[HOLD for payment 2023-10-02] [$1000] Inconsistency in the security page

[kavimuru]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Action Performed:

1. Go to settings > security > Two factor authentication
2. Observe that the next button is not highlighted or clickable unless you copy or download the codes
3. Go to settings > security > Change password
4. Observe that the save button is highlighted and clickable even though you didn't feed the necessary information and fix error option will show up.
5. Go to settings > security > Close account
6. Observe that the Confirm button is highlighted and clickable even though you didn't feed the necessary information and fix error option will show up.

Expected Result:

Button's should be clickable even though the necessary steps are not fulfilled and Fix error options should be shown up instead to keep the app consistency

Actual Result:

Button was not clickable when the necessary steps were not fulfilled and Fix error options was not shown

Workaround:

Can the user still use Expensify without this being fixed? Have you informed them of the workaround?

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: 1.3.39-5
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

new.BR.27.mp4

Expensify/Expensify Issue URL:
Issue reported by: @Yokabdk
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1689037540044139

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0137dd1f2f9d3d3972
• Upwork Job ID: 1679119869039431680
• Last Price Increase: 2023-08-18
2023-07-26
• Automatic offers:
• dukenv0307 | Contributor | 25774623

[melvin-bot]

Triggered auto assignment to @CortneyOfstad (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[DanutGavrus]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Inconsistency in the security page

What is the root cause of that problem?

Some buttons should not be disabled from the start, but right now, they are.

What changes do you think we should make in order to solve the problem?

We need to update Two Factor Authentication Page where the button starts disabled, as to be enabled & show the corresponding error if user presses on it without doing anything before. We also need to do this for any other places in which the button starts as disabled, but shouldn't(such as on the Request Money Page).

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[dukenv0307]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Inconsistency in the security page

What is the root cause of that problem?

We disable the button for first when we open the page

App/src/pages/settings/Security/TwoFactorAuth/CodesPage.js

Line 48 in d6b2d07

const [isNextButtonDisabled, setIsNextButtonDisabled] = useState(true);

What changes do you think we should make in order to solve the problem?

1. We can remove disable logic here

App/src/pages/settings/Security/TwoFactorAuth/CodesPage.js

Line 133 in d6b2d07

isDisabled={isNextButtonDisabled}

2. Create a new state to control error
3. When we press on the next button check if isNextButtonDisable is true and set error state for a translation key that can confirm by design team

onPress={() => {
    if (isNextButtonDisabled) {
        setErrors("Please copy or download the code before going to the next step");
        return;
    }
    Navigation.navigate(ROUTES.SETTINGS_2FA_VERIFY)
}}

App/src/pages/settings/Security/TwoFactorAuth/CodesPage.js

Line 131 in 74ae95c

onPress={() => Navigation.navigate(ROUTES.SETTINGS_2FA_VERIFY)}

4. When we click on the download or copy button, set error to empty

App/src/pages/settings/Security/TwoFactorAuth/CodesPage.js

Line 113 in 74ae95c

onPress={() => {

App/src/pages/settings/Security/TwoFactorAuth/CodesPage.js

Line 103 in 74ae95c

onPress={() => {

5. Add a text before next button to display the error with the style is styles.formError. The style and position to display error need design team to confirm

{errors &&
    <Text style={styles.formError}>{errors}</Text>
}

What alternative solutions did you explore? (Optional)

NA

Result

Screencast.from.26-07-2023.00.48.01.webm

[CortneyOfstad]

Was able to recreate so going to get eyes on this

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~0137dd1f2f9d3d3972

[melvin-bot]

Current assignee @CortneyOfstad is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @thesahindia (External)

[thesahindia]

I don't think this is a bug. It is expected.

cc: @shawnborton for thoughts.

[shawnborton]

I think we already reported this and were chatting about it yesterday, does that sound right @MonilBhavsar ?

[Yokabdk]

@shawnborton yes you were discussing on this issue and it is the same report.

@shawnborton to minimize duplication of efforts here is the discussion on the slack about this report

[melvin-bot]

📣 @Yokabdk! 📣
Hey, it seems we don’t have your contributor details yet! You'll only have to do this once, and this is how we'll hire you on Upwork.
Please follow these steps:

1. Get the email address used to login to your Expensify account. If you don't already have an Expensify account, create one here. If you have multiple accounts (e.g. one for testing), please use your main account email.
2. Get the link to your Upwork profile. It's necessary because we only pay via Upwork. You can access it by logging in, and then clicking on your name. It'll look like this. If you don't already have an account, sign up for one here.
3. Copy the format below and paste it in a comment on this issue. Replace the placeholder text with your actual details.
   
   Format:

Contributor details
Your Expensify account email: <REPLACE EMAIL HERE>
Upwork Profile Link: <REPLACE LINK HERE>

[CortneyOfstad]

@Yokabdk bump on the above ^^^

Please let us know once those details are added 👍

[Yokabdk]

Contributor details
Your Expensify account email: [email protected]
Upwork Profile Link: https://www.upwork.com/freelancers/~01e63a00357238a4b6

[melvin-bot]

⚠️ Missing/invalid email or upwork profile link. Please make sure you add both your Expensify email and Upwork profile link in the format specified.

[CortneyOfstad]

@MonilBhavsar and @shawnborton just checking to see if this GH is needed if this was already reported somewhere else. I'm having trouble finding any other GH so if there is one somewhere, can you link it here? TIA!

[Yokabdk]

Contributor details
Your Expensify account email: [email protected]
Upwork Profile Link: https://www.upwork.com/freelancers/~01e63a00357238a4b6

[melvin-bot]

⚠️ Missing/invalid email or upwork profile link. Please make sure you add both your Expensify email and Upwork profile link in the format specified.

[Yokabdk]

Contributor details
Your Expensify account email: [email protected]
Upwork Profile Link: https://www.upwork.com/freelancers/~01e63a00357238a4b6

[melvin-bot]

✅ Contributor details stored successfully. Thank you for contributing to Expensify!

[MonilBhavsar]

I don't think so. We were discussing in this slack thread https://expensify.slack.com/archives/C049HHMV9SM/p1689037540044139
And this issue is linked to that thread

I think we already reported this and were chatting about it yesterday, does that sound right @MonilBhavsar ?

Sorry, i missed this. @shawnborton the slack thread in this issue links to the thread we're chatting. So, I believe this is the only one

[dukenv0307]

@CortneyOfstad we are still discussing with @shawnborton in the PR.

[CortneyOfstad]

Just checking to see where we're at with this — TIA!

[Ollyws]

All design design decisions seem to be sorted now, will have this finalized soon.

[CortneyOfstad]

Thanks @Ollyws!

[melvin-bot]

@tgolen, @shawnborton, @CortneyOfstad, @Ollyws, @dukenv0307 Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[melvin-bot]

Based on my calculations, the pull request did not get merged within 3 working days of assignment. Please, check out my computations here:

• when @dukenv0307 got assigned: 2023-07-26 22:19:08 Z
• when the PR got merged: 2023-09-21 02:18:16 UTC
• days elapsed: 40

On to the next one 🚀

[melvin-bot]

@tgolen, @shawnborton, @CortneyOfstad, @Ollyws, @dukenv0307 Eep! 4 days overdue now. Issues have feelings too...

[melvin-bot]

⚠️ Looks like this issue was linked to a Deploy Blocker here

If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.

If a regression has occurred and you are the assigned CM follow the instructions here.

If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.73-1 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix Inconsistency in the security page and Request money page #23712

If no regressions arise, payment will be issued on 2023-10-02. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter — @Yokabdk offer sent in Upwork for $250 (reported in July before price change)
• Contributor that fixed the issue — @dukenv0307 paid in Upwork $1000
• Contributor+ that helped on the issue and/or PR — @Ollyws offer sent in Upwork for $1000

For reference, here are some details about the assignees on this issue:

• @Ollyws requires payment
• @dukenv0307 requires payment offer (Contributor)
• @Yokabdk requires payment

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@Ollyws] The PR that introduced the bug has been identified. Link to the PR:
• [@Ollyws] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@Ollyws] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@Ollyws] Determine if we should create a regression test for this bug.
• [@Ollyws] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@CortneyOfstad] Link the GH issue for creating/updating the regression test once above steps have been agreed upon: https://github.com/Expensify/Expensify/issues/322908

[mvtglobally]

Issue not reproducible during KI retests. (First week)

[Ollyws]

There is no PR responsible for this as it was a new feature. I do think a regression test would be helpful to ensure it continues working properly, as it includes one of the main flows and it's easy to test for.

[Ollyws]

Regression Test Proposal

1. Go to settings > security > Two factor authentication
2. Verify that next button is highlighted and clickable
3. Click it without copying or downloading the codes
4. Verify that an error message show up
5. Click FAB > Request money > Manual
6. Verify that next button is highlighted and clickable
7. Click it without entering a valid number
8. Verify that an error message show up

Do we agree 👍 or 👎

[CortneyOfstad]

@dukenv0307 — you have been paid in Upwork, so you are all set!

@Ollyws and @Yokabdk — I sent you both offers in Upwork. Please let me know once you accept!

[Ollyws]

@CortneyOfstad Accepted, thanks!

[CortneyOfstad]

@Yokabdk Just waiting on your offer acceptance — thank you!

@shawnborton @tgolen thoughts on the regression test here? TIA!

[tgolen]

They look good to me!

[Yokabdk]

@CortneyOfstad offer accepted

[CortneyOfstad]

Thank you @Yokabdk! I've gone ahead and gotten that paid!

I'm creating the regression test now and then we're good to close!