Refactor ChangePassword

[madmax330]

Details

Fixed Issues

$ https://github.com/Expensify/Expensify/issues/211242

Tests

• Verify that no errors appear in the JS console

PR Review Checklist

Contributor (PR Author) Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • iOS / native
  • Android / native
  • iOS / Safari
  • Android / Chrome
  • MacOS / Chrome
  • MacOS / Desktop
• I verified there are no console errors (if there’s a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained “why” the code was doing something instead of only explaining “what” the code was doing.
  • I verified any copy / text shown in the product was added in all src/languages/* files
  • I verified any copy / text that was added to the app is correct English and approved by marketing by tagging the marketing team on the original GH to get the correct copy.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named “index.js”. All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • Any functional components have the displayName property
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose and it is
• If a new CSS style is added I verified that:
  • A similar style doesn’t already exist
  • The style can’t be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.

PR Reviewer Checklist

• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I verified tests pass on all platforms & I tested again on:
  • iOS / native
  • Android / native
  • iOS / Safari
  • Android / Chrome
  • MacOS / Chrome
  • MacOS / Desktop
• I verified there are no console errors (if there’s a console error not related to the PR, report it or open an issue for it to be fixed)
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained “why” the code was doing something instead of only explaining “what” the code was doing.
  • I verified any copy / text shown in the product was added in all src/languages/* files
  • I verified any copy / text that was added to the app is correct English and approved by marketing by tagging the marketing team on the original GH to get the correct copy.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named “index.js”. All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • Any functional components have the displayName property
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose and it is broken down into smaller components in order to separate concerns and functions
• If a new CSS style is added I verified that:
  • A similar style doesn’t already exist
  • The style can’t be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.

QA Steps

• Log into an account on NewDot
• Go to Profile > Security > Change Password
• Enter a wrong password and a new password
• Make sure you see the error displayed and that the api response contains the onyxData

{"onyxData":[{"onyxMethod":"merge","key":"account","value":{"error":"Your password changes could not be saved because the old password entered is incorrect."}}],"jsonCode":200,"requestID":"mV4I24"}

• Enter the correct password and a new password and everything should work.

• Verify that no errors appear in the JS console

Screenshots

Web

Mobile Web

Desktop

iOS

Android

[techievivek]

Looks good so far. Is there anything else remaining to be updated with this other than updating the PR checklist and adding tests and videos/screenshots?

[madmax330]

PR is ready for review, should be reviewed and tested alongside: https://github.com/Expensify/Web-Expensify/pull/33885

pulling in @iwiznia since you said you had time for refactor reviews 😄

[mountiny]

Came over out of curiosity, LGTM. It would great to leave a video of the testing steps succeeding with the Web-E branch.

[techievivek]

Changes seem to work fine. Can we add a video testing this new refactor?

Also While testing this, I observed something interesting(not sure if it is a bug) but once I changed the password (and got a confirmation) I clicked on the back arrow and tried changing the password again and it shows Session expired error and this is nowhere visible on the UI just in the response data and spinner is in running state. But I didn't have to log in again I refreshed the page and everything worked fine.

[madmax330]

Refactored to use the new command. Here is the video:

Screen.Recording.2022-06-08.at.11.43.06.AM.mov

Also While testing this, I observed something interesting(not sure if it is a bug) but once I changed the password (and got a confirmation) I clicked on the back arrow and tried changing the password again and it shows Session expired error and this is nowhere visible on the UI just in the response data and spinner is in running state. But I didn't have to log in again I refreshed the page and everything worked fine.

Hmmm, that's interesting, although I don't think it's related to this PR.

[mountiny]

Also While testing this, I observed something interesting(not sure if it is a bug) but once I changed the password (and got a confirmation) I clicked on the back arrow and tried changing the password again and it shows Session expired error and this is nowhere visible on the UI just in the response data and spinner is in running state. But I didn't have to log in again I refreshed the page and everything worked fine.

@techievivek would you be able to see if the same reproduction steps do this on the main too or it does not happen on main branch? To be sure it is related to this PR

[techievivek]

@madmax330 @vitHoracek I tested this on main, and the problem doesn't seem to appear, but when I tried on this PR along with Web-E PR, it seemed to happen. Not sure why that is happening.

video-9358611-01ca603449236312953df336d8a9c4e3.mp4

[techievivek]

While testing NewDot observed something which I think this PR is missing. Once when we are done with changing the password when we try changing the password again it does give us Session expired error but then it makes a subsequent call to Authenticate command and then recalls the ChangePassword command which is not the same for this PR as it keeps calling ChangePassword which returns Session expired error.(All this is done on main branch)

[madmax330]

Hmm the only explanation I can think of is b/c we're using API.write() instead of the deprecated API.

[madmax330]

Either way, I'm waiting on the web PR to be complete then I'll test this again and try to figure it out.

[madmax330]

Ok so testing this, I think I found an interesting bug that might affect a few commands on the refactor.

Here is the video:

Screen.Recording.2022-06-16.at.6.03.44.PM.mov

Basically when I try to change the password after having changed it successfully, I get stuck in an infinite loop making requests to the API.

I think this is because the command uses API.write() which then hits this part of Reauthentication.js here but since it doesn't have the shouldRetry, it returns there instead of continuing and reauthenticating the user.

Since it's in the sequentialQueue, it's not removed and is tried again and again.

cc @marcaaron am I missing something? Did we already discuss how we should handle this?

[marcaaron]

One idea is to just force all requests in the write queue to have a shouldRetry true if they are called via API.write()

App/src/libs/Network/index.js

Lines 38 to 39 in 07fabcf

	shouldRetry: lodashGet(data, 'shouldRetry', true),
	canCancel: lodashGet(data, 'canCancel', true),

Looks like these params are no longer included, but the reauthentication middleware still looks at them.

[madmax330]

Alright, updated and retested, everything should be fine now

[marcaaron]

When testing I am seeing multiple API calls and calls to UpdatePassword and a call to Authenticate (even though the authToken is up to date). I might need to update Auth or something though or maybe it is expected that a successful call to UpdatePassword returns this response? Unsure...

[marcaaron]

Same as @techievivek

2022-06-20_09-54-16.mp4

[madmax330]

Yeah @marcaaron what you posted is the expected behavior.
The first call to UpdatePassword returns 407 (unauthenticated) so it authenticates, then calls UpdatePassword again.
Same as prod.

[techievivek]

Yep, that is expected behaviour.

[techievivek]

Looks good to me now. Thanks

[marcaaron]

Ok I was confused but I think what happens is....

• Call UpdatePassword once (returns 200 but your authToken gets invalidated)
• Call UpdatePassword a second time and you will have to first reauthenticate and then call UpdatePassword again

[marcaaron]

Linked Web-E PR is on production so gonna merge this one 🚀

[melvin-bot]

@marcaaron looks like this was merged without passing tests. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.

[marcaaron]

No emergency everything was pass

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[OSBotify]

🚀 Deployed to staging by @marcaaron in version: 1.1.79-0 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

[OSBotify]

🚀 Deployed to production by @roryabraham in version: 1.1.79-17 🚀

platform	result
🤖 android 🤖	failure ❌
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