Closed Bug 888036 Opened 11 years ago Closed 11 years ago

Cannot switch users while PIN is unlocked

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

Product:
Marketplace Graveyard
Component:
Payments/Refunds
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
2013-09-10

People

(Reporter: kumar, Assigned: wraithan)

Details

STR
- open Marketplace dev
- search :paid
- purchase an app
- log in with an email
- create/confirm PIN
- confirm mobile number via SMS (if necessary)
- confirm the purchase, install the app
- log out
- log in as a second user with a different email and different persona account
- search :paid, click to purchase another app within 3 minutes

Actual: if you switch to the new user and initiate a purchase within 3 minutes, the PIN from the first user will be unlocked. You will immediately see a purchase confirmation screen (no PIN entry). You can then complete the purchase as the first user.

Expected: you should be logged out of the payment flow entirely when you begin a purchase as the second user. You should be prompted to create/confirm a new PIN and you should start with a new Bango screen
To fix this, we would need to put an intermediate page in front of this redirect that allows Persona to log the user out (if necessary) https://github.com/mozilla/webpay/blob/master/webpay/pay/views.py#L118
Priority: -- → P2
Assignee: nobody → wraithan
Same as I just posted: https://bugzilla.mozilla.org/show_bug.cgi?id=887862#c3

This is a marketplace login/logout which are currently separate from webpay.
Version: 1.0 → 1.3
Target Milestone: --- → 2013-09-10
https://github.com/mozilla/webpay/commit/9170b4a6899572c5e17e025de0b5795cd0e8648b

Had to clear last login and the new bounce code now covers this as well.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Verified as fixed. The new PIN is required after changing the users.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.