Open IuliiaHerets opened 1 week ago
Triggered auto assignment to @zanyrenney (Bug
), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.
Triggered auto assignment to @arosiclair (DeployBlockerCash
), see https://stackoverflowteams.com/c/expensify/questions/9980/ for more details.
:wave: Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open `StagingDeployCash` deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:
I reproduced on staging v9.0.45-2 and not on prod v9.0.44-12 (the original bug from https://github.com/Expensify/App/issues/49523 is still present).
This is actually not reproducible in dev with the latest changes on main
.
We discussed this issue here in https://github.com/Expensify/App/issues/48041#issuecomment-2394985903 since that was the issue which introduced the new validation route logic.
Looks like the cause of the logout is/was that when we input the magic code, one of the API endpoints is called with the old / outdated authToken
from when the account was not validated.
The issue seems unrelated to the PR I reviewed and more related to the PR that introduced the new validation route logic.
If we were to follow-up with a fix and pinpoint the offending PR, that would be https://github.com/Expensify/App/pull/49230 even if the logout issue did not pop-up while testing issue https://github.com/Expensify/App/issues/48041.
The fix for this should be something along the lines of making sure that once the magic code was provided in the new route, we make sure to clear the old authToken
before making any API calls post-validation.
This can be done either on FE or BE.
Please, correct me if any of my above statements are wrong!
This is actually not reproducible in dev with the latest changes on
main
.
I'll have to double check, but if the issue is indeed not reproducible anymore, can we assume that this was fixed from the BE side ? 🤔
I can't verify locally, but reverting https://github.com/Expensify/App/pull/50169 would probably restore the behavior on prod (the not found page). However, I'm not sure that's really "better" than what we have now (forced logout but working after logging back in). I think the best path forward is to not block on this and use this issue to investigate and fix the problem.
The issue seems unrelated to the PR I reviewed and more related to the PR that introduced the new validation route logic.
@ikevin127 FWIW, I agree the root problem is probably not caused by the PR you reviewed, however that PR is what ultimately introduced this bug. I think we should have caught this before merging (the whole flow should've been tested).
Job added to Upwork: https://www.upwork.com/jobs/~021843360929752935358
Triggered auto assignment to Contributor-plus team member for initial proposal review - @sobitneupane (External
)
That's right, unfortunately I only tested the actual validation post-merge :trollface:
♻️ Edit: The issue is still reproducible on both local dev
and staging
so I guess we're looking for proposals .
reverting https://github.com/Expensify/App/pull/50169 would probably restore the behavior on prod (the not found page). However, I'm not sure that's really "better" than what we have now (forced logout but working after logging back in). I think the best path forward is to not block on this and use this issue to investigate and fix the problem.
Indeed, I also think that the current behaviour is better then the "Not found page" but still we shouldn't be logged out.
@arosiclair @ikevin127 based on my investigation, this appears to be a backend issue. It seems that the Onyx key credentials
isn’t being populated with the autoGeneratedLogin
and autoGeneratedPassword
values during the sign-up process.
As I mentioned in offending issue https://github.com/Expensify/App/issues/49523#issuecomment-2400732507:
@isabelastisser Yes, we had the following regression:
which was caused by lack of testing on both PR reviewer and author sides. The issue mentioned above is open for proposals, unless the author wants to fix the issue given that we're still within the regression period.
Note: The issue was that we relied on the other PRs implementation of the new route without actually testing if the implementation works, ignoring this issue's Expected result which states
Add bank account page should open
as we stopped the testing at "seeing the magic code input showing up in RHP".
So unless the author wants to fix this, we're open for proposals. Peace out ✌️
@arosiclair, @sobitneupane, @zanyrenney Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!
I spent a little time looking into this. Some notes:
ValidateSecondaryLogin
on the VerifyAccountPage even though this is for the primary login of a new accountbackTo
route in the Pay someone flow hereValidateSecondaryLogin
which updates our authTokenGetMissingOnyxMessages
with the old authToken GetMissingOnyxMessages
returns jsonCode 407
Authenticate
but with empty partnerUserID
and partnerUserSecret
Authenticate
returns 404
and signs us out📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸
Okay the credentials (partnerUserID and secret) are cleared by the SignUpUser
command since we added the unvalidated sign up flow in this PR.
I'm not sure what's the correct way to handle this in product validation flow. I'm going to start a discussion about it.
Thanks @arosiclair please link the discussion here so it's clear what the status is for us following along.
Started the discussion here
Thanks!
Taking this internal for now
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Version Number: 9.0.45-2 Reproducible in staging?: Y Reproducible in production?: N/A - new feature, doesn't exist in prod Issue was found when executing this PR: https://github.com/Expensify/App/pull/50169 Email or phone of affected tester (no customers): yonghongkok2+sddwe23@gmail.com Issue reported by: Applause Internal Team
Action Performed:
Expected Result:
User will not be signed out after verifying account during pay someone flow.
Actual Result:
User is signed out after verifying account during pay someone flow.
Workaround:
Unknown
Platforms:
Screenshots/Videos
https://github.com/user-attachments/assets/07ce4b74-bdbb-456e-80f3-604cc36cb631
View all open jobs on GitHub
Upwork Automation - Do Not Edit
Issue Owner
Current Issue Owner: @arosiclair