Remove saved credentials when removing self-hosted sites (#23725)

crazytonyli · web-flow · commit 9dd2324593e6 · 2024-10-30T21:04:25.000Z
* Delete application password when removing site

* Remove self-hosted site cookies when removing site

* Fix a unit test compiling issue
diff --git a/WordPress/Classes/Models/Blog+SelfHosted.swift b/WordPress/Classes/Models/Blog+SelfHosted.swift
@@ -55,6 +55,18 @@ extension Blog {
         try keychainImplementation.getPassword(for: self.getUsername(), serviceName: self.getUrlString())
     }
 
+    /// Delete Application Token
+    ///
+    func deleteApplicationToken(using keychainImplementation: KeychainAccessible = KeychainUtils()) throws {
+        try? keychainImplementation.setPassword(for: self.getUsername(), to: nil, serviceName: self.getUrlString())
+    }
+
+    @available(swift, obsoleted: 1.0)
+    @objc(deleteApplicationToken)
+    func objc_deleteApplicationToken() {
+        _ = try? deleteApplicationToken()
+    }
+
     /// Store Application Tokens
     ///
     func setApplicationToken(
diff --git a/WordPress/Classes/Models/Blog.m b/WordPress/Classes/Models/Blog.m
@@ -106,8 +106,23 @@ - (void)prepareForDeletion
         self.password = nil;
     }
 
+    if (self.account == nil) {
+        [self deleteApplicationToken];
+    }
+
     [_xmlrpcApi invalidateAndCancelTasks];
     [_selfHostedSiteRestApi invalidateAndCancelTasks];
+
+    // Remove the self-hosted site cookies from the shared cookie storage.
+    if (self.account == nil && self.url != nil) {
+        NSURL *siteURL = [NSURL URLWithString:self.url];
+        if (siteURL != nil) {
+            NSHTTPCookieStorage *cookieJar = [NSHTTPCookieStorage sharedHTTPCookieStorage];
+            for (NSHTTPCookie *cookie in [cookieJar cookiesForURL:siteURL]) {
+                [cookieJar deleteCookie:cookie];
+            }
+        }
+    }
 }
 
 - (void)didTurnIntoFault
diff --git a/WordPress/Classes/Utility/KeychainUtils.swift b/WordPress/Classes/Utility/KeychainUtils.swift
@@ -41,12 +41,16 @@ extension KeychainUtils: KeychainAccessible {
         try self.keychainUtils.getPasswordForUsername(username, andServiceName: serviceName)
     }
 
-    func setPassword(for username: String, to newValue: String, serviceName: String) throws {
-        try keychainUtils.storeUsername(username, andPassword: newValue, forServiceName: serviceName, updateExisting: true)
+    func setPassword(for username: String, to newValue: String?, serviceName: String) throws {
+        if let newValue {
+            try keychainUtils.storeUsername(username, andPassword: newValue, forServiceName: serviceName, updateExisting: true)
+        } else {
+            try keychainUtils.deleteItem(forUsername: username, andServiceName: serviceName)
+        }
     }
 }
 
 protocol KeychainAccessible {
     func getPassword(for username: String, serviceName: String) throws -> String
-    func setPassword(for username: String, to newValue: String, serviceName: String) throws
+    func setPassword(for username: String, to newValue: String?, serviceName: String) throws
 }
diff --git a/WordPress/WordPressTest/TestKeychain.swift b/WordPress/WordPressTest/TestKeychain.swift
@@ -21,7 +21,11 @@ class TestKeychain: KeychainAccessible {
         return keychainItem.password
     }
 
-    func setPassword(for username: String, to newValue: String, serviceName: String) throws {
-        keychain[serviceName] = KeychainItem(username: username, password: newValue)
+    func setPassword(for username: String, to newValue: String?, serviceName: String) throws {
+        if let newValue {
+            keychain[serviceName] = KeychainItem(username: username, password: newValue)
+        } else {
+            keychain[serviceName] = nil
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -41,12 +41,16 @@ extension KeychainUtils: KeychainAccessible {`
`41`	`41`	`try self.keychainUtils.getPasswordForUsername(username, andServiceName: serviceName)`
`42`	`42`	`}`
`43`	`43`
`44`		`- func setPassword(for username: String, to newValue: String, serviceName: String) throws {`
`45`		`- try keychainUtils.storeUsername(username, andPassword: newValue, forServiceName: serviceName, updateExisting: true)`
	`44`	`+ func setPassword(for username: String, to newValue: String?, serviceName: String) throws {`
	`45`	`+ if let newValue {`
	`46`	`+ try keychainUtils.storeUsername(username, andPassword: newValue, forServiceName: serviceName, updateExisting: true)`
	`47`	`+ } else {`
	`48`	`+ try keychainUtils.deleteItem(forUsername: username, andServiceName: serviceName)`
	`49`	`+ }`
`46`	`50`	`}`
`47`	`51`	`}`
`48`	`52`
`49`	`53`	`protocol KeychainAccessible {`
`50`	`54`	`func getPassword(for username: String, serviceName: String) throws -> String`
`51`		`- func setPassword(for username: String, to newValue: String, serviceName: String) throws`
	`55`	`+ func setPassword(for username: String, to newValue: String?, serviceName: String) throws`
`52`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,11 @@ class TestKeychain: KeychainAccessible {`
`21`	`21`	`return keychainItem.password`
`22`	`22`	`}`
`23`	`23`
`24`		`- func setPassword(for username: String, to newValue: String, serviceName: String) throws {`
`25`		`- keychain[serviceName] = KeychainItem(username: username, password: newValue)`
	`24`	`+ func setPassword(for username: String, to newValue: String?, serviceName: String) throws {`
	`25`	`+ if let newValue {`
	`26`	`+ keychain[serviceName] = KeychainItem(username: username, password: newValue)`
	`27`	`+ } else {`
	`28`	`+ keychain[serviceName] = nil`
	`29`	`+ }`
`26`	`30`	`}`
`27`	`31`	`}`