wordpress-mobile
diff --git a/‎WordPress/src/main/java/org/wordpress/android/ui/posts/GutenbergKitActivity.kt‎
Lines changed: 73 additions & 19 deletions b/‎WordPress/src/main/java/org/wordpress/android/ui/posts/GutenbergKitActivity.kt‎
Lines changed: 73 additions & 19 deletions
@@ -249,6 +249,9 @@ private const val VIEW_PAGER_OFFSCREEN_PAGE_LIMIT = 4
 private const val MEDIA_ID_NO_FEATURED_IMAGE_SET = 0
 
 object GutenbergKitSettingsBuilder {
+    private const val AUTH_BEARER_PREFIX = "Bearer "
+    private const val AUTH_BASIC_PREFIX = "Basic "
+
     data class SiteConfig(
         val url: String,
         val siteId: Long,
@@ -260,25 +263,33 @@ object GutenbergKitSettingsBuilder {
         val apiRestUsernamePlain: String?,
         val apiRestPasswordPlain: String?
     )
-    
+
     data class PostConfig(
         val remotePostId: Long?,
         val isPage: Boolean,
         val title: String?,
         val content: String?
     )
-    
+
     data class FeatureConfig(
         val isPluginsFeatureEnabled: Boolean,
         val isThemeStylesFeatureEnabled: Boolean
     )
-    
+
     data class AppConfig(
         val accessToken: String?,
         val locale: String,
         val cookies: Any?
     )
-    
+
+    /**
+     * Builds the settings configuration for GutenbergKit editor.
+     *
+     * This method determines the appropriate authentication method based on site type:
+     * - WP.com sites use Bearer token authentication with the public API
+     * - Jetpack/self-hosted sites with application passwords use Basic authentication
+     * - Falls back to WP.com REST API when no application password is available
+     */
     fun buildSettings(
         siteConfig: SiteConfig,
         postConfig: PostConfig,
@@ -287,22 +298,23 @@ object GutenbergKitSettingsBuilder {
     ): MutableMap<String, Any?> {
         val applicationPassword = siteConfig.apiRestPasswordPlain
         val shouldUseWPComRestApi = applicationPassword.isNullOrEmpty() && siteConfig.isUsingWpComRestApi
-        
+
         val siteApiRoot = if (shouldUseWPComRestApi) "https://public-api.wordpress.com/"
             else siteConfig.wpApiRestUrl ?: "${siteConfig.url}/wp-json/"
-            
-        val authHeader = if (shouldUseWPComRestApi) "Bearer ${appConfig.accessToken ?: ""}"
-            else "Basic ${Base64.encodeToString(
-                "${siteConfig.apiRestUsernamePlain}:$applicationPassword".toByteArray(), 
-                Base64.NO_WRAP
-            )}"
-            
+
+        val authHeader = buildAuthHeader(
+            shouldUseWPComRestApi = shouldUseWPComRestApi,
+            accessToken = appConfig.accessToken,
+            username = siteConfig.apiRestUsernamePlain,
+            password = applicationPassword
+        )
+
         val siteApiNamespace = if (shouldUseWPComRestApi)
             arrayOf("sites/${siteConfig.siteId}/", "sites/${UrlUtils.removeScheme(siteConfig.url)}/")
             else arrayOf()
-        
+
         val wpcomLocaleSlug = appConfig.locale.replace("_", "-").lowercase()
-        
+
         return mutableMapOf(
             "postId" to postConfig.remotePostId?.toInt(),
             "postType" to if (postConfig.isPage) "page" else "post",
@@ -324,7 +336,49 @@ object GutenbergKitSettingsBuilder {
             "cookies" to appConfig.cookies
         )
     }
-    
+
+    /**
+     * Builds the authentication header based on the authentication method.
+     *
+     * @param shouldUseWPComRestApi True if using WP.com REST API (Bearer auth)
+     * @param accessToken The OAuth2 access token for WP.com authentication
+     * @param username The username for Basic auth (application passwords)
+     * @param password The password for Basic auth (application passwords)
+     * @return The formatted authentication header string, or null if credentials are invalid
+     */
+    private fun buildAuthHeader(
+        shouldUseWPComRestApi: Boolean,
+        accessToken: String?,
+        username: String?,
+        password: String?
+    ): String? {
+        return if (shouldUseWPComRestApi) {
+            if (!accessToken.isNullOrEmpty()) {
+                "$AUTH_BEARER_PREFIX$accessToken"
+            } else {
+                AppLog.w(AppLog.T.EDITOR, "Missing access token for WP.com REST API authentication")
+                null
+            }
+        } else {
+            if (!username.isNullOrEmpty() && !password.isNullOrEmpty()) {
+                try {
+                    val credentials = "$username:$password"
+                    val encodedCredentials = Base64.encodeToString(
+                        credentials.toByteArray(Charsets.UTF_8),
+                        Base64.NO_WRAP
+                    )
+                    "$AUTH_BASIC_PREFIX$encodedCredentials"
+                } catch (e: IllegalArgumentException) {
+                    AppLog.e(AppLog.T.EDITOR, "Failed to encode Basic auth credentials", e)
+                    null
+                }
+            } else {
+                AppLog.w(AppLog.T.EDITOR, "Incomplete credentials for Basic authentication")
+                null
+            }
+        }
+    }
+
     private fun shouldUsePlugins(
         isFeatureEnabled: Boolean,
         isWPComSite: Boolean,
@@ -2407,27 +2461,27 @@ class GutenbergKitActivity : BaseAppCompatActivity(), EditorFragmentActivity, Ed
                 apiRestUsernamePlain = site.apiRestUsernamePlain,
                 apiRestPasswordPlain = siteModel.apiRestPasswordPlain
             )
-            
+
             val postConfig = GutenbergKitSettingsBuilder.PostConfig(
                 remotePostId = editPostRepository.getPost()?.remotePostId,
                 isPage = editPostRepository.isPage,
                 title = editPostRepository.getPost()?.title,
                 content = editPostRepository.getPost()?.content
             )
-            
+
             val featureConfig = GutenbergKitSettingsBuilder.FeatureConfig(
                 isPluginsFeatureEnabled = gutenbergKitPluginsFeature.isEnabled(),
                 isThemeStylesFeatureEnabled = experimentalFeatures.isEnabled(
                     Feature.EXPERIMENTAL_BLOCK_EDITOR_THEME_STYLES
                 )
             )
-            
+
             val appConfig = GutenbergKitSettingsBuilder.AppConfig(
                 accessToken = accountStore.accessToken,
                 locale = perAppLocaleManager.getCurrentLocaleLanguageCode(),
                 cookies = editPostAuthViewModel.getCookiesForPrivateSites(site, privateAtomicCookie)
             )
-            
+
             return GutenbergKitSettingsBuilder.buildSettings(
                 siteConfig = siteConfig,
                 postConfig = postConfig,