Account validation : Error message to check email for a new link does not appear when pasting same link in new browser #7425
Comments
|
Triggered auto assignment to @Gonals ( |
|
It looks like the validateEmail API call isn't being made. And therefore the magic token in the URL is still valid and can be used to set the password. |
|
I noticed that Onyx is now using index DB and not local storage for the keys. I emptied my cookies and local storage and the index DB and re-ran these steps and this issue goes away. Does this fix it for you as well @kavimuru? Maybe there is a problem with the migration where stale keys are present from the two implementations previously and then currently running on the client? |
|
@anthony-hull Now I see the error message after I setup password. Not when I paste the link in incognito. Recording.169.mp4Now I see the error message after I setup password. Not when I paste the link in incognito. |
Gonals
added
Weekly
|
Triggered auto assignment to @michaelhaxhiu ( |
|
Setting it as external for now, but there's still a bit of discussion to decide whether this is an actual bug. |
|
Hmmm so if I'm following correctly, the user is able to access the password reset link twice? And it should expire after the first time it's visited? Is that right or am I not following correctly, @kavimuru ? |
|
@michaelhaxhiu , you are right. Original issue is about ability to access same password setup link twice |
|
@kavimuru I have another follow up question on the Expected Result:
Is this a real page we have today? Or are we requesting that we create a new page that shows this message? |
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
2 similar comments
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
|
@michaelhaxhiu Still overdue 6 days?! Let's take care of this! |
3 similar comments
|
@michaelhaxhiu Still overdue 6 days?! Let's take care of this! |
|
@michaelhaxhiu Still overdue 6 days?! Let's take care of this! |
|
@michaelhaxhiu Still overdue 6 days?! Let's take care of this! |
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
2 similar comments
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
|
@michaelhaxhiu 6 days overdue. This is scarier than being forced to listen to Vogon poetry! |
|
@kavimuru still waiting on a response to the question above, if you have a moment! I'm going to close this GH until we follow up on that, as I'm not sure this is a candid bug yet. When I try to reproduce this with my test accounts, it seems you can open the magic link (i.e. unique URL) in as many tabs or incognitos as you want. The link only expires (i.e. you cannot access the URL anymore) after you actually submit the new password into the form.
|
|
@michaelhaxhiu Be sure to fill out the Contact List! |
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Issue was found when executing #6587
Action Performed:
(this URL shouldn't show the password set up page after it's viewed once already, right?)
Expected Result:
The form is replaced by an error message to check email for a new link and the user has been navigated to the root of the app.
Actual Result:
User are able to view their magic sign in link more than once (i.e. in a normal browser and then in an incognito browser right afterwards).
Platform:
Where is this issue occurring?
Version Number: 1.1.33 - 2
Reproducible in staging?: Yes
Reproducible in production?: Yes
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos:
Recording.162.mp4
Expensify/Expensify Issue URL:
Issue reported by: Applause
Slack conversation:
View all open jobs on GitHub
The text was updated successfully, but these errors were encountered: