Login: Improve login error when site disables XML-RPC

[rachelmcr]

Expected behavior

If XML-RPC is disabled on my site, and I try to log in to the app, I expect a clear error message explaining the issue and how to resolve it so the error is actionable. Otherwise, my only option is to contact support, who can explain the error but won't be able to resolve it for me.

Actual behavior

Even though the app logs correctly identify that the issue is that XML-RPC is disabled, the UI only shows this error message:

Error while adding site. Error code: GENERIC_ERROR

Steps to reproduce the behavior

1. Disable XML-RPC on your site. I used this plugin: https://en-gb.wordpress.org/plugins/disable-xml-rpc/
2. Open the app, logged out.
3. Select the site address login option.
4. Enter your login credentials (username/password) and try to proceed. Result: You get the generic error described above.
5. Go to Help > Application log and notice the Volley error containing the real error:

Volley error on [URL redacted] - exception: org.wordpress.android.fluxc.network.xmlrpc.XMLRPCFault: XML-RPC services are disabled on this site.

Tested on [moto e5 play], Android [8.1.0], WPAndroid [alpha-232]

Also seen while testing Unified Login & Signup using the APK from #12288.

[reginabally]

Occured in 3475121-zen on WPAndroid 16.0

[SiobhyB]

Noting some discussion around this in pbArwn-1Uo-p2#comment-2710. It seems that although there have been some improvements to the messaging in these cases (see: #8459), there are still times where the generic error message is displayed and leading to confusion. A recent example of a site with the problem can be found in the site listed in 3829320-zen.

As XML-RPC can be a confusing term to many users, I think it may also be worth connecting with the mobile guild (as I know they're working on revamping the docs) and possibly linking to a doc that goes into more detail within the error message.

[twstokes]

Hi all 👋, I recently did some work on the WPiOS side to touch up the XML-RPC login errors and wanted to share some findings as well as how the two platforms compare.

I broke things down into five scenarios (or modes) of how the server could respond to a client.

• Mode 0 / Off - XML-RPC is working, but a bad username / password was provided.
• Mode 1 - Authenticated XML-PRC requests are disabled. See the note in that section for more info.
• Mode 2 - Simulates a server that responded with an invalid payload the client couldn't decode. The probability of this one happening is low (IMO).
• Mode 3 - Simulates a server that responded with a bad HTTP code and no payload.
• Mode 4 - Block all XML-RPC calls.

I created a plugin to help force these modes for testing. You should be able to install it on a self-hosted site: xml-rpc-tweak.zip

Mode 0 - XML-RPC working, bad username / password:

Android	iOS

Mode 1 - Disabled authenticated XML-RPC requests.

Note that XML-RPC requests that don't require authentication will still succeed, such as checking the site URL validity. When checking popular plugins that "disable XML-RPC", this is what they're really doing, so the function name can be misleading.

Here's some more context in the WordPress source.

Android	iOS

Mode 2 - Simulates a server that responded with an invalid payload the client couldn't decode.

Android	iOS

Mode 3 - Simulates a server that responded with a bad HTTP code and no payload.

Android	iOS

Mode 4 - Simulates a server that has blocked all XML-RPC calls.

Android	iOS