Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[$500] [Awaiting Payment]2FA login - Error message shows incorrect 2FA code when incorrect recovery code is used #28044

Closed
5 of 6 tasks
kbecciv opened this issue Sep 22, 2023 · 22 comments
Assignees
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor Reviewing Has a PR in review

Comments

@kbecciv
Copy link

kbecciv commented Sep 22, 2023

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!


Issue found when executing PR #23390

Action Performed:

Precondition:

  • User has set up 2FA and saved the recovery codes.
  • User has previously used one of the recovery codes.
  1. Go to login page.
  2. Enter email and magic code.
  3. Click Use recovery code.
  4. Use the recovery code that has already been used before.
    5.Click Sign in.

Expected Result:

The error message mentions incorrect recovery code.

Actual Result:

The error message mentions two-factor authentication code instead of recovery code.

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

  • Android / native
  • Android / Chrome
  • iOS / native
  • iOS / Safari
  • MacOS / Chrome / Safari
  • MacOS / Desktop

Version Number: 1.3.73.0
Reproducible in staging?: y
Reproducible in production?: new feature
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

Bug6210906_20230922_222809.mp4

Expensify/Expensify Issue URL:
Issue reported by: @ayazhussain79
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1695308760173509

View all open jobs on GitHub

Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~011dfd59ea4353f356
  • Upwork Job ID: 1711516319487270912
  • Last Price Increase: 2023-10-09
@kbecciv kbecciv added the DeployBlockerCash This issue or pull request should block deployment label Sep 22, 2023
@github-actions github-actions bot added the Hourly KSv2 label Sep 22, 2023
@OSBotify
Copy link
Contributor

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open StagingDeployCash deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

  1. Identify the pull request that introduced this issue and revert it.
  2. Find someone who can quickly fix the issue.
  3. Fix the issue yourself.

@melvin-bot
Copy link

melvin-bot bot commented Sep 22, 2023

Triggered auto assignment to @chiragsalian (Engineering), see https://stackoverflow.com/c/expensify/questions/4319 for more details.

@melvin-bot melvin-bot bot added the Overdue label Sep 25, 2023
@mountiny
Copy link
Contributor

@alitoshmatov @abdulrahuman5196 @MonilBhavsar Seems like a regression from your PR?

I dont think this is that important though to be a blocker, its not blocking user from logging in and also its rare to use recovery code and the one you have already used. Demoting to a bug and we should fix this probably as a regression from the PR

@mountiny mountiny added Bug Something is broken. Auto assigns a BugZero manager. and removed DeployBlockerCash This issue or pull request should block deployment Hourly KSv2 labels Sep 25, 2023
@melvin-bot
Copy link

melvin-bot bot commented Sep 25, 2023

Triggered auto assignment to @puneetlath (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

@melvin-bot melvin-bot bot added the Daily KSv2 label Sep 25, 2023
@melvin-bot
Copy link

melvin-bot bot commented Sep 25, 2023

Bug0 Triage Checklist (Main S/O)

  • This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
  • This bug is not a duplicate report (check E/App issues and #expensify-bugs)
    • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
  • This bug is reproducible using the reproduction steps in the OP. S/O
    • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
    • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
  • This issue is filled out as thoroughly and clearly as possible
    • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
  • I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

@alitoshmatov
Copy link
Contributor

@mountiny This error message is sent from the backend for used recovery code, also the same api is used to verify 2fa code and recovery code. Noticed it in original PR but forgot to mention it.

@mountiny
Copy link
Contributor

Thats ok, we can make this internal if we can debug this, but this probably should have been raised during the PR review

@MonilBhavsar MonilBhavsar added Reviewing Has a PR in review Waiting for copy User facing verbiage needs polishing labels Sep 27, 2023
@melvin-bot melvin-bot bot assigned ghost Sep 27, 2023
@melvin-bot
Copy link

melvin-bot bot commented Sep 27, 2023

Triggered auto assignment to @joaniew (Waiting for copy), see https://stackoverflow.com/c/expensify/questions/7025/ for more details.

@MonilBhavsar
Copy link
Contributor

@joaniew

In olddot, error message looks like

Screenshot 2023-09-27 at 10 45 07 AM

And in newDot, I propose to use the following -

Screenshot 2023-09-27 at 10 47 49 AM Screenshot 2023-09-27 at 10 48 01 AM

Could you please confirm. Thank you! cc @srikarparsi

@MonilBhavsar MonilBhavsar removed the Reviewing Has a PR in review label Sep 29, 2023
@ghost
Copy link

ghost commented Sep 29, 2023

@MonilBhavsar I'm a bit confused what you're proposing.. just want to double check - you're showing a version with the authenticator and one version with the recovery code?

Where it says Please enter a valid two-factor authentication or recovery code - do we want to specify so that when it's the authenticator, you only see the authenticator copy? eg. it says Please enter a valid two-factor authentication code

For recovery code: Please enter a valid recovery code

I think that specification is nicer

@MonilBhavsar MonilBhavsar added the Reviewing Has a PR in review label Oct 2, 2023
@MonilBhavsar
Copy link
Contributor

PR is deployed to prod. @puneetlath assigning you the issue as you were assigned as a part of Bugzero team.
We need to pay bug reporter @ayazhussain79
Everything else was internal

@MonilBhavsar MonilBhavsar added Awaiting Payment Auto-added when associated PR is deployed to production and removed Waiting for copy User facing verbiage needs polishing labels Oct 6, 2023
@MonilBhavsar MonilBhavsar changed the title 2FA login - Error message shows incorrect 2FA code when incorrect recovery code is used [Awaiting Payment]2FA login - Error message shows incorrect 2FA code when incorrect recovery code is used Oct 6, 2023
@ayazhussain79
Copy link
Contributor

@MonilBhavsar commented for reporting bonus

@MonilBhavsar MonilBhavsar added Weekly KSv2 and removed Daily KSv2 labels Oct 6, 2023
@puneetlath puneetlath added the External Added to denote the issue can be worked on by a contributor label Oct 9, 2023
@melvin-bot
Copy link

melvin-bot bot commented Oct 9, 2023

Unable to auto-create job on Upwork. The BZ team member should create it manually for this issue. cc @thienlnam

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Oct 9, 2023
@melvin-bot
Copy link

melvin-bot bot commented Oct 9, 2023

Current assignee @abdulrahuman5196 is eligible for the External assigner, not assigning anyone new.

@melvin-bot melvin-bot bot added Daily KSv2 and removed Weekly KSv2 labels Oct 9, 2023
@puneetlath puneetlath removed the Help Wanted Apply this label when an issue is open to proposals by contributors label Oct 9, 2023
@puneetlath
Copy link
Contributor

Upwork seems to be having issues. Will try again later.

@puneetlath puneetlath added External Added to denote the issue can be worked on by a contributor and removed External Added to denote the issue can be worked on by a contributor labels Oct 9, 2023
@melvin-bot melvin-bot bot changed the title [Awaiting Payment]2FA login - Error message shows incorrect 2FA code when incorrect recovery code is used [$500] [Awaiting Payment]2FA login - Error message shows incorrect 2FA code when incorrect recovery code is used Oct 9, 2023
@melvin-bot
Copy link

melvin-bot bot commented Oct 9, 2023

Job added to Upwork: https://www.upwork.com/jobs/~011dfd59ea4353f356

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Oct 9, 2023
@melvin-bot
Copy link

melvin-bot bot commented Oct 9, 2023

Current assignee @abdulrahuman5196 is eligible for the External assigner, not assigning anyone new.

@puneetlath puneetlath added Awaiting Payment Auto-added when associated PR is deployed to production and removed Help Wanted Apply this label when an issue is open to proposals by contributors Awaiting Payment Auto-added when associated PR is deployed to production labels Oct 9, 2023
@puneetlath
Copy link
Contributor

@ayazhussain79 sent you an offer.

@ayazhussain79
Copy link
Contributor

@puneetlath offer accepted, Thank you

@puneetlath
Copy link
Contributor

All paid!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 Engineering External Added to denote the issue can be worked on by a contributor Reviewing Has a PR in review
Projects
None yet
Development

No branches or pull requests

9 participants