[HOLD for payment 2024-08-29] [$250] 2FA - No recovery codes in 2FA page for unverified account

[m-natarajan]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.4.82-1 Reproducible in staging?: y Reproducible in production?: y If this was caught during regression testing, add the test name, ID and link from TestRail: Email or phone of affected tester (no customers): Logs: https://stackoverflow.com/c/expensify/questions/4856 Expensify/Expensify Issue URL: Issue reported by: @ikevin127 Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1718145760414179

Action Performed:

Precondition: Login with a new email and don't verify account. Note: This means that you login with a new email and you're not asked to input the magic code, unless you do this manually by navigating to Settings > Profile > Contact method > click on your email to verify it.

1. Once logged in -> click on Settings > Security > Two-factor authentication.
2. Click Copy and Download buttons.
3. Click on Next button.

Expected Result:

1. The recovery code should be visible on 2FA page (step 1).
2. Upon clicking Copy the recovery code should be copied to clipboard.
3. Upon clicking Download the recovery codes should be downloaded in a text file.

   Actual Result:

4. The recovery code is not visible on 2FA page (step 1).
5. Upon clicking Copy nothing is copied to clipboard.
6. Upon clicking Download the downloaded text file is empty (0 B).

   Workaround:

   unknown

   Platforms:

   Which of our officially supported platforms is this issue occurring on?

   • [ ] Android: Native
   • [ ] Android: mWeb Chrome
   • [ ] iOS: Native
   • [ ] iOS: mWeb Safari
   • [x] MacOS: Chrome / Safari
   • [ ] MacOS: Desktop

Screenshots/Videos

https://github.com/Expensify/App/assets/38435837/e020732b-9eab-4736-b138-25d1dcf2178f

https://github.com/Expensify/App/assets/38435837/e8071b83-3d23-482c-966e-74cbd6352c2b

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0145289401f3afe680
• Upwork Job ID: 1803637508828282692
• Last Price Increase: 2024-06-20

Issue Owner

Current Issue Owner: @trjExpensify

[etCoderDysto]

1. I have pushed the latest changes except the navigation fix you have suggested me

2. Which screens do open contact method details page?

   • Currently we are opening this screen (ContactMethodDetailsPage) form BankAccountStep page, which is rendered by ReimbursementAccountPage page.
   • ReimbursementAccountPage page is defined here and here in Modal stack navigator
   • On my branch CodesStep from TwoFactorAuthPage page opens ContactMethodDetailsPage

3. For context, the feature - 'verify your account here' link - that navigates user form BankAccountStep to ContactMethodDetails page is introduced in this PR

[adamgrzybowski]

Okay so just to make clear. Before it could be open from only one page:

• BankAccountStep

And now we want to be able to open it from two different pages:

• BankAccountStep (the old one)
• TwoFactorAuthPage (the new one)

Also bonus question. Do you know from which screens we can open the connect bank account? I can see that it has backTo param already

[etCoderDysto]

That is right! BankAccountStep can be opened from WorkspaceWorkflowsPage. I am not sure if other pages use the same component. Wallet section seems to be using different pages EnablePaymentsPage

[adamgrzybowski]

I created diff with new changes. Please check if it works for you. The screen under the overlay won't change if the user opens CONTACT_METHOD_DETAILS page. backToDiff.txt

[etCoderDysto]

I created diff with new changes. Please check if it works for you. The screen under the overlay won't change if the user opens CONTACT_METHOD_DETAILS page. backToDiff.txt

I have tried the diff. And it seems to be working well 🎉. Thanks @adamgrzybowski 🙇🏻‍♂️. I will test this thoroughly, if things will go as expected PR will ready for final review soon.

https://github.com/user-attachments/assets/0ee8e37b-8401-4704-a643-e10cadcabe3d

[etCoderDysto]

@mollfpr PR is ready for final review 🎉

[melvin-bot[bot]]

This issue has not been updated in over 15 days. @trjExpensify, @mollfpr, @techievivek, @etCoderDysto eroding to Monthly issue.

P.S. Is everyone reading this sure this is really a near-term priority? Be brave: if you disagree, go ahead and close it out. If someone disagrees, they'll reopen it, and if they don't: one less thing to do!

[melvin-bot[bot]]

⚠️ Looks like this issue was linked to a Deploy Blocker here

If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.

If a regression has occurred and you are the assigned CM follow the instructions here.

If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.

[melvin-bot[bot]]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot[bot]]

The solution for this issue has been :rocket: deployed to production :rocket: in version 9.0.23-0 and is now subject to a 7-day regression period :calendar:. Here is the list of pull requests that resolve this issue:

• https://github.com/Expensify/App/pull/44635

If no regressions arise, payment will be issued on 2024-08-29. :confetti_ball:

For reference, here are some details about the assignees on this issue:

• @mollfpr requires payment through NewDot Manual Requests
• @etCoderDysto requires payment (Needs manual offer from BZ)
• @ikevin127 requires payment (Needs manual offer from BZ)

[melvin-bot[bot]]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [ ] [@mollfpr] The PR that introduced the bug has been identified. Link to the PR:
• [ ] [@mollfpr] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [ ] [@mollfpr] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [ ] [@mollfpr] Determine if we should create a regression test for this bug.
• [ ] [@mollfpr] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [ ] [@trjExpensify] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[ikevin127]

@trjExpensify Not sure why it says I require payment here as my only involvement with this issue is that I reported it (see OP reported by) 🤷‍♂️

[trjExpensify]

Same, all good though. Thanks for flagging!

@mollfpr, checklist time!

[melvin-bot[bot]]

Payment Summary

Upwork Job

• Reviewer: @mollfpr owed $250 via NewDot
• ROLE: @etCoderDysto paid $(AMOUNT) via Upwork (LINK)

BugZero Checklist (@trjExpensify)

• [ ] I have verified the correct assignees and roles are listed above and updated the neccesary manual offers
• [ ] I have verified that there are no duplicate or incorrect contracts on Upwork for this job (https://www.upwork.com/ab/applicants/1803637508828282692/hired)
• [ ] I have paid out the Upwork contracts or cancelled the ones that are incorrect
• [ ] I have verified the payment summary above is correct

[mollfpr]

[@mollfpr] The PR that introduced the bug has been identified. Link to the PR: [@mollfpr] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:

No offending PR.

[@mollfpr] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:

The regression step should be enough.

[@mollfpr] Determine if we should create a regression test for this bug. [@mollfpr] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.

Precondition: Login with a new email and don't verify the account.

1. Go to Settings page > Security
2. Click on Two-factor authentication
3. Verify it open the Two-factor authentication page with text and link to validate the account
4. Click on verify your account here and verify your account
5. After submit the magic code, verify it navigate to the Two-factor authentication page and showing the recovery codes.

[techievivek]

Precondition: Login with a new email and don't verify the account.

It would be better to say, "Login with a new public email account"(this is so because we require verification for the user if they are part of domain control). Otherwise, it looks good to me.

[trjExpensify]

Thanks! Payment summary as follows:

• $250 to @etCoderDysto for the fix
• $250 to @mollfpr for the review

Luthfi, go ahead and request. @etCoderDysto, I need your Upwork profile link please.

[etCoderDysto]

@trjExpensify here is a link to my Upwork profile: https://www.upwork.com/freelancers/~01ea78e0164390eb79 Thanks!

[trjExpensify]

Offer sent!

[etCoderDysto]

I have accepted the offer. Thanks!

[trjExpensify]

Paid, closing!

[garrettmknight]

$250 approved for @mollfpr