Surface new "Firefox Account locked" messaging in Fennec

RESOLVED FIXED in Firefox 37


Android Background Services
Firefox Accounts
3 years ago
3 years ago


(Reporter: nalexander, Assigned: nalexander)


Firefox 37

Firefox Tracking Flags




(3 attachments)



3 years ago
The Cloud Services team is adding backend account fraud support to fxa-auth and fxa-content servers.  This will take the form of a new error code returned from the /login (and related) endpoints.  Fennec will need a little bit of error handling code to surface these new error messages to the user.

n.b.: the principal messaging will be via an email to the account's email address, so it's enough to just say "account locked and see your email".  We don't need to provide UI to recover from the situation, for example.

Documented at [1] and [2].



Comment 1

3 years ago
Setting tracking-fennec? because this should track Fennec 36.
tracking-fennec: --- → ?
Note that there should be UI to resend the unlock email in case it never made it to the user.
tracking-fennec: ? → 36+

Comment 3

3 years ago
Created attachment 8513012 [details] [review]

Preliminary review.  Details are not yet finalized, but I wanted to push this forward.
Attachment #8513012 - Flags: review?(rnewman)

Comment 4

3 years ago
Created attachment 8513015 [details]

Screenshot of the error message with linkified "Resend unlock code".  (For those playing along at home, it's embedded on the create account screen for testing convenience -- I swapped "account already exists" and "account locked" locally -- even though this state can't (?) occur at creation.)

Comment 5

3 years ago
Created attachment 8513016 [details]

Here's the same error, but with the little "Resend unlock email failed" toast at the bottom.  (This fails because the end point doesn't exist remotely; the logs show the expected 404 response.)

Comment 6

3 years ago
francois: I implemented this with the following two choices:

1) /login and friends returned an error code of ACCOUNT_LOCKED = 121.  I have argued elsewhere that we should not re-use error codes even if we can, so I'd like to see this finalized.

2) I used the endpoint /account/unlock/resend_code.  I post the following JSON:


where email is just like for /account/create (i.e., just a utf8 string).  (

I expect a 200 response and ignore the body entirely.  It would be nice to get that documented.
Flags: needinfo?(francois)
I think Danny answered most of these already on the Github tracker, but will transfer the needinfo to him just in case.
Flags: needinfo?(francois) → needinfo?(dcoates)
Nick, it will be documented in once there's an implementation to back it, but yes, all you're assumptions are correct.

The errno will be 121 instead of 104 but otherwise will follow with response bodies for the new endpoints being empty JSON objects.
Flags: needinfo?(dcoates)
Comment on attachment 8513012 [details] [review]

Assuming it works, this looks fine to me, modulo whatever changes are necessary to match the final spec.
Attachment #8513012 - Flags: review?(rnewman) → review+

Comment 10

3 years ago
FYI, I tried the above build against a custom deployment of this auth-server branch:

The flow worked nicely - lockout was reported, error screen was shown, link was clicked, email was sent.

The server implementation is far from ready, but I think we can happily commit to the parts of the API required for this to land in Fennec (the error code, and the URL to visit to resend the email).

Comment 12

3 years ago

Comment 13

3 years ago
Thanks for testing, rfkelly.  Pushed as is; we can follow-up if necessary.
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 37
You need to log in before you can comment on or make changes to this bug.