Fix `OpenApp` failures due to expired authToken by marcaaron · Pull Request #11151 · Expensify/App

marcaaron · 2022-09-20T20:35:05Z

Details

This is kind of a quick fix, but I think in the longer term we will want to:

Deprecate the old API completely
Re-imagine our re-authentication logic

Here's the basic logic behind this PR...

READ requests and makeRequestWithSideEffects were originally envisioned to be non-retryable requests
At some point in the refactors, we missed a detail that these still need to be retried if there's an authenticate failure
So this PR will add the behavior:
- re-authenticate when a read or makeRequestWithSideEffects fails
- if it's a makeRequestWithSideEffects we'll want the original response returned so we will chain them like we do requests in the sequential queue
- if it's a read then we will reauthenticate but not call the original request directly and instead trigger the reconnection callbacks so that any registered fetchData() calls can be updated now that we have the new authToken from the authenticate response.

Weird stuff...

I also noticed that some writes that started after read requests failed because they also require re-authentication. It didn't make sense that we would encounter that situation before since two writes can't possibly happen simultaneously and reauthentication is blocking in the sequential queue.

I think it would be fairly safe to just remove that logic and if we are already reauthenticating then just let another reauthentication happen. So that's my general plan for this.

Fixed Issues

$ #11081

Tests

Create a chat with User A and User B
As User A invalidate the authToken via the preferences panel and close out of the tab
In a separate session as User B send User A a message
Open the app as User A again
Verify that the auth response returned 407 jsonCode
Verify that we see a log about reconnection callbacks happening because of the expired authToken and that ReconnectApp eventually returns 200 jsonCode

[info] Finished API request - {"command":"OpenApp","jsonCode":407,"requestID":"bXfJAG"}
Log.js?f092:55 [info] Making API request - {"command":"Authenticate","shouldUseSecure":false}
Log.js?f092:55 [info] Finished API request - {"command":"OpenReport","jsonCode":407,"requestID":"BEvZV0"}
Log.js?f092:55 [info] Making API request - {"command":"Authenticate","shouldUseSecure":false}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":407,"requestID":"lhi2ep"}
Log.js?f092:55 [info] Making API request - {"command":"Authenticate","shouldUseSecure":false}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":407,"requestID":"67EeNR"}
Log.js?f092:55 [info] Making API request - {"command":"Authenticate","shouldUseSecure":false}
Log.js?f092:55 [info] [Onyx] set() called for key: reportDraftComment_7256767318622412 - ""
Log.js?f092:55 [info] Finished API request - {"command":"Authenticate","shouldUseSecure":false,"jsonCode":200,"requestID":"6iYCke"}
Log.js?f092:55 [info] [Onyx] set() called for key: session properties: loading,shouldShowComposeInput,authToken,accountID,email,encryptedAuthToken - ""
Log.js?f092:55 [info] [NetworkConnection] Firing reconnection callbacks because read request made with expired authToken - ""
Log.js?f092:55 [info] Making API request - {"command":"ReconnectApp"}
Timing.js?e2bb:46 Timing:expensify.cash.sidebar_links_filter_reports 0
Log.js?f092:55 [info] [Onyx] set() called for key: isLoadingReportData - ""
Log.js?f092:55 [info] Finished API request - {"command":"Authenticate","shouldUseSecure":false,"jsonCode":200,"requestID":"yeEGJh"}
Log.js?f092:55 [info] [Onyx] set() called for key: session properties: loading,shouldShowComposeInput,authToken,accountID,email,encryptedAuthToken - ""
Log.js?f092:55 [info] Making API request - {"command":"OpenReport"}
Timing.js?e2bb:46 Timing:expensify.cash.sidebar_links_filter_reports 0
Log.js?f092:55 [info] Finished API request - {"command":"Authenticate","shouldUseSecure":false,"jsonCode":200,"requestID":"5T4aDe"}
Log.js?f092:55 [info] [Onyx] set() called for key: session properties: loading,shouldShowComposeInput,authToken,accountID,email,encryptedAuthToken - ""
Log.js?f092:55 [info] Making API request - {"command":"AuthenticatePusher"}
Timing.js?e2bb:46 Timing:expensify.cash.sidebar_links_filter_reports 0
Log.js?f092:55 [info] Finished API request - {"command":"Authenticate","shouldUseSecure":false,"jsonCode":200,"requestID":"FNkbnZ"}
Log.js?f092:55 [info] [Onyx] set() called for key: session properties: loading,shouldShowComposeInput,authToken,accountID,email,encryptedAuthToken - ""
Log.js?f092:55 [info] Making API request - {"command":"AuthenticatePusher"}
Timing.js?e2bb:46 Timing:expensify.cash.sidebar_links_filter_reports 0
Log.js?f092:55 [info] Finished API request - {"command":"ReconnectApp","jsonCode":200,"requestID":"HxmSxI"}

Verify that no errors appear in the JS console

PR Review Checklist

Contributor (PR Author) Checklist

PR Reviewer Checklist

The Contributor+ will copy/paste it into a new comment and complete it after the author checklist is completed

QA Steps

Verify that no errors appear in the JS console

Screenshots

Web

Mobile Web - Chrome

Mobile Web - Safari

Desktop

iOS

Android

…quest

…ticate. no need to try to prevent reauthentication attempts

luacmartins

Code LGTM, but it seems like we are triggering multiple Authenticate requests, one for each request that failed. I think we should only re-authenticate once.

marcaaron · 2022-09-21T15:49:14Z

seems like we are triggering multiple Authenticate requests, one for each request that failed. I think we should only re-authenticate once.

My best idea for how to achieve this is to just set up a local promise to hook other reauthenticate requests into and ensure we are only ever re-authenticating once.

Like...

function reauthenticate(commandName) {
    if (isAuthenticating) {
        return isAuthenticating;
    }

    isAuthenticating = Authentication.reauthenticate(commandName)
        .then((response) => {
            isAuthenticating = null;
            return response;
        });

    return isAuthenticating;
}

marcaaron · 2022-09-21T15:55:05Z

It worked pretty good

[info] Making API request - {"command":"OpenApp"}
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"private-report-reportID-7256767318622412-753ee06badab4ee8ae95202a824fc2d7","eventName":"client-userIsTyping"}
Log.js?f092:55 [info] Making API request - {"command":"OpenReport"}
Log.js?f092:55 [info] [PusherConnectionManager] unhandled event - {"eventName":"state_change"}
Log.js?f092:55 [info] [PusherAuthorizer] Attempting to authorize Pusher - {"channelName":"private-report-reportID-7256767318622412-753ee06badab4ee8ae95202a824fc2d7"}
Log.js?f092:55 [info] Making API request - {"command":"AuthenticatePusher"}
Log.js?f092:55 [info] [PusherConnectionManager] connected event - ""
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"private-encrypted-user-accountID-2-753ee06badab4ee8ae95202a824fc2d7","eventName":"onyxApiUpdate"}
Log.js?f092:55 [info] [PusherAuthorizer] Attempting to authorize Pusher - {"channelName":"private-encrypted-user-accountID-2-753ee06badab4ee8ae95202a824fc2d7"}
Log.js?f092:55 [info] Making API request - {"command":"AuthenticatePusher"}
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"private-encrypted-user-accountID-2-753ee06badab4ee8ae95202a824fc2d7","eventName":"preferredLocale"}
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"private-encrypted-user-accountID-2-753ee06badab4ee8ae95202a824fc2d7","eventName":"screenshareRequest"}
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"public-policyEditor-8557DE440451D383-753ee06badab4ee8ae95202a824fc2d7","eventName":"policyEmployeeRemoved"}
Log.js?f092:55 [info] [Pusher] Attempting to subscribe to channel - {"channelName":"public-policyEditor-D35BAB0CFAC69F52-753ee06badab4ee8ae95202a824fc2d7","eventName":"policyEmployeeRemoved"}
Log.js?f092:55 [info] Finished API request - {"command":"OpenApp","jsonCode":407,"requestID":"r6ybuZ"}
Log.js?f092:55 [info] Making API request - {"command":"Authenticate","shouldUseSecure":false}
Log.js?f092:55 [info] Finished API request - {"command":"OpenReport","jsonCode":407,"requestID":"U8LkBj"}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":407,"requestID":"NDOuVx"}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":407,"requestID":"M1eDx9"}
Log.js?f092:55 [info] Finished API request - {"command":"Authenticate","shouldUseSecure":false,"jsonCode":200,"requestID":"QCijkt"}
Log.js?f092:55 [info] [NetworkConnection] Firing reconnection callbacks because read request made with expired authToken - ""
Log.js?f092:55 [info] Making API request - {"command":"ReconnectApp"}
Log.js?f092:55 [info] Making API request - {"command":"OpenReport"}
2Log.js?f092:55 [info] Making API request - {"command":"AuthenticatePusher"}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":200,"requestID":"EbJnMu"}
Log.js?f092:55 [info] [PusherAuthorizer] Pusher authenticated successfully - {"channelName":"private-encrypted-user-accountID-2-753ee06badab4ee8ae95202a824fc2d7"}
Log.js?f092:55 [info] Finished API request - {"command":"AuthenticatePusher","jsonCode":200,"requestID":"oP3jNQ"}
Log.js?f092:55 [info] [PusherAuthorizer] Pusher authenticated successfully - {"channelName":"private-report-reportID-7256767318622412-753ee06badab4ee8ae95202a824fc2d7"}
Log.js?f092:55 [info] Finished API request - {"command":"OpenReport","jsonCode":200,"requestID":"comDLK"}
[info] Finished API request - {"command":"ReconnectApp","jsonCode":200,"requestID":"e4WyKi"}

luacmartins · 2022-09-21T22:33:47Z

That worked really well 😄

luacmartins

LGTM and tests well!

luacmartins · 2022-09-21T22:35:03Z

I have verified the author checklist is complete (all boxes are checked off).
I verified the correct issue is linked in the ### Fixed Issues section above
I verified testing steps are clear and they cover the changes made in this PR
- I verified the steps for local testing are in the Tests section
- I verified the steps for Staging and/or Production testing are in the QA steps section
- I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
- I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
I checked that screenshots or videos are included for tests on all platforms
I verified tests pass on all platforms & I tested again on:
- iOS / native
- Android / native
- iOS / Safari
- Android / Chrome
- MacOS / Chrome
- MacOS / Desktop
If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
I verified proper code patterns were followed (see Reviewing the code)
- I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
- I verified that comments were added to code that is not self explanatory
- I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
- I verified any copy / text shown in the product was added in all src/languages/* files
- I verified any copy / text that was added to the app is correct English and approved by marketing by tagging the marketing team on the original GH to get the correct copy.
- I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
- I verified the JSDocs style guidelines (in STYLE.md) were followed
If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
I verified that this PR follows the guidelines as stated in the Review Guidelines
I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
If a new component is created I verified that:
- A similar component doesn't exist in the codebase
- All props are defined accurately and each prop has a /** comment above it */
- Any functional components have the displayName property
- The file is named correctly
- The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
- The only data being stored in the state is data necessary for rendering and nothing else
- For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
- Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
- All JSX used for rendering exists in the render method
- The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
If a new CSS style is added I verified that:
- A similar style doesn't already exist
- The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

marcaaron · 2022-09-21T23:03:48Z

@ctkochan22 I'm gonna hit the merge on this one so we can scratch this off the list, but lmk if you spot anything that needs to be addressed.

OSBotify · 2022-09-21T23:07:53Z

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

OSBotify · 2022-09-22T19:17:19Z

🚀 Deployed to staging by @marcaaron in version: 1.2.5-0 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

OSBotify · 2022-09-23T22:47:43Z

🚀 Deployed to production by @luacmartins in version: 1.2.5-2 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

marcaaron added 4 commits September 20, 2022 09:43

Pass apiRequestType with requests so we can handle reauthentication

164f309

Add way to unsubsribe from onReconnect

c25fc1c

Trigger reconnection callbacks when authentication fails on a read re…

6631a7b

…quest

Remove weird log alert and just allow sequential requests to reauthen…

a0be719

…ticate. no need to try to prevent reauthentication attempts

marcaaron self-assigned this Sep 20, 2022

marcaaron requested a review from a team as a code owner September 20, 2022 20:35

melvin-bot Bot requested review from ctkochan22 and removed request for a team September 20, 2022 20:35

luacmartins reviewed Sep 20, 2022

View reviewed changes

Remove duplicate calls with isAuthenticating local promise

d1ad946

luacmartins approved these changes Sep 21, 2022

View reviewed changes

marcaaron merged commit a24de55 into main Sep 21, 2022

marcaaron deleted the marcaaron-reconnectOnReauthenticate branch September 21, 2022 23:03

OSBotify mentioned this pull request Sep 22, 2022

Deploy Checklist: New Expensify 2022-09-22 #11215

Closed

20 tasks

marcaaron mentioned this pull request Sep 28, 2022

[Bug] [$250] iOS - LHN - New message does not appear in the chat list preview after enable the internet connection #10762

Closed

hoangzinh mentioned this pull request Apr 15, 2023

[$1000] “Add payment method” button is disabled on every visit after user changes password #17106

Closed

6 tasks

ntdiary mentioned this pull request May 22, 2023

clean up the deep link code #17452

Merged

56 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix `OpenApp` failures due to expired authToken#11151

Fix `OpenApp` failures due to expired authToken#11151
marcaaron merged 5 commits into
mainfrom
marcaaron-reconnectOnReauthenticate

marcaaron commented Sep 20, 2022 •

edited

Loading

Uh oh!

luacmartins left a comment

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

luacmartins commented Sep 21, 2022

Uh oh!

luacmartins left a comment

Uh oh!

luacmartins commented Sep 21, 2022

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

OSBotify commented Sep 21, 2022

Uh oh!

OSBotify commented Sep 22, 2022

Uh oh!

OSBotify commented Sep 23, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

marcaaron commented Sep 20, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Details

Fixed Issues

Tests

PR Review Checklist

Contributor (PR Author) Checklist

PR Reviewer Checklist

QA Steps

Screenshots

Web

Mobile Web - Chrome

Mobile Web - Safari

Desktop

iOS

Android

Uh oh!

luacmartins left a comment

Choose a reason for hiding this comment

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

luacmartins commented Sep 21, 2022

Uh oh!

luacmartins left a comment

Choose a reason for hiding this comment

Uh oh!

luacmartins commented Sep 21, 2022

Uh oh!

marcaaron commented Sep 21, 2022

Uh oh!

OSBotify commented Sep 21, 2022

Uh oh!

OSBotify commented Sep 22, 2022

Uh oh!

OSBotify commented Sep 23, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

marcaaron commented Sep 20, 2022 •

edited

Loading