[HOLD for payment 2023-12-12] [$500] Web - Login–Auto-fill list appears if click on "Sign in here" in Incognito window via email link.

[izarutskaya]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.4.0-0 Reproducible in staging?: Y Reproducible in production?: Y If this was caught during regression testing, add the test name, ID and link from TestRail: Email or phone of affected tester (no customers): Logs: https://stackoverflow.com/c/expensify/questions/4856 Expensify/Expensify Issue URL: Issue reported by: Applause-Internal Team Slack conversation: @

Action Performed:

1. Go to https://staging.new.expensify.com/
2. Log out of NewDot and request a new magic link
3. Navigate to email and locate the magic link - change to staging if needed
4. Open an new INCOGNITO window and navigate to the staging link
5. Verify the "Here's your magic code" page is displayed
6. Verify there's a link to "Sign In here"
7. Click on the link to "Sign in here"

Expected Result:

The user is logged in without auto-fill list.

Actual Result:

Auto-fill list appears when click on the link to "Sign in here" in Incognito window via email link

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• [ ] Android: Native
• [ ] Android: mWeb Chrome
• [ ] iOS: Native
• [ ] iOS: mWeb Safari
• [x] MacOS: Chrome / Safari
• [ ] MacOS: Desktop

Screenshots/Videos

https://github.com/Expensify/App/assets/115492554/8f3ea7d6-5a8a-4875-adf7-0fc9c07a4b16

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01e92a3a92b9ab41a7
• Upwork Job ID: 1725122083404705792
• Last Price Increase: 2023-11-16
• Automatic offers:
• situchan | Reviewer | 27777252
• ZhenjaHorbach | Contributor | 27777253

[melvin-bot[bot]]

Job added to Upwork: https://www.upwork.com/jobs/~01e92a3a92b9ab41a7

[melvin-bot[bot]]

Triggered auto assignment to @johncschuster (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot[bot]]

Bug0 Triage Checklist (Main S/O)

• [ ] This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• [ ] This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• [ ] This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• [ ] This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• [ ] I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot[bot]]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @situchan (External)

[unidev727]

Proposal

from: @unicorndev-727

Please re-state the problem that we are trying to solve in this issue.

Auto-fill list appears when click on the link to "Sign in here" in Incognito window via email link

What is the root cause of that problem?

The root cause is that it redirects to home page after we click signing link in ValidateLoginPage and input gets focused in LoginForm. https://github.com/Expensify/App/blob/48782c700e6abd56c73d317ac1c5bc9462547cfc/src/pages/signin/LoginForm/BaseLoginForm.js#L216

https://github.com/Expensify/App/blob/48782c700e6abd56c73d317ac1c5bc9462547cfc/src/pages/signin/LoginForm/BaseLoginForm.js#L231

What changes do you think we should make in order to solve the problem?

we need to set isVisible property in LoginForm to false when it is in signing-in state. https://github.com/Expensify/App/blob/48782c700e6abd56c73d317ac1c5bc9462547cfc/src/pages/signin/SignInPage.js#L249

function SignInPage({credentials, account, isInModal, activeClients, preferredLocale, session}) {
    const autoAuthState = lodashGet(session, 'autoAuthState', CONST.AUTO_AUTH_STATE.NOT_STARTED);

isVisible={shouldShowLoginForm && autoAuthState !== CONST.AUTO_AUTH_STATE.SIGNING_IN}

export default withOnyx({
    account: {key: ONYXKEYS.ACCOUNT},
    credentials: {key: ONYXKEYS.CREDENTIALS},
    /** 
    This variable is only added to make sure the component is re-rendered 
    whenever the activeClients change, so that we call the 
    ActiveClientManager.isClientTheLeader function 
    everytime the leader client changes.
    We use that function to prevent repeating code that checks which client is the leader.
    */
    activeClients: {key: ONYXKEYS.ACTIVE_CLIENTS},
    preferredLocale: {
        key: ONYXKEYS.NVP_PREFERRED_LOCALE,
    },
    session: {key: ONYXKEYS.SESSION},
})(SignInPage);

What alternative solutions did you explore? (Optional)

We can update getRenderOptions in Signin page by adding authAuthState.

function getRenderOptions({hasLogin, hasValidateCode, account, isPrimaryLogin, isUsingMagicCode, hasInitiatedSAMLLogin, isClientTheLeader, autoAuthState}) {
    const hasAccount = !_.isEmpty(account);
    const isSAMLEnabled = Boolean(account.isSAMLEnabled);
    const isSAMLRequired = Boolean(account.isSAMLRequired);
    const hasEmailDeliveryFailure = Boolean(account.hasEmailDeliveryFailure);

    // SAML is temporarily restricted to users on the beta or to users signing in on web and mweb
    let shouldShowChooseSSOOrMagicCode = false;
    let shouldInitiateSAMLLogin = false;
    const platform = getPlatform();
    if (platform === CONST.PLATFORM.WEB || platform === CONST.PLATFORM.DESKTOP) {
        // True if the user has SAML required and we haven't already initiated SAML for their account
        shouldInitiateSAMLLogin = hasAccount && hasLogin && isSAMLRequired && !hasInitiatedSAMLLogin && account.isLoading;
        shouldShowChooseSSOOrMagicCode = hasAccount && hasLogin && isSAMLEnabled && !isSAMLRequired && !isUsingMagicCode;
    }

    // SAML required users may reload the login page after having already entered their login details, in which
    // case we want to clear their sign in data so they don't end up in an infinite loop redirecting back to their
    // SSO provider's login page
    if (hasLogin && isSAMLRequired && !shouldInitiateSAMLLogin && !hasInitiatedSAMLLogin && !account.isLoading) {
        Session.clearSignInData();
    }

    const shouldShowLoginForm = isClientTheLeader && !hasLogin && !hasValidateCode && autoAuthState !== CONST.AUTO_AUTH_STATE.SIGNING_IN;
    const shouldShowEmailDeliveryFailurePage = hasLogin && hasEmailDeliveryFailure && !shouldShowChooseSSOOrMagicCode && !shouldInitiateSAMLLogin;
    const isUnvalidatedSecondaryLogin = hasLogin && !isPrimaryLogin && !account.validated && !hasEmailDeliveryFailure;
    const shouldShowValidateCodeForm =
        hasAccount && (hasLogin || hasValidateCode) && !isUnvalidatedSecondaryLogin && !hasEmailDeliveryFailure && !shouldShowChooseSSOOrMagicCode && !isSAMLRequired;
    const shouldShowWelcomeHeader = shouldShowLoginForm || shouldShowValidateCodeForm || shouldShowChooseSSOOrMagicCode || isUnvalidatedSecondaryLogin;
    const shouldShowWelcomeText = shouldShowLoginForm || shouldShowValidateCodeForm || shouldShowChooseSSOOrMagicCode || !isClientTheLeader;
    return {
        shouldShowLoginForm,
        shouldShowEmailDeliveryFailurePage,
        shouldShowUnlinkLoginForm: isUnvalidatedSecondaryLogin,
        shouldShowValidateCodeForm,
        shouldShowChooseSSOOrMagicCode,
        shouldInitiateSAMLLogin,
        shouldShowWelcomeHeader,
        shouldShowWelcomeText,
    };
}

[ZhenjaHorbach]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Web - Login–Auto-fill list appears if click on "Sign in here" in Incognito window via email link.

What is the root cause of that problem?

The correct root cause was proposed by me first (Since the first proposition was completely changed (Including the root cause) after my proposition)

The main problem is that when opening the link, we intermediately get to the sign-in screen Which automatically focuses the input that calls Auto-fill list

https://github.com/Expensify/App/blob/e5e1965fb016af0963bbfc5210d1955b4ad910d6/src/pages/signin/LoginForm/BaseLoginForm.js#L204-L221

What changes do you think we should make in order to solve the problem?

