[HOLD] Display banner to enable 2FA when setting up VBBA

[MonilBhavsar]

Details

• Display 2FA prompt when adding bank account during verification and validation steps.
• Redirects user to olddot, once 2FA setup is completed, redirects them back to newdot.

Fixed Issues

$ https://github.com/Expensify/Expensify/issues/238668 PROPOSAL: N/A

Tests

Let user have 2FA disabled Tests with https://github.com/Expensify/Web-Expensify/pull/35394.

1. Checkout that branch
2. Run app
3. Change the URL to http://localhost:8080/bank-account
4. Go till Validation step and confirm the 2FA prompt
5. Click on secure account and confirm it redirects to olddot, enables 2FA.
6. Finish the setup and confirm it redirects back to newdot and this time it has no prompt
7. Go to olddot and disable 2FA
8. I manually changed account state, to go through validation state and confirmed the 2FA prompt there

• [x] Verify that no errors appear in the JS console

QA Steps

Prerequisite: User should have 2FA disabled in olddot > Settings > Accounts

1. Start the process of setting up bank account in VERIFYING state
2. Go till Verifying state and confirm the 2FA prompt as in screenshot
3. Click on "Secure Account" and confirm you're redirected to olddot and 2FA modal is open.
4. Finish the 2FA setup. Upon clicking Finish, confirm you're redirected back to newdot
5. Confirm this time there is not any 2FA prompt.

Now,

6. Disable 2FA from olddot
7. Go to bank account setup again. Can go to URL staging.new.expensify.com/bank-account/
8. Wait till Bank account is verified and you go to validation step and see the inputs to enter 3 amounts
9. Confirm 2FA prompt as in screenshot
10. Click on "Secure Account" and confirm you're redirected to olddot and 2FA modal is open.
11. Finish the 2FA setup. Upon clicking Finish, confirm you're redirected back to newdot
12. Confirm this time there is not any 2FA prompt.

• [ ] Verify that no errors appear in the JS console

PR Author Checklist

• [x] I linked the correct issue in the ### Fixed Issues section above
• [x] I wrote clear testing steps that cover the changes made in this PR
  • [x] I added steps for local testing in the Tests section
  • [x] I added steps for Staging and/or Production testing in the QA steps section
  • [x] I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • [x] I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• [x] I included screenshots or videos for tests on all platforms
• [x] I ran the tests on all platforms & verified they passed on:
  • [x] iOS / native
  • [x] Android / native
  • [x] iOS / Safari
  • [x] Android / Chrome
  • [x] MacOS / Chrome
  • [x] MacOS / Desktop
• [x] I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• [x] I followed proper code patterns (see Reviewing the code)
  • [x] I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • [x] I verified that comments were added to code that is not self explanatory
  • [x] I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • [x] I verified any copy / text shown in the product was added in all src/languages/* files
  • [x] I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • [x] I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • [x] I verified the JSDocs style guidelines (in STYLE.md) were followed
• [x] If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• [x] I followed the guidelines as stated in the Review Guidelines
• [x] I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• [x] I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• [x] I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• [x] If a new component is created I verified that:
  • [x] A similar component doesn't exist in the codebase
  • [x] All props are defined accurately and each prop has a /** comment above it */
  • [x] The file is named correctly
  • [x] The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • [x] The only data being stored in the state is data necessary for rendering and nothing else
  • [x] For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • [x] Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • [x] All JSX used for rendering exists in the render method
  • [x] The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• [x] If a new CSS style is added I verified that:
  • [x] A similar style doesn't already exist
  • [x] The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• [x] If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• [x] If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• [x] I have checked off every checkbox in the PR author checklist, including those that don't apply to this PR.

PR Reviewer Checklist

The reviewer will copy/paste it into a new comment and complete it after the author checklist is completed

• [ ] I have verified the author checklist is complete (all boxes are checked off).
• [ ] I verified the correct issue is linked in the ### Fixed Issues section above
• [ ] I verified testing steps are clear and they cover the changes made in this PR
  • [ ] I verified the steps for local testing are in the Tests section
  • [ ] I verified the steps for Staging and/or Production testing are in the QA steps section
  • [ ] I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • [ ] I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• [ ] I checked that screenshots or videos are included for tests on all platforms
• [ ] I included screenshots or videos for tests on all platforms
• [ ] I verified tests pass on all platforms & I tested again on:
  • [ ] iOS / native
  • [ ] Android / native
  • [ ] iOS / Safari
  • [ ] Android / Chrome
  • [ ] MacOS / Chrome
  • [ ] MacOS / Desktop
• [ ] If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• [ ] I verified proper code patterns were followed (see Reviewing the code)
  • [ ] I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • [ ] I verified that comments were added to code that is not self explanatory
  • [ ] I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • [ ] I verified any copy / text shown in the product was added in all src/languages/* files
  • [ ] I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • [ ] I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • [ ] I verified the JSDocs style guidelines (in STYLE.md) were followed
• [ ] If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• [ ] I verified that this PR follows the guidelines as stated in the Review Guidelines
• [ ] I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• [ ] I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• [ ] I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• [ ] If a new component is created I verified that:
  • [ ] A similar component doesn't exist in the codebase
  • [ ] All props are defined accurately and each prop has a /** comment above it */
  • [ ] The file is named correctly
  • [ ] The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • [ ] The only data being stored in the state is data necessary for rendering and nothing else
  • [ ] For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • [ ] Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • [ ] All JSX used for rendering exists in the render method
  • [ ] The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• [ ] If a new CSS style is added I verified that:
  • [ ] A similar style doesn't already exist
  • [ ] The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• [ ] If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• [ ] If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• [ ] I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots

Web

iOS mWeb - Safari

Android mWeb - Chrome

Desktop

iOS

Android

[MonilBhavsar]

Please hold reviewing for now. Was supposed to be draft. Need to update some things

[MonilBhavsar]

This is ready for review now 👍

[rushatgabhane]

@MonilBhavsar looks like we have some lint errors

[MonilBhavsar]

@rushatgabhane fixed

[rushatgabhane]

struggling with test steps as getting to validation step is internal only (dummy data doesn't work)

trying to figure out a workaround

[rushatgabhane]

Go till Validation step and confirm the 2FA prompt Click on secure account and confirm it redirects to olddot, enables 2FA

@MonilBhavsar sorry but I don't think this flow can be tested externally.

@pecanoro all yours!

[MonilBhavsar]

@rushatgabhane are you getting to validation and verification step now? You'll be able to test redirection on staging after deployment (few hours)

[rushatgabhane]

@MonilBhavsar not quite. I tried uploading a dummy passport

I can't proceed after -

[MonilBhavsar]

Ah I see, doesn't the test bank account skip onfido flow?

[MonilBhavsar]

Also this is off HOLD

[rushatgabhane]

test bank account skip onfido flow

Ahhh, I don't have any details about the test bank account. Maybe you could help me with that?

[MonilBhavsar]

I asked but as per the discussion, @pecanoro you'll need to test it

[pecanoro]

Sorry for the delay, I will test this tomorrow, can you in the meantime solve the conflicts, please?

[MonilBhavsar]

@shawnborton I see icons have changed at most of the places. Should we use new icon or use the old one only.

[pecanoro]

@MonilBhavsar Can you run the last commit? It's giving a lot of trouble when running the app

[MonilBhavsar]

Updated main, but holding on if we want to use a new icon for dark theme

[pecanoro]

@rushatgabhane Can you complete the PR reviewer list for the things you can test and review? I will add the screenshots and such from testing.

[rushatgabhane]

Reviewer Checklist

• [x] I have verified the author checklist is complete (all boxes are checked off).
• [x] I verified the correct issue is linked in the ### Fixed Issues section above
• [x] I verified testing steps are clear and they cover the changes made in this PR
  • [x] I verified the steps for local testing are in the Tests section
  • [x] I verified the steps for Staging and/or Production testing are in the QA steps section
  • [x] I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • [x] I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• [x] I checked that screenshots or videos are included for tests on all platforms
• [x] I included screenshots or videos for tests on all platforms
• [x] I verified tests pass on all platforms & I tested again on:
  • [x] iOS / native
  • [x] Android / native
  • [x] iOS / Safari
  • [x] Android / Chrome
  • [x] MacOS / Chrome
  • [x] MacOS / Desktop
• [x] If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• [x] I verified proper code patterns were followed (see Reviewing the code)
  • [x] I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • [x] I verified that comments were added to code that is not self explanatory
  • [x] I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • [x] I verified any copy / text shown in the product was added in all src/languages/* files
  • [x] I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • [x] I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • [x] I verified the JSDocs style guidelines (in STYLE.md) were followed
• [x] If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• [x] I verified that this PR follows the guidelines as stated in the Review Guidelines
• [x] I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• [x] I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• [x] I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• [x] If a new component is created I verified that:
  • [x] A similar component doesn't exist in the codebase
  • [x] All props are defined accurately and each prop has a /** comment above it */
  • [x] The file is named correctly
  • [x] The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • [x] The only data being stored in the state is data necessary for rendering and nothing else
  • [x] For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • [x] Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • [x] All JSX used for rendering exists in the render method
  • [x] The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• [x] If a new CSS style is added I verified that:
  • [x] A similar style doesn't already exist
  • [x] The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• [x] If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• [x] If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• [x] I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Web

Mobile Web - Chrome

Mobile Web - Safari

Desktop

iOS

Android

[shawnborton]

@MonilBhavsar yes, let's use a new icon here. Here ya go: simple-illustration__shield.svg.zip

You can add it to this folder: https://github.com/Expensify/App/tree/main/assets/images/simple-illustrations

[pecanoro]

Something seems broken with adding a new bank account, I can't pass the company steps because I get this error. The routing and account number are not being passed to the API and it's blocking the verification flow. @MonilBhavsar Can you check if it's just me?

[pecanoro]

Ok, I will try retest everything again now that we solved the deploy blocker.

[pecanoro]

You also need to merge with main so you can retest the PR after all the changes.

[pecanoro]

Ok, I completed the checklist, it works pretty well. Please address the comment, update the screenshots after merging with main and I will merge it tomorrow!!

[pecanoro]

@MonilBhavsar Something that is not fully working for me but it might just my emulator is opening the link from mobile safari to set up 2FA on oldDot, it's not redirecting. Can you check?

[MonilBhavsar]

You'll need to go to Settings > Safari > and disable "block pop-ups"

[MonilBhavsar]

Addressed reviews and merged main

[MonilBhavsar]

Updated screenshots with dark theme cc @shawnborton

[shawnborton]

Looks good!

[pecanoro]

@rushatgabhane Ready for your final review and I will merge after!!

[OSBotify]

:hand: This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.