+@testable import WordPress
+
+@Suite("EditorConfiguration Authentication Tests")
+struct EditorConfigurationTests {
+    private let contextManager = ContextManager.forTesting()
+    private let keychain = TestKeychain()
+
+    private var context: NSManagedObjectContext {
+        contextManager.mainContext
+    }
+
+    @Test("Simple site uses WP.com REST API")
+    func simpleSiteUses() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context)
+            .with(atomic: false)
+            .isHostedAtWPcom()
+            .withAnAccount(username: "simpleuser", authToken: "simple-bearer-token")
+            .with(dotComID: 12345)
+            .build()
+
+        let config = EditorConfiguration(blog: blog)
+
+        #expect(config.siteApiRoot == "https://public-api.wordpress.com/", "Should use WP.com API root")
+        #expect(config.authHeader == "Bearer simple-bearer-token", "Should use Bearer authentication from account")
+    }
+
+    @Test("Atomic site uses WP.com REST API")
+    func atomicSiteUsesWPcomRestApi() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context)
+            .with(atomic: true)
+            .isNotHostedAtWPcom()
+            .withAnAccount(username: "atomicuser", authToken: "atomic-bearer-token")
+            .with(username: "atomicuser")
+            .with(dotComID: 67890)
+            .with(url: "https://atomic.com")
+            .build()
+
+        let config = EditorConfiguration(blog: blog)
+
+        #expect(config.siteApiRoot == "https://public-api.wordpress.com/", "Should use WP.com API root")
+        #expect(config.authHeader == "Bearer atomic-bearer-token", "Should use Bearer authentication")
+        #expect(config.siteApiNamespace.contains("sites/67890/"), "Should include site ID namespace")
+    }
+
+    @Test("Atomic site with application password uses self-hosted REST API")
+    func atomicSiteWithAppPasswordUsesSelfHostedRestApi() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context, dotComID: 67890)
+            .with(atomic: true)
+            .isNotHostedAtWPcom()
+            .withAnAccount(username: "atomicuser", authToken: "atomic-bearer-token")
+            .with(username: "atomicuser")
+            .withApplicationPassword("test-app-password-1234", using: keychain)
+            .build()
+
+        let config = EditorConfiguration(blog: blog, keychain: keychain)
+        let base64Credentials = "YXRvbWljdXNlcjp0ZXN0LWFwcC1wYXNzd29yZC0xMjM0" // Base64 encoding of "atomicuser:test-app-password-1234"
+
+        #expect(config.siteApiRoot == "https://67890.example.com/wp-json/", "Should use self-hosted API URL")
+        #expect(config.authHeader == "Basic \(base64Credentials)", "Should use Basic authentication")
+        #expect(config.siteApiNamespace.isEmpty, "Should not have WP.com API namespace")
+    }
+
+    @Test("Self-hosted site uses self-hosted REST API")
+    func selfHostedSiteUsesSelfHostedAPI() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context)
+            .with(atomic: false)
+            .isNotHostedAtWPcom()
+            .with(username: "selfhosteduser")
+            .with(url: "https://self-hosted.org")
+            .withApplicationPassword("test-app-password-1234", using: keychain)
+            .with(restApiRootURL: "https://self-hosted.org/wp-json/")
+            .build()
+
+        let config = EditorConfiguration(blog: blog, keychain: keychain)
+        let base64Credentials = "c2VsZmhvc3RlZHVzZXI6dGVzdC1hcHAtcGFzc3dvcmQtMTIzNA==" // Base64 encoding of "selfhosteduser:test-app-password-1234"
+
+        #expect(config.siteApiRoot == "https://self-hosted.org/wp-json/", "Should use self-hosted API URL")
+        #expect(config.authHeader == "Basic \(base64Credentials)", "Should use Basic authentication")
+        #expect(config.siteApiNamespace.isEmpty, "Should not have WP.com API namespace")
+    }
+
+    @Test("Self-hosted site with Jetpack connection uses WP.com REST API")
+    func selfHostedSiteWithJetpackUsesWPcomRestApi() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context, dotComID: 12345)
+            .with(atomic: false)
+            .isNotHostedAtWPcom()
+            .withAnAccount(username: "selfhosteduser", authToken: "self-hosted-bearer-token")
+            .with(username: "selfhosteduser")
+            .with(url: "https://self-hosted.org")
+            .build()
+
+        let config = EditorConfiguration(blog: blog, keychain: keychain)
+
+        #expect(config.siteApiRoot == "https://public-api.wordpress.com/", "Should use WP.com API root")
+        #expect(config.authHeader == "Bearer self-hosted-bearer-token", "Should use Bearer authentication")
+        #expect(config.siteApiNamespace.contains("sites/12345/"), "Should include site ID namespace")
+    }
+
+    @Test("Self-hosted site with Jetpack connection and application password uses self-hosted REST API")
+    func selfHostedSiteWithJetpackAndAppPasswordUsesWPcomRestApi() async throws {
+        let context = self.context
+
+        let blog = BlogBuilder(context, dotComID: 12345)
+            .with(atomic: false)
+            .isNotHostedAtWPcom()
+            .withAnAccount(username: "selfhosteduser", authToken: "self-hosted-bearer-token")
+            .with(username: "selfhosteduser")
+            .with(url: "https://self-hosted.org")
+            .withApplicationPassword("test-app-password-1234", using: keychain)
+            .with(restApiRootURL: "https://self-hosted.org/wp-json/")
+            .build()
+
+        let config = EditorConfiguration(blog: blog, keychain: keychain)
+        let base64Credentials = "c2VsZmhvc3RlZHVzZXI6dGVzdC1hcHAtcGFzc3dvcmQtMTIzNA==" // Base64 encoding of "selfhosteduser:test-app-password-1234"
+
+        #expect(config.siteApiRoot == "https://self-hosted.org/wp-json/", "Should use self-hosted API URL")
+        #expect(config.authHeader == "Basic \(base64Credentials)", "Should use Basic authentication")
+        #expect(config.siteApiNamespace.isEmpty, "Should not have WP.com API namespace")
+    }
+}

