Validate an unvalidated account when they enter a magic code in the "Let's make sure it's you" prompt

[trjExpensify]

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

---

Version Number: v9.0.85-4
Reproducible in staging?: Y
Reproducible in production?: Y
If this was caught on HybridApp, is this reproducible on New Expensify Standalone?: N/A
If this was caught during regression testing, add the test name, ID and link from TestRail: No
Email or phone of affected tester (no customers):
Logs: https://stackoverflow.com/c/expensify/questions/4856
Expensify/Expensify Issue URL:
Issue reported by: @trjExpensify
Slack conversation: #convert

Action Performed:

1. Create a new account on new.expensify.com
2. Go to Settings > Security > Add copilot
3. Enter the magic code sent.

Expected Result:

Entering a magic code (successfully) should validate an unvalidated account

Actual Result:

The magic code is not accepted because the account isn't validated.

Workaround:

Can the user still use Expensify without this being fixed? Have you informed them of the workaround?
Yes, go to Settings > profile > contact method and validate the primaryLogin. Then, try again.

Platforms:

Which of our officially supported platforms is this issue occurring on?

• Android: Standalone
• Android: HybridApp
• Android: mWeb Chrome
• iOS: Standalone
• iOS: HybridApp
• iOS: mWeb Safari
• MacOS: Chrome / Safari
• MacOS: Desktop

Screenshots/Videos

View all open jobs on GitHub

[melvin-bot]

Triggered auto assignment to @Christinadobrzyn (Bug), see https://stackoverflow.com/c/expensify/questions/14418 for more details. Please add this bug to a GH project, as outlined in the SO.

[github-actions]

⚠️ Thanks for your proposal. Please update it to follow the proposal template, as proposals are only reviewed if they follow that format.

[github-actions]

⚠️ Thanks for your proposal. Please update it to follow the proposal template, as proposals are only reviewed if they follow that format.

[Shahidullah-Muffakir]

Proposal

Please re-state the problem that we are trying to solve in this issue.

When an unvalidated user tries to add a copilot through the Security settings, they receive a magic code. However, this code can only be used for adding a copilot - it can't validate their account. Instead, users must separately go to Profile > Contacts to validate their account first.

What is the root cause of that problem?

The root case is the we are not checking the validation of the primary login before sending magic for adding a copilot

App/src/pages/settings/Security/AddDelegate/DelegateMagicCodeModal.tsx

Line 60 in 1020de1

handleSubmitForm={(validateCode) => Delegate.addDelegate(login, role, validateCode)}

What changes do you think we should make in order to solve the problem?

When an unvalidated user clicks the "Add copilot" button, we should redirect them to the "This feature requires you to validate your account" modal. This is the same behavior users see when trying to add a payment method without validation.
in the

App/src/pages/settings/Security/AddDelegate/ConfirmDelegatePage.tsx

Line 52 in db92719

onPress={() => setIsValidateCodeActionModalVisible(true)}

    onPress={() => (isUserValidated ? setIsValidateCodeActionModalVisible(true) : Navigation.navigate(ROUTES.SETTINGS_WALLET_VERIFY_ACCOUNT.getRoute()))}

What specific scenarios should we cover in automated tests to prevent reintroducing this issue in the future?

What alternative solutions did you explore? (Optional)

Alternative 1:

In the ConfirmDelegatePage page check if user is not validated, then redirect it to the Contact method validation page,

App/src/pages/settings/Security/AddDelegate/ConfirmDelegatePage.tsx

Line 52 in db92719

onPress={() => setIsValidateCodeActionModalVisible(true)}

as:

onPress={() => account?.validated  ? setIsValidateCodeActionModalVisible(true): Navigation.navigate(ROUTES.SETTINGS_CONTACT_METHOD_DETAILS.getRoute(account.primaryLogin))}

Alternative 2:
We should update the logic in the handleSubmitForm and sendValidateCode functions to account for the validation status of the account. Specifically, the logic should check if the account is validated before proceeding to delegate actions.

App/src/pages/settings/Security/AddDelegate/DelegateMagicCodeModal.tsx

Line 60 in 1020de1

handleSubmitForm={(validateCode) => Delegate.addDelegate(login, role, validateCode)}

1. Replace the current sendValidateCode function with:

sendValidateCode={() => {
    return account?.validated ? User.requestValidateCodeAction() : 
    User.requestContactMethodValidateCode(account?.primaryLogin ?? '');
}}

2. Update the handleSubmitForm function with:

handleSubmitForm={(validateCode) => {
    return account?.validated ? Delegate.addDelegate(login, role, validateCode) : 
    User.validateSecondaryLogin(loginList, account?.primaryLogin, validateCode);
}}

3. and validatePendingAction={account?.validated ? null : loginData.pendingFields?.validateCodeSent}

Recording of main solution

Screen.20Recording.202025-01-16.20at.206.mp4

[allgandalf]

This should be handled in the BE