[HOLD for payment 2024-11-21] [$250] Pay someone - User is signed out after verifying account during pay someone flow

[IuliiaHerets]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 9.0.45-2
Reproducible in staging?: Y
Reproducible in production?: N/A - new feature, doesn't exist in prod
Issue was found when executing this PR: #50169
Email or phone of affected tester (no customers): yonghongkok2+sddwe23@gmail.com
Issue reported by: Applause Internal Team

Action Performed:

1. Go to staging.new.expensify.com
2. Log in with a new Gmail account.
3. Complete the onboarding.
4. Open DM with any user.
5. Click + > Pay someone.
6. Select currency in USD, enter amount and click Next.
7. Click Pay with Expensify.
8. Enter the correct magic code.

Expected Result:

User will not be signed out after verifying account during pay someone flow.

Actual Result:

User is signed out after verifying account during pay someone flow.

Workaround:

Unknown

Platforms:

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Bug6624999_1728086378423.20241005_075652.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~021843360929752935358
• Upwork Job ID: 1843360929752935358
• Last Price Increase: 2024-10-14

Issue Owner

Current Issue Owner: @zanyrenney

[melvin-bot]

Triggered auto assignment to @zanyrenney (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

[melvin-bot]

Triggered auto assignment to @arosiclair (DeployBlockerCash), see https://stackoverflowteams.com/c/expensify/questions/9980/ for more details.

[github-actions]

👋 Friendly reminder that deploy blockers are time-sensitive ⏱ issues! Check out the open `StagingDeployCash` deploy checklist to see the list of PRs included in this release, then work quickly to do one of the following:

1. Identify the pull request that introduced this issue and revert it.
2. Find someone who can quickly fix the issue.
3. Fix the issue yourself.

[arosiclair]

I reproduced on staging v9.0.45-2 and not on prod v9.0.44-12 (the original bug from #49523 is still present).

[arosiclair]

This is actually not reproducible in dev with the latest changes on main.

[ikevin127]

We discussed this issue here in #48041 (comment) since that was the issue which introduced the new validation route logic.

Looks like the cause of the logout is/was that when we input the magic code, one of the API endpoints is called with the old / outdated authToken from when the account was not validated.

The issue seems unrelated to the PR I reviewed and more related to the PR that introduced the new validation route logic.

If we were to follow-up with a fix and pinpoint the offending PR, that would be #49230 even if the logout issue did not pop-up while testing issue #48041.

The fix for this should be something along the lines of making sure that once the magic code was provided in the new route, we make sure to clear the old authToken before making any API calls post-validation.

This can be done either on FE or BE.

Please, correct me if any of my above statements are wrong!

This is actually not reproducible in dev with the latest changes on main.

I'll have to double check, but if the issue is indeed not reproducible anymore, can we assume that this was fixed from the BE side ? 🤔

[arosiclair]

I can't verify locally, but reverting #50169 would probably restore the behavior on prod (the not found page). However, I'm not sure that's really "better" than what we have now (forced logout but working after logging back in). I think the best path forward is to not block on this and use this issue to investigate and fix the problem.

[arosiclair]

The issue seems unrelated to the PR I reviewed and more related to the PR that introduced the new validation route logic.

@ikevin127 FWIW, I agree the root problem is probably not caused by the PR you reviewed, however that PR is what ultimately introduced this bug. I think we should have caught this before merging (the whole flow should've been tested).

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~021843360929752935358

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @sobitneupane (External)

[ikevin127]

That's right, unfortunately I only tested the actual validation post-merge

♻️ Edit: The issue is still reproducible on both local dev and staging so I guess we're looking for proposals .

reverting #50169 would probably restore the behavior on prod (the not found page). However, I'm not sure that's really "better" than what we have now (forced logout but working after logging back in). I think the best path forward is to not block on this and use this issue to investigate and fix the problem.

Indeed, I also think that the current behaviour is better then the "Not found page" but still we shouldn't be logged out.

[melvin-bot]

@arosiclair, @sobitneupane, @zanyrenney Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[melvin-bot]

@arosiclair, @sobitneupane, @zanyrenney 6 days overdue. This is scarier than being forced to listen to Vogon poetry!

[arosiclair]

No more updates for this yet. Focusing on the analytics project.

[zanyrenney]

Should we put this on hold then @arosiclair / update the priority to weekly?

[arosiclair]

Made some more progress today. Everything's working now I just need to finalize the Web and App PRs.

[arosiclair]

Web PR is out for review.

[melvin-bot]

⚠️ Looks like this issue was linked to a Deploy Blocker here

If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.

If a regression has occurred and you are the assigned CM follow the instructions here.

If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.61-3 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix pay someone flow for unvalidated accounts #50835

If no regressions arise, payment will be issued on 2024-11-21. 🎊

For reference, here are some details about the assignees on this issue:

• @sobitneupane requires payment through NewDot Manual Requests

[melvin-bot]

@sobitneupane @zanyrenney @sobitneupane The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed. Please copy/paste the BugZero Checklist from here into a new comment on this GH and complete it. If you have the K2 extension, you can simply click: [this button]

[melvin-bot]

Payment Summary

Upwork Job

• Reviewer: @sobitneupane owed $250 via NewDot

BugZero Checklist (@zanyrenney)

• I have verified the correct assignees and roles are listed above and updated the neccesary manual offers
• I have verified that there are no duplicate or incorrect contracts on Upwork for this job (https://www.upwork.com/ab/applicants/1843360929752935358/hired)
• I have paid out the Upwork contracts or cancelled the ones that are incorrect
• I have verified the payment summary above is correct

[zanyrenney]

BE issue.

[zanyrenney]

Payment Summary

Upwork Job - closed.

• Reviewer: @sobitneupane owed $250 via NewDot - please request via ND.
• No other payments as internal.

[garrettmknight]

$250 approved for @sobitneupane