To avoid this behavior We obviously don't want the input to focus on the background. So we can add a new condition that will ignore focus when the screen is not in focus

We can update this line and add new condition !navigation.isFocused()(optional: update dependencies for useEffect() and add navigation.isFocused())

https://github.com/Expensify/App/blob/e5e1965fb016af0963bbfc5210d1955b4ad910d6/src/pages/signin/LoginForm/BaseLoginForm.js#L210

What alternative solutions did you explore? (Optional)

Or alternatively we can pass !navigation.isFocused() as the isVisible parameter

[gavintfn]

Depends on when the incognito browser window is opened. Hypothetically, if someone were to open a new incognito window to view the email, no session cookies that could be used to validate if the user was logged in would carry over from the previous window.

[melvin-bot[bot]]

📣 @gavintfn! 📣 Hey, it seems we don’t have your contributor details yet! You'll only have to do this once, and this is how we'll hire you on Upwork. Please follow these steps:

1. Make sure you've read and understood the contributing guidelines.
2. Get the email address used to login to your Expensify account. If you don't already have an Expensify account, create one here. If you have multiple accounts (e.g. one for testing), please use your main account email.
3. Get the link to your Upwork profile. It's necessary because we only pay via Upwork. You can access it by logging in, and then clicking on your name. It'll look like this. If you don't already have an account, sign up for one here.
4. Copy the format below and paste it in a comment on this issue. Replace the placeholder text with your actual details. Format:

   Contributor details
   Your Expensify account email: <REPLACE EMAIL HERE>
   Upwork Profile Link: <REPLACE LINK HERE>

[ZhenjaHorbach]

@unicorndev-727 Next time if you decide to completely change a proposition, leave a comment )

[situchan]

@ZhenjaHorbach's proposal looks good to me. I don't recommend changing current visibility logic of LoginForm which is working well. We can just avoid auto focus when screen is not focused. 🎀 👀 🎀 C+ reviewed

[melvin-bot[bot]]

Triggered auto assignment to @marcaaron, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[melvin-bot[bot]]

📣 @situchan 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link Upwork job

[melvin-bot[bot]]

📣 @ZhenjaHorbach 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link Upwork job Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻 Keep in mind: Code of Conduct | Contributing 📖

[ZhenjaHorbach]

📣 @ZhenjaHorbach 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link Upwork job Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻 Keep in mind: Code of Conduct | Contributing 📖

PR will be ready today

[marcaaron]

@situchan we're waiting for you here, thanks

[melvin-bot[bot]]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot[bot]]

The solution for this issue has been :rocket: deployed to production :rocket: in version 1.4.7-4 and is now subject to a 7-day regression period :calendar:. Here is the list of pull requests that resolve this issue:

• https://github.com/Expensify/App/pull/31698

If no regressions arise, payment will be issued on 2023-12-12. :confetti_ball:

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• [ ] External issue reporter
• [x] Contributor that fixed the issue
• [x] Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @ZhenjaHorbach requires payment offer (Contributor)
• @situchan requires payment offer (Reviewer)

[melvin-bot[bot]]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [ ] [@situchan] The PR that introduced the bug has been identified. Link to the PR:
• [ ] [@situchan] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [ ] [@situchan] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [ ] [@situchan] Determine if we should create a regression test for this bug.
• [ ] [@situchan] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [ ] [@johncschuster] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[johncschuster]

Issuing payment today

[johncschuster]

Payment has been issued!

@situchan, do we require regression test steps?

[situchan]

No regression. Not worth adding regression test for this super minor issue

[melvin-bot[bot]]

@johncschuster, @marcaaron, @ZhenjaHorbach, @situchan Whoops! This issue is 2 days overdue. Let's get this updated quick!

[melvin-bot[bot]]

@johncschuster, @marcaaron, @ZhenjaHorbach, @situchan Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[johncschuster]

Great! Thanks, @situchan!