Update all usage of User(ONYXKEYS.USER), to use Account(ONYXKEYS.ACCOUNT)

[inimaga]

Explanation of Change

We have two models in the App that essentially represent the same thing: User and Account and this leads to a risk of duplicated information. We are thus in the process of deprecating User.ts and merge it into Account.ts to standardise and prevent duplicate information from being added to both models.

This change is step C of the entire process. i.e: Update all usage of User(ONYXKEYS.USER) in the frontend (App), to use Account(ONYXKEYS.ACCOUNT)

Fixed Issues

Part of #59277

Tests

• Verify that no errors appear in the JS console

Offline tests

QA Steps

We need to validate all the flows which are affected by this change. This means testing anything to do with the Account Model. These have been distilled below (grouped by feature area):

1. Authentication & Sign-In Flows
   • SignInPage & BaseLoginForm (password login)
   • ThirdPartySignInPage (Google/Apple)
   • SAMLSignInPage (SSO)
   • ValidateCodeForm (magic-link / one-time code)
   • SMSDeliveryFailurePage (SMS 2FA fallback)
   • RequireTwoFactorAuthenticationPage (force 2FA)
   • LogInWithShortLivedAuthTokenPage (tokenized login)
   • UnlinkLoginPage (remove a linked login)
   • LogOutPreviousUserPage (logout existing session)
2. Two-Factor Authentication Setup & Management
   • TwoFactorAuthWrapper / TwoFactorAuthPage (enable 2FA)
   • BaseTwoFactorAuthForm (enter code to enable)
   • CopyCodesPage (display recovery codes)
   • VerifyPage (verify magic codes)
   • DisablePage (turn 2FA off)
3. Account Security & Delegation
   • SecuritySettingsPage (overall security dashboard)
   • Merge Accounts (AccountValidatePage + AccountDetailsPage)
   • Add Delegate flow (AddDelegatePage + DelegateMagicCodeModal + UpdateDelegateRole modals)
4. Profile & Contact Details
   • ProfilePage (name, avatar, calendar link)
   • ContactMethodsPage + ContactMethodDetailsPage (phone/email on file)
5. Subscription & Billing
   • SubscriptionSettings (plan management)
   • SubscriptionSize / Confirmation sub-step (change seats)
   • CardSection in SubscriptionSettings (payment methods)
   • EarlyCancellationMenuItem
6. Wallet & Card Management
   • WalletPage (Expensify Card overview)
   • ExpensifyCardPage (individual card settings)
   • ReportVirtualCardFraudPage
   • ReportCardLostPage
   • VerifyAccountPage (identity check for card)
7. Reimbursement-Account (ACH / Bank) Flows
   • ReimbursementAccountPage
   • VerifiedBankAccountFlowEntryPoint
   • ConnectBankAccount (USD)
   • NonUSD SignerInfo
8. Onboarding & Personal-Details
   • OnboardingWorkEmail + WorkEmailValidation
   • MissingPersonalDetailsMagicCodeModal
9. Referral & Integrations
   • ReferralDetailsPage (referral status)
   • ConnectToXeroFlow (in Settings, via component)
10. Workspace & Company-Card Administration
    • WorkspaceSwitcherPage
    • PolicyAccountingPage
    • WorkspaceCompanyCardsPage + EmptyState + AddNewCardPage + AssignCardFeedPage
    • IssueNewCardPage + ConfirmationStep + WorkspaceExpensifyCardListPage / EmptyState
11. In-App UI Hooks (avatar, FAB)
    • NavigationTabBarAvatar (sidebar avatar display)
    • FloatingActionButtonAndPopover (FAB shows “Request Money” or “Send Money” based on primaryLogin)
    • HeaderView (greeting / account banner)

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
  • MacOS: Desktop
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
    • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message:
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native

Android: mWeb Chrome

iOS: Native

iOS: mWeb Safari

MacOS: Chrome / Safari

MacOS: Desktop

[inimaga]

Once this is reviewed and merged, the next step (D) will be App cleanup to remove all the User model in the App, including the hook introduced here.

[melvin-bot]

@ Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[MariaHCD]

I'm not sure if this should be No QA - it touches a lot of flows related to the account/user, right?

Is there a way we can break this PR down into smaller ones so we can have QA test these flows?

[inimaga]

@MariaHCD Fair point, it touches all the flows where user/account is invoked (All usage of User(ONYXKEYS.USER) has been replaced with Account(ONYXKEYS.ACCOUNT)). I initially added NO QA as it’s purely a cross-cutting refactor with no UI changes. But will nevertheless add a list of test cases so that potential issues / regressions can be surfaced.

Regarding breaking the PR down into several smaller ones, I'm wary of doing this. Since every screen in this change uniformly uses ONYXKEYS.ACCOUNT, QA only needs to validate one consistent flow; splitting this into pieces would introduce mixed USER/ACCOUNT subscriptions and dramatically multiply the states they have to test. Keeping it as one atomic switch preserves a single end-to-end path, simplifies validation, and makes rollback trivial.

[MariaHCD]

I initially added NO QA as it’s purely a cross-cutting refactor with no UI changes. But will nevertheless add a list of test cases so that potential issues / regressions can be surfaced.

Great, I think adding test cases makes a lot of sense—it’ll make it much easier to catch if there are specific flows where we’re missing the correct Onyx data from the backend, for example.

Keeping it as one atomic switch preserves a single end-to-end path, simplifies validation, and makes rollback trivial.

Fair point. I was initially wondering if we could split this by feature or flow to make testing easier, but I’m fine with the single-switch approach too. I agree that as long as we have all the relevant test scenarios clearly defined, it should help surface any issues during review and when QAing on staging.

[MariaHCD]

Looks like we have some merge conflicts 👀

[MariaHCD]

For my own understanding, how do you determine if canBeMissing can safely be set to true?

[inimaga]

I looked at the usage of the key being called to see if there is a sensible default incase its not provided or if it is being accessed in a safe manner.

In the case of the code you've highlighted, account gets set to ACCOUNT_DEFAULT if ONYXKEYS.ACCOUNT is missing.

For network, its being accessed in a null safe way so if its missing, the places where it is used will still work okay.

[MariaHCD]

Oh, was this a new prop added to onyx/User.ts?

Maybe let's add a comment to User.ts that it is being deprecated and should no longer be used? Or rather, should be just delete that model in this PR? 🤔

[inimaga]

Yes, it was a new prop introduced in this PR: #54912, merged last week.

I have added a deprecated comment saying it should no longer be used. Will delete in the next step as part of cleanup.

[MariaHCD]

Changes look good. Looks like we have more conflicts, however :(

Additionally, I think we should get a C+ to help review & test these changes and keep an eye out for any possible regressions this might cause.

[c3024]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified tests pass on all platforms & I tested again on:
  • Android: HybridApp
  • Android: mWeb Chrome
  • iOS: HybridApp
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
  • MacOS: Desktop
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp

userAndroid.mov

Android: mWeb Chrome

userAndroidmWeb.mov

iOS: HybridApp

useriOS.mov

iOS: mWeb Safari

useriOSmWeb.mov

MacOS: Chrome / Safari

userChrome.mp4

MacOS: Desktop

userDesktop.mov

[c3024]

Code changes look good. I will test the flows to find if there is anything surpising.

Lint is failing. It looks like we need to override lint at the export statement in /onyx/User.ts too.

[c3024]

LGTM!

[melvin-bot]

@Valforte Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[melvin-bot]

🎯 @c3024, thanks for reviewing and testing this PR! 🎉

An E/App issue has been created to issue payment here: #61200.

[Valforte]

LGTM

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[github-actions]

🚀 Deployed to staging by https://github.com/MariaHCD in version: 9.1.39-0 🚀

platform	result
🖥 desktop 🖥	success ✅
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅

[mvtglobally]

Due to the complexity of this single PR, we are working to limit the scope as some of the flows are tested independently as part of regular regression.

@MariaHCD @Valforte Can you pls check if this makes sense not to retest separately and only run the ones we dont have explicit TCs for?

1. Authentication & Sign-In Flows

• SignInPage & BaseLoginForm (password login) - Create account - Magic link & Engagement modal - Same Session
• ThirdPartySignInPage (Google/Apple) - Login - Google Sign In / Login - AppleID Sign In
• SAMLSignInPage (SSO) - No ND TC for SSO, We will ask a tester to test this with the SSO credentials.
• ValidateCodeForm (magic-link / one-time code) - Login - Use Magic link - Same session & different session
• SMSDeliveryFailurePage (SMS 2FA fallback) - Unsure about this flow. @MariaHCD Is this something we should be able to test or its back end?
• RequireTwoFactorAuthenticationPage (force 2FA) - Login - 2FA - Manually enter Magic Code
• LogInWithShortLivedAuthTokenPage (tokenized login) - Login - Manually enter Magic Code
• UnlinkLoginPage (remove a linked login) - Unsure about this flow. @MariaHCD Is this something we should be able to test in ND or its back end?
• LogOutPreviousUserPage (logout existing session) - Logout - Offline confirmation modal and Network request confirmation

We will update the other TCs in a similar way shortly

[mvtglobally]

2. Two-Factor Authentication Setup & Management

• • TwoFactorAuthWrapper / TwoFactorAuthPage (enable 2FA) - Login - 2FA - Use Magic link
• • BaseTwoFactorAuthForm (enter code to enable) - Login - 2FA - Manually enter Magic Code
• • CopyCodesPage (display recovery codes) - Login - 2FA - Manually enter Recovery codes
• • VerifyPage (verify magic codes) - @MariaHCD is this related to general entry of the 2FA code? Can you pls provide more details on what to verify here?
• • DisablePage (turn 2FA off) - No ND TC for Turning off 2FA, We will ask a tester to test.

3. Account Security & Delegation

• • SecuritySettingsPage (overall security dashboard) - We have no specific TC for Dashboard, but rather specific feature validations, e.g. Security - 2FA - Activate 2FA & Security - Close Account & Security - Copilot setup . @MariaHCD Anything explicit additionally you need us to verify?
• • Merge Accounts (AccountValidatePage + AccountDetailsPage) - Onboarding - Private Domain - Add work email flow
• • Add Delegate flow (AddDelegatePage + DelegateMagicCodeModal + UpdateDelegateRole modals) - We have Copilot: Delegated access TC only. Security - Copilot setup and access types & Security - Copilot actions & Security - Remove Copilot access. @MariaHCD Is this enough?

4. Profile & Contact Details

• • ProfilePage (name, avatar, calendar link) - There are multiple TCs for Profile Page (e.g. Profile - Edit Information in Profile & Profile - Edit Avatar @MariaHCD Is there anything else specific to validate?
• • ContactMethodsPage + ContactMethodDetailsPage (phone/email on file) - Profile - Contact method - Secondary Log in & Profile - Contact method - Secondary Log in - Error & Profile - Contact method - Google Sign In/Secondary login

5. Subscription & Billing

• • SubscriptionSettings (plan management) - We do not have TC. @MariaHCD Can you pls confirm what exactly to verify here?
• • SubscriptionSize / Confirmation sub-step (change seats) - - We do not have TC. @MariaHCD Can you pls confirm what exactly to verify here?
• • CardSection in SubscriptionSettings (payment methods) - Subscription - Add payment method to the account
• • EarlyCancellationMenuItem - Subscription - User can request cancellation on subscriptions with over 20 users

6. Wallet & Card Management

• • WalletPage (Expensify Card overview) - Enable wallet/add personal bank account & Wallet - Add/Delete bank
• • ExpensifyCardPage (individual card settings) - Workspace Settings - Admin - Enable Expensify Card & Admin - Approval flow locked for smart limit &
• • ReportVirtualCardFraudPage - Admin - Deactivate card
• • ReportCardLostPage - Doesn't look like we have a TC. Will ask testers to test this flow
• • VerifyAccountPage (identity check for card) - @MariaHCD Is this under internal KYC wall? Not sure we will be able to test this flow. This is the closest verification I found in Staging Member - Add shipping Details

7. Reimbursement-Account (ACH / Bank) Flows

• • ReimbursementAccountPage - Indirect Reimbursement - "Pay Elsewhere" option & Reimbursement - "None" option doesn't display payment options for admin
• • VerifiedBankAccountFlowEntryPoint - Workspace - Add bank account - Chase Scenario & New Browser tab is opened to add bank account in Desktop
• • ConnectBankAccount (USD) - Plaid flow - 1st step Fully Verified Bank account (VBA) Through Plaid Flow - 5th Step - Company owner and verification
• • NonUSD SignerInfo - @MariaHCD What is "SignerInfo"? We have TC Adding non-US deposit account . Will it cover what you are looking for?

8. Onboarding & Personal-Details

• • OnboardingWorkEmail + WorkEmailValidation - Onboarding - Private Domain - Add work email flow
• • MissingPersonalDetailsMagicCodeModal - @MariaHCD It doesn't look like we have a TCs for this. Can you pls help us with what exactly needs to be verified?

9. Referral & Integrations

• • ReferralDetailsPage (referral status) - Share Code - is this correct flow expected to test here?
• • ConnectToXeroFlow (in Settings, via component) - Connect Xero

10 . Workspace & Company-Card Administration

• • WorkspaceSwitcherPage - @MariaHCD We dont have a TC, Anything specific to confirm?
• • PolicyAccountingPage - Integrate option enables the Accounting settings
• • WorkspaceCompanyCardsPage + EmptyState + AddNewCardPage + AssignCardFeedPage - Company Cards - Add/remove card feed & Feed added - Empty State & other Multiple TC
• • IssueNewCardPage + ConfirmationStep + WorkspaceExpensifyCardListPage / EmptyState - Multiple TC - @MariaHCD Anything specific to confirm?

11. In-App UI Hooks (avatar, FAB)

• • NavigationTabBarAvatar (sidebar avatar display) - It doesn't look like we have specific sidebar test for avatar. Can you pls confirm whats exactly need to be verified @MariaHCD
• • FloatingActionButtonAndPopover (FAB shows “Request Money” or “Send Money” based on primaryLogin) - We do not have specific TCs to verify the different display. Can any of the following cover it? or [Submit Expense in Workspace option is displayed - Manual ] (https://expensify.testrail.io/index.php?/cases/view/2990367)
• • HeaderView (greeting / account banner) - @MariaHCD We dont have a TC, Anything specific to confirm?

[github-actions]

🚀 Deployed to production by https://github.com/yuwenmemon in version: 9.1.39-8 🚀

platform	result
🖥 desktop 🖥	success ✅
🕸 web 🕸	success ✅
🤖 android 🤖	failure ❌
🍎 iOS 🍎	success ✅

[inimaga]

@mvtglobally Answering your questions:

Due to the complexity of this single PR, we are working to limit the scope as some of the flows are tested independently as >part of regular regression.

@MariaHCD @Valforte Can you pls check if this makes sense not to retest separately and only run the ones we dont have >explicit TCs for?

Yes this makes sense. We can skip separately retesting all the flows already covered, and only test the ones we don't have explicit coverage for. For context, given the cross-cutting nature of the refactor in this PR change, I listed the flows and highlighted all the components that the change touched so they could be covered in the QA process (for both existing flows tested independently as part of regular regression testing, and flows that are usually not tested).

Regarding the individual points you are unsure of:
SMSDeliveryFailurePage (SMS 2FA fallback) - Unsure about this flow. @MariaHCD Is this something we should be able to test or its back end?

This is the flow for 2 factor authentication using SMS (instead of Authy).

UnlinkLoginPage (remove a linked login) - Unsure about this flow. @MariaHCD Is this something we should be able to test in ND or its back end?

Yes, this is testable by assigning a secondary login to an account. And then removing that secondary login attached to the account.

VerifyPage (verify magic codes) - @MariaHCD is this related to general entry of the 2FA code? Can you pls provide more details on what to verify here?

Yes, this is related to the general 2FA process and will be covered by existing tests.

• SecuritySettingsPage (overall security dashboard) - We have no specific TC for Dashboard, but rather specific feature validations, e.g. Security - 2FA - Activate 2FA & Security - Close Account & Security - Copilot setup . @MariaHCD Anything explicit additionally you need us to verify?

Here no. The existing tests have good coverage.

Add Delegate flow (AddDelegatePage + DelegateMagicCodeModal + UpdateDelegateRole modals) - We have Copilot: Delegated access TC only. Security - Copilot setup and access types & Security - Copilot actions & Security - Remove Copilot access. @MariaHCD Is this enough?

Yes, it is.

[inimaga]

Continued response:

ProfilePage (name, avatar, calendar link) - There are multiple TCs for Profile Page (e.g. Profile - Edit Information in Profile & Profile - Edit Avatar @MariaHCD Is there anything else specific to validate?

No

SubscriptionSettings (plan management) - We do not have TC. @MariaHCD Can you pls confirm what exactly to verify here?
SubscriptionSize / Confirmation sub-step (change seats) - - We do not have TC. @MariaHCD Can you pls confirm what exactly to verify here?

For this, I looked at our current existing TC and they are good enough to cover it. link

VerifyAccountPage (identity check for card) - @MariaHCD Is this under internal KYC wall? Not sure we will be able to test this flow. This is the closest verification I found in Staging Member - Add shipping Details

Yes, this is fine.

NonUSD SignerInfo - @MariaHCD What is "SignerInfo"? We have TC Adding non-US deposit account . Will it cover what you are looking for?

Yes, this should cover it.

MissingPersonalDetailsMagicCodeModal - @MariaHCD It doesn't look like we have a TCs for this. Can you pls help us with what exactly needs to be verified?

This is covered by an existing test, so skip this.

• WorkspaceSwitcherPage - @MariaHCD We dont have a TC, Anything specific to confirm?

Here you just need to test that switching between workspaces for an account works fine.

IssueNewCardPage + ConfirmationStep + WorkspaceExpensifyCardListPage / EmptyState - Multiple TC - @MariaHCD Anything specific to confirm?

No. This is good enough.

[inimaga]

Response continued:

In-App UI Hooks (avatar, FAB)

• NavigationTabBarAvatar (sidebar avatar display) - It doesn't look like we have specific sidebar test for avatar. Can you pls confirm whats exactly need to be verified

This is somewhat covered by existing test but has to do with ensuring no issues with the avatar displayed in the sidebar.

• FloatingActionButtonAndPopover (FAB shows “Request Money” or “Send Money” based on primaryLogin) - We do not have specific TCs to verify the different display. Can any of the following cover it? or [Submit Expense in Workspace option is displayed - Manual ] (https://expensify.testrail.io/index.php?/cases/view/2990367)

Yes, this test should cover it.

• HeaderView (greeting / account banner) - @MariaHCD We dont have a TC, Anything specific to confirm?

This should be covered by some of the tests listed here, so skip

[inimaga]

@mvtglobally
To reiterate, I listed all the components that the change touched (grouped by flows) so they could be covered in the QA process. (Including existing regression tests).
But I realise that because it's not a detailed set of steps to follow, its not really helpful for you. Next time will be more careful to add detailed steps for only testing flows not already in current TC.

So that they are easily followable and to avoid such confusions.