Merge pull request #7787 from woocommerce/issue/7370-cookie-authentication-webview

itsmeichigo · web-flow · commit 7b8a062c88d6 · 2022-09-29T18:04:41.000+07:00
Login: Handle cookie authentication in Authenticated web view
diff --git a/WooCommerce/Classes/Authentication/AuthenticatedWebViewController.swift b/WooCommerce/Classes/Authentication/AuthenticatedWebViewController.swift
@@ -1,6 +1,7 @@
 import Combine
 import UIKit
 import WebKit
+import struct WordPressAuthenticator.WordPressOrgCredentials
 
 /// A web view which is authenticated for WordPress.com, when possible.
 ///
@@ -26,8 +27,13 @@ final class AuthenticatedWebViewController: UIViewController {
     /// Strong reference for the subscription to update progress bar
     private var subscriptions: Set<AnyCancellable> = []
 
-    init(viewModel: AuthenticatedWebViewModel) {
+    /// Optional credentials for authenticating with WP.org
+    ///
+    private let wporgCredentials: WordPressOrgCredentials?
+
+    init(viewModel: AuthenticatedWebViewModel, wporgCredentials: WordPressOrgCredentials? = nil) {
         self.viewModel = viewModel
+        self.wporgCredentials = wporgCredentials
         super.init(nibName: nil, bundle: nil)
     }
 
@@ -87,9 +93,6 @@ private extension AuthenticatedWebViewController {
     }
 
     func startLoading() {
-        guard let url = viewModel.initialURL else {
-            return
-        }
         webView.publisher(for: \.estimatedProgress)
             .sink { [weak self] progress in
                 if progress == 1 {
@@ -102,10 +105,29 @@ private extension AuthenticatedWebViewController {
 
         webView.publisher(for: \.url)
             .sink { [weak self] url in
-                self?.viewModel.handleRedirect(for: url)
+                guard let self else { return }
+                let initialURL = self.viewModel.initialURL
+                // avoids infinite loop if the initial url happens to be the nonce retrieval path.
+                if url?.absoluteString.contains(WKWebView.wporgNoncePath) == true,
+                   initialURL?.absoluteString.contains(WKWebView.wporgNoncePath) != true {
+                    self.loadContent()
+                } else {
+                    self.viewModel.handleRedirect(for: url)
+                }
             }
             .store(in: &subscriptions)
 
+        if let wporgCredentials, let request = try? webView.authenticateForWPOrg(with: wporgCredentials) {
+            webView.load(request)
+        } else {
+            loadContent()
+        }
+    }
+
+    private func loadContent() {
+        guard let url = viewModel.initialURL else {
+            return
+        }
         if let credentials = ServiceLocator.stores.sessionManager.defaultCredentials {
             webView.authenticateForWPComAndRedirect(to: url, credentials: credentials)
         } else {
diff --git a/WooCommerce/Classes/Authentication/AuthenticatedWebViewModel.swift b/WooCommerce/Classes/Authentication/AuthenticatedWebViewModel.swift
@@ -1,5 +1,6 @@
 import Foundation
 import WebKit
+import WordPressAuthenticator
 
 /// Abstracts different configurations and logic for web view controllers
 /// which are authenticated for WordPress.com, where possible
diff --git a/WooCommerce/Classes/Authentication/AuthenticationManager.swift b/WooCommerce/Classes/Authentication/AuthenticationManager.swift
@@ -553,7 +553,9 @@ private extension AuthenticationManager {
                              with credentials: AuthenticatorCredentials,
                              in navigationController: UINavigationController,
                              onDismiss: @escaping () -> Void) {
-        let viewModel = JetpackErrorViewModel(siteURL: siteURL, onJetpackSetupCompletion: { [weak self] authorizedEmailAddress in
+        let viewModel = JetpackErrorViewModel(siteURL: siteURL,
+                                              siteCredentials: credentials.wporg,
+                                              onJetpackSetupCompletion: { [weak self] authorizedEmailAddress in
             guard let self = self else { return }
             // Resets the referenced site since the setup completed now.
             self.currentSelfHostedSite = nil
@@ -586,10 +588,13 @@ private extension AuthenticationManager {
     }
 
     /// The error screen to be displayed when the user enters a site
-    /// without Jetpack in the site discovery flow
+    /// without Jetpack in the site discovery flow.
+    /// More about this flow: pe5sF9-mz-p2.
     ///
     func jetpackErrorUI(for siteURL: String, with matcher: ULAccountMatcher, in navigationController: UINavigationController) -> UIViewController {
-        let viewModel = JetpackErrorViewModel(siteURL: siteURL, onJetpackSetupCompletion: { [weak self] authorizedEmailAddress in
+        let viewModel = JetpackErrorViewModel(siteURL: siteURL,
+                                              siteCredentials: nil,
+                                              onJetpackSetupCompletion: { [weak self] authorizedEmailAddress in
             guard let self = self else { return }
 
             // Tries re-syncing to get an updated store list
@@ -667,6 +672,7 @@ private extension AuthenticationManager {
     }
 
     /// Appropriate error to display for a site when entered from the site discovery flow.
+    /// More about this flow: pe5sF9-mz-p2
     ///
     func errorUI(for site: WordPressComSiteInfo, in navigationController: UINavigationController) -> UIViewController {
         guard site.isWP else {
diff --git a/WooCommerce/Classes/Authentication/Navigation Exceptions/JetpackErrorViewModel.swift b/WooCommerce/Classes/Authentication/Navigation Exceptions/JetpackErrorViewModel.swift
@@ -8,15 +8,18 @@ import WordPressUI
 /// an error when Jetpack is not installed or is not connected
 struct JetpackErrorViewModel: ULErrorViewModel {
     private let siteURL: String
+    private let siteCredentials: WordPressOrgCredentials?
     private let analytics: Analytics
     private let jetpackSetupCompletionHandler: (String?) -> Void
     private let authentication: Authentication
 
     init(siteURL: String?,
+         siteCredentials: WordPressOrgCredentials?,
          analytics: Analytics = ServiceLocator.analytics,
          authentication: Authentication = ServiceLocator.authenticationManager,
          onJetpackSetupCompletion: @escaping (String?) -> Void) {
         self.siteURL = siteURL ?? Localization.yourSite
+        self.siteCredentials = siteCredentials
         self.analytics = analytics
         self.authentication = authentication
         self.jetpackSetupCompletionHandler = onJetpackSetupCompletion
@@ -62,8 +65,10 @@ struct JetpackErrorViewModel: ULErrorViewModel {
             return
         }
 
-        let viewModel = JetpackSetupWebViewModel(siteURL: siteURL, analytics: analytics, onCompletion: jetpackSetupCompletionHandler)
-        let connectionController = AuthenticatedWebViewController(viewModel: viewModel)
+        let viewModel = JetpackSetupWebViewModel(siteURL: siteURL,
+                                                 analytics: analytics,
+                                                 onCompletion: jetpackSetupCompletionHandler)
+        let connectionController = AuthenticatedWebViewController(viewModel: viewModel, wporgCredentials: siteCredentials)
         viewController.navigationController?.show(connectionController, sender: nil)
     }
 
@@ -104,8 +109,8 @@ private extension JetpackErrorViewModel {
                                                      comment: "Button linking to webview that explains what Jetpack is"
                                                         + "Presented when logging in with a site address that does not have a valid Jetpack installation")
 
-        static let primaryButtonTitle = NSLocalizedString("Install Jetpack",
-                                                          comment: "Action button for installing Jetpack."
+        static let primaryButtonTitle = NSLocalizedString("Set up Jetpack",
+                                                          comment: "Action button for setting up Jetpack."
                                                           + "Presented when logging in with a site address that does not have a valid Jetpack installation")
 
         static let secondaryButtonTitle = NSLocalizedString("Log In With Another Account",
diff --git a/WooCommerce/Classes/Authentication/Navigation Exceptions/JetpackSetupWebViewModel.swift b/WooCommerce/Classes/Authentication/Navigation Exceptions/JetpackSetupWebViewModel.swift
@@ -15,7 +15,9 @@ final class JetpackSetupWebViewModel: AuthenticatedWebViewModel {
     /// The email address that the user uses to authorize Jetpack
     private var authorizedEmailAddress: String?
 
-    init(siteURL: String, analytics: Analytics = ServiceLocator.analytics, onCompletion: @escaping (String?) -> Void) {
+    init(siteURL: String,
+         analytics: Analytics = ServiceLocator.analytics,
+         onCompletion: @escaping (String?) -> Void) {
         self.siteURL = siteURL
         self.analytics = analytics
         self.completionHandler = onCompletion
diff --git a/WooCommerce/Classes/Extensions/WKWebView+Authenticated.swift b/WooCommerce/Classes/Extensions/WKWebView+Authenticated.swift
@@ -1,12 +1,32 @@
 import Alamofire
 import Foundation
 import WebKit
+import struct WordPressAuthenticator.WordPressOrgCredentials
 import struct Yosemite.Credentials
 import class Networking.UserAgent
 
 /// An extension to authenticate WPCom automatically
 ///
 extension WKWebView {
+    static let wporgNoncePath = "/admin-ajax.php?action=rest-nonce"
+
+    /// Cookie authentication following WordPressKit implementation:
+    /// https://github.com/wordpress-mobile/WordPressKit-iOS/blob/trunk/WordPressKit/Authenticator.swift
+    ///
+    func authenticateForWPOrg(with credentials: WordPressOrgCredentials) throws -> URLRequest {
+        var request = try URLRequest(url: credentials.loginURL.asURL(), method: .post)
+        request.httpShouldHandleCookies = true
+
+        let redirectLink = (credentials.adminURL + Self.wporgNoncePath)
+            .addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)
+
+        let parameters = ["log": credentials.username,
+                          "pwd": credentials.password,
+                          "redirect_to": redirectLink ?? ""]
+
+        return try URLEncoding.default.encode(request, with: parameters)
+    }
+
     func authenticateForWPComAndRedirect(to url: URL, credentials: Credentials?) {
         customUserAgent = UserAgent.defaultUserAgent
         do {
diff --git a/WooCommerce/WooCommerceTests/Authentication/JetpackErrorViewModelTests.swift b/WooCommerce/WooCommerceTests/Authentication/JetpackErrorViewModelTests.swift
@@ -22,7 +22,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_image() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // When
         let image = viewModel.image
@@ -33,7 +33,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_visibility_for_auxiliary_button() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // When
         let isVisible = viewModel.isAuxiliaryButtonHidden
@@ -44,7 +44,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_title_for_auxiliary_button() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // When
         let auxiliaryButtonTitle = viewModel.auxiliaryButtonTitle
@@ -55,7 +55,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_title_for_primary_button() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // When
         let primaryButtonTitle = viewModel.primaryButtonTitle
@@ -66,7 +66,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_title_for_secondary_button() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // When
         let secondaryButtonTitle = viewModel.secondaryButtonTitle
@@ -77,15 +77,15 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewmodel_provides_expected_title_for_right_bar_button_item() {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil) { _ in }
 
         // Then
         XCTAssertEqual(viewModel.rightBarButtonItemTitle, Expectations.helpBarButtonItemTitle)
     }
 
     func test_viewModel_logs_an_event_when_viewDidLoad_is_triggered() throws {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, analytics: analytics) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil, analytics: analytics) { _ in }
 
         assertEmpty(analyticsProvider.receivedEvents)
 
@@ -99,7 +99,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewModel_logs_an_event_when_install_jetpack_button_is_tapped() throws {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, analytics: analytics) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil, analytics: analytics) { _ in }
 
         assertEmpty(analyticsProvider.receivedEvents)
 
@@ -113,7 +113,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
 
     func test_viewModel_logs_an_event_when_the_what_is_jetpack_button_is_tapped() throws {
         // Given
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, analytics: analytics) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil, analytics: analytics) { _ in }
 
         assertEmpty(analyticsProvider.receivedEvents)
 
@@ -128,7 +128,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
     func test_viewModel_invokes_present_support_when_the_help_button_is_tapped() throws {
         // Given
         let mockAuthentication = MockAuthentication()
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, authentication: mockAuthentication) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil, authentication: mockAuthentication) { _ in }
 
         // When
         viewModel.didTapRightBarButtonItem(in: UIViewController())
@@ -140,7 +140,7 @@ final class JetpackErrorViewModelTests: XCTestCase {
     func test_viewModel_sends_correct_screen_value_in_present_support_method() throws {
         // Given
         let mockAuthentication = MockAuthentication()
-        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, authentication: mockAuthentication) { _ in }
+        let viewModel = JetpackErrorViewModel(siteURL: Expectations.url, siteCredentials: nil, authentication: mockAuthentication) { _ in }
 
         // When
         viewModel.didTapRightBarButtonItem(in: UIViewController())
@@ -158,8 +158,8 @@ private extension JetpackErrorViewModelTests {
         static let whatIsJetpack = NSLocalizedString("What is Jetpack?",
                                                      comment: "Button linking to webview that explains what Jetpack is"
                                                         + "Presented when logging in with a site address that does not have a valid Jetpack installation")
-        static let primaryButtonTitle = NSLocalizedString("Install Jetpack",
-                                                          comment: "Action button for installing Jetpack."
+        static let primaryButtonTitle = NSLocalizedString("Set up Jetpack",
+                                                          comment: "Action button for setting up Jetpack."
                                                           + "Presented when logging in with a site address that does not have a valid Jetpack installation")
 
         static let secondaryButtonTitle = NSLocalizedString("Log In With Another Account",
