[$500] Web - Settings - Unable to log out after being redirected to ND from OD by clicking on workspace

[lanitochka17]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Version Number: 1.4.18-4
Reproducible in staging?: Y
Reproducible in production?: Y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: Applause - Internal Team
Slack conversation:

Action Performed:

1. Log out of ND
2. Log into OD with an account that has an existing workspace without a bank account
3. Click on "Continue setup" in the inbox task or Settings> Workspace > User's workspace
4. After being redirected to ND, click on the avatar and sign out

Expected Result:

User is logged out and the home screen is displayed

Actual Result:

The page refreshes and the user is still logged in

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• Windows: Chrome
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Bug6327614_1703779822402.Recording__77.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0152728ca06936b7d2
• Upwork Job ID: 1740527564973801472
• Last Price Increase: 2024-01-19
• Automatic offers:
• abdulrahuman5196 | Reviewer | 28119678
• aswin-s | Contributor | 28119680

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~0152728ca06936b7d2

[melvin-bot]

Triggered auto assignment to @MitchExpensify (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @abdulrahuman5196 (External)

[aswin-s]

Proposal

Please re-state the problem that we are trying to solve in this issue.

User is not getting signed out after being redirected to ND from OD

What is the root cause of that problem?

We are using a transition url with shortLivedAuthToken to redirect from oldDot to newDot. AnexitTo param is used for navigating to target screen after signIn. The transition url route is mapped to loadLogOutPreviousUserPage.

App/src/libs/Navigation/AppNavigator/AuthScreens.tsx

Lines 268 to 272 in 5c5c862

	<RootStack.Screen
	name={SCREENS.TRANSITION_BETWEEN_APPS}
	options={defaultScreenOptions}
	getComponent={loadLogOutPreviousUserPage}
	/>

TheLogOutPreviousUserPage has an effect which handles the exitTo param in transition url. Note that we are directly navigating to exitTo route from transition route.

App/src/pages/LogOutPreviousUserPage.js

Lines 57 to 65 in 5c5c862

	const exitTo = lodashGet(props, 'route.params.exitTo', '');
	// We don't want to navigate to the exitTo route when creating a new workspace from a deep link,
	// because we already handle creating the optimistic policy and navigating to it in App.setUpPoliciesAndNavigate,
	// which is already called when AuthScreens mounts.
	if (exitTo && exitTo !== ROUTES.WORKSPACE_NEW && !props.account.isLoading && !isLoggingInAsNewUser) {
	Navigation.isNavigationReady().then(() => {
	Navigation.navigate(exitTo);
	});
	}

When user closes the Connect Bank Account modal, screen goes back to the transition URL. So if user tries to signout at this point, the page reloads with transition url which will again invoke signInWithShortLived access token which inturn will sign the user back in.

Here is the step by step explanation of how transition url works.

1. User logs into old dot, taps on the "Continue setup" for bank account button
2. Gets redirected to Newdot with a url of the pattern

https://staging.new.expensify.com/transition?accountId=123&email&user%40gmail.com&shortLivedAccessToken=1234&exitTo=bank-account%2Fnew%3FpolicyID%3D72D1

3. Note that the route being used is /transition
4. On NewDot '/transion' route is being handled by LogInWithShortLivedAuthTokenPage & loadLogOutPreviousUserPage components. It logsOut previous user and signins in again using the short lived token in the Url. This is a regular GET url and could pasted any time within the validity of shortAuthToken to signOut current user and login again.
5. After signin there is an effect in loadLogOutPreviousUserPage which basically redirects the user to the exitRoute. In this case it is /bank-account/new. This is a drawer page that opens on top of ReportActionScreen.
6. So navigation route changes from /transition to /bank-account
7. At this point user cancels the action and signs out
8. SignOut action closes the drawer and goes back in history, which takes user back to transition url
9. Page gets reloaded using the transition url which triggers a re-login

If you see above steps it is quite evident that the transition should have been from /transition -> /r/reportId (Home) -> /bank-account. The reason user goes back to transition url is because the home route is not set before navigating directly to a drawer screen. Thats the reason why user needs to navigate to ROUTES.HOME before navigating to an exitRoute. This could further be verified by simply closing the modal and checking the url in address bar.

Screen.Recording.2024-01-11.at.10_out.mp4

What changes do you think we should make in order to solve the problem?

We should reset the transition route before navigating to exitTo route in LogOutPreviousUserPage . This prevents the screen from going back to transition route on closing the modal.

if (exitTo && exitTo !== ROUTES.WORKSPACE_NEW && !props.account.isLoading && !isLoggingInAsNewUser) {
    Navigation.isNavigationReady().then(() => {
      Navigation.goBack(ROUTES.HOME);
      Navigation.navigate(exitTo);
  });
}

Result

fix.mp4

What alternative solutions did you explore? (Optional)

None (edited)

[MitchExpensify]

Expected right now

[aswin-s]

@MitchExpensify As explained in the proposal above this seems to be a bug on client side which re-authenticates the user using the short lived auth token just because we are not clearing the used transition url. This bug will also cause below screen to be shown when user tries to signout when the short lived token has expired. Both of these results are not as per expectation.

Could you please shed some light on why this is the expected behaviour at the moment or point to a discussion where this is discussed in detail?

[MitchExpensify]

I initially misunderstood the issue, I think this fits into Wave 9 because its related to the redirect introduced in that wave

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

@MitchExpensify, @abdulrahuman5196 Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[MitchExpensify]

@abdulrahuman5196 Do you think this looks like it will need to be handled internally?

[abdulrahuman5196]

Reviewing now

[abdulrahuman5196]

@aswin-s I am unable to fully understand your proposal. I assume you are saying we using the same exitTo url during transition and during logout as well, which is causing the user to re-signin.
And in the change mentioned, you are just routing to home before navigating to exitTo which seems to be a workaround IMO.

[aswin-s]

@abdulrahuman5196 Let me elaborate the series of events once again

1. User logs into old dot, taps on the "Continue setup" for bank account button
2. Gets redirected to Newdot with a url of the pattern

https://staging.new.expensify.com/transition?accountId=123&email&user%40gmail.com&shortLivedAccessToken=1234&exitTo=bank-account%2Fnew%3FpolicyID%3D72D1

3. Note that the route being used is /transition
4. On NewDot '/transion' route is being handled by LogInWithShortLivedAuthTokenPage & loadLogOutPreviousUserPage components. It logsOut previous user and signins in again using the short lived token in the Url. This is a regular GET url and could pasted any time within the validity of shortAuthToken to signOut current user and login again.
5. After signin there is an effect in loadLogOutPreviousUserPage which basically redirects the user to the exitRoute. In this case it is /bank-account/new. This is a drawer page that opens on top of ReportActionScreen.
6. So navigation route changes from /transition to /bank-account
7. At this point user cancels the action and signs out
8. SignOut action closes the drawer and goes back in history, which takes user back to transition url
9. Page gets reloaded using the transition url which triggers a re-login

If you see above steps it is quite evident that the transition should have been from /transition -> /r/reportId (Home) -> /bank-account. The reason user goes back to transition url is because the home route is not set before navigating directly to a drawer screen. Thats the reason why user needs to navigate to ROUTES.HOME before navigating to an exitRoute. This could further be verified by simply closing the modal and checking the url in address bar.

Screen.Recording.2024-01-11.at.10_out.mp4

Let me know if you have any further questions.

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

@MitchExpensify @abdulrahuman5196 this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!

[MitchExpensify]

Next step here is for @abdulrahuman5196 to review @aswin-s 's resopnse

[abdulrahuman5196]

Will be reviewing todAY

[aswin-s]

@abdulrahuman5196 Any feedback on above comment?

[abdulrahuman5196]

Reviewing now

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

@MitchExpensify @abdulrahuman5196 this issue is now 3 weeks old. There is one more week left before this issue breaks WAQ and will need to go internal. What needs to happen to get a PR in review this week? Please create a thread in #expensify-open-source to discuss. Thanks!

[abdulrahuman5196]

REviewing now. thanks for the detailed explanation.

[abdulrahuman5196]

The proposal here #33731 (comment) and extended explanation here #33731 (comment) seems reasonable. But still wondering about routing to home and then routing to bank page.

@MitchExpensify Could you kindly involve internal engineer worked on Authentication and Session to double confirm, If the the thought process of the proposal is fine or is the transition url expected to behave someway different in this case requiring a different fix?

[MitchExpensify]

Could you kindly involve internal engineer worked on Authentication and Session to double confirm, If the the thought process of the proposal is fine or is the transition url expected to behave someway different in this case requiring a different fix?

This seems like a good question for @marcaaron or @cead22

[cead22]

The proposal looks good to me, and it's the only one we have for now that makes this work the way it should.

I understand navigating to home feels like a workaround, and if we have a way to set the home route or to remove the transition page from the navigation stack without navigating to home, those could be good fixes too. If we don't have a way to do either or no other way to accomplish this, then navigating to home is better than the bug, so I think we can go with the proposal and add a comment above Navigation.goBack(ROUTES.HOME); to explain why we're doing that

[abdulrahuman5196]

Thank you for the confirmation @cead22 .

@aswin-s 's proposal here #33731 (comment) looks good and works well. @aswin-s Kindly update your proposal as well on the new discussions. Would be helpful for future reference.

🎀 👀 🎀
C+ Reviewed

[melvin-bot]

Triggered auto assignment to @MariaHCD, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[aswin-s]

@abdulrahuman5196 Updated my proposal with additional details

[melvin-bot]

📣 @abdulrahuman5196 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

[melvin-bot]

📣 @aswin-s 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[aswin-s]

@MariaHCD @abdulrahuman5196 I'm unable to reproduce this issue anymore. Looks like it got fixed over here.

[MitchExpensify]

Oh nice catch, I'll defer to @MariaHCD or @abdulrahuman5196 to confirm before closing or not

[abdulrahuman5196]

Yes. I don't see this issue anymore.

[MariaHCD]

Nice, since this is no longer reproducible, I'd agree with closing this out.