Merge release/25.9 into trunk (#24530)

* Bump version number

* Update draft release notes for 25.9

* Update draft release notes for 25.9

* Release Notes: add new section for next version (26.0)

* Application passwords reauthentication flow (#24522)

* Update wordpress-rs

* Do not overwrite account passwords with application passwords

* Prompt for re-authentication when the application password becomes invalid

* Fix unit tests compiling issues

* Delete `ApplicationPasswordUpdatedViewModifier`

* Update an unit test

Blog.password was overwritten to the new application password. We no
longer do that anymore.

* Add/more error logging (#24527)

* Improve error when loading notification settings

It previously displayed an unhelpful error message

* Log failures to fetch dashboard cards

* Use error message, if available

* Fix comment

* Update strings for localization

---------

Co-authored-by: Tony Li <[email protected]>
Co-authored-by: Jeremy Massel <[email protected]>

Author: 3 people

Modules/Package.swift

@@ -51,9 +51,8 @@ let package = Package(
         .package(url: "https://github.com/wordpress-mobile/WordPressKit-iOS", branch: "wpios-edition"),
         .package(url: "https://github.com/zendesk/support_sdk_ios", from: "8.0.3"),
         // We can't use wordpress-rs branches nor commits here. Only tags work.
-        .package(url: "https://github.com/Automattic/wordpress-rs", revision: "alpha-20250411"),
-        .package(url: "https://github.com/wordpress-mobile/GutenbergKit", from:
-        "0.2.0"),
+        .package(url: "https://github.com/Automattic/wordpress-rs", revision: "alpha-20250505"),
+        .package(url: "https://github.com/wordpress-mobile/GutenbergKit", from: "0.2.0"),
         .package(url: "https://github.com/Automattic/color-studio", branch: "trunk"),
         .package(url: "https://github.com/wordpress-mobile/AztecEditor-iOS", from: "1.20.0"),
     ],

RELEASE-NOTES.txt

@@ -1,3 +1,7 @@
+26.0
+-----
+
+
 25.9
 -----
 

Sources/WordPressData/Swift/Blog+SelfHosted.swift

@@ -24,17 +24,18 @@ public extension Blog {
         using keychainImplementation: KeychainAccessible = KeychainUtils()
     ) async throws -> TaggedManagedObjectID<Blog> {
         try await contextManager.performAndSave { context in
-            let blog = Blog.createBlankBlog(in: context)
+            let blog = Blog.lookup(username: details.userLogin, xmlrpc: xmlrpcEndpointURL.absoluteString, in: context)
+                ?? Blog.createBlankBlog(in: context)
             blog.url = details.siteUrl
             blog.username = details.userLogin
             blog.restApiRootURL = restApiRootURL.absoluteString
             blog.setXMLRPCEndpoint(to: xmlrpcEndpointURL)
             blog.setSiteIdentifier(details.derivedSiteId)
 
-            // `url` and `xmlrpc` need to be set before setting passwords.
+            // `url` and `xmlrpc` need to be set before setting the application password.
             try blog.setApplicationToken(details.password, using: keychainImplementation)
-            // Application token can also be used in XMLRPC.
-            try blog.setPassword(to: details.password, using: keychainImplementation)
+            // We don't overwrite the `Blog.password` with the application password (`details.password`), because we want
+            // the application continues to function when the application password is revoked.
 
             return TaggedManagedObjectID(blog)
         }

Tests/KeystoneTests/Tests/Models/Blog+RestAPITests.swift

@@ -23,6 +23,7 @@ final class Blog_RestAPITests: CoreDataTestCase {
             using: testKeychain
         )
         self.blog = try XCTUnwrap(contextManager.mainContext.fetch(NSFetchRequest<Blog>(entityName: "Blog")).first)
+        try blog.setPassword(to: "account-password", using: testKeychain)
     }
 
     func testThatCreateRestApiBlogStoresUrl() throws {
@@ -33,8 +34,8 @@ final class Blog_RestAPITests: CoreDataTestCase {
         XCTAssertEqual(try blog.getUsername(), loginDetails.userLogin)
     }
 
-    func testThatCreateRestApiBlogStoresPassword() throws {
-        XCTAssertEqual(try blog.getPassword(using: testKeychain), loginDetails.password)
+    func testThatCreateRestApiBlogDoesNotStorePassword() throws {
+        XCTAssertNotEqual(try blog.getPassword(using: testKeychain), loginDetails.password)
     }
 
     func testThatCreateRestApiBlogStoresSiteIdentifier() throws {

Tests/KeystoneTests/Tests/Services/UserListViewModelTests.swift

@@ -16,7 +16,7 @@ class UserListViewModelTests: XCTestCase {
     override func setUp() async throws {
         try await super.setUp()
 
-        let client = try WordPressClient(api: .init(urlSession: .shared, apiRootUrl: .parse(input: "https://example.com/wp-json"), authenticationStategy: .none), rootUrl: .parse(input: "https://example.com"))
+        let client = try WordPressClient(api: .init(urlSession: .shared, apiRootUrl: .parse(input: "https://example.com/wp-json"), authentication: .none), rootUrl: .parse(input: "https://example.com"))
         service = UserService(client: client)
         viewModel = await UserListViewModel(userService: service, currentUserId: 0)
     }

WordPress.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -383,8 +383,8 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/Automattic/wordpress-rs",
       "state" : {
-        "branch" : "alpha-20250411",
-        "revision" : "0de58e944c075cf509d7e13a9b4625dae430d84f"
+        "branch" : "alpha-20250505",
+        "revision" : "645c8a22303e93267d4f1e645f8e01d228fd7e7c"
       }
     },
     {

WordPress/Classes/Login/ApplicationPasswordReAuthenticationView.swift

@@ -0,0 +1,78 @@
+import Foundation
+import UIKit
+import SwiftUI
+import DesignSystem
+
+struct ApplicationPasswordReAuthenticationView: View {
+    let blog: Blog
+    let presenter: UIViewController
+
+    @Environment(\.dismiss) private var dismiss
+    @State private var error: String?
+
+    var body: some View {
+        NavigationView {
+            VStack(spacing: 20) {
+                Image(systemName: "key.slash")
+                    .font(.system(size: 50))
+                    .foregroundColor(.gray)
+
+                Text(Strings.title)
+                    .font(.headline)
+
+                Text(Strings.description)
+                    .font(.body)
+                    .frame(maxWidth: .infinity)
+
+                DSButton(
+                    title: Strings.signInButton,
+                    style: DSButtonStyle(emphasis: .primary, size: .large),
+                    isLoading: .constant(false)
+                ) {
+                    self.error = nil
+
+                    Task { @MainActor in
+                        do {
+                            let _ = try await SelfHostedSiteAuthenticator()
+                                .signIn(
+                                    site: blog.getUrl().absoluteString,
+                                    from: presenter,
+                                    context: .reauthentication(username: blog.getUsername())
+                                )
+
+                            // Automatically dismiss this view upon a successful re-authentication.
+                            dismiss()
+                        } catch {
+                            self.error = error.localizedDescription
+                        }
+                    }
+                }
+
+                if let error {
+                    Text(error)
+                        .font(.body)
+                        .foregroundStyle(.red)
+                        .padding(.horizontal)
+                }
+
+                Spacer()
+            }
+            .padding()
+            .navigationBarTitleDisplayMode(.inline)
+            .toolbar {
+                ToolbarItem(placement: .navigationBarLeading) {
+                    Button(Strings.cancelButton) {
+                        dismiss()
+                    }
+                }
+            }
+        }
+    }
+}
+
+private enum Strings {
+    static let title: String = NSLocalizedString("login.appPasswordReAuth.title", value: "Invalid application password", comment: "Title shown when the application password is invalid")
+    static let description: String = NSLocalizedString("login.appPasswordReAuth.description", value: "The application password assigned to the app no longer exists in your profile.\nPlease sign in again to create a new application password for the app to use.", comment: "Description explaining why the user needs to re-authenticate")
+    static let signInButton: String = NSLocalizedString("login.appPasswordReAuth.signInButton", value: "Sign In", comment: "Button to start the re-authentication process")
+    static let cancelButton: String = NSLocalizedString("login.appPasswordReAuth.cancelButton", value: "Cancel", comment: "Button to dismiss the re-authentication view")
+}

