Feature/sign in with self hosted credentials master

[anitaa1990]

Fixes #1482. This is the master branch for the sign in with self hosted credentials feature.

Screenshots

Site credentials login - with Jetpack

Site credentials login - without Jetpack

(LEFT: Try Login without jetpack . RIGHT: Activate Jetpack while on the app and click onTRY AGAIN)
.

Discovery errors:

Logging into a site with HTTP AUTH required when Jetpack is NOT available:

(LEFT: When jetpack is still not installed and user clicks on Try AGAIN button)
(RIGHT: When jetpack is installed when user is on the screen and clicks on TRY AGAIN button)
.

Logging into a site with XMLRPC missing when Jetpack is available:

Logging into a site with missing rsd tags:

Logging into a site with SSL Certificate error :

Logging into a site with the XML-RPC request is blocked :

Different discovery error messages:

(LEFT: HTTP AUTH required . RIGHT: SSL certificate needed)
.

(LEFT: XMLRPC errors . RIGHT: All other generic errors)
.

Testing

Test Current Functionality

• Basic login - with Jetpack and Woo
• Basic login - without Jetpack
• Basic login - without Woo
• Basic login - site does not belong to WPcom account

Test New Functionality

• Site credentials login - with Jetpack and Woo using magic link flow
• Site credentials login - with Jetpack and Woo using enter password flow
• Site credentials login - without Jetpack
  • Enable jetpack from last step and refresh - should get redirected to the site credentials screen.
• Site creds login - without Woo
• Site creds login - site with multiple jetpacked accounts

Other Testing

• Log in to a non-existent site
• Log in with a non-WP site
• Enter a jetpack site and verify directed to the magic link screen
• Enter a bad password for site creds
• Enter an invalid username for site creds

Discovery error scenarios

Scenario I: Login to a site with XMLRPC file renamed.

• Login to anitaamurthy.com in wp-admin.
• Install, activate and connect Jetpack.
• Open the app and enter the above site address and click on Next.
• Verify that you are redirected to the Sign in with Jetpack screen (even though Jetpack is installed on the site). This is because the XMLRPC file is renamed for this site and cannot be found so even if Jetpack is available, the API response returns false for the fields hasJetpack: true, isJetpackActive: false, isJetpackConnected: false.
• Click on Sign in in the app.
• Click on Login with site credentials and enter username + password.
• Verify that you are redirected to the discovery error screen and the error message displayed is We were unable to access the XMLRPC file on your site. You will need to reach out to your host to resolve this..
• Verify that clicking on Try again redirects to the Username + password screen.
• Verify that clicking on Read our troubleshooting tips redirects to a webview from this link.
• Verify that clicking on Help opens the help page.
• Verify that clicking in Sign in with Wordpress.com redirects to the Email screen and you are able to login successfully to the app using wp.com email.

Scenario II: Login to a site with SSL Certificate required error:

(This scenario is the same as the above scenario but with different discovery error type: ERRONEOUS_SSL_CERTIFICATE)

• Login to anitaastestwpsite2.com in wp-admin.
• Install, activate and connect Jetpack.
• Open the app and enter the above site address and click on Next.
• Click on Login with site credentials and enter username + password.
• Verify that you are redirected to the discovery error screen and the error message displayed is We were unable to access your site because of a problem with the SSL Certificate. You will need to reach out to your host to resolve this..
• Verify that clicking on Try again redirects to the Username + password screen.
• Verify that clicking on Read our troubleshooting tips redirects to a webview from this link.
• Verify that clicking on Help opens the help page.
• Verify that clicking in Sign in with Wordpress.com redirects to the Email screen and you are able to login successfully to the app using wp.com email.

Login to a site with HTTP AUTH required error

• Login to any test site in wp-admin.
• Uninstall Jetpack from the Plugins section.
• Activate HTTP Auth plugin from the same page. This enables HTTP Auth to the site.
• Open the app and enter the above site address and click on Next.
• Verify that you are redirected to the Sign in with Jetpack screen (since Jetpack is not active on the site).
• Click on Sign in in the app.
• Click on Login with site credentials and enter username + password.
• Verify you are redirected to the Jetpack required screen.
• Click on Try again.
• Verify that an error snackbar is displayed stating that Jetpack is not active on the site.
• Go back to the Plugins page in wp-admin and deactivate HTTP Auth before activating and connecting Jetpack (This is because Jetpack does not support HTTP Auth plugin and you will only be able to connect Jetpack if HTTP Auth plugin is deactivated).
• Go back to the app and click on Try again.
• Verify that you are redirected back to the site credentials screen.
• Click on Next and verify that you are successfully redirected to the Magic link screen.

Login to a site with XMLRPC is blocked.

• Login to any test site in wp-admin.
• Install the plugin Disable XML-RPC.
• Open the app and enter the above site address and click on Next.
• If Jetpack is not active on the site, verify that:
  • You are redirected to the Sign in with Jetpack screen.
  • Click on Sign in in the app.
  • Click on Login with site credentials and enter username + password.
• If Jetpack is active on the site, verify that:
  • You are redirected to the username password screen.
  • Click on Login with site credentials and enter username + password.
• In either case, verify that you are redirected to the discovery error screen and the error message displayed is We were unable to access the XMLRPC file on your site. You will need to reach out to your host to resolve this..

