[HOLD for payment 2023-10-10] [$500] email is not shown in authenticator app

[kavimuru]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Action Performed:

1. Go Settings > Security >Two-factor authentication
2. clear step1 and go to step 2
3. scan QR code in authenticator app

Expected Result:

should show email in bracket(same as old dot) to identify account

Actual Result:

empty bracket shoes [Expensify()] . does not show email in authenticator app

Workaround:

Can the user still use Expensify without this being fixed? Have you informed them of the workaround?

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: 1.3.16.6
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

Expensify/Expensify Issue URL:
Issue reported by: @gadhiyamanan
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1684392781249369

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01f5aa1ce9a00e8423
• Upwork Job ID: 1673302724686958592
• Last Price Increase: 2023-09-22
• Automatic offers:
• 0xmiroslav | Reviewer | 26858432
• hungvu193 | Contributor | 26858435
• gadhiyamanan | Reporter | 26858438

[melvin-bot]

Triggered auto assignment to @arielgreen (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[tienifr]

I cannot reproduce this. It's showing the email as expected (both on staging and the code's newest version)

[hungvu193]

I also couldn't reproduce, worked as expected on latest main.

[gadhiyamanan]

it’s reproducible only one time when user create new account. after logout and again login it’s working fine

[hungvu193]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Email is not shown in authenticator app

What is the root cause of that problem?

With new account, after first login, the primaryLogin somehow is empty which causes this issue.

App/src/pages/settings/Security/TwoFactorAuth/VerifyPage.js

Lines 81 to 83 in 8180113

	function buildAuthenticatorUrl() {
	return `otpauth://totp/Expensify:${props.account.primaryLogin}?secret=${props.account.twoFactorAuthSecretKey}&issuer=Expensify`;
	}

What changes do you think we should make in order to solve the problem?

We can use session login as a backup value for primaryLogin email.

    function buildAuthenticatorUrl() {

        return `otpauth://totp/Expensify:${props.account.primaryLogin || props.session.email}?secret=${props.account.twoFactorAuthSecretKey}&issuer=Expensify`;
    }

What alternative solutions did you explore? (Optional)

This issue can be fixed from backend or we can add a primaryLogin in our successData after login, as a guard.

[arielgreen]

@kavimuru @gadhiyamanan I don't understand the reproduction steps. What does "clear step 1" mean? Applause, were you able to reproduce?

Closing until reproducible steps are added.

[gadhiyamanan]

Please try these steps:

1. create a new account
2. Go to Settings > Security >Two-factor authentication
3. click on copy codes or download option
4. click on the Next Button
5. scan the QR code in the authenticator app

cc: @arielgreen

[gadhiyamanan]

bump @arielgreen ^^

[gadhiyamanan]

Bump @arielgreen ^^

[kbecciv]

Issue is reproducible here https://expensify.slack.com/archives/C049HHMV9SM/p1686745548252899, reopening!

[arielgreen]

reassigning, team change

[melvin-bot]

Triggered auto assignment to @CortneyOfstad (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[CortneyOfstad]

So I'm having a heck of a time getting this to reproduce. Has anyone else had luck reproducing within the last 8 days?

[BeeMargarida]

Yap, I could reproduce today running on the main branch. Only reproducible using a new account, as mentioned by @gadhiyamanan in this comment.

I'm Ana from Callstack, an expert contributor group, and I would like to help close this issue out. I see that there's a proposal already. Is the current blocker related to not being able to replicate the issue?

[melvin-bot]

📣 @gadhiyamanan 🎉 An offer has been automatically sent to your Upwork account for the Reporter role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

[melvin-bot]

Based on my calculations, the pull request did not get merged within 3 working days of assignment. Please, check out my computations here:

• when @hungvu193 got assigned: 2023-09-25 15:15:05 Z
• when the PR got merged: 2023-10-02 04:48:53 UTC
• days elapsed: 4

On to the next one 🚀

[hungvu193]

just a note, I think this PR will be eligible for urgency bonus because it got approved within 3 days (without extra changes).

[0xmiros]

Extra change was requested but reverted after discussion.
So I think it makes sense to apply bonus here.
cc: @roryabraham

[roryabraham]

Yep agreed that's fair in this case

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.76-6 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix: email is not shown in authenticator app #28164

If no regressions arise, payment will be issued on 2023-10-10. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @hungvu193 requires payment offer (Contributor)
• @0xmiroslav requires payment offer (Reviewer)
• @gadhiyamanan requires payment offer (Reporter)

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@0xmiroslav] The PR that introduced the bug has been identified. Link to the PR:
• [@0xmiroslav] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@0xmiroslav] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@0xmiroslav] Determine if we should create a regression test for this bug.
• [@0xmiroslav] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@NicMendonca] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[NicMendonca]

@0xmiroslav bump on BZ checklist ^^

[NicMendonca]

Payment summary:

• Reporter: @gadhiyamanan - $250 (reported prior to price changes)
• Contributor: @hungvu193 - $1500
• Contributor+: @0xmiroslav - $1500

[NicMendonca]

@gadhiyamanan @0xmiroslav can you both please accept the offer in Upwork?

[0xmiros]

• The PR that introduced the bug has been identified. Link to the PR: feat: add 2-factor authentication #18576
• The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: https://github.com/Expensify/App/pull/18576/files#r1353273003
• A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: N/A
• Determine if we should create a regression test for this bug.
• If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.

User could still enable 2fa using authenticator app with this bug existence. Just label issue.
So no need regression test

[0xmiros]

@NicMendonca Is it possible to apply #19366 (comment)?
As this issue is very old before new base price announcement and proposal was submitted and approved based on original price.
The issue was on hold for long time just because of backend work.

[gadhiyamanan]

@NicMendonca offer accepted, thanks!

[NicMendonca]

update, and everyone has been paid!