Don't Store WordPress.com Passwords

[jleandroperez]

Description:

In this Pull Request, we enhance the ViewControllers outlined below, so that whenever a WordPress.com URL needs authentication, we send over the Bearer Token via the HTTP headers.

This enables us to stop storing the WordPress.com password in the keychain, and also allows us to prevent login errors due to Multifactor-Enabled accounts: the app might not know the latest MFA code, but the OAuth token is expected to be valid.

Plus, WPComOAuthController has been enhanced, so the Single Sign On mechanism also relies on the Bearer Token (scenario outlined in Testing Flow F).

Closes #1220

Enhanced viewControllers:

• WPWebViewController
• PostPreviewViewController
• StatsWebViewController

Testing Scenarios:

Below, we'll detail several testing flows that have been considered while implementing this enhancement.

Flow A: Private Blog

1. Set a dotcom 'Testing Blog' as private
2. Open My Sites > 'Testing Blog'
3. Tap over 'View Site'

Expected Results:

• The site is visible, and WordPress.com doesn't ask for a password

#### Flow B: Web Stats 1. Open My Sites > 'Testing Blog' 2. Tap over 'Stats' 3. Scroll down, and tap over 'View Web Version'

Expected Results:

• The stats are visible, and WordPress.com doesn't ask for a password

#### Flow C: Post Preview 1. Open My Sites > 'Testing Blog' 2. Tap over Blog Posts 3. Tap over any post 4. Press the right top eye button

Expected Results:

• The post is visible, and WordPress.com doesn't ask for a password

#### Flow D: Edit Site 1. Fresh Install 2. Log into a self hosted 'Blog A' 3. Install 'Disable XML-RPC' plugin 4. Open wp-admin in Safari, and update your dotcom password 5. Open 'My Sites' tab 6. Tap over 'Blog A' row 7. Tap 'Settings' 8. Update your password.

Expected Results:

• The Self Hosted blog is expected to return an error with code 405 (XMLRPC Disabled).
• The app should push a WebView with your wp-admin already logged in.

#### Flow E: Install jetpack 1. Open wp-admin in Safari, and turn off Jetpack in your self hosted blog. 2. Log into your self hosted site in WPiOS 3. Tap over 'My Sites' > 'Self Hosted Blog' 4. Tap over 'Stats' 5. Tap over 'Install Jetpack'

Expected Results:

• The app should push a WebView with your Self Hosted blog already logged in, and the Install Jetpack View onscreen.

#### Flow F: Single Sign On 1. Install WPiOS and Sign Into a dotcom account. 2. Add a [new testing WordPress App in the Developer Portal](https://developer.wordpress.com/apps/) 3. Open this url in Safari.app: `wordpress-oauth-v2://authorize?client_id=[App ID]&redirect_url=[Callback URL]`

Expected Results:

• WPiOS should be onscreen, and the user should be asked whether if he wants to authorize or not the app.
• No login or password should be required.

[aerych]

UIWebView actually picks up the User-Agent from NSUserDefaults

Yah that was really all I was trying to say :) I used too many words. ;)

[...] perhaps that deserves another issue

For sure!

[diegoreymendez]

Why is it necessary to copy the request object here?

[jleandroperez]

You're indeed right, i meant to change that down the road, but obviously forgot to address it. Will update soon!

[diegoreymendez]

👍

[diegoreymendez]

I was trying to figure out why we need to return an empty NSString in this case, but couldn't really figure it out. Can you clarify?

My main concern is that internally we tend to use nil for unset properties - and this would go out of the norm a bit, which I would avoid if possible. If some interface needs a string instead of a nil value, I believe it should be that interface to make the appropriate conversion. Let me know.

[jleandroperez]

I took the empty string road, there, mostly, to avoid this kind of scenario (which would otherwise require us to check case by case).

However, on second thoughts, XMLRPC shouldn't be called for dotcom accounts. I'll make the arrangements so the password is nil (and will also add failsafes where needed).

Thank you Diego!

[aerych]

I might be missing it in all the changes but I haven't found where an existing wpcom is removed from the keychain. Is it in there? If not, should it be added?

[diegoreymendez]

@Lantean - It seems oclint is failing. I'm copying the logs here, which show some possible improvements, for ease of reading:

/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:286:9: collapsible if statements P3 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:67:5: ivar assignment outside accessors or init P2 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:68:5: ivar assignment outside accessors or init P2 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:301:6: ivar assignment outside accessors or init P2 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:304:6: ivar assignment outside accessors or init P2 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/Blog.m:16:1: too many methods P3 Objective-C implementation with 32 methods exceeds limit of 30
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:111:1: high cyclomatic complexity P2 Cyclomatic Complexity Number 11 exceeds limit of 10
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:231:1: high cyclomatic complexity P2 Cyclomatic Complexity Number 12 exceeds limit of 10
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:231:1: high ncss method P2 Method of 35 non-commenting source statements exceeds limit of 30
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:231:1: high npath complexity P2 NPath Complexity Number 320 exceeds limit of 200
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:272:9: replace with object subscripting P3 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:276:9: replace with object subscripting P3 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:284:9: replace with object subscripting P3 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Networking/PostServiceRemoteXMLRPC.m:286:5: replace with object subscripting P3 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/WPAccount.m:47:5: ivar assignment outside accessors or init P2 
/Users/travis/build/wordpress-mobile/WordPress-iOS/WordPress/Classes/Models/WPAccount.m:48:5: ivar assignment outside accessors or init P2 

[jleandroperez]

@diegoreymendez P2 error refers to cyclomatic complexity // code improvements. None of those errors apply to the changes introduced in this PR:

• Blog.m wasn't modified, in the lines mentioned (Affected ones are 310-311 344-348).
• PostServiceRemoteXMLRPC.m, it just got few extra NSParameterAssert's (116-119).
• WPAccount.m got lines 55-58 modified.

Do you mind if we file another issue to address those warnings?

@aerych good catch Eric! i'll add a helper to nuke existing dotcom passwords.

[jleandroperez]

@aerych 'Nuke Dotcom Password' mechanism added, and ready for review. Thank you!

[aerych]

I walked through the testing scenarios in the simulator except for D and E -- I'm not currently equipped to test those.
A - C worked flawlessly. They just wouldn't break for me. Props!
F opened the app for me but I didn't see a prompt. I tried with two different apps, one configured for web and one configured for native. In both cases the callback URLs were not longer accessible, but that shouldn't have prevented a prompt, and I would have expected an error message in that case regardless. Not sure if the simulator is cranky or if something is amiss.

[aerych]

I've gone through the code twice now. Apart from @diegoreymendez's comments (which you've already addressed) I have nothing to add. :)

[jleandroperez]

@aerych thank you very much!. This URI should do the trick:

wordpress-oauth-v2://authorize?client_id=39580&redirect_uri=http://www.lantean.co

I've just noticed that, as a side effect of one of the latest changes (stop returning nil passwords), the SSO helper breaks. Will get it fixed asap, thanks Eric!

[diegoreymendez]

@jleandroperez - Opening another issue to review the logs I posted it totally acceptable - In fact I just opened a separate ticket and assigned it to myself here.

[jleandroperez]

@diegoreymendez thanks for adding that one!. I'm adding it to my list as well, whoever gets loose first picks it up!.

@aerych WordPressApi dependency updated. Opening this link should help you test Scenario F:

wordpress-oauth-v2://authorize?client_id=39580&redirect_uri=http://www.lantean.co

If there's anything else we should update / fix / tweak, please, let me know =)

Thank you all!

[aerych]

Took Scenario F for another spin. Tested with the link you provided @jleandroperez and also with a link for one of my test apps. Both worked perfectly this time.
Nice :)

[aerych]

I would like to confirm that Scenarios D and E have been thoroughly tested, but otherwise this patch has a 👍 from me.

[jleandroperez]

@aerych thank you very much sir!

[aerych]

Took Scenarios D and E for a test drive (thanks for the test credentials @jleandroperez!) and everything worked as expected.
from me :)

[jleandroperez]

@aerych THANK YOU!!!