WordPress/Classes/ViewRelated/Blog/My Site/MySiteViewController.swift

@@ -172,7 +172,7 @@ final class MySiteViewController: UIViewController, UIScrollViewDelegate, NoSite
 
         if RemoteFeatureFlag.newGutenberg.enabled() {
             GutenbergKit.EditorViewController.warmup(
-                configuration: blog.flatMap(EditorConfiguration.init(blog:)) ?? .default
+                configuration: blog.flatMap({ EditorConfiguration.init(blog: $0) }) ?? .default
             )
         }
     }

WordPress/Classes/ViewRelated/NewGutenberg/NewGutenbergViewController.swift

@@ -1001,17 +1001,23 @@ private extension NewGutenbergViewController {
 }
 
 extension EditorConfiguration {
-    init(blog: Blog) {
+    init(blog: Blog, keychain: KeychainAccessible = KeychainUtils()) {
         let selfHostedApiUrl = blog.restApiRootURL ?? blog.url(withPath: "wp-json/")
-        let isWPComSite = blog.isHostedAtWPcom || blog.isAtomic()
-        let siteApiRoot = blog.isAccessibleThroughWPCom() && isWPComSite ? blog.wordPressComRestApi?.baseURL.absoluteString : selfHostedApiUrl
+        let applicationPassword = try? blog.getApplicationToken(using: keychain)
+        let shouldUseWPComRestApi = applicationPassword == nil && blog.isAccessibleThroughWPCom()
+
+        let siteApiRoot: String?
+        if applicationPassword != nil {
+            siteApiRoot = selfHostedApiUrl
+        } else {
+            siteApiRoot = shouldUseWPComRestApi ? blog.wordPressComRestApi?.baseURL.absoluteString : selfHostedApiUrl
+        }
+
         let siteId = blog.dotComID?.stringValue
         let siteDomain = blog.primaryDomainAddress
         let authToken = blog.authToken ?? ""
         var authHeader = "Bearer \(authToken)"
 
-        let applicationPassword = try? blog.getApplicationToken()
-
         if let appPassword = applicationPassword, let username = blog.username {
             let credentials = "\(username):\(appPassword)"
             if let credentialsData = credentials.data(using: .utf8) {
@@ -1022,7 +1028,7 @@ extension EditorConfiguration {
 
         // Must provide both namespace forms to detect usages of both forms in third-party code
         var siteApiNamespace: [String] = []
-        if isWPComSite {
+        if shouldUseWPComRestApi {
             if let siteId {
                 siteApiNamespace.append("sites/\(siteId)/")
             }

WordPress/Classes/ViewRelated/Notifications/Controllers/NotificationCommentDetailViewController.swift

@@ -185,10 +185,6 @@ private extension NotificationCommentDetailViewController {
             }
 
             self.fetchParentCommentIfNeeded(completion: {
-                if let comment = self.loadCommentFromCache(self.commentID) {
-                    self.comment = comment
-                    return
-                }
                 self.fetchComment(self.commentID, completion: { comment in
                     guard let comment else {
                         self.showErrorView(title: NoResults.errorTitle, subtitle: NoResults.errorSubtitle)