[HOLD for payment 2023-12-20] [$500] Desktop - Expired magic code page for a valid code with no prior use + inability to exit the screen

[izarutskaya]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: Version 1.4.10-1 (1.4.10-1)
Reproducible in staging?: Y
Reproducible in production?: N
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: Applause-Internal Team
Slack conversation: @

Action Performed:

Prerequisites: User must be logged into web app as User A.

1. Launch the Desktop app
2. Enter an email for an existing or new account
3. Go to the email inbox and locate the magic code
4. Copy the Magic link and modify it to staging
5. On the web, open a new tab and navigate to the staging magic link
6. Confirm that the user is prompted to open the desktop app
7. Click on the "Open app" option
8. Repeat steps 5,6 and 7
9. When the apps get opened, click on ''just sign in here ''button

Expected Result:

The user should be able to sign in right after clicking on ''Just sign in here,'' and they should also have the option to exit the page.

Actual Result:

When the desktop app is launched using the magic code deep link, the user encounters an expired magic code page even though the code is valid and has not been previously used. Additionally, it's impossible to exit that screen.

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Bug6308347_1702308834010.Expired_magic_code___cannot_leave_the_screen_.mp4

Bug6304327_1701946927913!expen-log2.txt

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01acea970084cf49dd
• Upwork Job ID: 1734159440509161472
• Last Price Increase: 2023-12-11
• Automatic offers:
• alitoshmatov | Reviewer | 28043180
• dukenv0307 | Contributor | 28043181

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~01acea970084cf49dd

[melvin-bot]

Triggered auto assignment to @joekaufmanexpensify (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @alitoshmatov (External)

[github-actions]

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open `StagingDeployCash` deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.

[melvin-bot]

Triggered auto assignment to @Julesssss (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

[izarutskaya]

Different behavior on production.

2023-12-10.17.19.15.mp4

[Julesssss]

We released 1.4.11 just before this blocker was created, so I think it will now be an issue on production too. Would you mind retesting to verify?

here's the new checklist

[dukenv0307]

Proposal

Please re-state the problem that we are trying to solve in this issue.

When the desktop app is launched using the magic code deep link, the user encounters an expired magic code page even though the code is valid and has not been previously used. Additionally, it's impossible to exit that screen.

What is the root cause of that problem?

When we opening the validate code modal, we're not clearing logging out the current user, so the isAuthenticated is still true and we still show the prompt to open the Desktop app.

We intentionally don't want to prompt to open desktop if the user is inside authentication flow as can be seen here.

What changes do you think we should make in order to solve the problem?

We can simply early return here (not prompt open desktop) if the auth state is currently NOT_STARTED. We need to pass the session to DeeplinkWrapper.

Optionally, in validate code modal, we can log out the current user if the user is currently logged in, because we're currently trying to log in as another user so it makes sense to log the current user out.

What alternative solutions did you explore? (Optional)

We can consider extending the above conditions for other authState as well.

[Julesssss]

Hi @dukenv0307, thanks for the proposal.

We can simply early return here (not prompt open desktop) if the auth state is currently NOT_STARTED. We need to pass the session to DeeplinkWrapper.

That makes sense, but why do you think this was a recent regression? This didn't occur on versions prior to 1.4.10 so I'd like to double-check the cause before moving forward.

[dukenv0307]

Why do you think this was a recent regression?

@Julesssss at the time I tested, production and staging have the same behavior as here. So I think the cause that makes production and staging different earlier has been fixed.

That said, production and staging have never been working for this scenario as you mentioned here and the solution here will fix it.

[Julesssss]

Sounds good to me. This is a blocker, so would you be able to raise a PR soon? If so let's do it and I'll find someone on the C+ tema available for a review ASAP

[melvin-bot]

📣 @alitoshmatov 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

[melvin-bot]

📣 @dukenv0307 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[luacmartins]

@dukenv0307 any updates on this PR?

[dukenv0307]

I'm investigating.

[dukenv0307]

@shubham1206agra @Julesssss @luacmartins The PR is ready for review.

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.11-25 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Not show prompt open in desktop app for magic link #32945

If no regressions arise, payment will be issued on 2023-12-20. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @alitoshmatov requires payment automatic offer (Reviewer)
• @dukenv0307 requires payment automatic offer (Contributor)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@alitoshmatov] The PR that introduced the bug has been identified. Link to the PR: Apple & Google Sign In #23673
• [@alitoshmatov] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: Apple & Google Sign In #23673 (comment)
• [@alitoshmatov] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: N/A
• [@alitoshmatov] Determine if we should create a regression test for this bug.
• [@alitoshmatov] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@joekaufmanexpensify] Link the GH issue for creating/updating the regression test once above steps have been agreed upon: N/A

[joekaufmanexpensify]

@alitoshmatov could you please handle the BZ checklist so we can prep to issue payment this Wednesday? TY!

[alitoshmatov]

• The PR that introduced the bug has been identified: Apple & Google Sign In #23673
• The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake: Apple & Google Sign In #23673 (comment)
• A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. N/a
• Determine if we should create a regression test for this bug: No

[joekaufmanexpensify]

Awesome. TY!

[joekaufmanexpensify]

BZ checklist complete. All set to issue payment tomorrow (assuming no regressions). We need to pay:

• @dukenv0307 - $500 for PR. Paid via Upwork.
• @alitoshmatov - $500 for C+. Paid via Upwork.

[joekaufmanexpensify]

All set to issue payment.

[joekaufmanexpensify]

@dukenv0307 $500 sent and contract ended!

[joekaufmanexpensify]

@alitoshmatov $500 sent and contract ended!

[joekaufmanexpensify]

Upwork job closed.

[joekaufmanexpensify]

All set. Thanks everyone!