Introduce WpAppNotifier (#693)

* Introduce `WpAppNotifier`

* Generate an app notification for 401 responses

* Adds `test_notification_unauthorized_request`

* Use an invalid password for test_notification_unauthorized_request

* Remove `WpApiNotification` in favor of individual functions

* Check current application password in `is_unauthorized_request`

* Rename WpAppNotifier::unauthorized_request to authentication_becomes_invalid

* Simplify is_unauthorized_request implementation

* Add `has_valid_authentication` method to request executors

* Adds `IsValidAuthenticationResult`

* Rename `authentication_becomes_invalid` as `requested_with_invalid_authentication`

* Add `Err` prefix to IsValidAuthenticationResult error variants

* Add WpAppNotifier to Kotlin WpApiClient

* Fix Swift compiling issues

* Don't request `/application-passwords/introspect` if response is already unauthorized

* Rename is_valid_authentication as fetch_authentication_state and return a Result

---------

Co-authored-by: Tony Li <[email protected]>

Author: oguzkocer

jetpack/src/client.rs

@@ -1,11 +1,10 @@
+use super::endpoint::connection_endpoint::{ConnectionRequestBuilder, ConnectionRequestExecutor};
 use std::sync::Arc;
 use wp_api::{
     ParsedUrl, WpApiClientDelegate, api_client_generate_api_client,
     api_client_generate_endpoint_impl, auth::WpAuthenticationProvider,
 };
 
-use super::endpoint::connection_endpoint::{ConnectionRequestBuilder, ConnectionRequestExecutor};
-
 #[derive(uniffi::Object)]
 struct UniffiJetpackApiRequestBuilder {
     inner: JetpackApiRequestBuilder,

jetpack/src/connection.rs

@@ -180,10 +180,11 @@ impl JetpackConnectionClient {
             .map_err(JetpackConnectionClientError::Unhandled)?
             .data;
 
-        let wp_com_client = WpComApiClient::new(wp_api::WpApiClientDelegate {
+        let wp_com_client = WpComApiClient::new(WpApiClientDelegate {
             auth_provider: WpAuthenticationProvider::static_with_auth(wp_com_authentication).into(),
             request_executor: self.delegate.request_executor.clone(),
             middleware_pipeline: self.delegate.middleware_pipeline.clone(),
+            app_notifier: self.delegate.app_notifier.clone(),
         });
         let params = JetpackRemoteConnectionParams {
             secret: provision_info.secret,

native/kotlin/api/kotlin/src/main/kotlin/rs/wordpress/api/kotlin/WpApiClient.kt

@@ -9,6 +9,7 @@ import uniffi.wp_api.UniffiWpApiClient
 import uniffi.wp_api.WpApiClientDelegate
 import uniffi.wp_api.WpApiException
 import uniffi.wp_api.WpApiMiddlewarePipeline
+import uniffi.wp_api.WpAppNotifier
 import uniffi.wp_api.WpAuthenticationProvider
 
 class WpApiClient
@@ -17,6 +18,7 @@ constructor(
     apiRootUrl: ParsedUrl,
     authProvider: WpAuthenticationProvider,
     private val requestExecutor: RequestExecutor = WpRequestExecutor(),
+    private val appNotifier: WpAppNotifier = EmptyAppNotifier(),
     private val dispatcher: CoroutineDispatcher = Dispatchers.IO
 ) {
     // Don't expose `WpRequestBuilder` directly so we can control how it's used
@@ -26,7 +28,8 @@ constructor(
             WpApiClientDelegate(
                 authProvider,
                 requestExecutor = requestExecutor,
-                middlewarePipeline = WpApiMiddlewarePipeline(emptyList())
+                middlewarePipeline = WpApiMiddlewarePipeline(emptyList()),
+                appNotifier
             )
         )
     }
@@ -76,3 +79,9 @@ constructor(
         }
     }
 }
+
+class EmptyAppNotifier : WpAppNotifier {
+    override suspend fun requestedWithInvalidAuthentication() {
+        // no-op
+    }
+}

native/swift/Sources/wordpress-api/JetpackConnectionClient+Extensions.swift

@@ -17,7 +17,8 @@ extension JetpackConnectionClient {
             delegate: .init(
                 authProvider: .staticWithAuth(auth: authentication),
                 requestExecutor: WpRequestExecutor(urlSession: urlSession),
-                middlewarePipeline: middlewarePipeline
+                middlewarePipeline: middlewarePipeline,
+                appNotifier: NoopAppNotifier()
             )
         )
     }

native/swift/Sources/wordpress-api/WordPressAPI.swift

@@ -35,7 +35,8 @@ public actor WordPressAPI {
             delegate: .init(
                 authProvider: .staticWithAuth(auth: authenticationStategy),
                 requestExecutor: executor,
-                middlewarePipeline: middlewarePipeline
+                middlewarePipeline: middlewarePipeline,
+                appNotifier: NoopAppNotifier()
             )
         )
     }
@@ -169,3 +170,9 @@ public extension ParsedUrl {
         try parse(input: url.absoluteString)
     }
 }
+
+class NoopAppNotifier: @unchecked Sendable, WpAppNotifier {
+    func requestedWithInvalidAuthentication() async {
+        // Do nothing.
+    }
+}

wp_api/src/api_client.rs

@@ -1,9 +1,7 @@
-use crate::auth::WpAuthenticationProvider;
 use crate::{
-    ParsedUrl, api_client_generate_api_client, api_client_generate_endpoint_impl,
+    ParsedUrl, WpAppNotifier, api_client_generate_api_client, api_client_generate_endpoint_impl,
     api_client_generate_request_builder,
-};
-use crate::{
+    auth::WpAuthenticationProvider,
     middleware::WpApiMiddlewarePipeline,
     request::{
         RequestExecutor,
@@ -152,6 +150,7 @@ pub struct WpApiClientDelegate {
     pub auth_provider: Arc<WpAuthenticationProvider>,
     pub request_executor: Arc<dyn RequestExecutor>,
     pub middleware_pipeline: Arc<WpApiMiddlewarePipeline>,
+    pub app_notifier: Arc<dyn WpAppNotifier>,
 }
 
 pub trait IsWpApiClientDelegate {

wp_api/src/api_error.rs

@@ -12,6 +12,12 @@ where
     fn as_parse_error(reason: String, response: String) -> Self;
 }
 
+pub trait MaybeWpError {
+    fn wp_error_code(&self) -> Option<&WpErrorCode>;
+
+    fn is_unauthorized_error(&self) -> Option<bool>;
+}
+
 #[derive(Debug, PartialEq, Eq, thiserror::Error, uniffi::Error, WpDeriveLocalizable)]
 pub enum WpApiError {
     InvalidHttpStatusCode {
@@ -44,6 +50,36 @@ pub enum WpApiError {
     },
 }
 
+impl MaybeWpError for WpApiError {
+    fn wp_error_code(&self) -> Option<&WpErrorCode> {
+        match self {
+            WpApiError::WpError { error_code, .. } => Some(error_code),
+            _ => None,
+        }
+    }
+
+    fn is_unauthorized_error(&self) -> Option<bool> {
+        self.wp_error_code().map(|e| e.is_unauthorized())
+    }
+}
+
+impl<T, E> MaybeWpError for Result<T, E>
+where
+    E: MaybeWpError,
+{
+    fn wp_error_code(&self) -> Option<&WpErrorCode> {
+        if let Err(e) = self {
+            e.wp_error_code()
+        } else {
+            None
+        }
+    }
+
+    fn is_unauthorized_error(&self) -> Option<bool> {
+        self.wp_error_code().map(|e| e.is_unauthorized())
+    }
+}
+
 impl WpSupportsLocalization for WpApiError {
     fn message_bundle(&self) -> MessageBundle {
         match self {
@@ -431,6 +467,12 @@ pub enum WpErrorCode {
     CustomError(String),
 }
 
+impl WpErrorCode {
+    fn is_unauthorized(&self) -> bool {
+        self == &Self::Unauthorized
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq, thiserror::Error, uniffi::Error, WpDeriveLocalizable)]
 pub enum RequestExecutionError {
     RequestExecutionFailed {

wp_api/src/lib.rs

@@ -2,7 +2,7 @@ pub use api_client::{
     IsWpApiClientDelegate, WpApiClient, WpApiClientDelegate, WpApiRequestBuilder,
 };
 pub use api_error::{
-    InvalidSslErrorReason, MediaUploadRequestExecutionError, ParsedRequestError,
+    InvalidSslErrorReason, MaybeWpError, MediaUploadRequestExecutionError, ParsedRequestError,
     RequestExecutionError, RequestExecutionErrorReason, WpApiError, WpError, WpErrorCode,
 };
 pub use parsed_url::{ParseUrlError, ParsedUrl};
@@ -191,6 +191,12 @@ pub enum IntegerOrString {
     String(String),
 }
 
+#[uniffi::export(with_foreign)]
+#[async_trait::async_trait]
+pub trait WpAppNotifier: Send + Sync + std::fmt::Debug {
+    async fn requested_with_invalid_authentication(&self);
+}
+
 #[macro_export]
 macro_rules! generate {
     ($type_name:ident) => {

wp_api/src/request.rs

@@ -1,13 +1,16 @@
 use self::endpoint::WpEndpointUrl;
-use crate::RequestExecutionErrorReason;
-use crate::auth::WpAuthenticationProvider;
 use crate::{
-    WpApiError,
+    ParsedUrl, RequestExecutionErrorReason, WpApiError, WpErrorCode,
     api_error::{MediaUploadRequestExecutionError, ParsedRequestError, RequestExecutionError},
+    auth::WpAuthenticationProvider,
     url_query::{FromUrlQueryPairs, UrlQueryPairsMap},
 };
 use base64::Engine;
 use chrono::{DateTime, Utc};
+use endpoint::application_passwords_endpoint::{
+    ApplicationPasswordsRequestBuilder,
+    ApplicationPasswordsRequestRetrieveCurrentWithEditContextResponse,
+};
 use endpoint::{ApiEndpointUrl, media_endpoint::MediaUploadRequest};
 use http::{HeaderMap, HeaderName, HeaderValue};
 use regex::Regex;
@@ -753,6 +756,48 @@ pub fn is_valid_json(value: impl AsRef<str>) -> bool {
     serde_json::from_str::<serde_json::Value>(value.as_ref()).is_ok()
 }
 
