[HOLD for payment 2023-10-02] [$500] "Intro to your school principal" page is accessible with a public email

[marcochavezf]

If you haven’t already, check out our contributing guidelines for onboarding and email [email protected] to request to join our Slack channel!

---

Action Performed:

1. Sign-up with a public domain
2. Go to https://staging.new.expensify.com/save-the-world/intro-school-principal (or /teachersunite/intro-school-principal after this PR is merged).

Expected Result:

1. The user should be redirected to the page Update your email address (which is the page i-am-a-teacher).

Actual Result:

1. The page "Intro to your school principal" is shown

Workaround:

Navigate to the other page, which should happen automatically

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android / native
• Android / Chrome
• iOS / native
• iOS / Safari
• MacOS / Chrome / Safari
• MacOS / Desktop

Version Number:
Reproducible in staging?:
Reproducible in production?:
If this was caught during regression testing, add the test name, ID and link from TestRail:
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Notes/Photos/Videos: Any additional supporting documentation
Expensify/Expensify Issue URL:
Issue reported by:
Slack conversation:

Screen.Recording.2023-09-12.at.16.55.38.mov

View all open jobs on GitHub

Upwork Automation - Do Not Edit

• Upwork Job URL: https://www.upwork.com/jobs/~019ebe462993141653
• Upwork Job ID: 1701832137355866112
• Last Price Increase: 2023-09-13
• Automatic offers:
• aimane-chnaif | Reviewer | 26744505
• akinwale | Contributor | 26744506

[melvin-bot]

Triggered auto assignment to @anmurali (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details.

[melvin-bot]

Bug0 Triage Checklist (Main S/O)

• This "bug" occurs on a supported platform (ensure Platforms in OP are ✅)
• This bug is not a duplicate report (check E/App issues and #expensify-bugs)
  • If it is, comment with a link to the original report, close the issue and add any novel details to the original issue instead
• This bug is reproducible using the reproduction steps in the OP. S/O
  • If the reproduction steps are clear and you're unable to reproduce the bug, check with the reporter and QA first, then close the issue.
  • If the reproduction steps aren't clear and you determine the correct steps, please update the OP.
• This issue is filled out as thoroughly and clearly as possible
  • Pay special attention to the title, results, platforms where the bug occurs, and if the bug happens on staging/production.
• I have reviewed and subscribed to the linked Slack conversation to ensure Slack/Github stay in sync

[marcochavezf]

For this solution, we should consolidate the content of both pages in just one page i-am-a-teacher since we're planning to share the link with the i-am-a-teacher route, and the content should appear dynamically depending on the domain of the main contact method.

[akinwale]

Proposal

Please re-state the problem that we are trying to solve in this issue.

"Intro to your school principal" page is accessible if a user with a public email accesses the URL directly.

What is the root cause of that problem?

There is no check for the current profile email in the IntroSchoolPrincipalPage component.

What changes do you think we should make in order to solve the problem?

Solution 1 (consolidation to a single page)

1. Create a folder in the TeachersUnite page to contain both components (optional)
2. Update the existing ImTeacherPage with the following changes to render both pages.
3. Add the withOnyx HOC and add the session key to withOnyx.

+session: {
+    key: ONYXKEYS.SESSION,
+},

4. Add the check for the public email domain in the component.

const isLoggedInEmailPublicDomain = LoginUtils.isEmailPublicDomain(props.session.email);

5. Either return the correct page based on the result of the check for public domain.

return (isLoggedInEmailPublicDomain ? <ImTeacherUpdateEmailPage ...props /> : <IntroSchoolPrincipalPage ...props />);

6. Or create two methods (eg renderImTeacherUpdateEmail() and renderIntroSchoolPrincipal) to render the actual content for each respective page, and then render by delegating to the corresponding method.

Solution 2 (redirect)
Make the following updates in the IntroSchoolPrincipalPage component.

1. Add the session key to withOnyx.

+session: {
+    key: ONYXKEYS.SESSION,
+},

2. Add the check for the public email domain.

const isLoggedInEmailPublicDomain = LoginUtils.isEmailPublicDomain(props.session.email);

3. If the current logged in session has an email with a public domain, then redirect the user to the i am a teacher route to update their email address.

useFocusEffect(() => {
    if (isLoggedInEmailPublicDomain) {
        Navigation.navigate(ROUTES.I_AM_A_TEACHER);
    }
});

What alternative solutions did you explore? (Optional)

None.

[marcochavezf]

Making it external to assign a C+ to review the proposal and move this forward

[melvin-bot]

Job added to Upwork: https://www.upwork.com/jobs/~019ebe462993141653

[melvin-bot]

Current assignee @anmurali is eligible for the External assigner, not assigning anyone new.

[melvin-bot]

Triggered auto assignment to Contributor-plus team member for initial proposal review - @aimane-chnaif (External)

[tienifr]

Proposal

Please re-state the problem that we are trying to solve in this issue.

There're 2 issues related to this flow:

1. The page "Intro to your school principal" is shown if going by route directly and the user's email is public domain (the issue in the OP)
2. If the user goes directly to save-the-world/i-am-a-teacher, and the user's email is school email already, it will still show the Update your email address page and force the user to update the email, without any way to go to the "Intro to your school principal" page (unless you go back and click on `I am a teacher again)

What is the root cause of that problem?

We're not adding a guard to make sure the condition is met before showing the screen.

In IntroSchoolPrincipalPage, we're not validating that the user has non-public email domain, same for the ImTeacherPage, we're not validating the user has public email domain.

What changes do you think we should make in order to solve the problem?

1. We need to replace (by using CONST.NAVIGATION.TYPE.UP or FORCED_UP) the current screen with the intended screen if the user doesn't meet the guarding condition for that screen.

In IntroSchoolPrincipalPage, after this line, we can add:

const isLoggedInEmailPublicDomain = LoginUtils.isEmailPublicDomain(props.session.email);

if (isLoggedInEmailPublicDomain) {
    Navigation.navigate(ROUTES.I_AM_A_TEACHER, CONST.NAVIGATION.TYPE.UP);
    return null;
}

(The session should be connected by using withOnyx)

We have to replace rather than navigate because if we navigate, the guarded screen will still be behind in the navigation stack and clicking back will go to that guarded screen, and again navigate to the redirect screen, causing infinite looping.

Early return null above will also make sure we don't re-render anything redundant because in this case we just need to replace with the correct screen. We can use useEffect or useFocusEffect instead if we want to.

However, there's an issue where it's still going back to the ImTeacherPage once, that's because of this hidden bug. Initially when the navigating is not ready, we save the pendingRoute here but we don't save the navigation type. So when the navigation is ready it navigates without the type, so it's still navigate and not replace.

We need to fix it so the pendingRoute will contain the type as well by updating this line to

pendingRoute = {
    route,
    type
};

and this line to

navigate(pendingRoute.route, pendingRoute.type);

2. If we decide that issue 2 mentioned above is also a bug, we should fix same as 1, just that the guarding condition is user has public email and the target screen if guarding condition does not match is "go to Intro to your school principal" screen.

What alternative solutions did you explore? (Optional)

We can create a useScreenGuard(isAllowed, fallbackScreen) to wrap the screen guarding logic, since I think we might have to use it many times in the future and we want it to be implemented properly.

So we can just use it like useScreenGuard(isLoggedInEmailPublicDomain, ROUTES.I_AM_A_TEACHER)

[sreejit123]

Hello, I saw the posting at https://www.upwork.com/jobs/500-quot-Intro-your-school-principal-quot-page-accessible-with-public-email-27225-Expensify_~019ebe462993141653/?referrer_url_path=find_work_home.
My upwork ID: https://www.upwork.com/freelancers/sreejitc

For the solution, we can make the changes in the IntroSchoolPrincipalPage, The component receives the logged in email props in the form of loginList. Either we can use the first key in loginList, or we may use the key partnerUserID inside it. We have a util function LoginUtils.isEmailPublicDomain which we can use to determine if the email is from a public domain.
Finally, to redirect to the Routes. I_AM_A_TEACHER , we can use useEffect(recommended as we are introducing this redirect as a side-effect, something like this:
useEffect(() => { const email = Object.keys(props.loginList)[0]; if (!email || LoginUtils.isEmailPublicDomain(email)) { Navigation.navigate(ROUTES.I_AM_A_TEACHER); } }, []);

Please let me know if this looks good. I have two questions which I am looking to get answered:

• Shouldn't we route to the SAVE_THE_WORLD page which is technically the root page of the teacher screens and contains links to both I_KNOW_A_TEACHER and I_AM_A_TEACHER, thus bypassing any side-effect of the flow?
• What should be the flow if the logged in user has used their phone number and not email?
  Thanks

[melvin-bot]

📣 @sreejit123! 📣
Hey, it seems we don’t have your contributor details yet! You'll only have to do this once, and this is how we'll hire you on Upwork.
Please follow these steps:

1. Get the email address used to login to your Expensify account. If you don't already have an Expensify account, create one here. If you have multiple accounts (e.g. one for testing), please use your main account email.
2. Get the link to your Upwork profile. It's necessary because we only pay via Upwork. You can access it by logging in, and then clicking on your name. It'll look like this. If you don't already have an account, sign up for one here.
3. Copy the format below and paste it in a comment on this issue. Replace the placeholder text with your actual details.
   
   Format:

Contributor details
Your Expensify account email: <REPLACE EMAIL HERE>
Upwork Profile Link: <REPLACE LINK HERE>

[sreejit123]

Contributor details
Your Expensify account email: [email protected]
Upwork Profile Link: https://www.upwork.com/freelancers/sreejitc

[melvin-bot]

✅ Contributor details stored successfully. Thank you for contributing to Expensify!

[marcochavezf]

Hi @aimane-chnaif, could you check the proposals when you have a chance?

[marcochavezf]

Friendly bump @aimane-chnaif

[aimane-chnaif]

@akinwale can you please share demo video for the below cases after applying your solution 1?

Directly go to

• /save-the-world/intro-school-principal with school email
• /save-the-world/intro-school-principal with public email
• /save-the-world/i-am-a-teacher with school email
• /save-the-world/i-am-a-teacher with public email

[akinwale]

@akinwale can you please share demo video for the below cases after applying your solution 1?

Directly go to

• /save-the-world/intro-school-principal with school email
• /save-the-world/intro-school-principal with public email
• /save-the-world/i-am-a-teacher with school email
• /save-the-world/i-am-a-teacher with public email

How do I create an account with a school email? Can I use any private domain for this?

[aimane-chnaif]

@akinwale can you please share demo video for the below cases after applying your solution 1?
Directly go to

• /save-the-world/intro-school-principal with school email
• /save-the-world/intro-school-principal with public email
• /save-the-world/i-am-a-teacher with school email
• /save-the-world/i-am-a-teacher with public email

How do I create an account with a school email? Can I use any private domain for this?

I am not sure. Question for @marcochavezf

[akinwale]

I am not sure. Question for @marcochavezf

I checked the isEmailPublicDomain implementation. Looks like any private email domain would work. I'll have the videos up in a bit.

[akinwale]

@aimane-chnaif Here are the videos. The URL prefix in latest main is teachersunite, not save-the-world.

27225-public-email.mp4

27225-private-email.mp4

Since the plan is to eliminate direct navigation to the Intro to School Principal, the route defined in ModalStackNavigators is also edited out. Here's what the updated ImTeacherPage looks like.

handleNavigation in the SaveTheWorldPage component will also be changed to just one method call: Navigation.navigate(ROUTES.I_AM_A_TEACHER);

[melvin-bot]

Current assignee @marcochavezf is eligible for the choreEngineerContributorManagement assigner, not assigning anyone new.

[marcochavezf]

I think the solution in the videos here is better (redirecting the user) instead of showing not-found. The user could be accessing the link directly from another source, and it would be confusing to show the not found page (which can be perceived as a bug) vs. just redirecting them to the page to update their email.

[melvin-bot]

📣 @aimane-chnaif 🎉 An offer has been automatically sent to your Upwork account for the Reviewer role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job

[melvin-bot]

📣 @akinwale 🎉 An offer has been automatically sent to your Upwork account for the Contributor role 🎉 Thanks for contributing to the Expensify app!

Offer link
Upwork job
Please accept the offer and leave a comment on the Github issue letting us know when we can expect a PR to be ready for review 🧑‍💻
Keep in mind: Code of Conduct | Contributing 📖

[marcochavezf]

Assigning @akinwale 🚀

[akinwale]

I think the solution in the videos here is better (redirecting the user) instead of showing not-found. The user could be accessing the link directly from another source, and it would be confusing to show the not found page (which can be perceived as a bug) vs. just redirecting them to the page to update their email.

I was assuming that the intro-school-principal wasn't accessible publicly yet.

In this case, should we:

1. Modify the route to take the user to the teachersunite landing like in the video? Or
2. Modify the route to display the i-am-a-teacher page?

EDIT: It's 4am and I don't know how to read. I'm assuming that the most likely option we're going with here would be 2.

[akinwale]

@aimane-chnaif My PR is ready for review.

[aimane-chnaif]

This issue should be on hold for now until we determine next step - #27750 (comment)

[marcochavezf]

Commented in the PR, it's fine to continue with the PR while the STW is not enabled. Just we'd need to fix the conflicts @akinwale

[melvin-bot]

Based on my calculations, the pull request did not get merged within 3 working days of assignment. Please, check out my computations here:

• when @akinwale got assigned: 2023-09-19 02:52:24 Z
• when the PR got merged: 2023-09-22 05:11:29 UTC
• days elapsed: 3

On to the next one 🚀

[melvin-bot]

Reviewing label has been removed, please complete the "BugZero Checklist".

[melvin-bot]

The solution for this issue has been 🚀 deployed to production 🚀 in version 1.3.73-1 and is now subject to a 7-day regression period 📆. Here is the list of pull requests that resolve this issue:

• fix: consolidate 'I am a Teacher' and 'Intro to School Principal' pages #27750

If no regressions arise, payment will be issued on 2023-10-02. 🎊

After the hold period is over and BZ checklist items are completed, please complete any of the applicable payments for this issue, and check them off once done.

• External issue reporter
• Contributor that fixed the issue
• Contributor+ that helped on the issue and/or PR

For reference, here are some details about the assignees on this issue:

• @akinwale requires payment offer (Contributor)
• @aimane-chnaif requires payment offer (Reviewer)

As a reminder, here are the bonuses/penalties that should be applied for any External issue:

• Merged PR within 3 business days of assignment - 50% bonus
• Merged PR more than 9 business days after assignment - 50% penalty

[melvin-bot]

BugZero Checklist: The PR fixing this issue has been merged! The following checklist (instructions) will need to be completed before the issue can be closed:

• [@aimane-chnaif] The PR that introduced the bug has been identified. Link to the PR:
• [@aimane-chnaif] The offending PR has been commented on, pointing out the bug it caused and why, so the author and reviewers can learn from the mistake. Link to comment:
• [@aimane-chnaif] A discussion in #expensify-bugs has been started about whether any other steps should be taken (e.g. updating the PR review checklist) in order to catch this type of bug sooner. Link to discussion:
• [@aimane-chnaif] Determine if we should create a regression test for this bug.
• [@aimane-chnaif] If we decide to create a regression test for the bug, please propose the regression test steps to ensure the same bug will not reach production again.
• [@anmurali] Link the GH issue for creating/updating the regression test once above steps have been agreed upon:

[anmurali]

Both paid.