Skip to content

Remove Login Module#22564

Open
jkmassel wants to merge 72 commits intotrunkfrom
remove/login-lib
Open

Remove Login Module#22564
jkmassel wants to merge 72 commits intotrunkfrom
remove/login-lib

Conversation

@jkmassel
Copy link
Contributor

@jkmassel jkmassel commented Feb 5, 2026
edited by adalpari
Loading

Description

This PR removes the legacy login library and fixes some login flow weirdness by:

Removed legacy login components:

  • Removed Google Sign-In integration
  • Removed Magic Link login fragments (LoginMagicLinkSentFragment, LoginMagicLinkRequestFragment, SignupMagicLinkFragment)
  • Removed username/password WP.com login flow (LoginEmailPasswordFragment, LoginEmailFragment)
  • Removed Login 2FA fragment
  • Removed SmartLock integration
  • Removed native account signup code (SignupEpilogueFragment, PostSignupInterstitialActivity)
  • Removed "Find your site address" button
  • Removed LoginMode.JETPACK_SELFHOSTED and WOO_LOGIN_MODE

Modernized login UI:

  • Migrated LoginSiteApplicationPasswordFragment to Jetpack Compose
  • Updated LoginPrologueRevampedFragment with edge-to-edge support for Android 15+
  • Added edge-to-edge support to LoginActivity and ApplicationPasswordLoginActivity
  • Made Chrome Custom Tab extend under the navigation bar
  • Added 16dp spacing between login prologue buttons
  • Auto-focus keyboard on site address input field

Improved user experience:

  • Notifications now automatically reload when the tab is viewed, showing a spinner while loading if empty
  • Added self-hosted site reauthentication support
  • Display more detailed error messages for login failures
  • Fixed WP.com sharing login flow

Code cleanup:

  • Moved resources from login module into the main app module
  • Flattened theme hierarchies
  • Removed orphaned files and unused code

Screenshots:

Screenshot_20260205-113506 Screenshot_20260205-103503
BeforeAfter
Screenshot_20260205-122849 Screenshot_20260205-122842
BeforeAfter

Testing instructions

WP.com Login:

  1. Fresh install the app
  2. Tap "Continue with WordPress.com"
  • Verify Chrome Custom Tab opens and extends under the navigation bar
  • Verify login completes successfully and returns to the app

Self-hosted Login:

  1. From the login prologue, tap "Enter your site address"
  • Verify keyboard appears automatically
  • Verify the bottom button bar extends under the navigation bar
  1. Enter a self-hosted WordPress site URL with Application Passwords enabled
  2. Complete the authentication flow
  • Verify the site is added successfully

Edge-to-edge (Android 15+):

  1. On an Android 15 device, open the login prologue
  • Verify content extends under the status and navigation bars
  • Verify the logo is positioned closer to the top
  • Verify buttons are properly positioned above the navigation bar

Notifications reload:

  1. Log in to a WP.com account
  2. Navigate to the Notifications tab
  • Verify a loading spinner appears if notifications are empty
  • Verify notifications load automatically without pull-to-refresh

Reauthentication (self-hosted):

  1. Add a self-hosted site
  2. Invalidate the application password on the server
  3. Trigger an action that requires authentication
  • Verify reauthentication flow is presented

Reauthentication (WP.com):

  1. Sign into WP.com
  2. Deauthorize the Android app in WP.com > Me > Connected Applications
  3. Trigger an action that requires authentication
  • Verify reauthentication flow is presented

@dangermattic
Copy link
Collaborator

dangermattic commented Feb 5, 2026
edited
Loading

1 Warning
⚠️ This PR is larger than 300 lines of changes. Please consider splitting it into smaller PRs for easier and faster reviews.

Generated by 🚫 Danger

@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 5, 2026
edited
Loading

App Icon📲 You can test the changes from this Pull Request in WordPress Android by scanning the QR code below to install the corresponding build.

App NameWordPress Android
FlavorJalapeno
Build TypeDebug
Versionpr22564-01b78c7
Build Number1483
Application IDorg.wordpress.android.prealpha
Commit01b78c7
Installation URL0u00skjqe24do
 Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 5, 2026
edited
Loading

App Icon📲 You can test the changes from this Pull Request in Jetpack Android by scanning the QR code below to install the corresponding build.

App NameJetpack Android
FlavorJalapeno
Build TypeDebug
Versionpr22564-01b78c7
Build Number1483
Application IDcom.jetpack.android.prealpha
Commit01b78c7
Installation URL63vtotdpdqu80
 Automatticians: You can use our internal self-serve MC tool to give yourself access to those builds if needed.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 5, 2026
View reviewed changes
@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 5, 2026
edited
Loading

Project manifest changes for WordPress

The following changes in the WordPress's merged AndroidManifest.xml file were detected (build variant: jetpackVanillaRelease):

--- ./build/reports/diff_manifest/WordPress/jetpackVanillaRelease/base_manifest.txt	2026-02-06 20:12:15.941440979 +0000
+++ ./build/reports/diff_manifest/WordPress/jetpackVanillaRelease/head_manifest.txt	2026-02-06 20:12:52.821548757 +0000
@@ -401,7 +401,8 @@
         <activity
             android:name="org.wordpress.android.ui.accounts.LoginActivity"
             android:exported="true"
-            android:theme="@style/LoginTheme.TransparentSystemBars"
+            android:launchMode="singleTop"
+            android:theme="@style/LoginTheme"
             android:windowSoftInputMode="adjustResize" >
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
@@ -417,7 +418,7 @@
         <activity
             android:name="org.wordpress.android.ui.accounts.applicationpassword.ApplicationPasswordLoginActivity"
             android:exported="true"
-            android:theme="@style/LoginTheme.TransparentSystemBars"
+            android:theme="@style/LoginTheme"
             android:windowSoftInputMode="adjustResize" >
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
@@ -458,14 +459,6 @@
             </intent-filter>
         </activity>
         <activity
-            android:name="org.wordpress.android.ui.accounts.SignupEpilogueActivity"
-            android:label="@string/signup_epilogue_screen_title"
-            android:theme="@style/LoginTheme" />
-        <activity
-            android:name="org.wordpress.android.ui.accounts.PostSignupInterstitialActivity"
-            android:label="@string/post_signup_interstitial_title"
-            android:theme="@style/LoginTheme" />
-        <activity
             android:name="org.wordpress.android.ui.sitecreation.SiteCreationActivity"
             android:theme="@style/WordPress.NoActionBar"
             android:windowSoftInputMode="adjustResize" />
@@ -1121,11 +1114,6 @@
             android:label="Installation Referrer Service"
             android:permission="android.permission.BIND_JOB_SERVICE" />
         <service
-            android:name="org.wordpress.android.login.LoginWpcomService"
-            android:exported="false"
-            android:foregroundServiceType="shortService"
-            android:label="Login to WPCOM Service" />
-        <service
             android:name="org.wordpress.android.ui.sitecreation.services.SiteCreationService"
             android:exported="false"
             android:foregroundServiceType="dataSync"
@@ -1541,37 +1529,6 @@
                 <action android:name="com.google.firebase.MESSAGING_EVENT" />
             </intent-filter>
         </service>
-        <service
-            android:name="androidx.credentials.playservices.CredentialProviderMetadataHolder"
-            android:enabled="true"
-            android:exported="false" >
-            <meta-data
-                android:name="androidx.credentials.CREDENTIAL_PROVIDER_KEY"
-                android:value="androidx.credentials.playservices.CredentialProviderPlayServicesImpl" />
-        </service>
-
-        <activity
-            android:name="androidx.credentials.playservices.HiddenActivity"
-            android:configChanges="orientation|screenSize|screenLayout|keyboardHidden"
-            android:enabled="true"
-            android:exported="false"
-            android:fitsSystemWindows="true"
-            android:theme="@style/Theme.Hidden" >
-        </activity>
-        <activity
-            android:name="com.google.android.gms.auth.api.signin.internal.SignInHubActivity"
-            android:excludeFromRecents="true"
-            android:exported="false"
-            android:theme="@android:style/Theme.Translucent.NoTitleBar" />
-        <!--
-            Service handling Google Sign-In user revocation. For apps that do not integrate with
-            Google Sign-In, this service will never be started.
-        -->
-        <service
-            android:name="com.google.android.gms.auth.api.signin.RevocationBoundService"
-            android:exported="true"
-            android:permission="com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION"
-            android:visibleToInstantApps="true" />
 
         <activity
             android:name="com.google.android.gms.common.api.GoogleApiActivity"

Go to https://buildkite.com/automattic/wordpress-android/builds/24871/canvas?sid=019c348f-a59d-4b45-a963-e8e07753731e, click on the Artifacts tab and audit the files.

@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 5, 2026
edited
Loading

Project manifest changes for WordPress

The following changes in the WordPress's merged AndroidManifest.xml file were detected (build variant: wordpressVanillaRelease):

--- ./build/reports/diff_manifest/WordPress/wordpressVanillaRelease/base_manifest.txt	2026-02-06 20:12:06.198938905 +0000
+++ ./build/reports/diff_manifest/WordPress/wordpressVanillaRelease/head_manifest.txt	2026-02-06 20:12:40.469130807 +0000
@@ -207,7 +207,8 @@
         <activity
             android:name="org.wordpress.android.ui.accounts.LoginActivity"
             android:exported="true"
-            android:theme="@style/LoginTheme.TransparentSystemBars"
+            android:launchMode="singleTop"
+            android:theme="@style/LoginTheme"
             android:windowSoftInputMode="adjustResize" >
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
@@ -223,7 +224,7 @@
         <activity
             android:name="org.wordpress.android.ui.accounts.applicationpassword.ApplicationPasswordLoginActivity"
             android:exported="true"
-            android:theme="@style/LoginTheme.TransparentSystemBars"
+            android:theme="@style/LoginTheme"
             android:windowSoftInputMode="adjustResize" >
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />
@@ -264,14 +265,6 @@
             </intent-filter>
         </activity>
         <activity
-            android:name="org.wordpress.android.ui.accounts.SignupEpilogueActivity"
-            android:label="@string/signup_epilogue_screen_title"
-            android:theme="@style/LoginTheme" />
-        <activity
-            android:name="org.wordpress.android.ui.accounts.PostSignupInterstitialActivity"
-            android:label="@string/post_signup_interstitial_title"
-            android:theme="@style/LoginTheme" />
-        <activity
             android:name="org.wordpress.android.ui.sitecreation.SiteCreationActivity"
             android:theme="@style/WordPress.NoActionBar"
             android:windowSoftInputMode="adjustResize" />
@@ -1094,11 +1087,6 @@
             android:label="Installation Referrer Service"
             android:permission="android.permission.BIND_JOB_SERVICE" />
         <service
-            android:name="org.wordpress.android.login.LoginWpcomService"
-            android:exported="false"
-            android:foregroundServiceType="shortService"
-            android:label="Login to WPCOM Service" />
-        <service
             android:name="org.wordpress.android.ui.sitecreation.services.SiteCreationService"
             android:exported="false"
             android:foregroundServiceType="dataSync"
@@ -1514,37 +1502,6 @@
                 <action android:name="com.google.firebase.MESSAGING_EVENT" />
             </intent-filter>
         </service>
-        <service
-            android:name="androidx.credentials.playservices.CredentialProviderMetadataHolder"
-            android:enabled="true"
-            android:exported="false" >
-            <meta-data
-                android:name="androidx.credentials.CREDENTIAL_PROVIDER_KEY"
-                android:value="androidx.credentials.playservices.CredentialProviderPlayServicesImpl" />
-        </service>
-
-        <activity
-            android:name="androidx.credentials.playservices.HiddenActivity"
-            android:configChanges="orientation|screenSize|screenLayout|keyboardHidden"
-            android:enabled="true"
-            android:exported="false"
-            android:fitsSystemWindows="true"
-            android:theme="@style/Theme.Hidden" >
-        </activity>
-        <activity
-            android:name="com.google.android.gms.auth.api.signin.internal.SignInHubActivity"
-            android:excludeFromRecents="true"
-            android:exported="false"
-            android:theme="@android:style/Theme.Translucent.NoTitleBar" />
-        <!--
-            Service handling Google Sign-In user revocation. For apps that do not integrate with
-            Google Sign-In, this service will never be started.
-        -->
-        <service
-            android:name="com.google.android.gms.auth.api.signin.RevocationBoundService"
-            android:exported="true"
-            android:permission="com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION"
-            android:visibleToInstantApps="true" />
 
         <activity
             android:name="com.google.android.gms.common.api.GoogleApiActivity"

Go to https://buildkite.com/automattic/wordpress-android/builds/24871/canvas?sid=019c348f-a59d-4a1f-88db-254c825c2d1a, click on the Artifacts tab and audit the files.

@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 5, 2026
edited
Loading

Project dependencies changes

list 
- Removed Dependencies
androidx.credentials:credentials:1.2.0
androidx.credentials:credentials-play-services-auth:1.2.0
com.google.android.gms:play-services-auth:20.7.0
com.google.android.gms:play-services-auth-api-phone:18.0.1
com.google.android.gms:play-services-auth-base:18.0.4
com.google.android.gms:play-services-fido:20.1.0
com.google.android.libraries.identity.googleid:googleid:1.1.0
tree 
++--- com.gravatar:gravatar:2.5.0
+|    +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:2.0.21 -> 2.2.10 (*)
+|    +--- com.squareup.moshi:moshi:1.15.1
+|    |    +--- com.squareup.okio:okio:3.7.0 -> 3.16.4 (*)
+|    |    \--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21 -> 1.9.24 (*)
+|    +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3 -> 1.10.2 (*)
+|    +--- com.squareup.okhttp3:okhttp:4.12.0 -> 5.3.2 (*)
+|    \--- org.jetbrains.kotlin:kotlin-stdlib:2.0.21 -> 2.2.21 (*)
++--- com.google.android.play:app-update:2.1.0
+|    +--- com.google.android.gms:play-services-basement:18.1.0 -> 18.4.0
+|    |    +--- androidx.collection:collection:1.0.0 -> 1.5.0 (*)
+|    |    +--- androidx.core:core:1.2.0 -> 1.16.0 (*)
+|    |    \--- androidx.fragment:fragment:1.1.0 -> 1.8.9 (*)
+|    \--- com.google.android.gms:play-services-tasks:18.0.2 -> 18.2.0
+|         \--- com.google.android.gms:play-services-basement:18.4.0 (*)
++--- com.google.mlkit:barcode-scanning-common:17.0.0
+|    \--- com.google.mlkit:vision-common:17.0.0 -> 17.3.0
+|         \--- com.google.android.gms:play-services-base:18.1.0 -> 18.5.0
+|              +--- androidx.collection:collection:1.0.0 -> 1.5.0 (*)
+|              +--- androidx.core:core:1.2.0 -> 1.16.0 (*)
+|              +--- androidx.fragment:fragment:1.0.0 -> 1.8.9 (*)
+|              +--- com.google.android.gms:play-services-basement:18.4.0 (*)
+|              \--- com.google.android.gms:play-services-tasks:18.2.0 (*)
++--- com.zendesk:support:5.5.2
+|    \--- com.google.dagger:dagger-android:2.48.1 -> 2.58
+|         +--- com.google.dagger:dagger:2.58 (*)
+|         +--- com.google.dagger:dagger-lint-aar:2.58
+|         +--- androidx.annotation:annotation:1.7.1 -> 1.9.1 (*)
+|         \--- javax.inject:javax.inject:1
+\--- com.google.dagger:dagger-android-support:2.58
+     +--- com.google.dagger:dagger:2.58 (*)
+     +--- com.google.dagger:dagger-android:2.58 (*)
+     +--- com.google.dagger:dagger-lint-aar:2.58
+     +--- androidx.activity:activity:1.5.1 -> 1.10.1 (*)
+     +--- androidx.annotation:annotation:1.7.1 -> 1.9.1 (*)
+     +--- androidx.appcompat:appcompat:1.3.1 -> 1.7.1 (*)
+     +--- androidx.fragment:fragment:1.5.1 -> 1.8.9 (*)
+     +--- androidx.lifecycle:lifecycle-common:2.5.1 -> 2.10.0 (*)
+     +--- androidx.lifecycle:lifecycle-viewmodel:2.5.1 -> 2.10.0 (*)
+     +--- androidx.lifecycle:lifecycle-viewmodel-savedstate:2.5.1 -> 2.10.0 (*)
+     \--- javax.inject:javax.inject:1
-+--- project :libs:login
-|    +--- com.google.android.gms:play-services-auth:20.4.1 -> 20.7.0
-|    |    +--- androidx.fragment:fragment:1.0.0 -> 1.8.9 (*)
-|    |    +--- androidx.loader:loader:1.0.0 (*)
-|    |    +--- com.google.android.gms:play-services-auth-api-phone:18.0.1
-|    |    |    +--- com.google.android.gms:play-services-base:18.0.1 -> 18.5.0
-|    |    |    |    +--- androidx.collection:collection:1.0.0 -> 1.5.0 (*)
-|    |    |    |    +--- androidx.core:core:1.2.0 -> 1.16.0 (*)
-|    |    |    |    +--- androidx.fragment:fragment:1.0.0 -> 1.8.9 (*)
-|    |    |    |    +--- com.google.android.gms:play-services-basement:18.4.0
-|    |    |    |    |    +--- androidx.collection:collection:1.0.0 -> 1.5.0 (*)
-|    |    |    |    |    +--- androidx.core:core:1.2.0 -> 1.16.0 (*)
-|    |    |    |    |    \--- androidx.fragment:fragment:1.1.0 -> 1.8.9 (*)
-|    |    |    |    \--- com.google.android.gms:play-services-tasks:18.2.0
-|    |    |    |         \--- com.google.android.gms:play-services-basement:18.4.0 (*)
-|    |    |    +--- com.google.android.gms:play-services-basement:18.0.0 -> 18.4.0 (*)
-|    |    |    \--- com.google.android.gms:play-services-tasks:18.0.1 -> 18.2.0 (*)
-|    |    +--- com.google.android.gms:play-services-auth-base:18.0.4
-|    |    |    +--- androidx.collection:collection:1.0.0 -> 1.5.0 (*)
-|    |    |    +--- com.google.android.gms:play-services-base:18.0.1 -> 18.5.0 (*)
-|    |    |    +--- com.google.android.gms:play-services-basement:18.0.0 -> 18.4.0 (*)
-|    |    |    \--- com.google.android.gms:play-services-tasks:18.0.1 -> 18.2.0 (*)
-|    |    +--- com.google.android.gms:play-services-base:18.0.1 -> 18.5.0 (*)
-|    |    +--- com.google.android.gms:play-services-basement:18.2.0 -> 18.4.0 (*)
-|    |    +--- com.google.android.gms:play-services-fido:20.0.1 -> 20.1.0
-|    |    |    +--- com.google.android.gms:play-services-base:18.0.1 -> 18.5.0 (*)
-|    |    |    +--- com.google.android.gms:play-services-basement:18.0.0 -> 18.4.0 (*)
-|    |    |    \--- com.google.android.gms:play-services-tasks:18.0.1 -> 18.2.0 (*)
-|    |    \--- com.google.android.gms:play-services-tasks:18.0.1 -> 18.2.0 (*)
-|    +--- org.jetbrains.kotlin:kotlin-stdlib:2.2.10 -> 2.2.21 (*)
-|    +--- org.wordpress:utils:3.14.0 (*)
-|    +--- com.gravatar:gravatar:2.5.0
-|    |    +--- org.jetbrains.kotlin:kotlin-parcelize-runtime:2.0.21 -> 2.2.10 (*)
-|    |    +--- com.squareup.moshi:moshi:1.15.1
-|    |    |    +--- com.squareup.okio:okio:3.7.0 -> 3.16.4 (*)
-|    |    |    \--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.21 -> 1.9.24 (*)
-|    |    +--- org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3 -> 1.10.2 (*)
-|    |    +--- com.squareup.okhttp3:okhttp:4.12.0 -> 5.3.2 (*)
-|    |    \--- org.jetbrains.kotlin:kotlin-stdlib:2.0.21 -> 2.2.21 (*)
-|    +--- androidx.appcompat:appcompat:1.7.1 (*)
-|    +--- androidx.constraintlayout:constraintlayout:2.2.1 (*)
-|    +--- com.google.android.material:material:1.12.0 (*)
-|    +--- androidx.core:core:1.16.0 (*)
-|    +--- project :libs:fluxc (*)
-|    +--- com.github.bumptech.glide:glide:5.0.5 (*)
-|    +--- androidx.credentials:credentials:1.2.0
-|    |    +--- androidx.annotation:annotation:1.5.0 -> 1.9.1 (*)
-|    |    +--- org.jetbrains.kotlin:kotlin-stdlib:1.8.22 -> 2.2.21 (*)
-|    |    +--- org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.1 -> 1.10.2 (*)
-|    |    \--- androidx.credentials:credentials-play-services-auth:1.2.0 (c)
-|    +--- androidx.credentials:credentials-play-services-auth:1.2.0
-|    |    +--- androidx.credentials:credentials:1.2.0 (*)
-|    |    +--- com.google.android.gms:play-services-auth:20.7.0 (*)
-|    |    +--- com.google.android.gms:play-services-fido:20.1.0 (*)
-|    |    +--- com.google.android.libraries.identity.googleid:googleid:1.1.0
-|    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib:1.8.0 -> 2.2.21 (*)
-|    |    |    \--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.0 -> 1.9.24 (*)
-|    |    +--- org.jetbrains.kotlin:kotlin-stdlib:1.8.22 -> 2.2.21 (*)
-|    |    \--- androidx.credentials:credentials:1.2.0 (c)
-|    +--- com.google.dagger:dagger:2.58 (*)
-|    \--- com.google.dagger:dagger-android-support:2.58
-|         +--- com.google.dagger:dagger:2.58 (*)
-|         +--- com.google.dagger:dagger-android:2.58
-|         |    +--- com.google.dagger:dagger:2.58 (*)
-|         |    +--- com.google.dagger:dagger-lint-aar:2.58
-|         |    +--- androidx.annotation:annotation:1.7.1 -> 1.9.1 (*)
-|         |    \--- javax.inject:javax.inject:1
-|         +--- com.google.dagger:dagger-lint-aar:2.58
-|         +--- androidx.activity:activity:1.5.1 -> 1.10.1 (*)
-|         +--- androidx.annotation:annotation:1.7.1 -> 1.9.1 (*)
-|         +--- androidx.appcompat:appcompat:1.3.1 -> 1.7.1 (*)
-|         +--- androidx.fragment:fragment:1.5.1 -> 1.8.9 (*)
-|         +--- androidx.lifecycle:lifecycle-common:2.5.1 -> 2.10.0 (*)
-|         +--- androidx.lifecycle:lifecycle-viewmodel:2.5.1 -> 2.10.0 (*)
-|         +--- androidx.lifecycle:lifecycle-viewmodel-savedstate:2.5.1 -> 2.10.0 (*)
-|         \--- javax.inject:javax.inject:1
-+--- com.gravatar:gravatar:2.5.0 (*)
-+--- com.google.android.play:app-update:2.1.0
-|    +--- com.google.android.gms:play-services-basement:18.1.0 -> 18.4.0 (*)
-|    \--- com.google.android.gms:play-services-tasks:18.0.2 -> 18.2.0 (*)
-+--- com.google.android.gms:play-services-auth:20.4.1 -> 20.7.0 (*)
-+--- com.google.mlkit:barcode-scanning-common:17.0.0
-|    \--- com.google.mlkit:vision-common:17.0.0 -> 17.3.0
-|         \--- com.google.android.gms:play-services-base:18.1.0 -> 18.5.0 (*)
-+--- com.zendesk:support:5.5.2
-|    \--- com.google.dagger:dagger-android:2.48.1 -> 2.58 (*)
-\--- com.google.dagger:dagger-android-support:2.58 (*)

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2026
View reviewed changes
WordPress/src/main/java/org/wordpress/android/ui/accounts/LoginActivity.java
// JETPACK_LOGIN_ONLY = JPAndroid
LoginMode loginMode = getLoginMode();
if ((mLoginHelper.isLoggedIn()) && (loginMode == LoginMode.FULL || loginMode == LoginMode.JETPACK_LOGIN_ONLY)) {
LoginFlow loginFlow = getLoginFlow();

Check notice

Code scanning / Android Lint

Nullable/NonNull annotation missing on field Note

Missing null annotation
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2026
View reviewed changes
@codecov
Copy link

codecov bot commented Feb 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 7.01220% with 305 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.17%. Comparing base (d0ce0ad) to head (9193fed).
⚠️ Report is 4 commits behind head on trunk.

Files with missing lines Patch % Lines
...tionpassword/LoginSiteApplicationPasswordScreen.kt 0.00% 92 Missing ⚠️
...plicationpassword/ApplicationPasswordsViewModel.kt 0.00% 59 Missing ⚠️
...ava/org/wordpress/android/ui/accounts/LoginFlow.kt 0.00% 47 Missing ⚠️
...ationpassword/ApplicationPasswordViewModelSlice.kt 28.12% 41 Missing and 5 partials ⚠️
...word/ApplicationPasswordAutoAuthDialogViewModel.kt 5.00% 19 Missing ⚠️
.../ui/notifications/NotificationsListFragmentPage.kt 0.00% 13 Missing ⚠️
...ava/org/wordpress/android/ui/ActivityLauncher.java 0.00% 11 Missing ⚠️
...i/accounts/login/ApplicationPasswordLoginHelper.kt 14.28% 6 Missing ⚠️
...ain/java/org/wordpress/android/util/SiteUtils.java 0.00% 5 Missing ⚠️
...npassword/LoginSiteApplicationPasswordViewModel.kt 60.00% 2 Missing ⚠️
... and 3 more
Additional details and impacted files 
@@            Coverage Diff             @@
##            trunk   #22564      +/-   ##
==========================================
- Coverage   38.18%   38.17%   -0.01%     
==========================================
  Files        2237     2225      -12     
  Lines      111318   111039     -279     
  Branches    15579    15544      -35     
==========================================
- Hits        42505    42391     -114     
+ Misses      65272    65105     -167     
- Partials     3541     3543       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dcalhoun
Copy link
Member

dcalhoun commented Feb 9, 2026

I'm not getting any reauthentication flow when trying to post. I just see a permission error and my account has been logged out in settings. when I try to manually authenticate agian I see the following error:
[...]
Using my username works

IINM, this is a server security feature for requests flagged as suspicious.

@dcalhoun
Copy link
Member

dcalhoun commented Feb 9, 2026

Testing went well overall for me. I successfully performed the PRs testing instructions. I did not encounter layout regressions.

I noted a few oddities related to when triggering the re-authentication flow via opening the editor that I'll detail below.

From the editor, approving the authentication appears to not succeed. Additional requests are displayed as you continue to tap Approve. I imagine the authentication does succeed, but the structure of the editor initialization results in repeated requests from concurrent logic. This occurs for both Gutenberg Mobile and GutenbergKit; Aztec does not trigger re-authorization at all. After approving the authorization, exiting and re-opening the editor results in success.

Editor repeated auth approve

editor-repeat-auth-approve.mp4

Similarly, from the editor, tapping Deny results in continued requests. Navigating backwards can lead to an empty white screen. Further backwards navigation can arrive to the top-level app, where one can navigate to views that are inoperable due to lack of authorization. There is no prompt to re-authenticate, but closing and re-opening the app will correctly prompt for login.

Editor repeat auth deny

editor-repeat-auth-deny.mp4

Editor repeat auth deny continued
editor-repeat-auth-deny-impact.mp4

Neither of these feel significant. The latter feels more like an edge case. Addressing the former would be nice, but I'm unsure how complex the logic leading to this outcome may be.

dcalhoun
dcalhoun reviewed Feb 9, 2026
View reviewed changes
Copy link
Member

@dcalhoun dcalhoun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The quantity of changes makes it difficult to assess every line. At a high level, the changes look good. I left one suggestion regarding text size.

Also, I noted the self-hosted login form is unusable for smaller device in landscape. The keyboard covers the input and the button is collapsed and illegible. Ideally, we could improve that layout for that context.

Landscape login

Tested using a Samsung Galaxy S20 running Android 13 with the Google keyboard.

Image

...ordpress/android/ui/accounts/login/applicationpassword/LoginSiteApplicationPasswordScreen.kt Outdated

Text(
text = stringResource(R.string.enter_site_address),
style = MaterialTheme.typography.headlineSmall,
Copy link
Member

@dcalhoun dcalhoun Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a bit too large IMO. It competes with the TopAppBar title.

bodyLarge preview Image
Suggested change
style = MaterialTheme.typography.headlineSmall,
style = MaterialTheme.typography.bodyLarge,

...ress/src/main/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelper.kt
Comment on lines +217 to +225
val userDeviceName = DeviceUtils.getInstance().getDeviceName(context)
val (appName, successUrl) = if (buildConfigWrapper.isJetpackApp) {
context.getString(R.string.application_password_app_name_jetpack, userDeviceName) to
JETPACK_SUCCESS_URL
} else {
appName = ANDROID_WORDPRESS_CLIENT
successUrl = WORDPRESS_SUCCESS_URL
context.getString(R.string.application_password_app_name_wordpress, userDeviceName) to
WORDPRESS_SUCCESS_URL
}

Copy link
Member

@dcalhoun dcalhoun Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 Thank you!

@wpmobilebot wpmobilebot modified the milestones: 26.6, 26.7 Feb 23, 2026
@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 23, 2026

Version 26.6 has now entered code-freeze, so the milestone of this PR has been updated to 26.7.

jkmassel and others added 18 commits February 25, 2026 17:41
@jkmassel @claude
Remove stale Google Login warnings from build scripts
9e71cd1 
Google Login no longer exists in the app, so these warnings
about it not working are no longer relevant.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Use bodyLarge text style for site address label
5470ac0 
The headlineSmall style competes with the TopAppBar title.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Make login form scrollable for landscape support
eff220d 
Flatten the two-column layout into a single scrollable column
so the text field and button don't get crushed when the keyboard
opens on small devices in landscape mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Fix ANR risk and error handling in WP.com OAuth login
3572325 
- Replace runBlocking with async coroutine scope to avoid blocking
  the main thread during token exchange (Critical #1)
- Use dedicated CoroutineScope instead of Dispatchers.IO so
  dispose() only cancels this helper's coroutines (Critical #2)
- Propagate login errors to the caller via Consumer<Exception>
  instead of swallowing them
- Show error state on the loading screen with a retry button
  instead of silently failing
- Cancel coroutine scope in LoginActivity.onDestroy()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Handle null and unknown values in LoginFlow.fromIntent()
90231cc 
getStringExtra() can return null even when hasExtra() is true,
and valueOf() throws for old enum names that no longer exist.
Fall back to PROLOGUE safely in both cases.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Connect site comparison logic after OAuth login
361552e 
After fetching sites post-OAuth login, route back through
loggedInAndFinish() so FINISH_WITH_SITE flows correctly
return the newly added site ID to the calling activity.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Persist login flow state in SharedPreferences instead of static fields
6745eb0 
Static fields don't survive process death and can cause issues in
multi-window mode. Move sPendingLoginFlow and sIsShareFlowPending to
AppPrefs with dedicated getter/setter methods.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Add system bar transparency to login night theme
c6695c6 
The light theme had transparent status/navigation bars but the night
theme was missing these attributes, causing opaque system bars in dark
mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Add @singleton to LoginAnalyticsTracker provider method
ad78638 
The class had @singleton but the Dagger provider didn't, so a new
instance was created on every injection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Call startPostLoginServices and remove dead stub methods
983d935 
startPostLoginServices was defined but never called, so Reader tags
and notification services weren't started after login. Also removes
unused startOver and gotConnectedSiteInfo methods.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Remove leftover debug Log.e in WPMainActivity
e2d6923 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Remove plaintext username from debug logs
bc91e57 
The hasApiRestUsername boolean check is sufficient for debugging
without exposing the actual credential value.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Replace deprecated onActivityCreated with onViewCreated
257a9f5 
Move activity title setup into onViewCreated, removing the suppressed
deprecation warning.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Align ARG_LOGIN_FLOW constant name with its string value
a9c4847 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Unbind CustomTabsServiceConnection on dispose
55273b0 
The service was bound but never unbound, causing a minor resource
leak. Now unbinds when the helper is disposed in onDestroy.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Use Channel instead of SharedFlow for discovery URL event
73b73bf 
Channel guarantees the event is buffered and consumed exactly once,
even if the collector starts slightly after emission. Safer than
SharedFlow(replay=0) for one-shot navigation events.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Suppress overdraw lint warning on login loading layout
10af360 
The window background from LoginTheme triggers a false positive
overdraw warning since the ConstraintLayout itself has no explicit
background.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Add tools:keep for flavor-specific login prologue colors
904aead 
Android Lint can't trace cross-flavor resource usage, so it flags
these colors as unused. They're referenced by Compose code in the
wordpress flavor.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jkmassel and others added 3 commits February 25, 2026 19:52
@jkmassel @claude
Redirect WP.com site addresses to OAuth login flow
41ac084 
When a user enters a WordPress.com site address in the site address
field, redirect them to the WP.com OAuth flow instead of proceeding
with application password authorization. This ensures WP.com account
state is properly established so the Me tab shows the user's profile.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Remove old login lib references from e2e tests
9ad40db 
The LoginFlow e2e helper imported resources from the deleted login
library and referenced views (login_username_row, login_password_row)
that no longer exist. Remove the dead enterUsernameAndPassword and
enterSiteAddress methods since login forms are now Compose-based and
WP.com login uses OAuth via Custom Tabs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jkmassel @claude
Call onFailure when OAuth callback is missing code parameter
01b78c7 
Previously tryLoginWithDataString silently returned if the code
query parameter was absent, leaving the caller on a loading screen
indefinitely. Now reports the error via the onFailure callback.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 26, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@wpmobilebot
Copy link
Contributor

wpmobilebot commented Feb 26, 2026

🤖 Build Failure Analysis

This build has failures. Claude has analyzed them - check the build annotations for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dcalhoun dcalhoun dcalhoun left review comments

@adalpari adalpari Awaiting requested review from adalpari adalpari is a code owner automatically assigned from wordpress-mobile/android-developers

@nbradbury nbradbury Awaiting requested review from nbradbury

At least 1 approving review is required to merge this pull request.

Assignees

@jkmassel jkmassel

Labels

Login [Type] Enhancement

Projects

None yet

Milestone

26.7

Development

Successfully merging this pull request may close these issues.

6 participants

@jkmassel @dangermattic @wpmobilebot @nbradbury @adalpari @dcalhoun