WordPress/Classes/Login/SelfHostedSiteAuthenticator.swift

@@ -10,6 +10,8 @@ import SVProgressHUD
 
 struct SelfHostedSiteAuthenticator {
 
+    static let applicationPasswordUpdated = Foundation.Notification.Name(rawValue: "SelfHostedSiteAuthenticator.applicationPasswordUpdated")
+
     enum SignInContext: Equatable {
         // Sign in to a self-hosted site. Using this context results in automatically reloading the app to display the site dashboard.
         case `default`
@@ -168,9 +170,15 @@ struct SelfHostedSiteAuthenticator {
             throw .savingSiteFailure
         }
 
+        let accountPassword = try? await ContextManager.shared.performQuery {
+            try $0.existingObject(with: blog).password
+        }
         let wporg = WordPressOrgCredentials(
             username: credentials.userLogin,
-            password: credentials.password,
+            // The `sync` call below updates `Blog.password` with the password value here.
+            // In order to separate `Blog.password` and `Blog.applicationPassword`, we pass the account password here
+            // if it exists.
+            password: accountPassword ?? credentials.password,
             xmlrpc: xmlrpc.absoluteString,
             options: blogOptions
         )
@@ -181,8 +189,11 @@ struct SelfHostedSiteAuthenticator {
             }
         }
 
-        if context == .default {
+        switch context {
+        case .default:
             NotificationCenter.default.post(name: Foundation.Notification.Name(rawValue: WordPressAuthenticator.WPSigninDidFinishNotification), object: nil)
+        case .reauthentication:
+            NotificationCenter.default.post(name: Self.applicationPasswordUpdated, object: nil)
         }
 
         return blog

WordPress/Classes/Networking/WordPressClient.swift

@@ -1,11 +1,13 @@
 import Foundation
+import Combine
 import WordPressAPI
+import WordPressAPIInternal
 import WordPressCore
 import WordPressShared
 
 enum WordPressSite {
     case dotCom(authToken: String)
-    case selfHosted(apiRootURL: ParsedUrl, username: String, authToken: String)
+    case selfHosted(blogId: TaggedManagedObjectID<Blog>, apiRootURL: ParsedUrl, username: String, authToken: String)
 
     init(blog: Blog) throws {
         if let account = blog.account {
@@ -14,12 +16,15 @@ enum WordPressSite {
         } else {
             let url = try blog.restApiRootURL ?? blog.getUrl().appending(path: "wp-json").absoluteString
             let apiRootURL = try ParsedUrl.parse(input: url)
-            self = .selfHosted(apiRootURL: apiRootURL, username: try blog.getUsername(), authToken: try blog.getApplicationToken())
+            self = .selfHosted(blogId: TaggedManagedObjectID(blog), apiRootURL: apiRootURL, username: try blog.getUsername(), authToken: try blog.getApplicationToken())
         }
     }
 }
 
 extension WordPressClient {
+    static var requestedWithInvalidAuthenticationNotification: Foundation.Notification.Name {
+        .init("WordPressClient.requestedWithInvalidAuthenticationNotification")
+    }
 
     init(site: WordPressSite) {
         // Currently, the app supports both account passwords and application passwords.
@@ -35,10 +40,17 @@ extension WordPressClient {
         switch site {
         case let .dotCom(authToken):
             let apiRootURL = try! ParsedUrl.parse(input: "https://public-api.wordpress.com")
-            let api = WordPressAPI(urlSession: session, apiRootUrl: apiRootURL, authenticationStategy: .authorizationHeader(token: authToken))
+            let api = WordPressAPI(urlSession: session, apiRootUrl: apiRootURL, authentication: .bearer(token: authToken))
             self.init(api: api, rootUrl: apiRootURL)
-        case let .selfHosted(apiRootURL, username, authToken):
-            let api = WordPressAPI(urlSession: session, apiRootUrl: apiRootURL, authenticationStategy: .init(username: username, password: authToken))
+        case let .selfHosted(blogId, apiRootURL, username, authToken):
+            let provider = AutoUpdateAuthenticationProvider(
+                authentication: .init(username: username, password: authToken),
+                blogId: blogId,
+                coreDataStack: ContextManager.shared
+            )
+            let notifier = AppNotifier()
+            let api = WordPressAPI(urlSession: session, apiRootUrl: apiRootURL, authenticationProvider: .dynamic(dynamicAuthenticationProvider: provider), appNotifier: notifier)
+            notifier.api = api
             self.init(api: api, rootUrl: apiRootURL)
         }
     }
@@ -58,3 +70,49 @@ extension PluginWpOrgDirectorySlug: @retroactive ExpressibleByStringLiteral {
         self.init(slug: stringLiteral)
     }
 }
+
+private final class AutoUpdateAuthenticationProvider: @unchecked Sendable, WpDynamicAuthenticationProvider {
+    private let lock = NSLock()
+    private var authentication: WpAuthentication
+    private var cancellable: AnyCancellable?
+
+    init(authentication: WpAuthentication, blogId: TaggedManagedObjectID<Blog>, coreDataStack: CoreDataStack) {
+        self.authentication = authentication
+        self.cancellable = NotificationCenter.default.publisher(for: SelfHostedSiteAuthenticator.applicationPasswordUpdated).sink { [weak self] _ in
+            guard let self else { return }
+
+            self.lock.lock()
+            defer {
+                self.lock.unlock()
+            }
+
+            self.authentication = coreDataStack.performQuery { context in
+                guard let blog = try? context.existingObject(with: blogId),
+                   let username = try? blog.getUsername(),
+                   let password = try? blog.getApplicationToken()
+                else {
+                    return WpAuthentication.none
+                }
+
+                return WpAuthentication(username: username, password: password)
+            }
+        }
+    }
+
+    func auth() -> WordPressAPIInternal.WpAuthentication {
+        lock.lock()
+        defer {
+            lock.unlock()
+        }
+
+        return self.authentication
+    }
+}
+
+private class AppNotifier: @unchecked Sendable, WpAppNotifier {
+    weak var api: WordPressAPI?
+
+    func requestedWithInvalidAuthentication() async {
+        NotificationCenter.default.post(name: WordPressClient.requestedWithInvalidAuthenticationNotification, object: api)
+    }
+}

WordPress/Classes/Plugins/Views/InstalledPluginsListView.swift

@@ -54,6 +54,9 @@ struct InstalledPluginsListView: View {
                 AddNewPluginView(service: viewModel.service)
             }
         }
+        .onApplicationPasswordUpdate {
+            Task { await viewModel.refreshItems() }
+        }
         .task {
             await viewModel.onAppear()
         }
@@ -217,6 +220,7 @@ private final class InstalledPluginsListViewModel: ObservableObject {
         isRefreshing = true
         defer { isRefreshing = false }
 
+        self.error = nil
         self.showNoPluginsView = false
 
         do {
@@ -281,3 +285,11 @@ private final class InstalledPluginsListViewModel: ObservableObject {
 
     }
 }
+
+extension View {
+    func onApplicationPasswordUpdate(action: @escaping () -> Void) -> some View {
+        onReceive(NotificationCenter.default.publisher(for: SelfHostedSiteAuthenticator.applicationPasswordUpdated)) { _ in
+            action()
+        }
+    }
+}

WordPress/Classes/Users/ViewModel/UserListViewModel.swift

@@ -113,6 +113,7 @@ class UserListViewModel: ObservableObject {
         refreshItemsTask?.cancel()
         refreshItemsTask = Task {
             isRefreshing = true
+            self.error = nil
             defer { isRefreshing = false }
             do {
                 try await userService.fetchUsers()

WordPress/Classes/Users/Views/UserListView.swift

@@ -59,6 +59,9 @@ public struct UserListView: View {
                 }
             }
         }
+        .onApplicationPasswordUpdate {
+            Task { await viewModel.refreshItems() }
+        }
         .task(id: viewModel.mode) {
             await viewModel.performQuery()
         }

WordPress/Classes/ViewRelated/Blog/Blog Dashboard/Service/BlogDashboardService.swift

@@ -70,7 +70,8 @@ final class BlogDashboardService {
                 failure?([])
             }
 
-        }, failure: { [weak self] _ in
+        }, failure: { [weak self] error in
+            DDLogError("Failed to fetch Dashboard Cards: \(error.localizedDescription)")
             blog.dashboardState.failedToLoad = true
             let items = self?.fetchLocal(blog: blog)
             failure?(items ?? [])

WordPress/Classes/ViewRelated/Jetpack/Login/JetpackConnectionViewModel.swift

@@ -172,7 +172,7 @@ class JetpackConnectionService {
         }
 
         guard let site = try? WordPressSite(blog: blog),
-              case let .selfHosted(apiRootURL, username, password) = site
+              case let .selfHosted(_, apiRootURL, username, password) = site
         else {
             return nil
         }