Notes:

• All events added in this PR have already been validated/registered.
• Once this PR is approved, I will open another PR in the login lib and the WP-android repo to merge these changes as suggested here.

Update release notes:

• I have considered if this change warrants user-facing release notes and have added them to RELEASE-NOTES.txt if necessary.

[peril-woocommerce]

	Warnings
⚠️	PR has more than 500 lines of code changing. Consider splitting into smaller PRs if possible.

	Messages
📖	This PR contains changes in the subtree libs/login/. It is your responsibility to ensure these changes are merged back into wordpress-mobile/WordPress-Login-Flow-Android. Follow these handy steps! WARNING: Make sure your git version is 2.19.x or lower - there is currently a bug in later versions that will corrupt the subtree history! cd woocommerce-android git checkout feature/sign-in-with-self-hosted-credentials git subtree push --prefix=libs/login/ https://github.com/wordpress-mobile/WordPress-Login-Flow-Android.git merge/woocommerce-android/1542 Browse to https://github.com/wordpress-mobile/WordPress-Login-Flow-Android/pull/new/merge/woocommerce-android/1542 and open a new PR.
📖	This PR contains changes to Tracks-related logic. Please ensure the following are completed: PR Author The PR must be assigned the Tracks label PR Reviewer The tracks events must be validated in the Tracks system. Verify the internal tracks spreadsheet has also been updated.

Generated by 🚫 dangerJS

[peril-woocommerce]

You can test the changes on this Pull Request by downloading the APK here.

[AmandaRiu]

@anitaa1990 I ran through all the test scenarios and most of them were successful except for the following:

Scenario II: Login to a site with SSL Certificate required error:

I get the “Jetpack Required” screen even though I have jetpack installed and connected. If I bypass that screen and then login with the site credentials then I get the expected SSL Certificate connection error.

Login to a site with HTTP AUTH required error

When I click “try again” in step #9, it brings me back to the “login with credentials” screen. When I hit next, I get the “jetpack required” screen again…no snackbar error message. The rest of the steps work fine. NOTE that I though the way it worked was expected, I don't recall a snackbar for this scenario.

[anitaa1990]

Thanks for testing @AmandaRiu!

Scenario II: Login to a site with SSL Certificate required error:
I get the “Jetpack Required” screen even though I have jetpack installed and connected. If I bypass that screen and then login with the site credentials then I get the expected SSL Certificate connection error.

Debugging further using the Jetpack Debugger, It looks like the test to check if jetpack features are available for the site results in an error. So the CONNECT_SITE_INFO API response returns false for isJetpackConnected and isJetpackActive.

I tested again now and it looks like the issue is fixed on the site and it's working as expected. My guess is that something weird is going on in that site 🤦‍♀

Login to a site with HTTP AUTH required error
When I click “try again” in step #9, it brings me back to the “login with credentials” screen. When I hit next, I get the “jetpack required” screen again…no snackbar error message. The rest of the steps work fine. NOTE that I though the way it worked was expected, I don't recall a snackbar for this scenario

So there are two scenarios where the user can be redirected to the jetpack required screen here.

• If there is a discovery error and it is HTTP AUTH required.
• If the discovery process is successful but wp.getOptions API does not return a jetpack connected user email.

For the first option, when user clicks on Try again, a request is sent to CONNECT_SITE_INFO api to verify if jetpack is indeed installed and active. If it is, then we redirect them to the site credentials screen again. If Jetpack is not available, we display an error snack bar here. - This is what happens when HTTP AUTH error happens.

For the second option, when user clicks on Try again, they are redirected to the site credentials screen again.

I found that in order for this reproduce this discovery error, you would need to enable the HTTP AUTH for the entire site.

• I created a test site: http://flexible-locust.jurassic.ninja
• Installed the HTTP AUTH plugin.
• Go to the HTTP AUTH settings -> tap on the radio button Complete Site and ensure that the Activate HTTP Authentication is enabled for the site.

Now if you follow the steps for Login to a site with HTTP AUTH required error it should work as expected 🤞 Let me know if you face any issues! And thanks once again for the extensive testing!

[anitaa1990]

Scenario II: Login to a site with SSL Certificate required error:
I get the “Jetpack Required” screen even though I have jetpack installed and connected. If I bypass that screen and then login with the site credentials then I get the expected SSL Certificate connection error.
Debugging further using the Jetpack Debugger, It looks like the test to check if jetpack features are available for the site results in an error. So the CONNECT_SITE_INFO API response returns false for isJetpackConnected and isJetpackActive.
I tested again now and it looks like the issue is fixed on the site and it's working as expected. My guess is that something weird is going on in that site

A follow up for this issue @AmandaRiu. I created another test site: anitaastestwpsite3.com and was able to successfully simulate the ssl certificate error and the CONNECT_SITE_INFO api was able to detect that Jetpack is installed on the site. I have shared credentials for the site with you, if you would like to test :)

I believe there is some issue with http://anitaastestwpsite2.com/ that caused Jetpack to go undetected even when it was available 🤷‍♀

[AmandaRiu]

@anitaa1990 Thank you for the detailed explanation about when I would see the "Jetpack not installed" snack message. I was able to successfully re-test both scenarios and they passed with flying colors! Awesome work on this project!