Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HOLD for payment 2024-07-24] [$250] Public room - User is able to leave public room when user is not logged in #43404

Closed
5 of 6 tasks
izarutskaya opened this issue Jun 10, 2024 · 38 comments
Assignees
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 External Added to denote the issue can be worked on by a contributor

Comments

@izarutskaya
Copy link

izarutskaya commented Jun 10, 2024

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!


Version Number: 1.4.81-3
Reproducible in staging?: Y
Reproducible in production?: Y
Logs: https://stackoverflow.com/c/expensify/questions/4856
Issue reported by: Applause-Internal team

Action Performed:

  1. Go to staging.new.expensify.com
  2. Log out if logged in.
  3. Navigate to public room link.
  4. Click on the public room chat header.
  5. Click Leave.

Expected Result:

Login modal will open.

Actual Result:

User is able to leave the public room, and the public room reappears.

Workaround:

Unknown

Platforms:

Which of our officially supported platforms is this issue occurring on?

  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
  • MacOS: Desktop

Screenshots/Videos

Bug6508355_1718037560053.bandicam_2024-06-11_00-34-48-344.mp4

View all open jobs on GitHub

Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~012198a597d90e1a9d
  • Upwork Job ID: 1800460939784883037
  • Last Price Increase: 2024-06-11
  • Automatic offers:
    • situchan | Reviewer | 102730618
    • codinggeek2023 | Contributor | 102730619
    • truph01 | Contributor | 102895803
Issue OwnerCurrent Issue Owner: @greg-schroeder
@izarutskaya izarutskaya added Daily KSv2 Bug Something is broken. Auto assigns a BugZero manager. labels Jun 10, 2024
Copy link

melvin-bot bot commented Jun 10, 2024

Triggered auto assignment to @garrettmknight (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

@izarutskaya
Copy link
Author

We think this issue might be related to the #vip-vsb

@devguest07
Copy link
Contributor

Proposal

Please re-state the problem that we are trying to solve in this issue.

Users can leave a public room without being logged in.

What is the root cause of that problem?

The leave button is displayed regardless of whether the user is anonymous or not.

if (isGroupChat || (isChatRoom && ReportUtils.canLeaveChat(report, policy ?? null))) {

What changes do you think we should make in order to solve the problem?

We need to add a condition to check for anonymous users before displaying the leave button, similar to other parts of the application.

https://github.com/Expensify/App/blob/60530f643b30f30510914ed28e2a90ed5d37184a/src/pages/home/report/ReportFooter.tsx#L91C12-L91C27

Add !isAnonymousUser to the condition controlling the display of the leave menu item.

if (isGroupChat || (isChatRoom && ReportUtils.canLeaveChat(report, policy ?? null))) {

What alternative solutions did you explore?

@eucool
Copy link
Contributor

eucool commented Jun 10, 2024

Proposal

Please re-state the problem that we are trying to solve in this issue.

User is able to leave public room when user is not logged in

What is the root cause of that problem?

We have set isAnonymousAction to true which allows the user to proceed with exiting the room but that won't happen as the user is not logged in and hence we get redirected to concierge.

if (isGroupChat || (isChatRoom && ReportUtils.canLeaveChat(report, policy ?? null))) {
items.push({
key: CONST.REPORT_DETAILS_MENU_ITEM.LEAVE_ROOM,
translationKey: 'common.leave',
icon: Expensicons.Exit,
isAnonymousAction: true,

What changes do you think we should make in order to solve the problem?

The expected results is to redirect the user to login page, so we need to set isAnonymousAction to false.

Result Video

Screen.Recording.2024-06-11.at.1.11.52.AM.mov

@Tony-MK
Copy link
Contributor

Tony-MK commented Jun 11, 2024

Proposal

Please re-state the problem that we are trying to solve in this issue.

Workspace - Error page when navigating to Workspace Join link after leaving the workspace

What is the root cause of that problem?

The root cause of the problem is that in the ReportDetailsPage we use the ReportUtils.canLeaveChat function instead of the ReportUtils.canLeaveRoom function.

if (isGroupChat || (isChatRoom && ReportUtils.canLeaveChat(report, policy ?? null))) {

What changes do you think we should make in order to solve the problem?

Change the code snippet above and use the ReportUtils.canLeaveRoom function as shown below.

if (isGroupChat || (isChatRoom && ReportUtils.canLeaveRoom(report, isPolicyEmployee))) 

@garrettmknight garrettmknight added the External Added to denote the issue can be worked on by a contributor label Jun 11, 2024
@melvin-bot melvin-bot bot changed the title Public room - User is able to leave public room when user is not logged in [$250] Public room - User is able to leave public room when user is not logged in Jun 11, 2024
Copy link

melvin-bot bot commented Jun 11, 2024

Job added to Upwork: https://www.upwork.com/jobs/~012198a597d90e1a9d

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Jun 11, 2024
Copy link

melvin-bot bot commented Jun 11, 2024

Triggered auto assignment to Contributor-plus team member for initial proposal review - @situchan (External)

@TheGithubDev
Copy link

TheGithubDev commented Jun 11, 2024

Proposal

Please re-state the problem that we are trying to solve in this issue:

The problem is that an anonymous (not logged in) user can leave a public room by clicking the "Leave" button in the public room chat header. Instead of being prompted to log in, the user is able to leave the room, and the public room reappears.

What is the root cause of that problem?

The root cause of this problem is that the leave action is not correctly checking for the user's authentication status before executing. The logic to handle the leave action does not verify if the user is logged in, allowing anonymous users to perform actions that should be restricted to authenticated users.

What changes do you think we should make in order to solve the problem?

To address this issue, we need to:

  1. Add Authentication Check:
    • Before executing the leave action, verify if the user is authenticated. If not, prompt the user to log in.

Example of changes:

  1. Add Authentication Check:
  • Update the leave action handler to include an authentication check. If the user is not logged in, show the login modal instead of allowing the leave action to proceed.

    const handleLeaveRoom = () => {
        if (!isUserLoggedIn()) {
            showLoginModal();
            return;
        }
    
        // Proceed with the leave room action
        leavePublicRoom();
    };
    
    <Button onPress={handleLeaveRoom}>Leave</Button>
    

What alternative solutions did you explore?

  • Restricting UI elements: Instead of checking authentication in the leave action handler, we can disable or hide the "Leave" button for anonymous users.

  • Server-Side Validation: We can implement server-side validation to ensure that only authenticated users can perform the leave action, adding an extra layer of security.

  • Different User Experience: Also, by redirecting anonymous users to a different user experience flow where they can't see the "Leave" option at all, focusing instead on encouraging them to log in.

Please note that the above explanation outlines only the technical approach I plan to take, as mentioned.

Regards.

@truph01
Copy link
Contributor

truph01 commented Jun 11, 2024

Proposal

Please re-state the problem that we are trying to solve in this issue.

User is able to leave the public room, and the public room reappears.

What is the root cause of that problem?

When the user views the room before logged in, they are essentially "anonymous" users. So they're technically not part of the room yet, that's also the reason for the Join the discussion. CTA at the bottom of the public report.
Screenshot 2024-06-12 at 12 53 37 AM

So the anonymous user should only be able to join the room, not leave the room.

What changes do you think we should make in order to solve the problem?

We should hide Leave button and show Join button for public room if the user is viewing anonymously.

  1. In canLeaveChat, add the early return false if it's public room and the user is anonymous
if (isPublicRoom(report) && Session.isAnonymousUser()) {
    return false;
}

This will make sure the button is hidden in both the ReportDetailsPage and HeaderView of the report
Screenshot 2024-06-12 at 1 05 15 AM

  1. In canJoinChat, add early return true if it's public room and the user is anonymous
if (isPublicRoom(report) && Session.isAnonymousUser()) {
    return true;
}
Screenshot 2024-06-12 at 1 04 45 AM

What alternative solutions did you explore? (Optional)

NA

@garrettmknight
Copy link
Contributor

@situchan can you have a look at these when you get chance? Thanks!

@situchan
Copy link
Contributor

situchan commented Jun 13, 2024

Login modal will open.

This is the expected result.

@codinggeek2023's proposal makes sense but I asked author why isAnonymousAction was set to true before approving.

EDIT: confirmed

@melvin-bot melvin-bot bot removed the Overdue label Jun 13, 2024
@situchan
Copy link
Contributor

Let's go with @codinggeek2023's proposal!
🎀👀🎀 C+ reviewed

Copy link

melvin-bot bot commented Jun 13, 2024

Triggered auto assignment to @MonilBhavsar, see https://stackoverflow.com/c/expensify/questions/7972 for more details.

@melvin-bot melvin-bot bot removed the Help Wanted Apply this label when an issue is open to proposals by contributors label Jun 14, 2024
Copy link

melvin-bot bot commented Jun 14, 2024

📣 @situchan 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

Copy link

melvin-bot bot commented Jun 14, 2024

📣 @codinggeek2023 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

Copy link

melvin-bot bot commented Jul 4, 2024

⚠️ Looks like this issue was linked to a Deploy Blocker here

If you are the assigned CME please investigate whether the linked PR caused a regression and leave a comment with the results.

If a regression has occurred and you are the assigned CM follow the instructions here.

If this regression could have been avoided please consider also proposing a recommendation to the PR checklist so that we can avoid it in the future.

@melvin-bot melvin-bot bot added Weekly KSv2 Awaiting Payment Auto-added when associated PR is deployed to production and removed Weekly KSv2 labels Jul 17, 2024
@melvin-bot melvin-bot bot changed the title [$250] Public room - User is able to leave public room when user is not logged in [HOLD for payment 2024-07-24] [$250] Public room - User is able to leave public room when user is not logged in Jul 17, 2024
@melvin-bot melvin-bot bot removed the Reviewing Has a PR in review label Jul 17, 2024
Copy link

melvin-bot bot commented Jul 17, 2024

Reviewing label has been removed, please complete the "BugZero Checklist".

Copy link

melvin-bot bot commented Jul 17, 2024

The solution for this issue has been 🚀 deployed to production 🚀 in version 9.0.7-8 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

If no regressions arise, payment will be issued on 2024-07-24. 🎊

For reference, here are some details about the assignees on this issue:

Copy link

melvin-bot bot commented Jul 17, 2024

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

  • [@situchan] The PR that introduced the bug has been identified. Link to the PR:
  • [@situchan] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
  • [@situchan] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
  • [@situchan] Determine if we should create a regression test for this bug.
  • [@situchan] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
  • [@garrettmknight] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

@melvin-bot melvin-bot bot added Daily KSv2 and removed Weekly KSv2 labels Jul 23, 2024
@garrettmknight
Copy link
Contributor

Payment summary:

  • Contributor: @truph01 $250 paid via upwork
  • Reviewer: @situchan $250 paid via upwork

@situchan can you fill out the checklist when you get a chance?

@garrettmknight garrettmknight added Weekly KSv2 and removed Daily KSv2 labels Jul 24, 2024
@garrettmknight garrettmknight removed their assignment Jul 24, 2024
@garrettmknight garrettmknight added Bug Something is broken. Auto assigns a BugZero manager. and removed Bug Something is broken. Auto assigns a BugZero manager. labels Jul 24, 2024
Copy link

melvin-bot bot commented Jul 24, 2024

Triggered auto assignment to @greg-schroeder (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

@melvin-bot melvin-bot bot added Daily KSv2 and removed Weekly KSv2 labels Jul 24, 2024
@garrettmknight garrettmknight self-assigned this Jul 24, 2024
@garrettmknight
Copy link
Contributor

@greg-schroeder just handing this one off while I'm OOO - only awaiting the checklist. If it doesn't get done by the time I'm back I'll pick back up. Thanks!

@situchan
Copy link
Contributor

Regression Test Proposal

  1. Log out if logged in.
  2. Navigate to public room link.
  3. Verify that "Join" button is displayed in the top right.
  4. Click on the public room chat header.
  5. Verify that there is no "Leave" button.

@greg-schroeder
Copy link
Contributor

Adding regression test 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Awaiting Payment Auto-added when associated PR is deployed to production Bug Something is broken. Auto assigns a BugZero manager. Daily KSv2 External Added to denote the issue can be worked on by a contributor
Projects
No open projects
Development

No branches or pull requests