[HOLD for payment 2023-04-03] Never ending loading spinner when tapping on expired magic link

[cristipaval]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Action Performed:

1. The user initiates sign in on the browser
2. The user taps on the magic code link from his inbox
3. A new tab is opened to automatically authenticate the user on the browser
4. The authentication fails for some reason (eg. magic link is expired)

Expected Result:

The user should be guided to get a new magic code

Actual Result:

The tab which should authenticate the user shows a never ending loading spinner.

Workaround:

n/a

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0148189905902b2347
• Upwork Job ID: 1628128325668773888
• Last Price Increase: 2023-02-21

[MelvinBot]

Triggered auto assignment to @kevinksullivan (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~0148189905902b2347

[MelvinBot]

Triggered auto assignment to @shawnborton (Design), see these Stack Overflow questions for more details.

[MelvinBot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[MelvinBot]

Triggered auto assignment to Contributor Plus for review of internal employee PR - @Santhosh-Sellavel (Internal)

[cristipaval]

@shawnborton I added Design label because we need a design for this use case.

[shawnborton]

Can you provide a screenshot or screencast of what the current behavior looks like?

[shawnborton]

I also wonder if we want to put the user back into the sign in screen when this happens? Something like this?

[cristipaval]

Can you provide a screenshot or screencast of what the current behavior looks like?

@shawnborton, Please have a look at the screen recording below were I am switching between tabs.

Screen.Recording.2023-02-23.at.12.49.06.mov

[shawnborton]

Got it, thanks for sharing that! What do you think about my idea above?

[cristipaval]

Hmm.. So if I understand it correctly, it would be as following:

1. The user opens a tab in his browser.
2. Taps on an expired link
3. We redirect the newly opened tab to the sign in form indicating the error
4. The user taps on Didn't receive a magic code?
5. Taps on the newly received link
6. The user now is successfully authenticated in the browser, which means that he has 1 tab with the abracadabra message, and 2 tabs with the App authenticated: 1 tab where the entire process started, and another one where we redirected him with the expired link.

Are we fine with the above?

[shawnborton]

Hmm maybe I am not following what you are asking then, I didn't realize this was about managing multiple tabs. I thought this was for when a user clicked on a single expired code from their Inbox or something.

Before diving into design details too much, can you maybe restate the problem and share your recommendation for how to solve it?

[cristipaval]

Oh, sorry, I added better Action Performed.

share your recommendation for how to solve it

My first idea is to adapt the below modal to a failure state and instruct the user to go back to the original device and resend the code. Under the hood, we can also check if the user initiated the sign in on the same browser and also add in the screen a link to resend the magic code.

[shawnborton]

Got it. So perhaps something like this then?

But I would take that screenshot plus this general idea to the passwordless room for more feedback. Thoughts?

[shawnborton]

Also, one thing I noticed from your screenshot above is that the logo might be getting cut off - can you look into that?

[cristipaval]

Also, one thing I noticed from your screenshot above is that the logo might be getting cut off - can you look into that?

hahah, designer's eye 👀
Yes it looks like it is cut. I'll check it in the code.
Thank you!

[cristipaval]

On it today.

[MelvinBot]

@shawnborton, @cristipaval, @kevinksullivan, @Santhosh-Sellavel Whoops! This issue is 2 days overdue. Let's get this updated quick!

[kevinksullivan]

PR is WIP

[cristipaval]

@shawnborton As we discussed here, we need a modal for when the magic link succeeds, but the user isn't fully signed in because 2fa is enabled on his account. In this case, Abracadabra page doesn't make sense.

Also, if you add a new ilustration, please upload the zip file for it here. You know it doesn't work if I export them from Figma.

[shawnborton]

How about this?

Here is the illustration: empty-state__safe.svg.zip

[MelvinBot]

@shawnborton, @cristipaval, @kevinksullivan, @Santhosh-Sellavel Whoops! This issue is 2 days overdue. Let's get this updated quick!

[Santhosh-Sellavel]

PR merged

[MelvinBot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[MelvinBot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.2.89-0 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Error modal when signin from expired magic link #15505

If no regressions arise, payment will be issued on 2023-04-03. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[MelvinBot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@Santhosh-Sellavel / @cristipaval] The PR that introduced the bug has been identified. Link to the PR:
• [@Santhosh-Sellavel / @cristipaval] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@Santhosh-Sellavel / @cristipaval] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@kevinksullivan] Determine if we should create a regression test for this bug.
• [@Santhosh-Sellavel] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@kevinksullivan] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[NikkiWines]

@cristipaval @Santhosh-Sellavel @kevinksullivan just bumping this issue - anything further that we need to do here to get this closed out?

[cristipaval]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@Santhosh-Sellavel / @cristipaval] The PR that introduced the bug has been identified. Link to the PR:
• [@Santhosh-Sellavel / @cristipaval] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@Santhosh-Sellavel / @cristipaval] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:

This is a follow-up issue for automatic authentication with a magic link. We implemented the happy scenario initially and this issue was for the corner cases.

[cristipaval]

@cristipaval @Santhosh-Sellavel @kevinksullivan just bumping this issue - anything further that we need to do here to get this closed out?

I think the payment is the only thing left.

[MelvinBot]

⚠️ Looks like this issue was linked to a Deploy Blocker here

If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.

If a regression has occurred and you are the assigned CM follow the instructions here.

If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.

[kevinksullivan]

Regardless of this ^, we would've paid this out. The job closed so I just sent you a new offer @Santhosh-Sellavel . Let me know when you've accepted.

[Santhosh-Sellavel]

Thanks accepted @kevinksullivan !

[shawnborton]

Not overdue

[kevinksullivan]

Paid @Santhosh-Sellavel