[$1000] “Add payment method” button is disabled on every visit after user changes password

[kavimuru]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Action Performed:

1. Click on ‘profile’ avatar
2. Click on ‘Security’ link
3. Click on ‘Change password’ link
4. Enter current password > enter new password > click on ‘save’ button
5. Click on “Got it’ button
6. Navigate back to settings
7. Click on ‘Payments’ link

Expected Result:

“Add payment method” button shouldn’t be disabled

Actual Result:

“Add payment method” button is disabled

Workaround:

unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number: 1.2.96-4
Reproducible in staging?: y
Reproducible in production?: y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation

2023-04-06.11.25.28.mp4

Recording.154.mp4

Expensify/Expensify Issue URL:
Issue reported by: @Natnael-Guchima
Slack conversation: https://expensify.slack.com/archives/C049HHMV9SM/p1680780400485689

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~0189cbf9653004e6fa
• Upwork Job ID: 1646438679766769664
• Last Price Increase: 2023-04-27

[MelvinBot]

Triggered auto assignment to @dylanexpensify (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[MelvinBot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[MelvinBot]

@dylanexpensify Whoops! This issue is 2 days overdue. Let's get this updated quick!

[MelvinBot]

@dylanexpensify Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[dylanexpensify]

reviewing today!

[dylanexpensify]

Posted a question to clarify about the password element

[dylanexpensify]

Wasn't able to reproduce this. @kavimuru can you check if you can repro?

[Natnael-Guchima]

XRecorder_13042023_113036.mp4

I am able to reproduce it. On every first visit to Payment section after password is changed, the button seems to be disabled. And it becomes active when you navigate back and visit Payments section again.

I think the title should be, "Add payment method" button is disabled on every first visit to "Payment" section after user changes password.

[dylanexpensify]

Hmm, I see you have PayPal already added, so unsure if that's a facet of this? Also, it looks like you're on an app, not chrome/web which is what's indicated in the OP as the location of the bug occurring. Can you confirm exactly what platforms and versions you're on that are reproducing this bug just for good measure?

[Natnael-Guchima]

I will retest removing the PayPal account on desktop web Chrome and get back to you in a minute

[dylanexpensify]

Nice one, thanks @Natnael-Guchima! 🙌

[Natnael-Guchima]

2023-04-13.11.48.43.mp4

You are welcome, Dylan🙌.

Platform: Android, mWeb, and Desktop web Chrome are impacted. I think other platforms might also be impacted. I was able only to test on the platforms I mentioned.

Environment: staging, production

Version: v1.3.0-0

[dylanexpensify]

Ok brilliant, let me try to repro! TY!

[dylanexpensify]

Nice was able to repro! Not sure why I didn't last time lol.

[MelvinBot]

Job added to Upwork: https://www.upwork.com/jobs/~0189cbf9653004e6fa

[MelvinBot]

Current assignee @dylanexpensify is eligible for the External assigner, not assigning anyone new.

[MelvinBot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @parasharrajat (External)

[dylanexpensify]

taking off hold!

[hoangzinh]

Proposal

Please re-state the problem that we are trying to solve in this issue.

“Add payment method” button is disabled on every visit after user changes password

What is the root cause of that problem?

1. When user changes password, current authToken stored in Onyx is expired. And currently, we don't refresh it after change password.
2. When the component BasePaymentsPage is mount, it triggers an API to fetch data, and also disable the button while fetching. Because the current authToken is expired, in Reauthentication middleware, we will automatically reauthenticate and for READ API we trigger the reconnection callbacks and return Promise.resolve() => When it go down to SaveResponseInOnyx middleware, it early exit here => the button is disabled forever because the successData or failureData is not triggered.

What changes do you think we should make in order to solve the problem?

We have 2 options to fix here:

• Option 1: After user changes password, we need to call Authentication.reauthenticate to fetch new authToken and update to Onyx store. There are 2 minor options here:
  • Option 1.1. We can change from API.write to API.makeRequestWithSideEffects to make API call returns a promise here, then call Authentication.reauthenticate if change password's response is success.
  • Option 1.2. We can add it into middleware Reauthentication => when the request command is UpdatePassword with success status, we will auto call Authentication.reauthenticate
• Option 2: I think reauthentication middleware is incorrect for READ APIs here => Although it's explicitly described in PR description here, but I think we need to replay READ APIs too, otherwise, we will lost those API requests after renewing authToken => might cause incorrect behavior for users that they might see outdated/incorrect data in some cases that CONST.NETWORK.COMMAND.RECONNECT_APP doesn't cover
  In case we don't allow retry for all READ APIs, at least we can allow retry if shouldRetry option is passed in API.read => when this API request got 407 => it auto renew authToken and retry API request to get data result for User

[dylanexpensify]

not overdue! @parasharrajat to review proposals

[dylanexpensify]

bump @parasharrajat

[parasharrajat]

I will check this today in time. Couldn't do it in the last two days because of setup/build issues.

[MelvinBot]

@madmax330 @parasharrajat @dylanexpensify this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!

[parasharrajat]

I am busy with other tasks and won't be able to work on this one. Please reassign it @dylanexpensify .

[MelvinBot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[Natnael-Guchima]

Hello @dylanexpensify. Now that system has migrated to password-less auth, it sounds like "change password" feature might be removed. In light of that, should we still pursue fixing this issue?

[dylanexpensify]

Hi @Natnael-Guchima! We decided this should still be pursued given the internal testing side couldn't find a root cause between the two! Mind seeing if you can repro?

[Natnael-Guchima]

Hi @Natnael-Guchima! We decided this should still be pursued given the internal testing side couldn't find a root cause between the two! Mind seeing if you can repro?

Great! I was trying to reproduce it now. I am not able to reproduce - I couldn't save password change. I am guessing either I forgot my existing password or system is not reading an existing password from DB.

[Prince-Mendiratta]

I was able to reproduce this on v1.3.4-0. @Natnael-Guchima are you sure you're entering the correct password?

[Natnael-Guchima]

I was able to reproduce this on v1.3.4-0. @Natnael-Guchima are you sure you're entering the correct password?

Oow, I see. I think I might have forgoten my password. I tried it on v1.3.4-0.

[dylanexpensify]

Hmmm maybe this is not relevant now with Passwordless after all? Thoughts @madmax330?

[dylanexpensify]

Not overdue!

[MelvinBot]

@madmax330 @dylanexpensify this issue is now 3 weeks old. There is one more week left before this issue breaks WAQ and will need to go internal. What needs to happen to get a PR in review this week? Please create a thread in #expensify-open-source to discuss. Thanks!

[MelvinBot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[madmax330]

Yeah let's close this since passwordless is being rolled out as we speak