Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add accountID to the set password link #1857

Merged
merged 29 commits into from
Apr 7, 2021
Merged

Conversation

jasperhuangg
Copy link
Contributor

@jasperhuangg jasperhuangg commented Mar 18, 2021

Details

The SetPassword API command requires an email to be provided, along with a new password and a validateCode. For the SetPasswordPage, we were previously assuming that the email would be read from Onyx storage.

However, that may not be the case if we send the user a set password link via a notification, as the user may not have completed the first part of the sign-in flow (which saves their email into Onyx storage). If this is the case, the API call to SetPassword will fail since the email sent over will be undefined.

In lieu of the changes in https://github.com/Expensify/Web-Expensify/pull/30466/ and https://github.com/Expensify/Auth/pull/5402, I'm adding an email parameter to the set password route to ensure we're always sending over and reading an email when the user navigates from this page.

Fixed Issues

$ https://github.com/Expensify/Expensify/issues/156786
$ https://github.com/Expensify/Expensify/issues/157873

Tests (local dev)

  1. On Web-Expensify, check out jasper-ecashValidatePasswordEmail; on Auth, check out and make jasper-resendValidateCodeSetCashPassword.
  2. Make sure you're following the steps with an unvalidated Expensify email. Run ./script/sql.sh then:
  • Get your accountID:
SELECT validated from accounts WHERE email = "[your email]@expensify.com";
  • Make sure your account is invalidated with this command:
UPDATE logins SET validatedDate = "" WHERE accountID = [your accountID];
  • Make sure you've got the most up to date partnerName for Expensify.cash:
INSERT OR IGNORE INTO partners ( created, partnerID, partnerName, partnerPassword, partnerKey ) VALUES ( '2021-03-18 00:00:00', 84, 'chat-expensify-com', 'DD1431EB9E11F0071EC05C24E9CB2FD595B1ED75', 'asdf,fdsa');
  1. Hit expensify.com.dev/api?command=ResendValidateCode&referer=https://expensify.cash/&accountID=[your accountID] to queue up a job that will send yourself a set password email.
  • Use SELECT * from notifications; and check to make sure there's a SetCashPassword notification with your accountID queued up in the last row.
  1. Then run vssh and php /vagrant/Web-Expensify/script/notifyall.php to send it out.
  1. Check your email for an email with the subject "Your magic sign in link for Expensify.cash". Click on the link.
  2. Modify the first part of the URL with whatever localhost:[port] your local version of cash is running on (e.g. localhost:8081)
  • After this, the URL should look something like this: localhost:8081/setpassword/[accountID]/[validateCode]
  1. Navigate to that new URL and set a new password (it's better to do this in an incognito window).
  2. Sign out of e.cash and try to sign in to that email with the new password. Verify that you can sign in.

Screen Shot 2021-04-07 at 9 44 39 AM

QA Test Steps

  1. Navigate to the sign in page.
  2. Create a new account with an email address you have access to (I recommend using EmailOnDeck)
  3. Verify that an email (like the screenshot) was sent to that email address.
  4. Click "Resend Link". Verify that another email was sent to that email address.
  5. In the newer email, click here. Verify that it takes you to https://expensify.cash/setpassword/:accountID/:validateCode
  6. Set a password, it should log you in after you click "Set Password"
  7. Sign out. Verify that you can sign back in with the same email address and password you just set.
  • NOTE: this can also be tested on iOS/Android

Tested On

  • Web
  • Mobile Web
  • Desktop
  • iOS
  • Android

Screenshots

Web

Screen Shot 2021-03-18 at 11 19 24 AM

Mobile Web

Screen Shot 2021-03-18 at 11 18 40 AM

@jasperhuangg jasperhuangg requested a review from a team as a code owner March 18, 2021 03:21
@jasperhuangg jasperhuangg self-assigned this Mar 18, 2021
@botify botify requested review from sketchydroide and removed request for a team March 18, 2021 03:21
@jasperhuangg jasperhuangg changed the title Add email to the set password link [HOLD Web-Expensify 30466] Add email to the set password link Mar 18, 2021
@shawnborton
Copy link
Contributor

For your mobile web screenshot, is there a way we can give the whole page a background color so that we don't have the strange background color block below the form content?

@jasperhuangg
Copy link
Contributor Author

@shawnborton For sure! I made a new issue since it's not entirely related to what I'm fixing here. I've included more details in the issue. Look out for a PR soon!

@marcaaron
Copy link
Contributor

QUESTION FOR REVIEWER: Is this testable on Desktop/iOS/Android?

Short answer: No.
Longer answer: Once we have "deep links" set up for iOS and Android we can theoretically drop you straight into the app on your device and everything should work the same (see Deep Linking in react-nav docs). There is an issue here to address this. As for Desktop, I think it just wouldn't be very valuable to implement right now, but maybe in the future.

Copy link
Contributor

@marcaaron marcaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just have a couple questions so far.

src/libs/actions/Session.js Outdated Show resolved Hide resolved
src/libs/actions/Session.js Outdated Show resolved Hide resolved
@AndrewGable
Copy link
Contributor

I'm curious if this issue is related: https://github.com/Expensify/Expensify/issues/157873 to this PR?

@marcaaron
Copy link
Contributor

Hmm not sure if related.. the error you are seeing there seems to suggest that we have not set the login in credentials.

https://github.com/Expensify/Expensify.cash/blob/ec2ffc28f0d988cb73daad44c037534ba676c287/src/libs/actions/Session.js#L216

@jasperhuangg jasperhuangg removed the request for review from sketchydroide March 23, 2021 03:53
@jasperhuangg
Copy link
Contributor Author

jasperhuangg commented Mar 31, 2021

I left a comment on your review that I thought would be better for you to respond to first before reviewing

Just so I'm on the same page are you talking about a comment on my review in this PR or elsewhere that you are waiting for a response? Either way, if i haven't responded to it can you link me which comment you're waiting for a response from 🙂

Also yeah no worries about the back and forth. As long as there is daily movement its all cool.

Looks like you were able to get to my comment anyways! Thanks :) @chiragsalian

chiragsalian
chiragsalian previously approved these changes Apr 1, 2021
Copy link
Contributor

@chiragsalian chiragsalian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, all yours @marcaaron

@marcaaron
Copy link
Contributor

Is this still on HOLD ?

@chiragsalian
Copy link
Contributor

@jasperhuangg jasperhuangg changed the title [HOLD Web-Expensify 30466] Add email to the set password link Add email to the set password link Apr 6, 2021
marcaaron
marcaaron previously approved these changes Apr 6, 2021
Copy link
Contributor

@marcaaron marcaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM. Leaving this unmerged as I'm not sure when it would be deployed.

src/ROUTES.js Outdated Show resolved Hide resolved
src/ROUTES.js Show resolved Hide resolved
marcaaron
marcaaron previously approved these changes Apr 6, 2021
tgolen
tgolen previously requested changes Apr 6, 2021
Copy link
Contributor

@tgolen tgolen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused about the title of this PR. Isn't this adding an accountID to the set password link? The title says it's adding email to the link.

src/libs/API.js Outdated Show resolved Hide resolved
src/pages/SetPasswordPage.js Show resolved Hide resolved
@marcaaron
Copy link
Contributor

@jasperhuangg let's add some QA test steps to the description in addition to the local dev steps?

Co-authored-by: Tim Golen <[email protected]>
@jasperhuangg jasperhuangg changed the title Add email to the set password link Add accountID to the set password link Apr 7, 2021
@jasperhuangg jasperhuangg requested a review from tgolen April 7, 2021 01:54
Copy link
Contributor

@marcaaron marcaaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM. I tested on iOS and also Android since I noticed we did not test on those platforms. We should let QA know that they can test iOS and Android by clicking on the links with the app installed (at least this should work in theory).

@jasperhuangg
Copy link
Contributor Author

jasperhuangg commented Apr 7, 2021

This LGTM. I tested on iOS and also Android since I noticed we did not test on those platforms. We should let QA know that they can test iOS and Android by clicking on the links with the app installed (at least this should work in theory).

Thanks a lot! Will add a note in the testing instructions 👍

@marcaaron marcaaron dismissed tgolen’s stale review April 7, 2021 16:36

Seems like we've resolved comments and need to merge this to fix the broken set password flow.

@marcaaron marcaaron merged commit 5869e17 into master Apr 7, 2021
@marcaaron marcaaron deleted the jasper-setPasswordEmailLink branch April 7, 2021 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants