Update signInWithShortLivedToken to use API.Write instead of DeprecateAPI commands

[NikkiWines]

Details

Replaces some deprecated API calls with updated commands.

cc: @iwiznia since you reviewed https://github.com/Expensify/Web-Expensify/pull/35791

Held on https://github.com/Expensify/Web-Expensify/pull/35791

Fixed Issues

$ Tied to https://github.com/Expensify/Expensify/issues/211669

Tests

1. Log into an account on oldDot and create a new Free policy
2. Confirm you're automatically logged into newDot as that user
3. Log out of the account on NewDot
4. Back in OldDot, click on the name of the free policy you created in step 1
5. Confirm you're logged back into newDot and that you land on the workspace page
6. Navigate to the /pricing page on oldDot and selected Free
7. Confirm you're logged back into newDot and that you land on the workspace page of a new workspace

• Verify that no errors appear in the JS console

Offline tests

N/A This action can only be taken while online. If you try this while offline in oldDot you get the following error:

QA Steps

1. Log into an account on oldDot and create a new Free policy
2. Confirm you're automatically logged into newDot as that user
3. Log out of the account on NewDot
4. Back in OldDot, click on the name of the free policy you created in step 1
5. Confirm you're logged back into newDot and that you land on the workspace page
6. Navigate to the /pricing page on oldDot and selected Free
7. Confirm you're logged back into newDot and that you land on the workspace page of a new workspace

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • iOS / native
  • Android / native
  • iOS / Safari
  • Android / Chrome
  • MacOS / Chrome
  • MacOS / Desktop
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I have checked off every checkbox in the PR author checklist, including those that don't apply to this PR.

Screenshots/Videos

AFAIK this can only be tested on web. The last PR that updated this logic (#8855) doesn't appear to have platform-specific tests.

Web

Screen.Recording.2022-12-09.at.16.44.58.mov

Mobile Web - Chrome

Mobile Web - Safari

Desktop

iOS

Android

[melvin-bot]

@Beamanator Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[Beamanator]

@NikkiWines think I should do a pre-review soon or wait for the Web-E PR to be merged? 🤔

[NikkiWines]

@Beamanator reviewing would be good, thanks! The [HOLD] here is more to prevent us from actually merging the code before the Web changes have been deployed, so that we don't break things.

[Beamanator]

Another question that's pretty NAB: It looks like your renamed signInWithShortLivedToken to be signInWithShortLivedAuthToken (here you basically just added the Auth term to the function name) but we still use the term shortLivedToken a decent amount - in App and even in Web-E (ex: the param isLoggingInWithShortLivedToken you're adding).

Do you think we should just leave this function name as signInWithShortLivedToken to keep many terms consistent? OR am I missing some other reason for the rename?

[Beamanator]

(haven't tested yet, just initial review ^ so far looks pretty groovy!

[NikkiWines]

Do you think we should just leave this function name as signInWithShortLivedToken to keep many terms consistent? OR am I missing some other reason for the rename?

Oh, yeah, that's a fair point. I was thinking it would be clearer to have it be signInWithShortLivedAuthToken but you're right that with the general usage of token for authToken it doesn't actually add any clarity. I'll change it back to the signInWithShortLivedToken. Although now then it's not aligned with the auth command name... which could also be updated I suppose (See comment below)

[NikkiWines]

In the end it seems like we use both shortLivedToken and shortLivedAuthToken fairly interchangeably, so I don't feel too strongly about the naming convention either way. Though it would be good to be consistent about it on both Web and App.

Do you have a preference on which to use? Happy to update both repos accordingly once we've decided.

Examples:
Web: 1, 2, 3

App: 1, 2

[NikkiWines]

@iwiznia @Beamanator updated

[Beamanator]

I kinda like the shortLivedAuthToken version better, since it's super clear it's a type of auth token instead of some other token.

I'm also approving b/c maybe this can be a follow-up PR iffffff you want - as you said, it would be nice to make it consistent in both repos eventually

[NikkiWines]

Yeah, I think a follow-up PR would be good! I'll spin one up today. @iwiznia and @Beamanator could one of you fill out the PR reviewer checklist as well please?

[arosiclair]

LGTM!

[arosiclair]

Yeah as long as the new accountID gets set on the session, the code @aimane-chnaif linked should register notifications.

[JmillsExpensify]

@aimane-chnaif Will you be able to test this PR today? We're trying to close the loop ahead of the upcoming holidays. Thank you!

[aimane-chnaif]

@aimane-chnaif Will you be able to test this PR today? We're trying to close the loop ahead of the upcoming holidays. Thank you!

yes, will be done in 2 hrs

[aimane-chnaif]

Sorry but there was a blocking here (429 too many requests error) so was not able to do in time.
Will complete tomorrow.

[aimane-chnaif]

Still stuck on 429 error

429.mov

[aimane-chnaif]

Tests well on both web and mWeb, when logged out or logged in with same account.
But app keeps loading forever (session expired) when already logged in with different account. It works fine on production (before this PR) so I think this should be addressed in this PR.

different.account.mov

[NikkiWines]

Oh yeah good call, investigating now

[NikkiWines]

Hmm, yeah, looks like in that case we somehow end up calling App.openApp() here without an authToken resulting in the 407 Session expired...

Looking more into it now

[JmillsExpensify]

Based on that last comment, I'm going to file this PR into the N7 project. It seems that we still have some sleuthing to do, and that makes the scope of what's still required unclear. The remainder of the API Unchained clean-up and follow-on refactors are happening there in any case.

[iwiznia]

Does that mean it is getting deprioritized or are we still finishing it?
Asking because I was waiting on this PR to be merged so that I can update my design doc related to the vulnerability I found.

[JmillsExpensify]

We should finish it! That's mainly a categorization thing, doesn't really change the priority.

[NikkiWines]

Ok, @iwiznia @aimane-chnaif (not requiring @Beamanator for a re-review because he's OOO) this is updated and should (hopefully) be working as expected 🤞

Screen.Recording.2022-12-23.at.20.01.08.mov

[aimane-chnaif]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified tests pass on all platforms & I tested again on:
  • Android / native
  • Android / Chrome
  • iOS / native
  • iOS / Safari
  • MacOS / Chrome / Safari
  • MacOS / Desktop
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Web

web.mov

Mobile Web - Chrome

Mobile Web - Safari

msafari.mov

Desktop

iOS

Android

[aimane-chnaif]

LGTM and tests well both on Web and mWeb for all 3 cases of initial app logged in status (same user, different user, logged out).

[JmillsExpensify]

@iwiznia Do you mind jumping into this review today. It's C+ approved and also blocks something else that you're working on, so let's get it merged and deployed this week.

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[github-actions]

Performance Comparison Report 📊

Significant Changes To Duration

There are no entries

Meaningless Changes To Duration

Show entries

Name	Duration
regularAppStart	0.015 ms → 0.018 ms (+0.004 ms, +24.7%) 🔴
nativeLaunch	10.290 ms → 9.414 ms (-0.877 ms, -8.5%)
TTI	846.344 ms → 839.037 ms (-7.307 ms, -0.9%)
runJsBundle	203.938 ms → 195.290 ms (-8.647 ms, -4.2%)

Show details

Name	Duration
regularAppStart	Baseline Mean: 0.015 ms Stdev: 0.001 ms (5.7%) Runs: 0.012817000038921833 0.013265000656247139 0.01355000026524067 0.01375299971550703 0.01375299971550703 0.013793999329209328 0.014078999869525433 0.014240999706089497 0.014240999706089497 0.014363999478518963 0.014444000087678432 0.01444500032812357 0.014566999860107899 0.014566999860107899 0.014607999473810196 0.014689000323414803 0.014689000323414803 0.014771000482141972 0.014812000095844269 0.014851000159978867 0.014851999469101429 0.015054999850690365 0.015096000395715237 0.015339999459683895 0.015381000004708767 0.01566499937325716 0.015665999613702297 0.015868999995291233 0.015868999995291233 0.015949999913573265 0.015951000154018402 0.0163569999858737 Current Mean: 0.018 ms Stdev: 0.001 ms (7.9%) Runs: 0.01505500078201294 0.0163569999858737 0.016968000680208206 0.017048999667167664 0.017129999585449696 0.017171000130474567 0.017211000435054302 0.0174150001257658 0.017455999739468098 0.01769999973475933 0.017741000279784203 0.017985000275075436 0.018147999420762062 0.0183100001886487 0.018391999416053295 0.018391999416053295 0.01843300089240074 0.0185139998793602 0.0185139998793602 0.01855500042438507 0.018595000728964806 0.019043000414967537 0.019205999560654163 0.01945000048726797 0.019531000405550003 0.01981700025498867 0.021037000231444836 0.021564999595284462 0.021727999672293663
nativeLaunch	Baseline Mean: 10.290 ms Stdev: 1.669 ms (16.2%) Runs: 8 8 8 9 9 9 9 9 9 9 9 9 10 10 10 10 10 10 10 10 11 11 11 12 12 12 12 12 12 14 15 Current Mean: 9.414 ms Stdev: 1.565 ms (16.6%) Runs: 7 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 9 9 9 9 10 10 10 11 11 11 12 13 14
TTI	Baseline Mean: 846.344 ms Stdev: 40.424 ms (4.8%) Runs: 772.8177680000663 772.8908510003239 781.9427290000021 793.4591709999368 795.5246059997007 811.1094819996506 811.3677009996027 818.3535580001771 829.3680279999971 829.3924620002508 834.4826779998839 837.6741070002317 842.2741609998047 843.5889250002801 843.8288719998673 855.8313130000606 856.0628629997373 858.3883339995518 858.9642660003155 859.5645789997652 861.4696850003675 866.951408999972 868.079993000254 869.1071450002491 869.8731389995664 889.8290419997647 899.3841500002891 905.1343890000135 908.6817610003054 944.9205889999866 Current Mean: 839.037 ms Stdev: 30.289 ms (3.6%) Runs: 791.7254020003602 800.8090930003673 801.7733969995752 805.3159469999373 805.6520410003141 812.5467630000785 814.4049389995635 815.1886219996959 818.9162029996514 819.4609169997275 820.8002009997144 830.2490400001407 831.3296220004559 834.4979680003598 835.4216759996489 839.993986999616 842.6001450000331 845.4017880000174 847.2671579997987 849.2515240004286 850.1631119996309 856.719860999845 859.0951699996367 861.0409960001707 861.1704259999096 870.0744589995593 886.9620749996975 904.4915699996054 919.7395700002089
runJsBundle	Baseline Mean: 203.938 ms Stdev: 25.599 ms (12.6%) Runs: 174 175 175 176 178 179 183 184 184 184 185 185 188 192 196 196 201 202 202 205 207 209 218 218 220 226 232 240 245 245 249 273 Current Mean: 195.290 ms Stdev: 16.834 ms (8.6%) Runs: 170 170 177 178 179 181 181 182 183 184 185 186 188 189 191 193 195 197 197 198 199 200 204 206 208 210 211 216 224 235 237

[OSBotify]

🚀 Deployed to staging by @iwiznia in version: 1.2.44-0 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

[OSBotify]

🚀 Deployed to production by @chiragsalian in version: 1.2.44-0 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