CMM-2149: Guide WordPress.com-connected sites to WordPress.com login#23106
Open
adalpari wants to merge 6 commits into
Open
CMM-2149: Guide WordPress.com-connected sites to WordPress.com login#23106adalpari wants to merge 6 commits into
adalpari wants to merge 6 commits into
Conversation
…gin flow When Application Password discovery fails on the "Enter your existing site address" screen, check connect-site-info and, if the site is hosted on WordPress.com, prompt the user to use "Continue with WordPress.com" instead of showing a dead-end error. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Collaborator
Generated by 🚫 Danger |
Contributor
|
|
Contributor
|
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## trunk #23106 +/- ##
=======================================
Coverage 37.59% 37.59%
=======================================
Files 2341 2341
Lines 127121 127145 +24
Branches 17619 17625 +6
=======================================
+ Hits 47789 47802 +13
- Misses 75419 75430 +11
Partials 3913 3913 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Replace the connect/site-info fallback with reading the authentication mechanism already returned by WpLoginClient.apiDiscovery(): WordPress.com sites report OAuth2, so route them to the WordPress.com login dialog instead of dead-ending on a generic Application Password error. Mirrors how the GutenbergKit demo app distinguishes WP.com from self-hosted sites. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
When API discovery detects a WordPress.com site, send the user straight to the WordPress.com OAuth flow, matching the existing up-front WPUrlUtils.isWordPressCom() behavior. Drops the intermediate dialog and its now-unused strings. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…wpcom-connected-sites
Fixes the Android Lint failure flagging the mock of the OAuth2Endpoints data class in the WpComSite discovery test. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.


Description
On the "Enter your existing site address" login screen (the Application Password flow),
users whose site is hosted on WordPress.com hit a generic dead-end error. WordPress.com
sites can't use Application Passwords, so the flow fails and the user gets no hint that they
should have used "Continue with WordPress.com". This caused support ticket #11413559 (two HE
replies to resolve).
The screen already redirects literal
*.wordpress.comURLs up front (WPUrlUtils.isWordPressCom),but not WordPress.com sites on custom/mapped domains (e.g.
mobile.blog), which look like anyother domain.
Approach
WpLoginClient.apiDiscovery()— which we already call to find the Application Passwordsendpoint — reports the site's authentication mechanism. WordPress.com sites advertise
OAuth2; self-hosted sites advertiseApplicationPasswords. We now read that signal insteadof assuming Application Passwords, and route WordPress.com sites straight to the WordPress.com
OAuth flow (the same destination as the existing up-front
isWordPressComcheck). This is howthe GutenbergKit demo app distinguishes the two, and it naturally covers custom-domain WP.com
sites without any extra network call.
Changes
ApplicationPasswordLoginHelper: addedDiscoveryResult.WpComSite; on a successfuldiscovery it checks
DiscoverSuccessWrapper.isWpComSite()(auth mechanism isOAuth2) andreturns
WpComSiteinstead of throwing on the missing Application Passwords URL.LoginSiteApplicationPasswordViewModel: emits awpComDetectedevent forWpComSite.LoginSiteApplicationPasswordFragment: onwpComDetected, opens the WordPress.com OAuthflow directly (
showWPcomLoginScreen), matching the existing static-check behavior.DiscoveryResultconsumers (My Site app-password cards, auto-auth dialog,app-password dialog) handle the new
WpComSitebranch as an unsupported/hidden case; theyonly run for already-added self-hosted sites, so it's effectively unreachable there.
OAuth2 → WpComSitemapping and theWpComSite → wpComDetectedevent.Android-only; the report notes iOS likely needs the same fix separately.
Linear: CMM-2149
Testing instructions
NOTE: test the following steps in the main screen "Log in form". This is "Enter your existing site address" CTA. Do not use the "Continue with Wordpress.com" CTA.
Self-hosted Application Password site
WordPress.com site on a
.wordpress.comdomainsomething.wordpress.comaddress.WordPress.com site on a custom domain (e.g.
https://mobile.blog/)Regression: