feat: GutenbergKit requires app password for self-hosted sites (#22194)

* feat: Gate GutenbergKit with app password

An application password is necessary for sites without a Jetpack
connection, otherwise REST API requests fail, as GutenbergKit does not
support cookie authentication.

* style: Disable return count warning

Postpone larger refactors as technical debt.

Author: dcalhoun

WordPress/src/main/java/org/wordpress/android/ui/posts/GutenbergKitActivity.kt

@@ -109,6 +109,7 @@ import org.wordpress.android.imageeditor.preview.PreviewImageFragment.Companion.
 import org.wordpress.android.support.ZendeskHelper
 import org.wordpress.android.ui.ActivityId
 import org.wordpress.android.ui.ActivityLauncher
+import org.wordpress.android.ui.ActivityNavigator
 import org.wordpress.android.ui.PrivateAtCookieRefreshProgressDialog.Companion.dismissIfNecessary
 import org.wordpress.android.ui.PrivateAtCookieRefreshProgressDialog.Companion.isShowing
 import org.wordpress.android.ui.PrivateAtCookieRefreshProgressDialog.Companion.showIfNecessary
@@ -377,6 +378,8 @@ class GutenbergKitActivity : BaseAppCompatActivity(), EditorImageSettingsListene
     @Inject lateinit var gutenbergKitPluginsFeature: GutenbergKitPluginsFeature
     @Inject lateinit var experimentalFeatures: ExperimentalFeatures
 
+    @Inject lateinit var activityNavigator: ActivityNavigator
+
     @Inject lateinit var viewModelFactory: ViewModelProvider.Factory
     @Inject lateinit var storePostViewModel: StorePostViewModel
     @Inject lateinit var storageUtilsViewModel: StorageUtilsViewModel
@@ -470,7 +473,7 @@ class GutenbergKitActivity : BaseAppCompatActivity(), EditorImageSettingsListene
         }
     }
 
-    @Suppress("LongMethod", "ComplexMethod")
+    @Suppress("LongMethod", "ComplexMethod", "ReturnCount")
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         (application as WordPress).component().inject(this)
@@ -499,6 +502,16 @@ class GutenbergKitActivity : BaseAppCompatActivity(), EditorImageSettingsListene
             return
         }
 
+        if (shouldRequireApplicationPassword()) {
+            activityNavigator.navigateToApplicationPasswordRequired(
+                this,
+               siteModel.url,
+               resources.getString(R.string.application_password_required_block_editor)
+            )
+            finish()
+            return
+        }
+
         isLandingEditor = intent.extras?.getBoolean(EditorConstants.EXTRA_IS_LANDING_EDITOR) ?: false
 
         refreshMobileEditorFromSiteSetting()
@@ -615,6 +628,14 @@ class GutenbergKitActivity : BaseAppCompatActivity(), EditorImageSettingsListene
         return true
     }
 
+    private fun shouldRequireApplicationPassword(): Boolean {
+        return site.apiRestPasswordPlain.isNullOrEmpty() &&
+                !siteModel.isWPCom &&
+                !siteModel.isJetpackConnected &&
+                experimentalFeatures.isEnabled(Feature.EXPERIMENTAL_BLOCK_EDITOR) &&
+                !experimentalFeatures.isEnabled(Feature.DISABLE_EXPERIMENTAL_BLOCK_EDITOR)
+    }
+
     private fun refreshMobileEditorFromSiteSetting() {
         // Make sure to use the latest fresh info about the site we've in the DB set only the editor setting for now
         siteStore.getSiteByLocalId(siteModel.id)?.let {

WordPress/src/main/res/values/strings.xml

@@ -5061,6 +5061,7 @@ translators: %s: Select control option value e.g: "Auto, 25%". -->
     <string name="application_password_invalid_description">Your application password no longer exists. Please sign in again to create a new application password </string>
     <string name="application_password_required">Application Password Required</string>
     <string name="application_password_required_description">Application passwords are a more secure way to connect to your self-hosted site, and enable support for features like %1$s.</string>
+    <string name="application_password_required_block_editor">Block Editor</string>
     <string name="application_password_required_description_default">Application passwords are a more secure way to connect to your self-hosted site, and enable new features support.</string>
     <string name="application_password_disable_feature_title">Disable Application Password?</string>
     <string name="application_password_disable_feature_description">Disabling Application Password will remove the login for %1$s of your sites. You may need to re-add affected sites to login again.</string>