Closed Bug 433998 Opened 16 years ago Closed 16 years ago

Email change verification link giving bogus "Error!" "Invalid confirmation code!" despite correct copy & paste

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: mozilla-bugzilla, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Build Identifier: (Don't know -- the version currently in place at addons.mozilla.org)

I just used https://addons.mozilla.org/en-US/firefox/users/edit to change my email address, got the email notification, and went to the given link, but I'm getting the error:

    Error!

    Invalid confirmation code!

I have confirmed that I am correctly copying & pasting the URL and that there is no wrapping or other munging going on in my email client.

I would prefer not to give my old or new email addresses (not the same one I use for Bugzilla) in this public forum.  Also not sure if it's safe to give the confirmation URL here since I don't know if it contains my email address(es) or other info trivially encoded.  This information is available by email upon request, however.

Reproducible: Always

Steps to Reproduce:
1. Change email address on <https://addons.mozilla.org/en-US/firefox/users/edit>.
2. Go to link in resulting email.
Actual Results:  
Get:

    Error!

    Invalid confirmation code!


Expected Results:  
Sent confirmation link should be recognized as valid.
I just tried this on production, and changed 'stephen.donner@gmail.com' to 'stephen.donner+1@gmail.com", successfully.

Are you using any special characters?
I just successfully changed my email twice too. If there's a bug however, preventing some email addresses from working correctly, I'd prefer to fix it :) Dan, can you forward the email you received to my bugzilla address, please? That will allow me to take a look at it and possibly figure out what the problem is. Thanks.
Stephen, no, the only non-alpha character in my current email address is a '.', while the only non-alpha character in the one I'm trying to change it to is a '-' (in both cases, there are alpha characters on either side).

Frederic, thanks, I'll forward that to you now.
The OP forwarded me the email in question and the link contained worked as expected. Maybe his MUA cut the link off? The confirmation URL can get quite long, in his case about 200 characters total.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
Verified; I think this has been proven to be fine, based on our testing.
Status: RESOLVED → VERIFIED
> Maybe his MUA cut the link off?

No, like I said, "I have confirmed that I am correctly copying & pasting the URL and that there is no wrapping or other munging going on in my email client".  I confirmed that the beginning and end of the URL were as displayed in the email.  After I got the initial error using the URL copied from the displayed email, I tried copying the URL from the raw, unprocessed email file (I use nmh as my mail client), after confirming that this was valid since the email was not in quoted-printable format, and got the same error.  I also pasted the URL back out of Firefox's URL bar and into a file, and then diffed that against the raw email file to ensure the URL was intact -- it was.  After that I also tried IE and got the same result.

I guess the two possibilities are that either some network component in between my browser and the site was munging this specific URL yet not affecting any of the rest of my browsing (highly doubtful, and my company does not require users to use an HTTP proxy), or addons.mozilla.org was having some transient problem that caused it to falsely reject the confirmation code, and this problem resolved itself before you tried the URL, Frederic.

I guess someone would need to take a look at the web logs to see if the URL was indeed getting through unmunged when I was trying it (from 206.54.145.254).  This originally struck me as probably a transient issue and I was going to email the administrators of addons.mozilla.org, but I could find no contact information on the site, so I filed a bug instead.

If you would like me to do any additional testing to verify that this wasn't some crazy one-time fluke, please let me know.
(In reply to comment #6)
> I guess someone would need to take a look at the web logs to see if the URL was
> indeed getting through unmunged when I was trying it (from 206.54.145.254). 

I am unfortunately unsure if GET variables are logged, or only the raw URL. In the latter case we could just prove you accessed the page at all (we already know that), not what the code was that was submitted.

Either way, Jeremy, could you tell us if our access logs reflect query strings too or just URLs?
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.