Closed lanitochka17 closed 11 months ago
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open StagingDeployCash
deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:
Triggered auto assignment to @aldo-expensify (Engineering
), see https://stackoverflow.com/c/expensify/questions/4319 for more details.
Money request flow is very broken at the moment. This bug is the one I reported in https://github.com/Expensify/App/pull/21877#issuecomment-1624859268 (2nd video) cc: @Beamanator
I don't think this is related to "Gmail" accounts, but it is related to requesting money to accounts that haven't messaged you back (you don't have the full personal details yet).
This worked:
y@gmail.com
), open a chat with a Gmail account x@gmail.com
and send a messagex@gmail.com
replies backy@gmail.com
, request money from x@gmail.com
This didn't work:
y@gmail.com
), open a chat with a Gmail account z@gmail.com
and send a messagey@gmail.com
, request money from z@gmail.com
The backend is expecting a debtorEmail
which we don't send in this case: https://github.com/Expensify/Auth/blob/bbdae8fcc5e6ebb13143e60792b09e437a5aa6d3/auth/command/CreateIOUTransaction.cpp#L37
This is not a deploy blocker, this also happens in production:
@Beamanator the backend doesn't seem to support to create money requests by the account ID, what should we do?
@aldo-expensify our plan so far with these types of situations is along the lines of point 2 - BUT not ALWAYS disable - here's what are trying to accomplish:
login
, that person shouldn't be searchable in any contact-search flow (task assignee, new chat, new group, send / receive money, split bill)So I don't believe we need to support creating money requests by account ID at the moment - otherwise we'll need to do that everywhere, and @puneetlath and I don't see a need for that if we follow the above plan
Ok, so we can treat this as an external issue, right? I think it only needs changes in App to disable the "Request Money" button here:
if you don't have the login, right?
If you type out a person's full email address (you may or may not already have their personal details) you SHOULD be able to do those contact-search flows (task assignee, new chat, split bill, etc).
I think this doesn't apply to this case because this is not a search box.
Using any account (i.e. y@gmail.com), open a chat with a Gmail account z@gmail.com and send a message Using y@gmail.com, request money from z@gmail.com
Doesn't this mean that user y already knows user z's login (email)?
If you have a user's personal details w/out login, that person shouldn't be searchable in any contact-search flow
Doesn't this mean that user y already knows user z's login (email)?
Yes, I started a new chat by using the email, but if that user doesn't reply back, then you get the bug.
yes, I don't see any reason why "Request money" shouldn't show on DM where user already knows email.
While I agree with what your are saying, I'm not sure if it is safe to use in all cases. I think that when you start a conversation with an email for the first time, we store that email as "displayName", but it still doesn't have a "login"... so to do what you are saying, we would have to do something like:
login
, use the displayName
as the login
only if the displayName
is an email.The problem with that is that the email found in displayName
may not be the real email of the account. For example:
x@gmail.com
but a display name y@gmail.com
.by the way, my understanding is shallow on this area, so @Beamanator or @puneetlath may give a better answer really :P
Innnnnteresting, so yeah I may not have been completely following before :D Now I see that this "request money" flow is from WITHIN a chat report that you already created :D
In this case I do think it's totally valid to be able to request money from the account -> because, as @0xmiroslav said, you already know the email (you may not know if an account exists with that email, but you already typed it out so you should be able to also request money from that chat).
So it makes the most sense to me that in this case, you SHOULD be able to request money w/in a chat report.
I do think this can be external since you should be able to get the user's email from Onyx somehow 🤔 since you already typed it out...
Is it possible to get into a 1:1 chat with a user you found in a public room without knowing their email? I think the answer is no, but I wanted to confirm
Yes it is. You can click on their profile (which opens using their accountID) and then chat them from their profile.
Interesting... then, the following situation can happen:
Setup:
test1@expensifail.com
, test2@expensifail.com
and realemail@gmail.com
displayname@gmail.com
to the account realemail@gmail.com
test1@expensifail.com
and get the link to sharerealemail@gmail.com
and send a messagetest2@expensifail.com
and start a chat with realemail@gmail.com
, which will show as displayname@gmail.com
displayname@gmail.com
In this case, sending a money request to displayname@gmail.com
will create a money request with a different account and not with realemail@gmail.com
. This is why I'm saying here that using the display name to find an email is not reliable.
Do you see this as a problem? What would be the expected result in such case?
I reproduced this case:
From test2@expensifail.com
perspective:
Settings from realemail@gmail.com
perspective:
Oh that's super interesting. Maybe we should prevent people from setting their display name as an email address then? It's fine for us to use an email address as a fallback display name, but maybe we shouldn't let people manually set their display name to be an email address or phone number.
