[SMARTSCAN][$500] HIGH: Web - Scan - App crashed after tap on notification received from User B

[lanitochka17]

Held on https://github.com/Expensify/Auth/pull/9115 and https://github.com/Expensify/Web-Expensify/pull/39523

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Action Performed:

1. Log in in NewDot as User A (incognito window) and log in in regular browser as User B
2. User A: click on FAB icon and select request money option
3. Go to scan tab and add receipt
4. Select user B and click on request button
5. go to transaction thread and click on amount and enter amount
6. Click on notification

Expected Result:

Chat conversation should be opened after click on notification

Actual Result:

App crashed after tap on notification received from User B

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• Windows / Chrome
• MacOS / Desktop

Version Number: 1.3.78.0

Reproducible in staging?: Yes

Reproducible in production?: Yes

If this was caught during regression testing, add the test name, ID and link from TestRail:

Email or phone of affected tester (no customers):

Logs: https://stackoverflow.com/c/expensify/questions/4856

Notes/Photos/Videos: Any additional supporting documentation

Bug6226100_1696521427022.Recording__4869.mp4

Expensify/Expensify Issue URL:

Issue reported by: Applause - Internal Team

Slack conversation:

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01c4ff17faecbce9f5
• Upwork Job ID: 1711530758959968256
• Last Price Increase: 2023-10-16
• Automatic offers:
• tienifr | Contributor | 27258457

Issue Owner

Current Issue Owner: @ArekChr

[melvin-bot]

Triggered auto assignment to @bfitzexpensify (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot]

@bfitzexpensify Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[bfitzexpensify]

Reproduced, sending this external.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~01c4ff17faecbce9f5

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @ArekChr (External)

[hungvu193]

Proposal

Please re-state the problem that we are trying to solve in this issue.

Web - Scan - App crashed after tap on notification received from User B (with modify request money notification).

What is the root cause of that problem?

While requesting money with scan from user A, and the scan is in progress, we won't send it to the user B while it's scanning. But we still send the notification while modifying the amount, merchant... When user B tap on modify notification, it will open an non-existence reportID within user B, which lead to the crash.

App/src/libs/actions/Report.js

Lines 1680 to 1681 in d916eff

	Log.info('[LocalNotification] Creating notification');
	const report = allReports[reportID];

What changes do you think we should make in order to solve the problem?

I think we shouldn't send the notification for the reportId that didn't exist yet. So we need to add an extra check for our shouldShowReportActionNotification function, if our report is null or undefined, we should return false.

What alternative solutions did you explore? (Optional)

N/A

[tienifr]

Proposal

Please re-state the problem that we are trying to solve in this issue.

1. App crashed after tap on notification received from User B, app crashes.

2. If we copy the money request link and opens it directly in User B, app also crashes

What is the root cause of that problem?

The root cause for app crashing in both 1 and 2 is because when we click on the notification, we navigate to the report screen here. But the OpenReport API currently returns corrupt data (it should return null like when we open any inaccessible report).

The root cause for receiving notification even for Scanning money request is because we still send Onyx updates with shouldNotify: true for the report actions, even though the user should not be able to access the report.

What changes do you think we should make in order to solve the problem?

1. Fix OpenReport API to return null in that case of scanning money request that user B does not have access to
2. Fix Pusher to not send updates for report actions of scanning money request that user B does not have access to
3. There's still edge case where we still show the notification even though the report does not exist/is pending deleted.
   For example, if user B deletes money request in offline mode, and go online, right at that moment user A sends some message to that money request. The notification for the message will still show for user B although he already deletes the money request.
   To fix this, we need to add a check here, if the report does not exist in Onyx, or it's in pending delete status, then return false, so the report action notification for that report will not show.

What alternative solutions did you explore? (Optional)

NA

[bfitzexpensify]

Couple of proposals ready for review @ArekChr

[ArekChr]

@tienifr As I understand, after fix, we will not send scan report notifications at all?

[tienifr]

@tienifr As I understand, after fix, we will not send scan report notifications at all?

@ArekChr it will still send scan report notifications to user B after the scan is complete (the Pusher will send then). The fix is only so that it doesn't send when the scan is in progress (the user B shouldn't be able to access the in-progress scan report, by design).

[ArekChr]

That works for me. Selecting a proposal from @tienifr as the solution covers multiple facets, not just the primary crash issue but also related problems that might lead to similar crashes.

🎀 👀 🎀 C+ reviewed

[melvin-bot]

Triggered auto assignment to @madmax330, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.11-25 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• Fix: App crashes on open notification #31481

If no regressions arise, payment will be issued on 2023-12-20. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @ArekChr does not require payment (Contractor)
• @tienifr requires payment automatic offer (Contributor)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@ArekChr] The PR that introduced the bug has been identified. Link to the PR:
• [@ArekChr] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@ArekChr] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@ArekChr] Determine if we should create a regression test for this bug.
• [@ArekChr] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@bfitzexpensify] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[bfitzexpensify]

Payment summary:

Contributor: @tienifr to be paid $500 via Upwork ✅
C+: no payment required.

@ArekChr please complete the BZ checklist when you get a moment - thanks!

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr Whoops! This issue is 2 days overdue. Let's get this updated quick!

[bfitzexpensify]

Bump on the BZ checklist @ArekChr - thank you!

[bfitzexpensify]

Another bump here thanks @ArekChr

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr Still overdue 6 days?! Let's take care of this!

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr 8 days overdue is a lot. Should this be a Weekly issue? If so, feel free to change it!

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr 12 days overdue. Walking. Toward. The. Light...

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr 12 days overdue. Walking. Toward. The. Light...

[melvin-bot]

This issue has not been updated in over 14 days. @cristipaval, @ArekChr, @bfitzexpensify, @tienifr eroding to Weekly issue.

[cristipaval]

It seems that @ArekChr has been ooo. He'll take care of the checklist on Monday.

[melvin-bot]

@cristipaval, @ArekChr, @bfitzexpensify, @tienifr Uh oh! This issue is overdue by 2 days. Don't forget to update your issues!

[ArekChr]

• Link to the PR: I couldn't find the PR that introduced this bug
• Link to comment: n/a
• Link to discussion: n/a
• Determine if we should create a regression test for this bug: I think we should add a regression test here.

Regression Test Proposal

1. Open an incognito window and log in as User A on the NewDot
2. In a regular browser window, log in as User B.
3. User A: click on the FAB icon and select the request money option
4. Go to the scan tab and add the receipt
5. Select user B and click on the request button
6. go to the transaction thread click on the amount and enter the amount
7. Click on notification
8. Ensure the chat opens correctly

Do we agree 👍 or 👎

[bfitzexpensify]

Thanks @ArekChr. Regression steps proposed in https://github.com/Expensify/Expensify/issues/359435.

We're all done here, closing this one out.