Cookies+nonce authentication (#994)

* Implement getting REST nonce using account credentials

* Add Swift wrapper for cookies+nonce authentication

* Add comments about WpAuthentication::Nonce

* Assert the URLSession instance stores cookies

* Try username & password authentication on any nonce errors

* Merge the Swift docker env into the existing wordpress image

* Implement using username & password to make API calls

* Less console output during building docker image

* Update the installing swift script

* Move Swift Linux test job to the end-to-end test group

* Fix swiftlint issues

* Default to test against WordPress v6.8.1

swiftly does not support debian 13 yet, which is the platform of newer
WordPress docker images.

Author: crazytonyli

.buildkite/pipeline.yml

@@ -100,8 +100,6 @@ steps:
         plugins: [$CI_TOOLKIT]
         agents:
           queue: mac
-      - label: ":swift: :linux: Build and Test"
-        command: ".buildkite/commands/run-swift-tests-linux.sh"
       - label: ":swift: Lint"
         command: |
           .buildkite/download-xcframework.sh
@@ -254,6 +252,12 @@ steps:
         artifact_paths:
           - "native/kotlin/api/kotlin/build/test-results/integrationTest/*.xml"
 
+      - label: ":wordpress: :swift: WordPress {{matrix}}"
+        command: ".buildkite/commands/run-swift-tests-linux.sh"
+        env:
+          WORDPRESS_VERSION: "{{matrix}}"
+        matrix: *wordpress_version_matrix
+
   - label: ":rocket: Publish Swift release $NEW_VERSION"
     command: .buildkite/release.sh $NEW_VERSION
     depends_on: swift

Cargo.lock

@@ -63,6 +63,7 @@ semver = "1.0"
 serde = "1.0"
 serde_json = "1.0"
 serde_repr = "0.1"
+serde_urlencoded = "0.7"
 serial_test = "3.2"
 strum = "0.27"
 strum_macros = "0.27"

Cargo.toml

@@ -160,10 +160,10 @@ test-swift:
 	$(MAKE) test-swift-$(uname)
 
 test-swift-linux:
-	docker compose run --rm swift make test-swift-linux-in-docker
+	docker exec -w /app -i wordpress make test-swift-linux-in-docker
 
 test-swift-linux-in-docker: swift-linux-library
-	swift test -Xlinker -Ltarget/release/libwordpressFFI-linux -Xlinker -lwp_mobile
+	swift test -Xlinker -Ltarget/release/libwordpressFFI-linux -Xlinker -lwp_mobile --no-parallel
 
 test-swift-darwin: xcframework
 	swift test

Makefile

@@ -4,7 +4,7 @@ services:
             context: .
             dockerfile: wordpress.Dockerfile
             args:
-                WORDPRESS_VERSION: ${WORDPRESS_VERSION:-latest}
+                WORDPRESS_VERSION: ${WORDPRESS_VERSION:-6.8.1}
         container_name: 'wordpress'
         ports:
             - '80:80'
@@ -30,17 +30,6 @@ services:
             timeout: 1s
             retries: 30
 
-    swift:
-        build:
-            context: .
-            dockerfile: swift.Dockerfile
-        volumes:
-            - ./:/app
-        working_dir: /app
-        environment:
-            - TEST_ALL_PLUGINS
-            - CARGO_HOME=/app/.cargo
-
     database:
         image: 'public.ecr.aws/docker/library/mariadb:11.2'
         ports:

Package.resolved

@@ -7,6 +7,7 @@ pub struct TestCredentials {
     pub admin_username: &'static str,
     pub admin_password: &'static str,
     pub admin_password_uuid: &'static str,
+    pub admin_account_password: &'static str,
     pub subscriber_username: &'static str,
     pub subscriber_password: &'static str,
     pub subscriber_password_uuid: &'static str,

docker-compose.yml

@@ -9,11 +9,16 @@ public final class WordPressLoginClient: @unchecked Sendable {
 
     private let requestExecutor: SafeRequestExecutor
     private let client: UniffiWpLoginClient
+    private let middleware: MiddlewarePipeline
 
     public convenience init(
         urlSession: URLSession,
         middleware: MiddlewarePipeline = .default
     ) {
+        precondition(urlSession.configuration.httpCookieStorage != nil)
+        precondition(urlSession.configuration.httpShouldSetCookies == true)
+        precondition(urlSession.configuration.httpCookieAcceptPolicy != .never)
+
         self.init(requestExecutor: WpRequestExecutor(urlSession: urlSession), middleware: middleware)
     }
 
@@ -22,6 +27,7 @@ public final class WordPressLoginClient: @unchecked Sendable {
         middleware: MiddlewarePipeline = .default
     ) {
         self.requestExecutor = requestExecutor
+        self.middleware = middleware
         self.client = UniffiWpLoginClient(requestExecutor: requestExecutor, middlewarePipeline: middleware)
     }
 
@@ -60,6 +66,22 @@ public final class WordPressLoginClient: @unchecked Sendable {
     public func credentials(from callbackUrl: URL) throws -> WpApiApplicationPasswordDetails {
         try extractLoginDetailsFromUrl(url: callbackUrl.absoluteString)
     }
+
+    public func authenticateTemporarily(
+        username: String,
+        password: String,
+        details: AutoDiscoveryAttemptSuccess
+    ) async throws -> WordPressAPI {
+        let nonceRetrieval = WpRestNonceRetrieval(details: details, requestExecutor: requestExecutor)
+        let nonce = try await nonceRetrieval.getNonce(username: username, password: password)
+        return WordPressAPI(
+            apiUrlResolver: WpOrgSiteApiUrlResolver(apiRootUrl: details.apiRootUrl),
+            authenticationProvider: .staticWithAuth(auth: .nonce(nonce: nonce)),
+            executor: requestExecutor,
+            middlewarePipeline: middleware,
+            appNotifier: nil
+        )
+    }
 }
 
 extension AutoDiscoveryAttemptSuccess {

integration_test_credentials/src/lib.rs

@@ -2,7 +2,7 @@ import Foundation
 import WordPressAPI
 import Testing
 
-@Suite
+@Suite(.serialized)
 struct BlockSettingsTests {
     let api = WordPressAPI.admin()
 

native/swift/Sources/wordpress-api/WordPressLoginClient.swift

@@ -6,6 +6,7 @@ import Testing
 
 #if os(macOS)
 
+@Suite(.serialized)
 struct CancellationTests {
     let api = WordPressAPI.admin()