[HOLD for payment 2024-02-14] [$500] mWeb - Magic link - "Sign in here" leads to Abracadabra page.

[lanitochka17]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.4.36
Reproducible in staging?: Y
Reproducible in production?: N
If this was caught during regression testing, add the test name, ID and link from TestRail: https://expensify.testrail.io/index.php?/tests/view/4279569
Email or phone of affected tester (no customers): vdargentotest+mweb020224@gmail.com
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: Applause - Internal Team
Slack conversation:

Action Performed:

1. Go to https://staging.new.expensify.com/
2. On login page, enter an email you have access to
3. Go to email inbox and copy the magic link
4. Change the link to staging and go to it on an incognito window
5. Tap on "just sign here"

Expected Result:

The user should be logged in and the LHN should be displayed

Actual Result:

The user should be logged in and the LHN should be displayed

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Bug6366539_1707025723935.RPReplay_Final1706914322.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01ce9d90ffdb97284c
• Upwork Job ID: 1754498791034695680
• Last Price Increase: 2024-02-05
• Automatic offers:
• Ollyws | Reviewer | 28143590
• aswin-s | Contributor | 28143592

[github-actions]

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open `StagingDeployCash` deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.

[melvin-bot]

Triggered auto assignment to @yuwenmemon (Engineering), see https://stackoverflowteams.com/c/expensify/questions/9980/ for more details.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~01ce9d90ffdb97284c

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @Ollyws (External)

[melvin-bot]

Triggered auto assignment to @zanyrenney (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[mountiny]

Still open for proposals, the other deploy blocker affects native platforms only

[jcdiprose]

Hi I'm taking a look at this. An incognito browser window is a different session to the non incognito one so logging in from incognito shouldn't work by design. That being said what is meant by LHN as described in the Expected Result?

[Ollyws]

@jcdiprose

LHN stands for Left Hand Navigation (Primary navigation modal in Expensify Chat, docked on the left-hand side)

You can find a list of commonly used acronyms here.

[jcdiprose]

Proposal

credentials.login is undefined in component ValidateLoginPage when opening the link in incognito.

To support opening the links in incognito we would need to.

• add a URL parameter to the magic link containing the users email address
• Update Onyx CREDENTIALS login property with the email address
• Check title "Head back to your original tab to continue." to "Head back to your original tab to continue. Or click here" which when clicked would direct to the home page with valid logged in credentials this time

[Ollyws]

@jcdiprose Thanks for the update. Please have a read of how to construct a proposal in the contributing guide

[jcdiprose]

@Ollyws my mistake thanks for letting me know

Please re-state the problem that we are trying to solve in this issue.

• Opening magic link from incognito window doesn't complete login session

What is the root cause of that problem?

• Opening the magic link from incognito means there is no active session within Onyx

What changes do you think we should make in order to solve the problem?

• add email address as a URL parameter on the magic link
• on page mount update Onyx state with the email address
• provide the user a link "or click here" that will reload the page taking them to LHN.

What alternative solutions did you explore? (Optional)

• None

[yuwenmemon]

@jcdiprose If you look on production you'll see that clicking the URL from the magic link signs the user in on the incognito mode window. How is this related to an active session?

[jcdiprose]

@yuwenmemon
Interesting. I thought it was handled differently. I will take a look at prod soon

[jcdiprose]

@yuwenmemon If I understand the reproduction steps correctly it sounds like the start of the process is done from one browser window then the magic link is being opened in a different incognito browser window

[yuwenmemon]

@jcdiprose Yes, that's correct. In that case, when you click that "just sign in here" link it should take you right into your account.

[aswin-s]

Proposal

Please re-state the problem that we are trying to solve in this issue.

App gets redirected to Abracadabra screen when "Sign in here" is clicked

What is the root cause of that problem?

This is some what related to #35745

In ValidateLogin page a useEffect is used to redirect user once the code is validated. Looks like we are not waiting for Navigation.ready before calling Navigation.navigate. Also Navigation.navigate() without any parameters doesn't seem to work after navigation refactor.

App/src/pages/ValidateLoginPage/index.website.tsx

Lines 27 to 31 in 5133c29

	useEffect(() => {
	if (!login && isSignedIn && (autoAuthState === CONST.AUTO_AUTH_STATE.SIGNING_IN || autoAuthState === CONST.AUTO_AUTH_STATE.JUST_SIGNED_IN)) {
	// The user clicked the option to sign in the current tab
	Navigation.navigate();
	return;

What changes do you think we should make in order to solve the problem?

In ValidationLoginPage/index.website.tsx modify below line

App/src/pages/ValidateLoginPage/index.website.tsx

Line 30 in 5133c29

Navigation.navigate();

Navigation.isNavigationReady().then(() => {
  Navigation.goBack();
});

This seems to fix the issue.

Screen.Recording.2024-02-06.at.12_out.mp4

What alternative solutions did you explore? (Optional)

None

[aswin-s]

Draft PR is ready #35850

[yuwenmemon]

Thanks @aswin-s can you fill out the checklist ASAP please?

[ishpaul777]

I can help with the c+ checklist if @Ollyws is not around

nvm, its handled internally

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.37-7 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• fix: sign-in here navigating to abracadabra page #35850

If no regressions arise, payment will be issued on 2024-02-14. 🎊

For reference, here are some details about the assignees on this issue:

• @aswin-s requires payment automatic offer (Contributor)
• @Ollyws requires payment automatic offer (Reviewer)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@Ollyws] The PR that introduced the bug has been identified. Link to the PR:
• [@Ollyws] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@Ollyws] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@Ollyws] Determine if we should create a regression test for this bug.
• [@Ollyws] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@zanyrenney] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[zanyrenney]

@Ollyws @aswin-s you have not accepted the offers, please accept for payout,

[aswin-s]

@zanyrenney Accepted the offer

[Ollyws]

I didn't review this one, no payment required for me.

[zanyrenney]

Payment summary

@aswin-s requires payment automatic offer (Contributor) - PAID $500
@Ollyws requires payment automatic offer (Reviewer) - no review, no payment due.