[HOLD for payment 2022-02-08] Improve UX of Setting a password on account sign up with expired or malformed token #3189
Comments
anthony-hull
added
the
AutoAssignerTriage
|
Triggered auto assignment to @lschurr ( |
MelvinBot
removed
the
AutoAssignerTriage
|
This looks like it has been changed to something more useful in the backend: |
|
Hm, when I tried to reproduce this, I got a privacy error:
I'm going to add the eng label to have someone else take a look. |
lschurr
added
Engineering
Improvement
|
Triggered auto assignment to @stitesExpensify ( |
|
Hi @anthony-hull, can you clarify your solution please? |
|
I think there should be some way of the user requesting a new set password email link. So maybe replace the whole form with a request new link button? Otherwise the user has no way of actioning the error message and they are stuck on the form unable to progress. Or you could automatically send a new link when the API notices an expired set user token was used and the form could inform the user of the email and to check their mailbox |
|
It looks like the API now re-sends en email when you use an expired token. But I've been using the reset password UX rather than set password for the a new user for most of my testing. |
|
I think it makes sense to replace the form with a new link button in this case. Are you still interested in this @anthony-hull ? |
|
Bump @anthony-hull 😄 |
|
I've just checked this flow and the API now just resends a new email if if gets a bad magic code. The button wouldn't be needed. But informing the user that a new email has been sent would be an improvement I think. |
|
Cool, I'm in favor of you making that solution as those seem like great improvements to me! If you want to update the OP I'll add the external label and we can get you working on it! We are still currently in a merge hold though so I'm not sure when it will get merged/paid out FYI |
|
ok :) |
anthony-hull
changed the title
|
@stitesExpensify Hey Brandon I've updated the body and title, let me know what you think |
|
Looks good! I updated the copy a little bit and we should be good to go |
|
I like the tweak. Does this need an external label now? |
stitesExpensify
added
the
External
|
Apologies for the label/assigning spam, wanted to check to see who it got assigned to. @kadiealexander and @SofiedeVreese , I'm around through the holidays so I'll keep tabs on this. |
|
You're a champion Matt, thank you!! |
|
@anthony-hull do you have an update on progress? We recently updated our CONTRIBUTING.md to include details on expected timeliness of working on issue .
Just wanna make sure the PR will be submitted soon. |
|
thanks! |
|
I haven't managed to finish the PR today. |
|
Thanks for the update @anthony-hull ! |
|
I encountered extra complexity and ran out of working time today. I will carry on working on this tomorrow. |
|
I resolved the above issue. But I have a new outstanding question in the PR. Most of the logic is done. |
|
still pending input on question |
|
I'm unblocked. Will finish tomorrow! |
|
Appreciate the updates @anthony-hull ! |
|
The PR linked is ready for review, I have requested for such. Just missing some translations and response on required testing documentation! |
|
Waiting on PR review, answer to a question and a backend bug to be confirmed reproduced by the reviewer and fixed |
|
looks like PR is on staging! #6587 |
botify
added
Weekly
botify
changed the title
|
The solution for this issue has been 🚀 deployed to production 🚀 in version 1.1.33-3 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue: If no regressions arise, payment will be issued on 2022-02-08. 🎊 |
|
Thanks @anthony-hull for the help and persistence with this issue. Paid in Upwork, $500 - $250ea for reporting and the fix (link from hax stating the job was initially created for both) |
Expected Result:
When a user tries to set their password during the new user flow and uses an expired or malformed magic token.
The form to be replaced by the following copy:
This set password link is invalid or has expired. A new one is waiting for you in your email inbox!
Actual Result:
Error was as follows:
The user is able to keep re-submitting the form from an unrecoverable and invalid state.
Action Performed:
trigger password reset
make sure you're logged out
navigate to here: http://expensify.cash/setpassword/[USERID]/[RESETCODE]
make sure you have credentials.login key set to your email address in local storage
submit a valid password
Platform:
Where is this issue occurring?
Web
Upwork job link- https://www.upwork.com/jobs/~01ee9af3d9febfb893
View all open jobs on Upwork
The text was updated successfully, but these errors were encountered: