Duplicate the regular login flow to allow application password first iteration

[adalpari]

Description

This PR is the first iteration to add the ability to use the Application Password login as the main login entry point when a user tries to log into a new self-hosted site.

Note: this PR is not using those credentials yet, it's just offering the option and storing them into an existing site

Testing instructions

1. Log into a self-hosted site

• Verify you are seeing the XML login (not the webview Application Password one)

2. Enable the Experimental Feature called "Application Password log in"
3. Go to your user screen and tap on Log into WordPRess.com to get the log in screen again
4. Write a non-selfhosted url and try to log in

• Verify you see an error saying that Application Password log in is not available

5. Log into a self-hosted site (please use the same one as in point 1 since creating a new one is not supported yet)

• Verify you see the WebView with the Application Password log in.
• Verify you see the credentials stores message (toast + logs)

WP_RS   com.jetpack.android.beta  D  Found authorization for https://vanilla.wpmt.co URL: https://vanilla.wpmt.co/wp-admin/authorize-application.php?app_name=android-jetpack-client&success_url=jetpack%3A%2F%2Fapp-pass-authorize
WP_RS  com.jetpack.android.beta  D  Saved application password credentials for: https://vanilla.wpmt.co

Screen_recording_20250527_180852.mp4

Please do other smoke tests to discover possible bugs

[dangermattic]

	3 Warnings
⚠️	strings.xml files should only be updated on release branches, when the translations are downloaded by our automation.
⚠️	This PR is larger than 300 lines of changes. Please consider splitting it into smaller PRs for easier and faster reviews.
⚠️	PR is not assigned to a milestone.

Generated by 🚫 Danger

[wpmobilebot]

📲 You can test the changes from this Pull Request in WordPress by scanning the QR code below to install the corresponding build.

	App Name	WordPress
	Flavor	Jalapeno
	Build Type	Debug
	Version	pr21914-e62e43d
	Commit	e62e43d
	Direct Download	wordpress-prototype-build-pr21914-e62e43d.apk

Note: Google Login is not supported on these builds.

[wpmobilebot]

📲 You can test the changes from this Pull Request in Jetpack by scanning the QR code below to install the corresponding build.

	App Name	Jetpack
	Flavor	Jalapeno
	Build Type	Debug
	Version	pr21914-e62e43d
	Commit	e62e43d
	Direct Download	jetpack-prototype-build-pr21914-e62e43d.apk

Note: Google Login is not supported on these builds.

[codecov]

Codecov Report

Attention: Patch coverage is 74.19355% with 8 lines in your changes missing coverage. Please review.

Project coverage is 39.32%. Comparing base (90525bb) to head (e62e43d).
Report is 1 commits behind head on trunk.

Files with missing lines	Patch %	Lines
...i/accounts/login/ApplicationPasswordLoginHelper.kt	74.19%	5 Missing and 3 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##            trunk   #21914   +/-   ##
=======================================
  Coverage   39.32%   39.32%           
=======================================
  Files        2138     2138           
  Lines      100404   100404           
  Branches    15415    15415           
=======================================
  Hits        39479    39479           
  Misses      57441    57441           
  Partials     3484     3484           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull Request Overview

This PR introduces the first iteration of the Application Password login option by duplicating the regular login flow and modifying the underlying networking and UI components. Key changes include:

• Adding a new error string for unsupported Application Password flows.
• Changing the visibility and API of the LoginSiteAddressValidator.
• Creating new fragments, view models, and tests for the Application Password login flow and updating the login activity and navigator to support it.

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
libs/login/src/main/res/values/strings.xml	Added error string for unsupported Application Password authentication.
libs/login/src/main/java/org/wordpress/android/login/LoginSiteAddressValidator.java	Made the validator public and updated method visibility.
WordPress/src/test/java/org/wordpress/android/ui/mysite/cards/applicationpassword/ApplicationPasswordViewModelSliceTest.kt	Updated test cases to use the new helper method for authorization URL retrieval.
WordPress/src/test/java/org/wordpress/android/ui/accounts/login/applicationpassword/LoginSiteApplicationPasswordViewModelTest.kt	Added new tests for the Application Password ViewModel.
WordPress/src/test/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelperTest.kt	Updated tests to reflect changes in URL parameter appending logic.
WordPress/src/main/java/org/wordpress/android/ui/mysite/cards/applicationpassword/ApplicationPasswordViewModelSlice.kt	Removed internal API discovery logic and integrated the helper’s method.
WordPress/src/main/java/org/wordpress/android/ui/mysite/MySiteFragment.kt	Updated navigation to use the new Application Password login path via the activity navigator.
WordPress/src/main/java/org/wordpress/android/ui/accounts/login/applicationpassword/LoginSiteApplicationPasswordViewModel.kt	Added new ViewModel for application password login.
WordPress/src/main/java/org/wordpress/android/ui/accounts/login/applicationpassword/LoginSiteApplicationPasswordFragment.kt	Implemented the new fragment for Application Password login.
WordPress/src/main/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelper.kt	Refactored error handling and consolidated Uri-building logic inside a wrapper.
WordPress/src/main/java/org/wordpress/android/ui/accounts/LoginActivity.java	Updated logic to choose between the traditional and Application Password login flows based on feature flags.
WordPress/src/main/java/org/wordpress/android/ui/ActivityNavigator.kt	Centralized custom tabs logic by adding a new method to launch Application Password logins.
WordPress/src/main/java/org/wordpress/android/modules/ViewModelModule.java	Bound the new Application Password ViewModel for DI.
WordPress/src/main/java/org/wordpress/android/modules/AppComponent.java	Injected the new Application Password Fragment.

Comments suppressed due to low confidence (3)

libs/login/src/main/java/org/wordpress/android/login/LoginSiteAddressValidator.java:16

• Increasing the visibility from package-private to public may expose internal APIs; ensure this change aligns with the intended design and usage.

public class LoginSiteAddressValidator {

WordPress/src/main/java/org/wordpress/android/ui/mysite/cards/applicationpassword/ApplicationPasswordViewModelSlice.kt:79

• Confirm that the removal of internal error handling in favor of relying on the helper’s exception management covers all relevant edge cases in production.

val authorizationUrlComplete = applicationPasswordLoginHelper.getAuthorizationUrlComplete(site.url)

WordPress/src/main/java/org/wordpress/android/ui/ActivityNavigator.kt:217

• Consolidating the custom tabs launch logic here improves code reuse; ensure that all similar implementations elsewhere have been updated to leverage this method.

fun openApplicationPasswordLogin(activity: Activity, url: String) {

[nbradbury]

Changes look good! I left a couple of comments which you may or may not want to address.

[adalpari]

Thank you for the suggestions. I've now made the changes, so it should be ready to go :)

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud