Expensify
[$250] Secondary login sends two magic codes for validation - causes login/rejection loop
OG issue in E/E
- https://github.com/Expensify/Expensify/issues/445252
Action Performed:
Log into account Add secondary login Enter Magic code for existing account to allow secondary email to be added Send magic code to verify secondary email
Expected Result:
Secondary email is sent a single magic code for verification
Actual Result:
Secondary email is sent a magic code for verification and then immediately sent an additional magic code seconds later.
In practice, this means that by the time the user has entered the first magic code, it has been invalidated with a new magic code. If they don't realise this and they click to verify again, that code invalidates the previous code, and this can keep going.
Workaround:
The user must wait until they get the second email, and then use only that code. But no one realises this. It explains why so many customers report that their code doesn't work when adding secondary login.
Platform:
Expensify Classic - not New Expensify
- Logs: Add secondary login / Secondary verification email / Magic Code email
- Notes/Photos/Videos: Above
- Is this issue reproducible in staging, production or both? Prod
Internal only, do not post to External repos
N/A this came via setting up a customer training session with demo data.
Upwork Automation - Do Not Edit
- Upwork Job URL: https://www.upwork.com/jobs/~021861224421434105287
- Upwork Job ID: 1861224421434105287
- Last Price Increase: 2024-11-26
Issue Owner
Current Issue Owner: @brunovjk
Job added to Upwork: https://www.upwork.com/jobs/~021861224421434105287
![melvin-bot[bot] avatar](https://avatars.githubusercontent.com/in/179547?v=4 "Published by a pub.dev verified publisher"){kind=small}
Current assignee @isabelastisser is eligible for the Bug assigner, not assigning anyone new.
Triggered auto assignment to Contributor-plus team member for initial proposal review - @brunovjk (External)
Edited by proposal-police: This proposal was edited at 2024-11-26 02:33:05 UTC.
Proposal
Please re-state the problem that we are trying to solve in this issue.
Secondary login sends two magic codes for validation - causes login/rejection loop
What is the root cause of that problem?
- In
addNewContactMethodwe are not setting the parametervalidateCodeSent: true,. Due to thishasMagicCodeBeenSentbecomes false and we again callsendValidateCode();. https://github.com/Expensify/App/blob/3f4e93ee40462b42f5fe331fdf9db5c9bbb1a421/src/components/ValidateCodeActionModal/index.tsx#L45-L52
What changes do you think we should make in order to solve the problem?
- We should update the
validateCodeSentvalue insideaddNewContactMethodand also update the pending field if required. We should also update in failure datavalidateCodeSent: null. - I think this also needs backend change because the new email already receives 2 validation code when
AddNewContactMethodis called.
What alternative solutions did you explore? (Optional)
Result
I didn’t find Add secondary login on NewDot. I can reproduce the issue using OldDot on prod, but I’m unsure if I can set up OldDot or hybrid in a dev now. @mallenexpensify, could you confirm if the issue is specifically for OldDot or impacts NewDot as well? Could you provide more details on the expectations here? Thank you :D
@brunovjk is there a way to set up the OldDot in a dev environment? I went through the docs but couldn't find anything on that.
I asked on Slack for help https://expensify.slack.com/archives/C01GTK53T8Q/p1732758681575069
@isabelastisser, @brunovjk Whoops! This issue is 2 days overdue. Let's get this updated quick!
@brunovjk from the OG issue in E/E repo
Expensify Classic - not New Expensify
So.. I'm guessing this has to be Internal and, once a PR is raised, you'd review that PR (assuming it's accessible to you in the repo). Sound right?
@mallenexpensify, @brunovjk this issue is reproducible in dev environment:
https://github.com/user-attachments/assets/069e6e93-8abc-4abb-88c0-d51baf05947d
This is an internal issue, so I'll unassign myself, but if this requires any review or front-end testing, please reassign me. I'd love to help, thanks :)
@isabelastisser this issue was created 2 weeks ago. Are we close to a solution? Let's make sure we're treating this as a top priority. Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!
@isabelastisser Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!
@isabelastisser Eep! 4 days overdue now. Issues have feelings too...
FYI, I will be OOO from Dec 23 to Jan 6, so please reassign the issue to another team member for urgency, IF needed.
@isabelastisser Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!
@isabelastisser Eep! 4 days overdue now. Issues have feelings too...
@isabelastisser 8 days overdue is a lot. Should this be a Weekly issue? If so, feel free to change it!
@isabelastisser 10 days overdue. Is anyone even seeing these? Hello?
Noticed we are also sending consecutive notifications in App. Fixed it too