Oh that's super interesting. Maybe we should prevent people from setting their display name as an email address then? It's fine for us to use an email address as a fallback display name, but maybe we shouldn't let people manually set their display name to be an email address or phone number.
Is this to try to make it work in case someone has not set a display name, so you can see immediately their real email as display name, so we can safely rely on that to create the money request?
It feels more consistent to me to just not allow creating money request if you don't have the login
of the person, because, otherwise, you allow money requests on users that have not messaged you back if that user doesn't have a display name set, but you don't allow the request if the user has a display name set.
Related to this... If I start a new chat by using someone's email in the search box, I can see that the personal details contain the login
key with the email:
In such case a money request would work correctly, even if this person has not talked back.
Asking in slack: https://expensify.slack.com/archives/C01GTK53T8Q/p1689623386449679
I worked a bit on this today, I have two draft PRs:
The money request works fine. The problem is that the "unknown" account becomes "known" after creating the money request, so it could be exploited to find out the email:
https://github.com/Expensify/App/assets/87341702/5bb96a7c-c6da-45f4-b6fd-7003420f8114
The setup above:
Bug: after opening different screens of reports related to the money requests, acc002@gmail.com ends up seeing the email acc003@gmail.com
I think when I open the IOU report details, I get the full personal details of the "unknown" account... I have to verify this.
@aldo-expensify in #22074 we have seen that definitively you get access to information like the timezone when the IOU is correctly setup! We had some discussion with @Beamanator regarding if PII was accesible through this flow.
yeah innnnnnteresting... It didn't seem like Aldo found that PII like timezone & pronouns were available though, right?
It didn't seem like Aldo found that PII like timezone & pronouns were available though, right?
I had not defined them. I tested again and yes, you get that information too:
Aah shucks ok well you shouldn't have access to that if you don't know them 😅
I didn't have time today to get to this.
No updates yet, trying to finish the IOU/expense loading in LHN first, which is higher priority.
@aldo-expensify Whoops! This issue is 2 days overdue. Let's get this updated quick!
Same, I'll try to circle back to this later during the week.
I started investigating this today, I'll continue tomorrow.
@aldo-expensify Huh... This is 4 days overdue. Who can take care of this?
@aldo-expensify 6 days overdue. This is scarier than being forced to listen to Vogon poetry!
Still investigating this in the backend, I'll focus on it tomorrow to get it done.
No updates, I had little time on Friday to investigate, I'll get back to it asap.
No progress since the last time, I got pulled from higher priority issues.
⚠️ Looks like this issue was linked to a Deploy Blocker here
If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.
If a regression has occurred and you are the assigned CM follow the instructions here.
If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.
@aldo-expensify Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!
No updates, started to focus on pagination. I'll try to get back to it early next week.
Haven't got back to it yet
Same ^
I started investigating this again. It seems like the leak of the personal details is coming from Auth, see this comment: https://github.com/Expensify/Auth/pull/8082/files#r1313647196
I think I fixed the leak of personal details in the backend: https://github.com/Expensify/Auth/pull/8622
I'll finish up early next week, I have to write some tests, but it appears to me that this fixes the problem: you can now create money request against unknown accounts and they remain unknown
@aldo-expensify Whoops! This issue is 2 days overdue. Let's get this updated quick!
I worked in the Auth fix https://github.com/Expensify/Auth/pull/8622 today and added tests. There are some Web-Expensify integration tests that started to fail. I'll have to investigate that.
@aldo-expensify Huh... This is 4 days overdue. Who can take care of this?
@aldo-expensify Huh... This is 4 days overdue. Who can take care of this?
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Issue found when executing PR https://github.com/Expensify/App/pull/22188
Action Performed:
Expected Result:
The IOU report page should not be grayed out and the composer should not be hidden for Gmail accounts
Actual Result:
The IOU report page is grayed out and the composer is hidden for Gmail accounts
Workaround:
Unknown
Platforms:
Which of our officially supported platforms is this issue occurring on?
Version Number: 1.3.38.3
Reproducible in staging?: Yes
Reproducible in production?: No
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation
https://github.com/Expensify/App/assets/78819774/50d2d64a-ea07-4a92-85c6-adc5e7422fb3
Production IOS
https://github.com/Expensify/App/assets/78819774/e6bc8e54-bfcf-4fb5-83fc-741c14efd602
Staging IOS
https://github.com/Expensify/App/assets/78819774/ec7766e8-3913-4247-804e-04ccf1573ac5
Expensify/Expensify Issue URL:
Issue reported by: Applause - Internal Team
Slack conversation:
View all open jobs on GitHub