Jetpack: Add block and allow list toggles to WAF settings

[dkmyta]

Description

Updates the Jetpack WAF security settings UI to allow the IP block and allow lists to be toggled independently.

Proposed changes:

• Makes use of the new jetpack_waf_ip_allow_list_enabled / jetpack_waf_ip_block_list_enabled settings, replacing jetpack_waf_ip_list
• Removes the individual manual rules setting and adds independent toggles for each IP list
• Modifies sections dependent on the original setting

Other information:

• Have you written new tests for your changes, if applicable?
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

• https://github.com/Automattic/jetpack-scan-team/issues/1263

Does this pull request change what data or activity we track or use?

• No

Testing instructions:

• Checkout this branch
• Start up JT, and enable Jetpack
• Proceed to WAF security settings and toggle the various options in different combinations
• Ensure the settings all perform as expected and that no regressions are introduced
• Upgrade and downgrade and ensure all expected settings are still accessible and functional
• Verify that a blocklisted IP cannot make requests or access the site admin when BFP is enabled
• Ensure that the blocked IP can once again do so once whitelisted
• Ensure cross compatibility exists when Protect is enabled and the settings are toggled from that end
• Ensure backward compatibility exists when the update is applied to an existing site with the prior settings in place

Screenshots

All Enabled:

All Disabled:

WAF Disabled:

Unsupported:

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WordPress.com Simple site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin, and enable the add/jetpack-ip-block-and-allow-list-toggles branch.

• To test on Simple, run the following command on your sandbox:

  bin/jetpack-downloader test jetpack add/jetpack-ip-block-and-allow-list-toggles
  

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

---

Once your PR is ready for review, check one last time that all required checks appearing at the bottom of this PR are passing or skipped.
Then, add the "[Status] Needs Team Review" label and ask someone from your team review the code. Once reviewed, it can then be merged.
If you need an extra review from someone familiar with the codebase, you can update the labels from "[Status] Needs Team Review" to "[Status] Needs Review", and in that case Jetpack Approvers will do a final review of your PR.

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen daily.
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly. The next release is scheduled for August 6, 2024 (scheduled code freeze on August 5, 2024).

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

---

Protect plugin:

• Next scheduled release: August 6, 2024.
• Scheduled code freeze: July 29, 2024.

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[nateweller]

Similar to #38265, what do you think about using this PR to also de-duplicate the allow list?

We could place the allow list as a separate card below the WAF and BFP cards, keeping/revising the description included with the BFP allow list.

[nateweller]

I think the updateWafIpAllowList and allowListInputState logic can be removed, as it is not necessary now that we aren't duplicating the list on the page - we could just use updateWafSettings and getWafSettings, in addition to tracking the current text input value in local component state 👍

[dkmyta]

we could just use updateWafSettings and getWafSettings, in addition to tracking the current text input value in local component state

Very good point! Updated accordingly 👍🏻

[nateweller]

LGTM! We should wait on #38395 to merge though 👍