[$250] Secondary login sends two magic codes for validation - causes login/rejection loop

[mallenexpensify]

OG issue in E/E

• https://github.com/Expensify/Expensify/issues/445252

Action Performed:

Log into account
Add secondary login
Enter Magic code for existing account to allow secondary email to be added
Send magic code to verify secondary email

Expected Result:

Secondary email is sent a single magic code for verification

Actual Result:

Secondary email is sent a magic code for verification and then immediately sent an additional magic code seconds later.

In practice, this means that by the time the user has entered the first magic code, it has been invalidated with a new magic code. If they don't realise this and they click to verify again, that code invalidates the previous code, and this can keep going.

Workaround:

The user must wait until they get the second email, and then use only that code. But no one realises this. It explains why so many customers report that their code doesn't work when adding secondary login.

Platform:

Expensify Classic - not New Expensify

• Logs: Add secondary login / Secondary verification email / Magic Code email
• Notes/Photos/Videos: Above
• Is this issue reproducible in staging, production or both? Prod

Internal only, do not post to External repos

N/A this came via setting up a customer training session with demo data.

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~021861224421434105287
• Upwork Job ID: 1861224421434105287
• Last Price Increase: 2024-11-26

Issue Owner

Current Issue Owner: @brunovjk

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~021861224421434105287

[melvin-bot]

Current assignee @isabelastisser is eligible for the Bug assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @brunovjk (External)

[Krishna2323]

Edited by proposal-police: This proposal was edited at 2024-11-26 02:33:05 UTC.

Proposal


Please re-state the problem that we are trying to solve in this issue.

Secondary login sends two magic codes for validation - causes login/rejection loop

What is the root cause of that problem?

• In addNewContactMethod we are not setting the parameter validateCodeSent: true,. Due to this hasMagicCodeBeenSent becomes false and we again call sendValidateCode();.
  

  App/src/components/ValidateCodeActionModal/index.tsx

  Lines 45 to 52 in 3f4e93e

  	useEffect(() => {
  	if (!firstRenderRef.current || !isVisible || hasMagicCodeBeenSent) {
  	return;
  	}
  	firstRenderRef.current = false;
  	sendValidateCode();
  	}, [isVisible, sendValidateCode, hasMagicCodeBeenSent]);

What changes do you think we should make in order to solve the problem?


• We should update the validateCodeSent value inside addNewContactMethod and also update the pending field if required. We should also update in failure data validateCodeSent: null.
• I think this also needs backend change because the new email already receives 2 validation code when AddNewContactMethod is called.

What alternative solutions did you explore? (Optional)

Result

[brunovjk]

I didn’t find Add secondary login on NewDot. I can reproduce the issue using OldDot on prod, but I’m unsure if I can set up OldDot or hybrid in a dev now. @mallenexpensify, could you confirm if the issue is specifically for OldDot or impacts NewDot as well? Could you provide more details on the expectations here? Thank you :D

[RachCHopkins]

This is on OldDot / Expensify Classic.

[myspace20]

@brunovjk is there a way to set up the OldDot in a dev environment? I went through the docs but couldn't find anything on that.

[brunovjk]

I asked on Slack for help https://expensify.slack.com/archives/C01GTK53T8Q/p1732758681575069

[melvin-bot]

@isabelastisser, @brunovjk Whoops! This issue is 2 days overdue. Let's get this updated quick!

[brunovjk]

Not overdue, waiting for response on the comment.

cc: @mallenexpensify

[mallenexpensify]

@brunovjk from the OG issue in E/E repo

Expensify Classic - not New Expensify

So.. I'm guessing this has to be Internal and, once a PR is raised, you'd review that PR (assuming it's accessible to you in the repo). Sound right?

[ugogiordano]

@mallenexpensify, @brunovjk this issue is reproducible in dev environment:

Screen.Recording.2024-11-30.at.00.54.19.00.17.49.mp4

[brunovjk]

This is an internal issue, so I'll unassign myself, but if this requires any review or front-end testing, please reassign me. I'd love to help, thanks :)

[isabelastisser]

Waiting for internal engineering assignment.

[melvin-bot]

@isabelastisser Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[melvin-bot]

@isabelastisser Eep! 4 days overdue now. Issues have feelings too...

[isabelastisser]

Waiting for internal engineering assignment.

[isabelastisser]

FYI, I will be OOO from Dec 23 to Jan 6, so please reassign the issue to another team member for urgency, IF needed.

[mvtglobally]

Issue not reproducible during KI retests. (First week)

[melvin-bot]

@isabelastisser Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[melvin-bot]

@isabelastisser Eep! 4 days overdue now. Issues have feelings too...

[melvin-bot]

@isabelastisser 8 days overdue is a lot. Should this be a Weekly issue? If so, feel free to change it!

[melvin-bot]

@isabelastisser 10 days overdue. Is anyone even seeing these? Hello?

[melvin-bot]

@isabelastisser 12 days overdue. Walking. Toward. The. Light...

[MonilBhavsar]

I'll take a look

[MonilBhavsar]

Sent PR for review

[MonilBhavsar]

Noticed we are also sending consecutive notifications in App. Fixed it too

[MonilBhavsar]

Not much, but I think we'll save little on our email bills 😅

[melvin-bot]

@isabelastisser, @MonilBhavsar Eep! 4 days overdue now. Issues have feelings too...

[melvin-bot]

@isabelastisser, @MonilBhavsar Still overdue 6 days?! Let's take care of this!

[isabelastisser]

Hey @MonilBhavsar, can you please provide an update? Would you like to reassign this?

[MonilBhavsar]

Oops, this was fixed two weeks back. Closing it