Skip to content

CMM-2149: Guide WordPress.com-connected sites to WordPress.com login#23106

Open
adalpari wants to merge 6 commits into
trunkfrom
bug/cmm-2149-detect-wpcom-connected-sites
Open

CMM-2149: Guide WordPress.com-connected sites to WordPress.com login#23106
adalpari wants to merge 6 commits into
trunkfrom
bug/cmm-2149-detect-wpcom-connected-sites

Conversation

@adalpari

@adalpari adalpari commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Description

On the "Enter your existing site address" login screen (the Application Password flow),
users whose site is hosted on WordPress.com hit a generic dead-end error. WordPress.com
sites can't use Application Passwords, so the flow fails and the user gets no hint that they
should have used "Continue with WordPress.com". This caused support ticket #11413559 (two HE
replies to resolve).

The screen already redirects literal *.wordpress.com URLs up front (WPUrlUtils.isWordPressCom),
but not WordPress.com sites on custom/mapped domains (e.g. mobile.blog), which look like any
other domain.

Approach

WpLoginClient.apiDiscovery() — which we already call to find the Application Passwords
endpoint — reports the site's authentication mechanism. WordPress.com sites advertise
OAuth2; self-hosted sites advertise ApplicationPasswords. We now read that signal instead
of assuming Application Passwords, and route WordPress.com sites straight to the WordPress.com
OAuth flow (the same destination as the existing up-front isWordPressCom check). This is how
the GutenbergKit demo app distinguishes the two, and it naturally covers custom-domain WP.com
sites without any extra network call.

Changes

  • ApplicationPasswordLoginHelper: added DiscoveryResult.WpComSite; on a successful
    discovery it checks DiscoverSuccessWrapper.isWpComSite() (auth mechanism is OAuth2) and
    returns WpComSite instead of throwing on the missing Application Passwords URL.
  • LoginSiteApplicationPasswordViewModel: emits a wpComDetected event for WpComSite.
  • LoginSiteApplicationPasswordFragment: on wpComDetected, opens the WordPress.com OAuth
    flow directly (showWPcomLoginScreen), matching the existing static-check behavior.
  • The three other DiscoveryResult consumers (My Site app-password cards, auto-auth dialog,
    app-password dialog) handle the new WpComSite branch as an unsupported/hidden case; they
    only run for already-added self-hosted sites, so it's effectively unreachable there.
  • Unit tests for the OAuth2 → WpComSite mapping and the WpComSite → wpComDetected event.

Android-only; the report notes iOS likely needs the same fix separately.

Linear: CMM-2149

Testing instructions

NOTE: test the following steps in the main screen "Log in form". This is "Enter your existing site address" CTA. Do not use the "Continue with Wordpress.com" CTA.

  1. Self-hosted Application Password site

    1. Log in → "Enter your existing site address".
    2. Enter a self-hosted site URL that supports Application Passwords.
    • Verify it proceeds to the Application Password authorization page (no WordPress.com redirect).
  2. WordPress.com site on a .wordpress.com domain

    1. Enter a something.wordpress.com address.
    • Verify it opens the "Continue with WordPress.com" login flow.
  3. WordPress.com site on a custom domain (e.g. https://mobile.blog/)

    1. Enter the custom domain.
    • Verify it opens the "Continue with WordPress.com" login flow (instead of a generic error).

Regression:

  1. Enter an unreachable/invalid URL.
    • Verify the existing generic error is still shown under the field.

…gin flow

When Application Password discovery fails on the "Enter your existing site
address" screen, check connect-site-info and, if the site is hosted on
WordPress.com, prompt the user to use "Continue with WordPress.com" instead
of showing a dead-end error.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@dangermattic

dangermattic commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator
1 Warning
⚠️ PR is not assigned to a milestone.

Generated by 🚫 Danger

@wpmobilebot

wpmobilebot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

App Icon📲 You can test the changes from this Pull Request in Jetpack Android by scanning the QR code below to install the corresponding build.

App NameJetpack Android
Build TypeDebug
Versionpr23106-3fadd9f
Build Number1498
Application IDcom.jetpack.android.prealpha
Commit3fadd9f
Installation URL4ktqskc7j8m70
Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

@wpmobilebot

wpmobilebot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

App Icon📲 You can test the changes from this Pull Request in WordPress Android by scanning the QR code below to install the corresponding build.

App NameWordPress Android
Build TypeDebug
Versionpr23106-3fadd9f
Build Number1498
Application IDorg.wordpress.android.prealpha
Commit3fadd9f
Installation URL587jh7vrnfvf8
Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

@codecov

codecov Bot commented Jul 15, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 56.75676% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 37.59%. Comparing base (84b4823) to head (3fadd9f).

Files with missing lines Patch % Lines
...ationpassword/ApplicationPasswordViewModelSlice.kt 0.00% 7 Missing and 1 partial ⚠️
...word/ApplicationPasswordAutoAuthDialogViewModel.kt 0.00% 3 Missing ⚠️
...tionpassword/ApplicationPasswordDialogViewModel.kt 0.00% 2 Missing and 1 partial ⚠️
...i/accounts/login/ApplicationPasswordLoginHelper.kt 89.47% 1 Missing and 1 partial ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##            trunk   #23106   +/-   ##
=======================================
  Coverage   37.59%   37.59%           
=======================================
  Files        2341     2341           
  Lines      127121   127145   +24     
  Branches    17619    17625    +6     
=======================================
+ Hits        47789    47802   +13     
- Misses      75419    75430   +11     
  Partials     3913     3913           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

adalpari and others added 3 commits July 15, 2026 16:20
Replace the connect/site-info fallback with reading the authentication
mechanism already returned by WpLoginClient.apiDiscovery(): WordPress.com
sites report OAuth2, so route them to the WordPress.com login dialog
instead of dead-ending on a generic Application Password error. Mirrors
how the GutenbergKit demo app distinguishes WP.com from self-hosted sites.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
When API discovery detects a WordPress.com site, send the user straight
to the WordPress.com OAuth flow, matching the existing up-front
WPUrlUtils.isWordPressCom() behavior. Drops the intermediate dialog and
its now-unused strings.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
adalpari and others added 2 commits July 15, 2026 16:51
Fixes the Android Lint failure flagging the mock of the OAuth2Endpoints
data class in the WpComSite discovery test.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@adalpari adalpari marked this pull request as ready for review July 15, 2026 15:07
@adalpari adalpari requested a review from nbradbury July 15, 2026 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants