[HOLD for payment 2024-03-18] [$1000] Desktop - There is no turning back from the SSO provider

[lanitochka17]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: 1.3.85-2
Reproducible in staging?: Yes
Reproducible in production?: Yes
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: Applause - Internal Team
Slack conversation:

Issue found when executing PR #28372

Action Performed:

1. Configure your account to have SAML enabled but not required in oldDot
   • You can simulate this by manually setting isSAMLEnabled to true here.
2. Enter the email for your account in newDot
3. Confirm you see the option to choose to sign in with SAML or with a magic code
4. Choose the Go Back option and confirm you're dropped back on the sign-in page with your email pre-filled
5. Press Continue
6. Choose the Use Magic Code option and confirm you get a magic code sent to your email
7. Press Go Back and confirm you're back on the sign-in page with your email pre-filled
8. Press Continue
9. Choose Use Single Sign On option
10. Confirm you briefly see an interstitial page about launching your SSO provider's login portal

Expected Result:

There should be a Path back from the SSO provider portal (arrow or cross)

Actual Result:

There is no turning back from the SSO provider portal

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Native
• Android: mWeb Chrome
• iOS: Native
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

Android: Native

Android: mWeb Chrome

iOS: Native

iOS: mWeb Safari

MacOS: Chrome / Safari

MacOS: Desktop

2023-10-17.3.55.58.PM.mov

_._2023-10-17_._3.52.34_PM_.1.1.mov

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~01534a657243d6c5b8
• Upwork Job ID: 1760390840262914048
• Last Price Increase: 2024-02-21

[melvin-bot]

Triggered auto assignment to @anmurali (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~01b86a48a78c5400e9

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @0xmiroslav (External)

[NikkiWines]

This will be handled as part of the SAML project - putting a hold on this issue for now

[melvin-bot]

@anmurali, @0xmiroslav Huh... This is 4 days overdue. Who can take care of this?

[anmurali]

@NikkiWines - can you link the issue you are referring to? And if it makes sense can you degrade this issue to a weekly or monthly?

[NikkiWines]

Sure, it's planned to be handled as part of polish for https://github.com/Expensify/Expensify/issues/294583 (internal link) - though actually I guess there's no reason it can't be handled externally now.

The desktop UI is on production, if someone wants to simulate having a SAML enabled or required account on newDot to trigger the new flow, they'll just need to modify either of these lines to be true instead of reading from account

[melvin-bot]

Current assignee @anmurali is eligible for the NewFeature assigner, not assigning anyone new.

[melvin-bot]

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

[melvin-bot]

@anmurali @0xmiroslav this issue was created 2 weeks ago. Are we close to approving a proposal? If not, what's blocking us from getting this issue assigned? Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks!

[mallenexpensify]

Thanks @davidgelhar , please keep updating daily since it's been almost a week.

[davidgelhar]

I determined that an additional change was necessary in order to get the PR working with the latest from main. Specifically, the newly-added "lastVisitedPath" Onyx key was preventing you from navigating back to the login page.

That issue is also fixed in the (draft) PR #37283

Question: the PR form wants to include screenshots for all platforms, but this fix is specific to the web/desktop platforms. There is a related bug #36673 open for ios/android native.

How do you want to handle that @mallenexpensify ? Is it ok to proceed with this as a fix for just the web/desktop bug, or do you want to try to solve it for all platforms? (I'd suggest keeping this task scoped to web/desktop and using the other bug to track the other platforms)

[davidgelhar]

I see that bug #36673 is being kept open to track the related issue on native.

PR #37283 submitted for the web/desktop use cases

[davidgelhar]

@thienlnam I've applied for the new upwork job you created https://www.upwork.com/jobs/~01534a657243d6c5b8 but it is not showing as "accepted" yet. Does something need to happen manually becausre you had to create a new job?

[ikevin127]

Does something need to happen manually becausre you had to create a new job?

Something has to happen manually because it's your first job and the bot only sends automated Upwork offer after the first job since you're not in the system before that.

Don't worry you'll get paid, the payment is usually handled 7 days (regression period) after the PR was deployed on production.

[mallenexpensify]

Hired ya in Upwork @davidgelhar , apologies for the delay/hassle. Like @ikevin127 said, we have automation but it's not perfect.

PR is waiting on review from @thienlnam
#37283

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.4.49-4 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• allow navigating back from SAML signin #37283

If no regressions arise, payment will be issued on 2024-03-18. 🎊

For reference, here are some details about the assignees on this issue:

• @davidgelhar requires payment (Needs manual offer from BZ)
• @alitoshmatov requires payment (Needs manual offer from BZ)

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@alitoshmatov] The PR that introduced the bug has been identified. Link to the PR:
• [@alitoshmatov] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@alitoshmatov] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@alitoshmatov] Determine if we should create a regression test for this bug.
• [@alitoshmatov] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@anmurali / @mallenexpensify] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[melvin-bot]

Payment Summary

Upwork Job

• ROLE: @davidgelhar paid $(AMOUNT) via Upwork (LINK)
• ROLE: @alitoshmatov paid $(AMOUNT) via Upwork (LINK)

BugZero Checklist (@anmurali)

• I have verified the correct assignees and roles are listed above and updated the neccesary manual offers
• I have verified that there are no duplicate or incorrect contracts on Upwork for this job (https://www.upwork.com/ab/applicants/1760390840262914048/hired)
• I have paid out the Upwork contracts or cancelled the ones that are incorrect
• I have verified the payment summary above is correct

[anmurali]

@alitoshmatov can you complete the BZ checklist?

[alitoshmatov]

• The PR that introduced the bug has been identified. Link to the PR: https://github.com/Expensify/App/pull/28372/files
• The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment: https://github.com/Expensify/App/pull/28372/files#r1532570441
• A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion: No need
• Determine if we should create a regression test for this bug. I think yes

Regression Test Proposal

• You should have SAML enabled email
• Type the account's email into newDot.
• Make sure there's an option to sign in with SAML or a magic code.
• Select the Single Sign-On option.
• You should see a temporary page about your SSO provider's login page starting.
• The SSO provider's page should come up, but don't sign in.
• Hit the "Back" button in your browser.
• Check that you are in single sign-on page again to sign in with SAML or a magic code.

Do we agree 👍 or 👎

[alitoshmatov]

@anmurali Checklist completed

[mallenexpensify]

Contributor: @davidgelhar paid $1000 via Upwork
Contributor+: @alitoshmatov paid $1000 via Upwork.

TR GH - https://github.com/Expensify/Expensify/issues/380930

Thanks @alitoshmatov and @davidgelhar , happy to get this one fixed.