Implement logic to prevent onboarding flow when 2FA setup is required.#72218
Conversation
|
@parasharrajat Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button] |
|
🚧 @mountiny has triggered a test Expensify/App build. You can view the workflow run here. |
Codecov Report❌ Patch coverage is
... and 11 files with indirect coverage changes 🚀 New features to boost your workflow:
|
|
🧪🧪 Use the links below to test this adhoc build on Android, iOS, Desktop, and Web. Happy testing! 🧪🧪
|
|
@blazejkustra I have tested in dev and got this result, the 2FA is working as expected only after we refresh the page. CleanShot.2025-10-09.at.17.41.02.mp4 |
|
@fedirjh Could you try again? I pushed some new changes |
|
This is how it works with current changes: QuickTime.movie.mov |
|
@fedirjh can you please test again? thanks! |
|
|
LGTM |
fedirjh
left a comment
There was a problem hiding this comment.
Looks great overall! it works well on my end. I’ve shared some feedback and possible improvements in the review.
| listeners={{ | ||
| ...modalScreenListenersWithCancelSearch, | ||
| beforeRemove: () => { | ||
| modalScreenListenersWithCancelSearch.beforeRemove(); | ||
|
|
||
| // When a 2FA RHP page is closed, if the 2FA require page is visible and the user has now enabled the 2FA, then remove the 2FA require page from the navigator. | ||
| const routeParams = navigation.getState()?.routes?.at(-1)?.params; | ||
| const screen = routeParams && 'screen' in routeParams ? routeParams.screen : ''; | ||
| if (!shouldShowRequire2FAPage || !account?.requiresTwoFactorAuth || screen !== SCREENS.RIGHT_MODAL.TWO_FACTOR_AUTH) { | ||
| return; | ||
| } | ||
| setShouldShowRequire2FAPage(false); | ||
| }, | ||
| }} |
There was a problem hiding this comment.
@blazejkustra The 2FA setup modal is displayed under the onboarding modal: I think we should consider either removing it when the onboarding modal is open or displaying the onboarding only when the 2FA modal is closed.
There was a problem hiding this comment.
This change could add quite a bit of complexity to the code 🤔 The onboarding logic currently depends on:
!!account?.needsTwoFactorAuthSetup && !account?.requiresTwoFactorAuth.
Right after 2FA is configured, the user is redirected to the “Two-factor authentication enabled” page. At that point, the above logic returns false, which triggers the onboarding screen.
It’s not ideal as is, but automatically closing the “Two-factor authentication enabled” page wouldn’t be great either, the user wouldn’t get clear feedback that 2FA setup was completed successfully.
Keeping the user on the “Two-factor authentication enabled” page could work, but we’d need to introduce an additional frontend-controlled state like twoFactorAuthSetupAcknowledged. That could easily become messy and prone to edge cases (e.g., page refreshes or similar scenarios).
There was a problem hiding this comment.
Meanwhile I'm trying other approaches to improve the logic!
There was a problem hiding this comment.
@fedirjh What do you think? update logic to show 2FA setup page based on progress
QuickTime.movie.2.mov
There was a problem hiding this comment.
@blazejkustra Looks good to me and works as expected :
CleanShot.2025-10-13.at.11.55.15.mp4
There was a problem hiding this comment.
There was a problem hiding this comment.
Seems like we need to resolve this one still
There was a problem hiding this comment.
@fedirjh It looks like it worked for you this time, right? The 2FA-required page was hidden after 2FA was configured
There was a problem hiding this comment.
Okay I pushed a logic change, could you check again? 👀
There was a problem hiding this comment.
Perfect, this is working as expected 🚀.
CleanShot.2025-10-15.at.13.47.26.mp4
|
Please remove me from reviewer list. |
|
Working on it now 👀 |
Reviewer Checklist
Screenshots/VideosAndroid: HybridAppAndroid: mWeb ChromeiOS: HybridAppiOS: mWeb SafariMacOS: Chrome / SafariMacOS: Desktop |
| const [onboardingInitialPath, onboardingInitialPathResult] = useOnyx(ONYXKEYS.ONBOARDING_LAST_VISITED_PATH, {canBeMissing: true}); | ||
| const isOnboardingInitialPathLoading = isLoadingOnyxValue(onboardingInitialPathResult); | ||
| const [onboardingInitialPath, onboardingInitialPathMetadata] = useOnyx(ONYXKEYS.ONBOARDING_LAST_VISITED_PATH, {canBeMissing: true}); | ||
| const [account, accountMetadata] = useOnyx(ONYXKEYS.ACCOUNT, {canBeMissing: true}); |
There was a problem hiding this comment.
Maybe room for improvement would be to only pick the properties with selector if we need only some of them
|
✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release. |
|
@blazejkustra @mountiny We can't use verified domain controlled account. Could this be verified internally? |
|
🚀 Deployed to staging by https://github.com/mountiny in version: 9.2.32-0 🚀
|
I think @fedirjh has already verified that, so for QA I suggest testing the overall onboarding process and the 2FA flow. |
|
@blazejkustra can you please share QA steps that you want us to check? |
|
@IuliiaHerets I think the existing sign in process and 2FA setup should be fine |
|
I have asked @fedirjh to do internalQA on these steps here in staging |
|
@mountiny thank you |
|
This works as expected in staging 🚀 CleanShot.2025-10-16.at.12.56.34.mp4 |
@IuliiaHerets Yes, let's do it. |
@fedirjh Done, Thanks |
|
🚀 Deployed to production by https://github.com/mountiny in version: 9.2.32-6 🚀
|


Explanation of Change
Initially the idea from @mountiny was:
However, onboarding has once again become complicated, its logic is fragmented and difficult to follow. Ideally, we should look for opportunities to refactor and simplify this flow 😢
Showing the 2FA modal above everything else would make the implementation even more complex and is not the ideal solution. With input from @WojtekBoman, we discussed an alternative approach: preventing onboarding from being displayed until the user has properly configured their 2FA (and after it is configured then redirect users to onboarding).
Fixed Issues
$ #70803
PROPOSAL: N/A
Tests
Other than that, we need to test:
Offline tests
N/A
QA Steps
Prerequisites + domain setup:
Steps:
Other than that, we need to test:
PR Author Checklist
### Fixed Issuessection aboveTestssectionOffline stepssectionQA stepssectioncanBeMissingparam foruseOnyxtoggleReportand notonIconClick)src/languages/*files and using the translation methodSTYLE.md) were followedAvatar, I verified the components usingAvatarare working as expected)StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))npm run compress-svg)Avataris modified, I verified thatAvataris working as expected in all cases)Designlabel and/or tagged@Expensify/designso the design team can review the changes.ScrollViewcomponent to make it scrollable when more elements are added to the page.mainbranch was merged into this PR after a review, I tested again and verified the outcome was still expected according to theTeststeps.Screenshots/Videos
Android: Native
Android: mWeb Chrome
iOS: Native
iOS: mWeb Safari
MacOS: Chrome / Safari
MacOS: Desktop