Expensify / App

Welcome to New Expensify: a complete re-imagination of financial collaboration, centered around chat. Help us build the next generation of Expensify by sharing feedback and contributing to the code.
https://new.expensify.com
MIT License
3.51k stars 2.86k forks source link

Unable to set password or validate via New Expensify if "Resend link" is tapped #5328

Closed marcaaron closed 3 years ago

marcaaron commented 3 years ago

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!


Action Performed:

  1. Signed up for a new account with email on a private domain via New Expensify on iOS (main branch and also tested against production)
  2. Press Resend Link
  3. Try to validate via said link
  4. It is COMPLETELY impossible to validate the account

Most recently tested on john+4@lorenabobbeth.de

Expected Result:

Validating the account and setting a password is possible

Actual Result:

Seemingly impossible

Workaround:

Request the validate email via Old Dot, get the magic sign in link, sign in and set a password there.

Platform:

Where is this issue occurring?

Version Number: Reproducible in staging?: YES Reproducible in production?: YES Logs: https://www.expensify.com/_devportal/tools/logSearch/#sort=asc&size=20000&query=email%3A%22john%2B4%40lorenabobbeth.de%22%20AND%20timestamp%3A%5B2021-09-17T00%3A00%20TO%202021-09-18T23%3A59%5D Notes/Photos/Videos: Any additional supporting documentation Expensify/Expensify Issue URL: Issue reported by: Slack conversation:

View all open jobs on GitHub

marcaaron commented 3 years ago

Looking into this and currently able to reliably reproduce locally. Back with more info soon.

marcaaron commented 3 years ago

Ok, here's what I found...

  1. When we tap the link we call ResendValidateCode which triggers the email notification to be queued in Auth and we add a validateCode here
  2. Then looks like a short time after that GetAccountValidateCode (whatever that is) runs and overwrites the existing code. This happens when the notification is sent in Standard.php here
  3. That updates the validateCode associated with the account. However, the macro replacement with the validateCode we created here is already done.
  4. The email arrives and we get the first validate code we created and not the second one created in Standard.php

I have a feeling the change here broke this cc @jasperhuangg

https://github.com/Expensify/Auth/pull/5903/files#diff-7b6cd1030cc3fe6a8bbc09ce2c558b5e91f8df9099f648aae3f59c7f9900f5e8R84

marcaaron commented 3 years ago

Won't be able to get to this today but that investigation should be enough for someone to go off of.

flodnv commented 3 years ago

I investigated this for a while and I agree with @marcaaron the breaking change is https://github.com/Expensify/Auth/pull/5903/files#diff-7b6cd1030cc3fe6a8bbc09ce2c558b5e91f8df9099f648aae3f59c7f9900f5e8R84

This is happening in the SetCashPassword (NewDot) flow but not in the CreateAccount2 (OldDot) flow because the NewDot flow sets an authToken and we get into here as @marcaaron pointed out.

I am working on a PR but I think more things are broken than what we expected, eg this: https://github.com/Expensify/App/pull/5218/files#r712306088

MelvinBot commented 3 years ago

Triggered auto assignment to @SofiedeVreese (External), see https://stackoverflow.com/c/expensify/questions/8582 for more details.

flodnv commented 3 years ago

Sorry @SofiedeVreese I fat fingered that...

marcaaron commented 3 years ago

This issue is fixed now.