Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[HOLD for payment - waiting on deploy][$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth #48034

Closed
2 of 6 tasks
m-natarajan opened this issue Aug 26, 2024 · 29 comments
Assignees
Labels
AutoAssignerNewDotQuality Used to assign quality issues to engineers Bug Something is broken. Auto assigns a BugZero manager. External Added to denote the issue can be worked on by a contributor Reviewing Has a PR in review Weekly KSv2

Comments

@m-natarajan
Copy link

m-natarajan commented Aug 26, 2024

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!


Version Number: 9.0.24-4
Reproducible in staging?: Y
Reproducible in production?: Y
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: @tgolen
Slack conversation: https://expensify.slack.com/archives/C05LX9D6E07/p1724704755405909

Action Performed:

  1. Go to staging.new.expensify.com
  2. Click Account settings > Security > Two Factor authentication setting

Expected Result:

No duplicate calls API calls

Actual Result:

Two duplicate API requests for EnableTwoFactorAuth

Workaround:

Can the user still use Expensify without this being fixed? Have you informed them of the workaround?

Platforms:

Which of our officially supported platforms is this issue occurring on?

  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
  • MacOS: Desktop

Screenshots/Videos

2024-08-26_14-37-41.mp4

Full Screen #9

Add any screenshot/video evidence

View all open jobs on GitHub

Upwork Automation - Do Not Edit
  • Upwork Job URL: https://www.upwork.com/jobs/~0184daf84295192016
  • Upwork Job ID: 1828808342978232742
  • Last Price Increase: 2024-09-04
  • Automatic offers:
    • Nodebrute | Contributor | 103846483
@m-natarajan m-natarajan added Daily KSv2 Bug Something is broken. Auto assigns a BugZero manager. AutoAssignerNewDotQuality Used to assign quality issues to engineers labels Aug 26, 2024
Copy link

melvin-bot bot commented Aug 26, 2024

Current assignee @tgolen is eligible for the AutoAssignerNewDotQuality assigner, not assigning anyone new.

Copy link

melvin-bot bot commented Aug 26, 2024

Triggered auto assignment to @johncschuster (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

@Nodebrute
Copy link
Contributor

Nodebrute commented Aug 26, 2024

Edited by proposal-police: This proposal was edited at 2024-08-28 16:13:58 UTC.

Proposal

Please re-state the problem that we are trying to solve in this issue.

Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth

What is the root cause of that problem?

The behavior you're seeing, where not just the two-factor authentication call but all calls in useEffect are running twice, is due to React's Strict Mode. This change was introduced in this PR and is only in the development environment. We do not see this behavior in the production build.

What changes do you think we should make in order to solve the problem?

I prefer turning off Strict Mode, as introduced in this PR This way, development and production environments will behave the same.

Note: StrictMode is not needed for concurrent react to work but it is much safer to use it.

We can disable strict mode from here

USE_REACT_STRICT_MODE_IN_DEV: true,

What alternative solutions did you explore? (Optional)

We can create a ref and then in useEffect we can early return if it's already mounted. With the implementation of useRef, we ensure that API calls within useEffect are made only once, even in development mode with React's Strict Mode enabled. This method prevents multiple invocations of the effect due to Strict Mode's behavior.


We can do something like this

    const isMounted = useRef(false);
    useEffect(() => {
        if (isMounted.current) {
            return; // Exit early if effect has already run
        }
        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
        if (account?.requiresTwoFactorAuth || account?.recoveryCodes || !isUserValidated) {
            return;
        }
        Session.toggleTwoFactorAuth(true);
        isMounted.current = true;
     
    }, [isUserValidated]);

@abzokhattab
Copy link
Contributor

Not able to reproduce the issue on prod

@tgolen
Copy link
Contributor

tgolen commented Aug 28, 2024

Thanks for the investigation @Nodebrute. I think the thing that I really dislike about that is now dev is a very different environment than production, which makes testing and development much more difficult. We are being forced into some weird patterns (using a bunch of useRef) to try and get development to work more like we expect production to work.

Do you know if React is planning to make production work in this concurrent mode like dev is running in? I guess that would return it to an apples-to-apples situation at some point, which is better, but I really don't like having to guess "does this only happen in dev or not".

I'm going to assign this to external and get a C+ to review your proposal to implement (because even though it only happens in dev, it messed me up enough that I think it's worth fixing).

@tgolen tgolen added the External Added to denote the issue can be worked on by a contributor label Aug 28, 2024
@melvin-bot melvin-bot bot changed the title Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth [$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth Aug 28, 2024
Copy link

melvin-bot bot commented Aug 28, 2024

Job added to Upwork: https://www.upwork.com/jobs/~0184daf84295192016

@melvin-bot melvin-bot bot added the Help Wanted Apply this label when an issue is open to proposals by contributors label Aug 28, 2024
Copy link

melvin-bot bot commented Aug 28, 2024

Triggered auto assignment to Contributor-plus team member for initial proposal review - @mollfpr (External)

@tgolen
Copy link
Contributor

tgolen commented Aug 30, 2024

@mollfpr Are you OK with the proposal here? I think it's OK to move forward with.

@johncschuster
Copy link
Contributor

johncschuster commented Aug 30, 2024

@mollfpr bump on the above!

@mollfpr
Copy link
Contributor

mollfpr commented Sep 2, 2024

Sorry for the delay!

Are you OK with the proposal #48034 (comment)? I think it's OK to move forward with.

@tgolen The issue seems to affect other pages for example OpenReport and OpenInitialSettingsPage . I'm onboard if we decide to specifically fix the issue for this 2FA page.

Also, the solution doesn't fix your issue here #48030 (comment).

@melvin-bot melvin-bot bot removed the Overdue label Sep 2, 2024
@Nodebrute
Copy link
Contributor

@mollfpr The issue affects any API calls made within useEffect because Strict Mode runs effects twice. To ensure consistency between production and development, we can turn off Strict Mode.

@tgolen
Copy link
Contributor

tgolen commented Sep 2, 2024

Also, the solution doesn't fix your issue here #48030 (comment).

OK, thanks!

@tgolen The issue seems to affect other pages for example OpenReport and OpenInitialSettingsPage .

@mollfpr The issue affects any API calls made within useEffect because Strict Mode runs effects twice. To ensure consistency between production and development, we can turn off Strict Mode.

OK, that is a bit unfortunate. Maybe we should discuss this on Slack in the open-source channel?

@tgolen
Copy link
Contributor

tgolen commented Sep 3, 2024

I started a conversation about it in Slack here.

@johncschuster
Copy link
Contributor

Thanks for doing that, @tgolen! 🙌

Copy link

melvin-bot bot commented Sep 4, 2024

📣 It's been a week! Do we have any satisfactory proposals yet? Do we need to adjust the bounty for this issue? 💸

Copy link

melvin-bot bot commented Sep 5, 2024

@tgolen, @johncschuster, @mollfpr Whoops! This issue is 2 days overdue. Let's get this updated quick!

@melvin-bot melvin-bot bot added the Overdue label Sep 5, 2024
@johncschuster
Copy link
Contributor

It looks like the discussion in Slack may still be ongoing.

@johncschuster
Copy link
Contributor

@mollfpr I haven't been able to follow the discussion very closely. Do you feel we've come to a conclusion? If so, can you summarize where we've landed?

@melvin-bot melvin-bot bot removed the Overdue label Sep 5, 2024
@mollfpr
Copy link
Contributor

mollfpr commented Sep 6, 2024

I haven't been able to follow the discussion very closely. Do you feel we've come to a conclusion? If so, can you summarize where we've landed?

We haven't had any conclusion yet, but we might have a holistic solution to fix this issue. I think it's better to move this issue weekly/monthly and I'll keep visiting the thread.

@tgolen
Copy link
Contributor

tgolen commented Sep 6, 2024

I think there was enough support internally for disabling strict mode by default until there is a more clear problem statement and project detailing what is expected to be gained from having strict mode enabled.

@Nodebrute Can you please update your proposal and I'll go ahead and assign this to you.

@melvin-bot melvin-bot bot removed the Help Wanted Apply this label when an issue is open to proposals by contributors label Sep 6, 2024
Copy link

melvin-bot bot commented Sep 6, 2024

📣 @Nodebrute 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

@Nodebrute Nodebrute mentioned this issue Sep 6, 2024
50 tasks
@melvin-bot melvin-bot bot added Reviewing Has a PR in review Weekly KSv2 and removed Daily KSv2 labels Sep 6, 2024
@johncschuster johncschuster changed the title [$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth [HOLD for payment][$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth Sep 10, 2024
@johncschuster johncschuster changed the title [HOLD for payment][$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth [HOLD for payment - waiting on deploy][$250] Opening Two-Factor Authentication settings causes two duplicate API requests for EnableTwoFactorAuth Sep 12, 2024
@johncschuster
Copy link
Contributor

Waiting on QA to test the fix. @tgolen, it looks like Applause is asking on the PR which URL should be used for staging. Can you let them know?

@mollfpr
Copy link
Contributor

mollfpr commented Sep 16, 2024

I have replied to the question.

@johncschuster
Copy link
Contributor

@mollfpr / @tgolen, I'm reviewing the linked PR to calculate the payment date, but I'm having trouble finding what I'm looking for. On #48722, I see it approved and merged but not deployed. I see our internal SO articles refer to using the merge date to calculate the regression threshold window, but without a deploy, I don't think we can really test for regressions. Can you help me sort out the date so I don't hold this one up?

@mollfpr
Copy link
Contributor

mollfpr commented Sep 19, 2024

@johncschuster I think we can use the date for this issue #48791 closed. It's 11th September.

@johncschuster
Copy link
Contributor

johncschuster commented Sep 20, 2024

Payment Summary:

Contributor: @Nodebrute paid $250 via Upwork - PAID

Contributor+: @mollfpr due $250 via NewDot

Upwork job here! Please apply

@mollfpr can you please provide regression test steps if they are necessary?

@mollfpr
Copy link
Contributor

mollfpr commented Sep 22, 2024

@johncschuster I think we don't need a regression step since it's only affecting the development side and it's knowingly a feature from React but we happen not to need it yet.

@johncschuster
Copy link
Contributor

johncschuster commented Sep 23, 2024

Ok great! Thanks for clarifying that! Please request payment via NewDot!

@garrettmknight
Copy link
Contributor

$250 approved for @mollfpr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
AutoAssignerNewDotQuality Used to assign quality issues to engineers Bug Something is broken. Auto assigns a BugZero manager. External Added to denote the issue can be worked on by a contributor Reviewing Has a PR in review Weekly KSv2
Projects
Development

No branches or pull requests

16 participants
@tgolen @garrettmknight @johncschuster @mollfpr @m-natarajan @abzokhattab @Nodebrute and others