wordpress-mobile
diff --git a/‎Modules/Package.resolved‎
Lines changed: 4 additions & 4 deletions b/‎Modules/Package.resolved‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎Modules/Package.swift‎
Lines changed: 1 addition & 1 deletion b/‎Modules/Package.swift‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Modules/Sources/WordPressCore/WordPressClient.swift‎
Lines changed: 2 additions & 2 deletions b/‎Modules/Sources/WordPressCore/WordPressClient.swift‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Modules/Tests/WordPressCoreTests/MockWordPressClientAPI.swift‎
Lines changed: 1 addition & 1 deletion b/‎Modules/Tests/WordPressCoreTests/MockWordPressClientAPI.swift‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Sources/WordPressData/Swift/Blog+Features.swift‎
Lines changed: 1 addition & 1 deletion b/‎Sources/WordPressData/Swift/Blog+Features.swift‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Sources/WordPressData/Swift/Blog+SelfHosted.swift‎
Lines changed: 135 additions & 43 deletions b/‎Sources/WordPressData/Swift/Blog+SelfHosted.swift‎
Lines changed: 135 additions & 43 deletions
diff --git a/‎Tests/KeystoneTests/Tests/Features/Posts/CustomPostEditorServiceTests.swift‎
Lines changed: 4 additions & 1 deletion b/‎Tests/KeystoneTests/Tests/Features/Posts/CustomPostEditorServiceTests.swift‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎Tests/KeystoneTests/Tests/Services/UserListViewModelTests.swift‎
Lines changed: 9 additions & 2 deletions b/‎Tests/KeystoneTests/Tests/Services/UserListViewModelTests.swift‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎WordPress/Classes/Login/ApplicationPasswordRequiredView.swift‎
Lines changed: 3 additions & 3 deletions b/‎WordPress/Classes/Login/ApplicationPasswordRequiredView.swift‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎WordPress/Classes/Login/SelfHostedSiteAuthenticator.swift‎
Lines changed: 10 additions & 7 deletions b/‎WordPress/Classes/Login/SelfHostedSiteAuthenticator.swift‎
Lines changed: 10 additions & 7 deletions
@@ -57,7 +57,7 @@ let package = Package(
         .package(url: "https://github.com/zendesk/support_sdk_ios", from: "8.0.3"),
         .package(url: "https://github.com/wordpress-mobile/GutenbergKit", from: "0.14.0"),
         // We can't use wordpress-rs branches nor commits here. Only tags work.
-        .package(url: "https://github.com/Automattic/wordpress-rs", revision: "alpha-20260313"),
+        .package(url: "https://github.com/automattic/wordpress-rs", branch: "pr-build/1239"),
         .package(
             url: "https://github.com/Automattic/color-studio",
             revision: "bf141adc75e2769eb469a3e095bdc93dc30be8de"
 
@@ -20,7 +20,7 @@ public protocol WordPressClientAPI: Sendable {
     var postTypes: PostTypesRequestExecutor { get }
     var siteSettings: SiteSettingsRequestExecutor { get }
 
-    func createSelfHostedService(cache: WordPressApiCache) throws -> WpService
+    func createService(cache: WordPressApiCache) throws -> WpService
 
     func uploadMedia(
         params: MediaCreateParams,
@@ -99,7 +99,7 @@ public actor WordPressClient {
             if let _service {
                 return _service
             }
-            let service = try api.createSelfHostedService(cache: cache)
+            let service = try api.createService(cache: cache)
             _service = service
             return service
         }
 
@@ -78,7 +78,7 @@ final class MockWordPressClientAPI: WordPressClientAPI, @unchecked Sendable {
     var posts: PostsRequestExecutor { fatalError("Not implemented") }
     var postTypes: PostTypesRequestExecutor { fatalError("Not implemented") }
 
-    func createSelfHostedService(cache: WordPressApiCache) throws -> WpService {
+    func createService(cache: WordPressApiCache) throws -> WpService {
         fatalError("Not implemented")
     }
 
 
@@ -107,7 +107,7 @@ extension Blog {
             // alt is not supported via XML-RPC API
             // https://core.trac.wordpress.org/ticket/58582
             // https://github.com/wordpress-mobile/WordPress-Android/issues/18514#issuecomment-1589752274
-            return supportsRestAPI || supportsCoreRestApi
+            return supportsRestAPI || hasDirectCoreRESTAPIAccess
         case .contactInfo:
             return hasRequiredJetpackVersion("8.5") || isHostedAtWPcom
         case .blockEditorSettings:
 
@@ -174,11 +174,11 @@ public extension Blog {
         self.account == nil
     }
 
-    @objc var supportsCoreRestApi: Bool {
-        if case .selfHosted = try? WordPressSite(blog: self) {
-            return true
+    @objc var hasDirectCoreRESTAPIAccess: Bool {
+        guard let site = try? WordPressSite(blog: self) else {
+            return false
         }
-        return false
+        return site.applicationPasswordCredentials != nil
     }
 }
 
@@ -190,58 +190,150 @@ public extension WpApiApplicationPasswordDetails {
     }
 }
 
-public enum WordPressSite: Hashable {
-    case dotCom(siteURL: URL, siteId: Int, authToken: String)
-    case selfHosted(blogId: TaggedManagedObjectID<Blog>, siteURL: URL, apiRootURL: ParsedUrl, username: String, authToken: String)
+/// Describes a WordPress site's hosting type, authentication credentials,
+/// and API capabilities.
+///
+/// This is a value type constructed from a `Blog` Core Data object. It captures
+/// a snapshot of the site's characteristics at construction time.
+///
+/// `WordPressSite` is not a one-to-one mapping with `Blog`. It represents the
+/// subset of `Blog` instances that have access to the WordPress core REST API
+/// (wp/v2). A self-hosted site that only has XML-RPC credentials is not
+/// representable as a `WordPressSite`.
+///
+/// - All WordPress.com sites qualify (wp/v2 is accessed via WP.com REST API
+///   with OAuth).
+/// - Self-hosted sites must have application password credentials.
+public struct WordPressSite {
+    public let blogId: TaggedManagedObjectID<Blog>
+    public let siteURL: URL
+    public let flavor: ApiFlavor
+
+    public init(blogId: TaggedManagedObjectID<Blog>, siteURL: URL, flavor: ApiFlavor) {
+        self.blogId = blogId
+        self.siteURL = siteURL
+        self.flavor = flavor
+    }
+}
+
+extension WordPressSite {
+    public enum ApiFlavor {
+        /// A site hosted on WordPress.com. Always has OAuth access via
+        /// WPAccount. May also have application password credentials
+        /// (e.g., Atomic sites).
+        case dotCom(DotComCredentials)
+
+        /// A self-hosted WordPress site with application password credentials.
+        /// Application password is required for wp/v2 API access.
+        case selfHosted(ApplicationPasswordCredentials)
+    }
+}
+
+extension WordPressSite {
+    public struct DotComCredentials: Hashable {
+        public let siteId: Int
+        public let oAuthToken: String
+        /// Non-nil for Atomic sites that also have application password access.
+        public let applicationPassword: ApplicationPasswordCredentials?
+
+        public init(siteId: Int, oAuthToken: String, applicationPassword: ApplicationPasswordCredentials?) {
+            self.siteId = siteId
+            self.oAuthToken = oAuthToken
+            self.applicationPassword = applicationPassword
+        }
+    }
+
+    public struct ApplicationPasswordCredentials: Hashable {
+        public let apiRootURL: ParsedUrl
+        public let username: String
+        public let token: String
+
+        public init(apiRootURL: ParsedUrl, username: String, token: String) {
+            self.apiRootURL = apiRootURL
+            self.username = username
+            self.token = token
+        }
+    }
+}
 
+extension WordPressSite: Hashable {
+    public static func == (lhs: WordPressSite, rhs: WordPressSite) -> Bool {
+        lhs.blogId == rhs.blogId
+    }
+
+    public func hash(into hasher: inout Hasher) {
+        hasher.combine(blogId)
+    }
+}
+
+extension WordPressSite {
+    /// Constructs a `WordPressSite` from a `Blog` Core Data object.
+    ///
+    /// Throws if the blog lacks enough data to determine its hosting type
+    /// and at least one valid authentication method.
+    ///
+    /// For self-hosted sites, application password credentials are required.
+    /// Sites without them cannot be represented as a `WordPressSite`.
     public init(blog: Blog) throws {
         let siteURL = try blog.getUrl()
-        // Directly access the site content when available.
+        self.blogId = TaggedManagedObjectID(blog)
+        self.siteURL = siteURL
+
+        // Build application password credentials if available.
+        // These are shared across both hosting types — WordPress.com Atomic
+        // sites can have them too.
+        let applicationPassword: ApplicationPasswordCredentials?
         if let restApiRootURL = blog.restApiRootURL,
-           let restApiRootURL = try? ParsedUrl.parse(input: restApiRootURL),
+           let parsedApiRoot = try? ParsedUrl.parse(input: restApiRootURL),
            let username = blog.username,
-           let authToken = try? blog.getApplicationToken() {
-            self = .selfHosted(blogId: TaggedManagedObjectID(blog), siteURL: siteURL, apiRootURL: restApiRootURL, username: username, authToken: authToken)
-        } else if let account = blog.account, let siteId = blog.dotComID?.intValue {
-            // When the site is added via a WP.com account, access the site via WP.com
-            let authToken = try account.authToken ?? WPAccount.token(forUsername: account.username)
-            self = .dotCom(siteURL: siteURL, siteId: siteId, authToken: authToken)
+           let token = try? blog.getApplicationToken() {
+            applicationPassword = ApplicationPasswordCredentials(
+                apiRootURL: parsedApiRoot,
+                username: username,
+                token: token
+            )
         } else {
-            // In theory, this branch should never run, because the two if statements above should have covered all paths.
-            // But we'll keep it here as the fallback.
-            let url = try blog.getUrl()
-            let apiRootURL = try ParsedUrl.parse(input: blog.restApiRootURL ?? blog.getUrl().appending(path: "wp-json").absoluteString)
-            self = .selfHosted(blogId: TaggedManagedObjectID(blog), siteURL: url, apiRootURL: apiRootURL, username: try blog.getUsername(), authToken: try blog.getApplicationToken())
+            applicationPassword = nil
         }
-    }
 
-    public var siteURL: URL {
-        switch self {
-        case let .dotCom(siteURL, _, _):
-            return siteURL
-        case let .selfHosted(_, siteURL, _, _, _):
-            return siteURL
+        // Check for WordPress.com account first. This means Atomic sites
+        // (which have both an account and application password credentials)
+        // resolve to `.dotCom`.
+        if let account = blog.account,
+           let siteId = blog.dotComID?.intValue {
+            let authToken = try account.authToken
+                ?? WPAccount.token(forUsername: account.username)
+            self.flavor = .dotCom(DotComCredentials(
+                siteId: siteId,
+                oAuthToken: authToken,
+                applicationPassword: applicationPassword
+            ))
+        } else {
+            // Self-hosted sites must have application password credentials
+            // for wp/v2 API access.
+            guard let applicationPassword else {
+                throw Blog.BlogCredentialsError.blogPasswordMissing
+            }
+            self.flavor = .selfHosted(applicationPassword)
         }
     }
+}
 
-    public func blog(in context: NSManagedObjectContext) throws -> Blog? {
-        switch self {
-        case let .dotCom(_, siteId, _):
-            return try Blog.lookup(withID: siteId, in: context)
-        case let .selfHosted(blogId, _, _, _, _):
-            return try context.existingObject(with: blogId)
+extension WordPressSite {
+    /// The application password credentials, if available.
+    /// Always non-nil for self-hosted sites. Optional for WordPress.com sites
+    /// (non-nil for Atomic sites).
+    public var applicationPasswordCredentials: ApplicationPasswordCredentials? {
+        switch flavor {
+        case let .dotCom(credentials):
+            return credentials.applicationPassword
+        case let .selfHosted(credentials):
+            return credentials
         }
     }
 
-    public func blogId(in coreDataStack: CoreDataStack) -> TaggedManagedObjectID<Blog>? {
-        switch self {
-        case let .dotCom(_, siteId, _):
-            return coreDataStack.performQuery { context in
-                guard let blog = try? Blog.lookup(withID: siteId, in: context) else { return nil }
-                return TaggedManagedObjectID(blog)
-            }
-        case let .selfHosted(id, _, _, _, _):
-            return id
-        }
+    /// Look up the `Blog` object in a given Core Data context.
+    public func blog(in context: NSManagedObjectContext) throws -> Blog {
+        try context.existingObject(with: blogId)
     }
 }
@@ -160,7 +160,10 @@ private func makeService(
 ) throws -> CustomPostEditorService {
     let api = try WordPressAPI(
         urlSession: .shared,
-        apiRootUrl: .parse(input: "https://example.com/wp-json"),
+        siteInfo: .selfHosted(
+            siteUrl: .parse(input: "https://example.com"),
+            apiRoot: .parse(input: "https://example.com/wp-json")
+        ),
         authentication: .none
     )
     let client = WordPressClient(
 
@@ -16,8 +16,15 @@ class UserListViewModelTests: XCTestCase {
     override func setUp() async throws {
         try await super.setUp()
 
-        let api = try WordPressAPI(urlSession: .shared, apiRootUrl: .parse(input: "https://example.com/wp-json"), authentication: .none)
-        let client = try WordPressClient(
+        let api = try WordPressAPI(
+            urlSession: .shared,
+            siteInfo: .selfHosted(
+                siteUrl: .parse(input: "https://example.com"),
+                apiRoot: .parse(input: "https://example.com/wp-json")
+            ),
+            authentication: .none
+        )
+        let client = WordPressClient(
             api: api,
             siteURL: URL(string: "https://example.com")!
         )
 
@@ -126,9 +126,9 @@ struct ApplicationPasswordRequiredView<Content: View>: View {
     }
 
     private func updateSite() {
-        // We check that the site is `selfHosted` to ensure an _Application Password_ is available. That's what this view
-        // is for, after all.
-        if let site = try? WordPressSite(blog: blog), case .selfHosted = site {
+        // We check that the site has application password credentials to ensure
+        // direct wp/v2 API access is available. That's what this view is for.
+        if let site = try? WordPressSite(blog: blog), site.applicationPasswordCredentials != nil {
             self.site = site
         }
     }
 
@@ -146,7 +146,7 @@ struct SelfHostedSiteAuthenticator {
             }
 
             let apiRootURL = details.apiRootUrl.asURL()
-            let result = try await handle(credentials: credentials, apiRootURL: apiRootURL, apiDetails: details.apiDetails, context: context)
+            let result = try await handle(credentials: credentials, apiRootURL: apiRootURL, apiDiscovery: details, context: context)
             trackSuccess(url: details.parsedSiteUrl.url())
             return result
         } catch {
@@ -205,7 +205,7 @@ struct SelfHostedSiteAuthenticator {
     }
 
     @MainActor
-    private func handle(credentials: WpApiApplicationPasswordDetails, apiRootURL: URL, apiDetails: WpApiDetails, context: SignInContext) async throws(SignInError) -> TaggedManagedObjectID<Blog> {
+    private func handle(credentials: WpApiApplicationPasswordDetails, apiRootURL: URL, apiDiscovery: AutoDiscoveryAttemptSuccess, context: SignInContext) async throws(SignInError) -> TaggedManagedObjectID<Blog> {
         SVProgressHUD.show()
         defer {
             SVProgressHUD.dismiss()
@@ -215,7 +215,7 @@ struct SelfHostedSiteAuthenticator {
             throw .mismatchedUser(expectedUsername: username)
         }
 
-        let blog = try await createSite(credentials: credentials, apiRootURL: apiRootURL, apiDetails: apiDetails, context: context)
+        let blog = try await createSite(credentials: credentials, apiRootURL: apiRootURL, apiDiscovery: apiDiscovery, context: context)
 
         switch context {
         case .default:
@@ -257,7 +257,7 @@ struct SelfHostedSiteAuthenticator {
     private func createSite(
         credentials: WpApiApplicationPasswordDetails,
         apiRootURL: URL,
-        apiDetails: WpApiDetails,
+        apiDiscovery: AutoDiscoveryAttemptSuccess,
         context: SignInContext
     ) async throws(SignInError) -> TaggedManagedObjectID<Blog> {
         // We still need to set the `Blog.xmlrpc`, because it's used all across the app.
@@ -269,7 +269,10 @@ struct SelfHostedSiteAuthenticator {
 
         let api = WordPressAPI(
             urlSession: URLSession(configuration: .ephemeral),
-            apiRootUrl: try! ParsedUrl.parse(input: apiRootURL.absoluteString),
+            siteInfo: .selfHosted(
+                siteUrl: apiDiscovery.parsedSiteUrl,
+                apiRoot: apiDiscovery.apiRootUrl
+            ),
             authentication: WpAuthentication(username: credentials.userLogin, password: credentials.password)
         )
 
@@ -335,12 +338,12 @@ struct SelfHostedSiteAuthenticator {
                     blog.setValue(siteSettings.timezone, forOption: "timezone")
                 }
 
-                if blog.getOptionString(name: "gmt_offset") == nil, let offset = apiDetails.gmtOffset() {
+                if blog.getOptionString(name: "gmt_offset") == nil, let offset = apiDiscovery.apiDetails.gmtOffset() {
                     blog.setValue(offset, forOption: "gmt_offset")
                 }
 
                 if blog.getOptionString(name: "home_url") == nil {
-                    blog.setValue(apiDetails.homeUrlString(), forOption: "home_url")
+                    blog.setValue(apiDiscovery.apiDetails.homeUrlString(), forOption: "home_url")
                 }
             }
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ final class MockWordPressClientAPI: WordPressClientAPI, @unchecked Sendable {`
`78`	`78`	`var posts: PostsRequestExecutor { fatalError("Not implemented") }`
`79`	`79`	`var postTypes: PostTypesRequestExecutor { fatalError("Not implemented") }`
`80`	`80`
`81`		`- func createSelfHostedService(cache: WordPressApiCache) throws -> WpService {`
	`81`	`+ func createService(cache: WordPressApiCache) throws -> WpService {`
`82`	`82`	`fatalError("Not implemented")`
`83`	`83`	`}`
`84`	`84`
Original file line number	Diff line number	Diff line change
`@@ -126,9 +126,9 @@ struct ApplicationPasswordRequiredView<Content: View>: View {`
`126`	`126`	`}`
`127`	`127`
`128`	`128`	`private func updateSite() {`
`129`		- // We check that the site is `selfHosted` to ensure an _Application Password_ is available. That's what this view
`130`		`- // is for, after all.`
`131`		`- if let site = try? WordPressSite(blog: blog), case .selfHosted = site {`
	`129`	`+ // We check that the site has application password credentials to ensure`
	`130`	`+ // direct wp/v2 API access is available. That's what this view is for.`
	`131`	`+ if let site = try? WordPressSite(blog: blog), site.applicationPasswordCredentials != nil {`
`132`	`132`	`self.site = site`
`133`	`133`	`}`
`134`	`134`	`}`