+#[uniffi::export]
+pub async fn fetch_authentication_state(
+    request_executor: Arc<dyn RequestExecutor>,
+    api_root_url: Arc<ParsedUrl>,
+    authentication_provider: Arc<WpAuthenticationProvider>,
+) -> Result<AuthenticationState, WpApiError> {
+    let request = ApplicationPasswordsRequestBuilder::new(api_root_url, authentication_provider)
+        .retrieve_current_with_edit_context()
+        .into();
+    let response = request_executor.execute(request).await?;
+    let parsed_res: Result<
+        ApplicationPasswordsRequestRetrieveCurrentWithEditContextResponse,
+        WpApiError,
+    > = response.parse();
+    match parsed_res {
+        Ok(_) => Ok(AuthenticationState::Authenticated),
+        Err(wp_api_error) => {
+            if let WpApiError::WpError {
+                error_code: WpErrorCode::Unauthorized,
+                ..
+            } = wp_api_error
+            {
+                Ok(AuthenticationState::Unauthorized)
+            } else {
+                Err(wp_api_error)
+            }
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, uniffi::Enum)]
+pub enum AuthenticationState {
+    Authenticated,
+    Unauthorized,
+}
+
+impl AuthenticationState {
+    pub fn is_unauthorized(&self) -> bool {
+        self == &Self::Unauthorized
+    }
+}
+
 pub mod user_agent {
     #[uniffi::export]
     pub fn default_user_agent(client_specific_postfix: &str) -> String {

wp_api_integration_tests/src/lib.rs

@@ -1,7 +1,8 @@
+use async_trait::async_trait;
 use std::sync::Arc;
 use url::Url;
 use wp_api::{
-    ParsedUrl, WpApiClient, WpApiClientDelegate, WpApiError, WpErrorCode,
+    ParsedUrl, WpApiClient, WpApiClientDelegate, WpApiError, WpAppNotifier, WpErrorCode,
     auth::WpAuthenticationProvider, categories::CategoryId, comments::CommentId,
     date::WpGmtDateTime, media::MediaId, middleware::WpApiMiddlewarePipeline, posts::PostId,
     reqwest_request_executor::ReqwestRequestExecutor, tags::TagId, users::UserId,
@@ -82,6 +83,7 @@ pub fn api_client() -> WpApiClient {
             )),
             request_executor: Arc::new(ReqwestRequestExecutor::default()),
             middleware_pipeline: Arc::new(WpApiMiddlewarePipeline::default()),
+            app_notifier: Arc::new(EmptyAppNotifier),
         },
     )
 }
@@ -96,6 +98,7 @@ pub fn api_client_as_author() -> WpApiClient {
             )),
             request_executor: Arc::new(ReqwestRequestExecutor::default()),
             middleware_pipeline: Arc::new(WpApiMiddlewarePipeline::default()),
+            app_notifier: Arc::new(EmptyAppNotifier),
         },
     )
 }
@@ -110,17 +113,7 @@ pub fn api_client_as_subscriber() -> WpApiClient {
             )),
             request_executor: Arc::new(ReqwestRequestExecutor::default()),
             middleware_pipeline: Arc::new(WpApiMiddlewarePipeline::default()),
-        },
-    )
-}
-
-pub fn api_client_as_unauthenticated() -> WpApiClient {
-    WpApiClient::new(
-        test_site_url(),
-        WpApiClientDelegate {
-            auth_provider: Arc::new(WpAuthenticationProvider::none()),
-            request_executor: Arc::new(ReqwestRequestExecutor::default()),
-            middleware_pipeline: Arc::new(WpApiMiddlewarePipeline::default()),
+            app_notifier: Arc::new(EmptyAppNotifier),
         },
     )
 }
@@ -132,6 +125,7 @@ pub fn api_client_with_auth_provider(auth_provider: Arc<WpAuthenticationProvider
             auth_provider,
             request_executor: Arc::new(ReqwestRequestExecutor::default()),
             middleware_pipeline: Arc::new(WpApiMiddlewarePipeline::default()),
+            app_notifier: Arc::new(EmptyAppNotifier),
         },
     )
 }
@@ -187,3 +181,13 @@ impl<T: std::fmt::Debug, E: std::error::Error> AssertResponse for Result<T, E> {
 pub fn unwrapped_wp_gmt_date_time(s: &str) -> WpGmtDateTime {
     s.parse::<WpGmtDateTime>().expect("Expected a valid date")
 }
+
+#[derive(Debug)]
+pub struct EmptyAppNotifier;
+
+#[async_trait]
+impl WpAppNotifier for EmptyAppNotifier {
+    async fn requested_with_invalid_authentication(&self) {
+        // no-op
+    }
+}