[HOLD for payment 2024-07-22] [HOLD for payment 2024-07-17] [$250] 2FA – Two-factor authentication step 1 appears briefly when open 2FA option if it is enabled

[lanitochka17]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.4.84-0
Reproducible in staging?: Y
Reproducible in production?: Y
If this was caught during regression testing, add the test name, ID and link from TestRail: N/A
Email or phone of affected tester (no customers): ponikarchuks+315324@gmail.com
Issue reported by: Applause - Internal Team

Action Performed:

1. Go to https://staging.new.expensify.com/
2. Log in as a user with 2FA
3. Open Account settings / Security options
4. Click on Two-factor authentication

Expected Result:

Two-factor authentication enabled page open

Actual Result:

2FA step 1 appears briefly then Two-factor authentication enabled page open

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Add any screenshot/video evidence

Bug6514551_1718480642361.2FA.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~015c346b94975326f0
• Upwork Job ID: 1805943619282686764
• Last Price Increase: 2024-06-26
• Automatic offers:
• bernhardoj | Contributor | 102893151

Issue Owner

Current Issue Owner: @muttmuure

[melvin-bot]

Triggered auto assignment to @muttmuure (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

[lanitochka17]

We think that this bug might be related to #vip-vsp

[lanitochka17]

@muttmuure FYI I haven't added the External label as I wasn't 100% sure about this issue. Please take a look and add the label if you agree it's a bug and can be handled by external contributors

[eucool]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Two-factor authentication step 1 appears briefly when open 2FA option if it is enabled

What is the root cause of that problem?

We use a useState to assign the current step (success/enabled/disabled) for two factor auth, the initial value set for this is CONST.TWO_FACTOR_AUTH_STEPS.CODES.

We also use a useEffect to determine the value of this step.
But for the very first time, the default value will be set to CONST.TWO_FACTOR_AUTH_STEPS.CODES and then the useEffect would run to determine the actual step.

But now as the default value was codes step, this case would be set to true and we would see the step 1 briefly and then the useEffect would set the correct step.

This is the root cause

What changes do you think we should make in order to solve the problem?

We should set the default value to null and let the useEffect fetch the correct step for us.

What alternative solutions did you explore? (Optional)

[bernhardoj]

Proposal

Please re-state the problem that we are trying to solve in this issue.

The 2FA page shows the code page briefly when opening it.

What is the root cause of that problem?

The initial value/state of the current step to render is the codes page.

App/src/pages/settings/Security/TwoFactorAuth/TwoFactorAuthSteps.tsx

Line 26 in 75c104b

const [currentStep, setCurrentStep] = useState<TwoFactorAuthStep>(CONST.TWO_FACTOR_AUTH_STEPS.CODES);

Then, we have this useEffect which will get the correct step.

App/src/pages/settings/Security/TwoFactorAuth/TwoFactorAuthSteps.tsx

Lines 32 to 43 in 75c104b

	useEffect(() => {
	if (account?.twoFactorAuthStep) {
	setCurrentStep(account?.twoFactorAuthStep);
	return;
	}
	if (account?.requiresTwoFactorAuth) {
	setCurrentStep(CONST.TWO_FACTOR_AUTH_STEPS.ENABLED);
	} else {
	setCurrentStep(CONST.TWO_FACTOR_AUTH_STEPS.CODES);
	}
	}, [account?.requiresTwoFactorAuth, account?.twoFactorAuthStep]);

What changes do you think we should make in order to solve the problem?

Instead of using both useState and useEffect, we can use useMemo.

const currentStep = useMemo(() => {
    if (account?.twoFactorAuthStep) {
        return account.twoFactorAuthStep;
    }
    return account?.requiresTwoFactorAuth ? CONST.TWO_FACTOR_AUTH_STEPS.ENABLED : CONST.TWO_FACTOR_AUTH_STEPS.CODES;
}, [account?.requiresTwoFactorAuth, account?.twoFactorAuthStep]);

Then, we can remove the setCurrentStep from handleSetStep because TwoFactorAuthActions.setTwoFactorAuthStep will update the current step which will trigger the memo above.

App/src/pages/settings/Security/TwoFactorAuth/TwoFactorAuthSteps.tsx

Lines 45 to 49 in 75c104b

	const handleSetStep = useCallback(
	(step: TwoFactorAuthStep, animationDirection: AnimationDirection = CONST.ANIMATION_DIRECTION.IN) => {
	setAnimationDirection(animationDirection);
	TwoFactorAuthActions.setTwoFactorAuthStep(step);
	setCurrentStep(step);

[muttmuure]

Not overdue

[melvin-bot]

@muttmuure Huh... This is 4 days overdue. Who can take care of this?

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~015c346b94975326f0

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @thesahindia (External)

[thesahindia]

@bernhardoj's proposal looks good!

🎀 👀 🎀 C+ reviewed

[melvin-bot]

Triggered auto assignment to @yuwenmemon, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[melvin-bot]

📣 @bernhardoj 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.5-13 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix code step shows briefly when open 2FA page even though it's enabled #44516

If no regressions arise, payment will be issued on 2024-07-17. 🎊

For reference, here are some details about the assignees on this issue:

• @bernhardoj requires payment automatic offer (Contributor)
• @thesahindia requires payment through NewDot Manual Requests

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@thesahindia] The PR that introduced the bug has been identified. Link to the PR:
• [@thesahindia] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@thesahindia] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@thesahindia] Determine if we should create a regression test for this bug.
• [@thesahindia] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@muttmuure] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[bernhardoj]

I'll request in ND once payment is due.

[thesahindia]

It was implemented like this in the beginning then the code was changed but it got reverted by #31738 because of regressions so there's no specific PR responsible for this.

We don't have to add a test case for this but if we want here are the steps:-

Prerequisite: 2FA enabled

1. Open Settings > Security > 2FA
2. Verify the code step (or the 1st step) doesn't show briefly and instead shows the enabled page

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.6-8 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix code step shows briefly when open 2FA page even though it's enabled #44516

If no regressions arise, payment will be issued on 2024-07-22. 🎊

For reference, here are some details about the assignees on this issue:

• @bernhardoj requires payment automatic offer (Contributor)
• @thesahindia requires payment through NewDot Manual Requests

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@thesahindia] The PR that introduced the bug has been identified. Link to the PR:
• [@thesahindia] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@thesahindia] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@thesahindia] Determine if we should create a regression test for this bug.
• [@thesahindia] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@muttmuure] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[bernhardoj]

Payment should be due tomorrow (07-17)

[bernhardoj]

Requested in ND.

[JmillsExpensify]

Reached out to BZ via DM to get the payment summary.

[melvin-bot]

@yuwenmemon, @muttmuure, @bernhardoj, @thesahindia Whoops! This issue is 2 days overdue. Let's get this updated quick!

[muttmuure]

@thesahindia - $250 for C+
@bernhardoj - $250 for C

[JmillsExpensify]

$250 approved for @bernhardoj

[melvin-bot]

@yuwenmemon, @muttmuure, @bernhardoj, @thesahindia Whoops! This issue is 2 days overdue. Let's get this updated quick!

[muttmuure]

@thesahindia submit your request when ready

[bernhardoj]

@muttmuure I see that I got paid in UW, but I already got paid in ND. I've issued a refund.

[JmillsExpensify]

$250 approved for @thesahindia