Security Settings: Display actual password status

[zaguiini]

Closes #62978.

Proposed Changes

Check the is_passwordless_user field from settings to determine whether or not a password is set in the account instead of hardcoding the message.

@fditrapani @nuriapenya could you please check if the copy here makes sense or we want something else? I was wondering if we could display something related to their auth method. Example: "You do not have a password set because you're registered through Google" or "You do not have a password set because you're logging in through magic links."

I don't know that we can identify which mechanisms they're picking, though. So maybe a generic message could work better.

Testing Instructions

Proxy yourself to your sandbox and apply this branch to it: 170128-ghe-Automattic/wpcom.

User and password

Enter /me/security using your A8C account or any account created with the user and password method and verify that you see the "password set" message in the security checklist:

Passwordless mode

Create or log in with a passwordless account and enter /me/security. You should see the "password not set" message:

Upon clicking the checklist item and defining a password, subsequent /me/security visits should show the "password set" message.

Social login

Create or log in with a social account (Google, Apple, GitHub) and enter /me/security. You should see the "password not set" message:

Upon clicking the checklist item and defining a password, subsequent /me/security visits should show the "password set" message.

[github-actions]

Calypso Live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-129873

Jetpack Cloud live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-129873&env=jetpack

Automattic for Agencies live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-129873&env=a8c-for-agencies

[matticbot]

Here is how your PR affects size of JS and CSS bundles shipped to the user's browser:

Sections (~67 bytes added 📈 [gzipped])

name      parsed_size           gzip_size
security       +323 B  (+0.0%)      +67 B  (+0.0%)

Sections contain code specific for a given set of routes. Is downloaded and parsed only when a particular route is navigated to.

Legend

What is parsed and gzip size?

Parsed Size: Uncompressed size of the JS and CSS files. This much code needs to be parsed and stored in memory.
Gzip Size: Compressed size of the JS and CSS files. This much data needs to be downloaded over network.

Generated by performance advisor bot at iscalypsofastyet.com.

[matticbot]

This PR modifies the release build for the following Calypso Apps:

For info about this notification, see here: PCYsg-OT6-p2

• notifications
• wpcom-block-editor

To test WordPress.com changes, run install-plugin.sh $pluginSlug fix/display-actual-password-status-in-me-security on your sandbox.

[fditrapani]

Thanks for the ping @zaguiini. The word configured sounds very technical. We should replace it with something more human like "set":

• You have a password set but you can change it any time.
• You don't have a password set.

[a8ci18n]

This Pull Request is now available for translation here: https://translate.wordpress.com/deliverables/17195170

Some locales (Hebrew, Japanese) have been temporarily machine-translated due to translator availability. All other translations are usually ready within a few days. Untranslated and machine-translated strings will be sent for translation next Monday and are expected to be completed by the following Friday.

Thank you @zaguiini for including a screenshot in the description! This is really helpful for our translators.

[zaguiini]

Thanks @fditrapani 🚀

[vykes-mac]

LGTM