Fix application password site_not_found by adding fallback URL matching (#22724)

adalpari · claude · web-flow · commit 127418164040 · 2026-03-23T12:39:12.000-04:00
* Log available site URLs in application password site_not_found error Include the actual stored site URLs in the diagnostic log and Sentry report to help identify the URL mismatch causing login failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add fallback URL matching for application password site lookup When the exact normalized URL match fails, retry by stripping the scheme (http/https) and www prefix. This handles cases where the stored site URL and the callback URL differ only in scheme or www. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Cache siteStore.sites to avoid redundant access in site lookup Read siteStore.sites once and pass the list to findSiteByUrl and logAndReportSiteNotFound, avoiding multiple accesses that may create new list instances each time. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add tests for fallback URL matching in application password login Cover scheme mismatch (http vs https), www mismatch, combined scheme+www mismatch, and verify exact match takes priority over fallback. Also fix existing test assertion for sites access count. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Mask site URLs in Sentry reports for application password errors Replace the last 3 characters before the TLD with XXX in URLs sent to Sentry to avoid exposing full site URLs. AppLog retains the full URLs for local debugging. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Harden maskUrl and findSiteByUrl in ApplicationPasswordLoginHelper - Extract host before masking in maskUrl to avoid incorrect masking when the URL contains dots in the path - Add null/empty guard to findSiteByUrl to prevent false matches when normalizedUrl is null - Add unit tests for maskUrl covering: no dot, standard domain, port, dot in path, and short host cases Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor findSiteByUrl to fix detekt ReturnCount violation Use elvis operator chaining instead of early return to reduce return statements from 3 to 2. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address review feedback for maskUrl and findSiteByUrl - Use replaceFirst instead of replace in maskUrl to avoid masking duplicate host occurrences in the URL path - Import java.net.URI instead of using fully-qualified reference - Add test for empty URL not matching site with empty URL Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Mask site URLs in analytics tracking to prevent PII leakage The trackStoringFailed and trackSuccessful methods were sending raw site URLs to the analytics service. Apply the same maskUrl treatment used for Sentry reports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update maskUrl to show only first and last character of domain Replace the fixed-length masking with a scheme that preserves only the first and last characters of the domain name, masking everything in between with 'x' for stronger PII protection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Improve maskUrl to handle all domain lengths and clean up - Mask 1-2 char domains entirely with 'x' - Preserve first/last char for 3+ char domains - Fix import ordering for java.net.URI - Rename test to reflect current masking behavior - Add tests for 1-char, 2-char, and 3-char domains - Remove unused MIN_MASK_LENGTH constant Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add @Suppress for ReturnCount in maskUrl Multiple early returns improve readability for parse failure and edge case handling in the masking logic. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/WordPress/src/main/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelper.kt b/WordPress/src/main/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelper.kt
@@ -1,6 +1,7 @@
 package org.wordpress.android.ui.accounts.login
 
 import android.content.Context
+import androidx.annotation.VisibleForTesting
 import androidx.core.net.toUri
 import com.automattic.android.tracks.crashlogging.CrashLogging
 import org.wordpress.android.R
@@ -22,6 +23,7 @@ import org.wordpress.android.util.crashlogging.sendReportWithTag
 import rs.wordpress.api.kotlin.ApiDiscoveryResult
 import rs.wordpress.api.kotlin.WpLoginClient
 import uniffi.wp_api.applicationPasswordsUrl
+import java.net.URI
 import javax.inject.Inject
 import javax.inject.Named
 
@@ -104,7 +106,8 @@ class ApplicationPasswordLoginHelper @Inject constructor(
 
         return withContext(bgDispatcher) {
             val normalizedUrl = UrlUtils.normalizeUrl(urlLogin.siteUrl)
-            val site = siteStore.sites.firstOrNull { UrlUtils.normalizeUrl(it.url) ==  normalizedUrl}
+            val sites = siteStore.sites
+            val site = findSiteByUrl(normalizedUrl, sites)
             if (site != null) {
                 site.apply {
                     apiRestUsernameEncrypted = ""
@@ -121,7 +124,7 @@ class ApplicationPasswordLoginHelper @Inject constructor(
                 true
             } else {
                 logAndReportSiteNotFound(
-                    urlLogin.siteUrl, normalizedUrl
+                    urlLogin.siteUrl, normalizedUrl, sites
                 )
                 false
             }
@@ -130,7 +133,7 @@ class ApplicationPasswordLoginHelper @Inject constructor(
 
     fun trackStoringFailed(siteUrl: String?, reason: String) {
         val properties: MutableMap<String, String?> = HashMap()
-        properties[URL_TAG] = siteUrl
+        properties[URL_TAG] = maskUrl(siteUrl.orEmpty())
         properties[REASON_TAG] = reason
         AnalyticsTracker.track(
             Stat.APPLICATION_PASSWORD_STORING_FAILED,
@@ -168,22 +171,28 @@ class ApplicationPasswordLoginHelper @Inject constructor(
 
     private fun logAndReportSiteNotFound(
         siteUrl: String?,
-        normalizedUrl: String?
+        normalizedUrl: String?,
+        sites: List<SiteModel>
     ) {
-        val detail = "$siteUrl (normalized: $normalizedUrl)" +
-            " — ${siteStore.sites.size} sites available"
+        val availableSiteUrls = sites.joinToString { it.url }
+        val logDetail = "$siteUrl (normalized: $normalizedUrl)" +
+            " — ${sites.size} sites available: [$availableSiteUrls]"
         appLogWrapper.e(
             AppLog.T.DB,
             "A_P: Cannot save credentials" +
-                " - site not found: $detail"
+                " - site not found: $logDetail"
         )
         trackStoringFailed(siteUrl, "site_not_found")
-        reportStoringFailedToSentry("site_not_found", detail)
+        val maskedSiteUrls = sites.joinToString { maskUrl(it.url) }
+        val sentryDetail =
+            "${maskUrl(siteUrl.orEmpty())} (normalized: ${maskUrl(normalizedUrl.orEmpty())})" +
+                " — ${sites.size} sites available: [$maskedSiteUrls]"
+        reportStoringFailedToSentry("site_not_found", sentryDetail)
     }
 
     private fun trackSuccessful(siteUrl: String) {
         val properties: MutableMap<String, String?> = HashMap()
-        properties[URL_TAG] = siteUrl
+        properties[URL_TAG] = maskUrl(siteUrl)
         properties[SUCCESS_TAG] = "true"
         AnalyticsTracker.track(
             if (buildConfigWrapper.isJetpackApp) {
@@ -232,6 +241,48 @@ class ApplicationPasswordLoginHelper @Inject constructor(
         }
     }
 
+    private fun findSiteByUrl(
+        normalizedUrl: String?,
+        sites: List<SiteModel>
+    ): SiteModel? {
+        if (normalizedUrl.isNullOrEmpty()) return null
+
+        // Exact match first, fallback: compare ignoring scheme and www prefix
+        val strippedUrl = normalizedUrl.stripSchemeAndWww()
+        return sites.firstOrNull {
+            UrlUtils.normalizeUrl(it.url) == normalizedUrl
+        } ?: sites.firstOrNull {
+            UrlUtils.normalizeUrl(it.url)?.stripSchemeAndWww() == strippedUrl
+        }
+    }
+
+    private fun String.stripSchemeAndWww(): String {
+        return removePrefix("https://")
+            .removePrefix("http://")
+            .removePrefix("www.")
+    }
+
+    @Suppress("ReturnCount")
+    @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
+    internal fun maskUrl(url: String): String {
+        val host = try {
+            URI(url).host
+        } catch (_: Exception) {
+            null
+        } ?: return url
+        val dotIndex = host.lastIndexOf('.')
+        if (dotIndex <= 0) return url
+        val domain = host.substring(0, dotIndex)
+        val tld = host.substring(dotIndex)
+        val maskedDomain = when {
+            domain.length <= 2 -> "x".repeat(domain.length)
+            else -> domain.first() +
+                "x".repeat(domain.length - 2) +
+                domain.last()
+        }
+        return url.replaceFirst(host, maskedDomain + tld)
+    }
+
     private fun SiteModel.hasRegularCredentials(): Boolean {
         return !username.isNullOrEmpty() && !password.isNullOrEmpty()
     }
diff --git a/WordPress/src/test/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelperTest.kt b/WordPress/src/test/java/org/wordpress/android/ui/accounts/login/ApplicationPasswordLoginHelperTest.kt
@@ -159,11 +159,104 @@ class ApplicationPasswordLoginHelperTest : BaseUnitTest() {
             val result = applicationPasswordLoginHelper.storeApplicationPasswordCredentialsFrom(testUriLogin)
 
             assertFalse(result)
-            verify(siteStore, times(2)).sites
+            verify(siteStore).sites
             verify(dispatcherWrapper, times(0)).updateApplicationPassword(any())
             verify(dispatcherWrapper, times(0)).removeApplicationPassword(any())
         }
 
+    @Test
+    fun `storeApplicationPasswordCredentialsFrom with empty url does not match site with empty url`() =
+        runTest {
+            val siteWithEmptyUrl = SiteModel().apply {
+                url = ""
+            }
+            whenever(siteStore.sites).thenReturn(listOf(siteWithEmptyUrl))
+            val emptyUrlLogin = UriLogin(
+                "", TEST_USER, TEST_PASSWORD, TEST_API_ROOT_URL
+            )
+
+            val result = applicationPasswordLoginHelper
+                .storeApplicationPasswordCredentialsFrom(emptyUrlLogin)
+
+            assertFalse(result)
+            verify(dispatcherWrapper, times(0)).updateApplicationPassword(any())
+        }
+
+    @Test
+    fun `storeApplicationPasswordCredentialsFrom matches site with different scheme`() =
+        runTest {
+            val siteModel = SiteModel().apply {
+                url = "http://test.com"
+            }
+            whenever(siteStore.sites).thenReturn(listOf(siteModel))
+            val httpsLogin = UriLogin(
+                "https://test.com", TEST_USER, TEST_PASSWORD, TEST_API_ROOT_URL
+            )
+
+            val result = applicationPasswordLoginHelper
+                .storeApplicationPasswordCredentialsFrom(httpsLogin)
+
+            assertTrue(result)
+            verify(dispatcherWrapper).updateApplicationPassword(eq(siteModel))
+        }
+
+    @Test
+    fun `storeApplicationPasswordCredentialsFrom matches site with www mismatch`() =
+        runTest {
+            val siteModel = SiteModel().apply {
+                url = "https://www.test.com"
+            }
+            whenever(siteStore.sites).thenReturn(listOf(siteModel))
+            val noWwwLogin = UriLogin(
+                "https://test.com", TEST_USER, TEST_PASSWORD, TEST_API_ROOT_URL
+            )
+
+            val result = applicationPasswordLoginHelper
+                .storeApplicationPasswordCredentialsFrom(noWwwLogin)
+
+            assertTrue(result)
+            verify(dispatcherWrapper).updateApplicationPassword(eq(siteModel))
+        }
+
+    @Test
+    fun `storeApplicationPasswordCredentialsFrom matches site with scheme and www mismatch`() =
+        runTest {
+            val siteModel = SiteModel().apply {
+                url = "http://www.test.com"
+            }
+            whenever(siteStore.sites).thenReturn(listOf(siteModel))
+            val httpsNoWwwLogin = UriLogin(
+                "https://test.com", TEST_USER, TEST_PASSWORD, TEST_API_ROOT_URL
+            )
+
+            val result = applicationPasswordLoginHelper
+                .storeApplicationPasswordCredentialsFrom(httpsNoWwwLogin)
+
+            assertTrue(result)
+            verify(dispatcherWrapper).updateApplicationPassword(eq(siteModel))
+        }
+
+    @Test
+    fun `storeApplicationPasswordCredentialsFrom prefers exact match over fallback`() =
+        runTest {
+            val exactSite = SiteModel().apply {
+                url = TEST_URL
+                id = 1
+            }
+            val fallbackSite = SiteModel().apply {
+                url = "https://test.com"
+                id = 2
+            }
+            whenever(siteStore.sites)
+                .thenReturn(listOf(fallbackSite, exactSite))
+
+            val result = applicationPasswordLoginHelper
+                .storeApplicationPasswordCredentialsFrom(testUriLogin)
+
+            assertTrue(result)
+            verify(dispatcherWrapper).updateApplicationPassword(eq(exactSite))
+        }
+
     @Test
     fun `appendParamsToRestAuthorizationUrl with null authorizationUrl returns empty string`() {
         val result = ApplicationPasswordLoginHelper.UriLoginWrapper(context, apiRootUrlCache, buildConfigWrapper)
@@ -407,6 +500,49 @@ class ApplicationPasswordLoginHelperTest : BaseUnitTest() {
         assertEquals("encrypted_user", site.apiRestUsernameEncrypted)
     }
 
+    @Test
+    fun `maskUrl with no dot returns url unmasked`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://localhost")
+        assertEquals("https://localhost", result)
+    }
+
+    @Test
+    fun `maskUrl with standard domain masks middle characters`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://example.com")
+        assertEquals("https://exxxxxe.com", result)
+    }
+
+    @Test
+    fun `maskUrl with port preserves port`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://test.com:8080")
+        assertEquals("https://txxt.com:8080", result)
+    }
+
+    @Test
+    fun `maskUrl with dot in path masks only host`() {
+        val result = applicationPasswordLoginHelper
+            .maskUrl("https://example.com/wp-content/image.jpg")
+        assertEquals("https://exxxxxe.com/wp-content/image.jpg", result)
+    }
+
+    @Test
+    fun `maskUrl with three char domain masks middle character`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://abc.com")
+        assertEquals("https://axc.com", result)
+    }
+
+    @Test
+    fun `maskUrl with single char domain replaces it with x`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://a.com")
+        assertEquals("https://x.com", result)
+    }
+
+    @Test
+    fun `maskUrl with two char domain replaces both with x`() {
+        val result = applicationPasswordLoginHelper.maskUrl("https://ab.com")
+        assertEquals("https://xx.com", result)
+    }
+
     @Test
     fun `getResettableApplicationPasswordSitesCount returns count of sites with regular credentials`() {
         val siteWithRegularCredentials = SiteModel().apply {
