[Train 89]"Back" button from creating account process is misleading

NEW
Unassigned

Status

Cloud Services
QA: General
10 months ago
10 months ago

People

(Reporter: sorina, Unassigned, NeedInfo)

Tracking

unspecified
Unspecified
Windows 10
Points:
---

Firefox Tracking Flags

(firefox55 affected, firefox56 affected)

Details

(Reporter)

Description

10 months ago
Environment: 
- Staging Train 89 - Win 10 (64) - Build 55.0b1;
- Prod - Nexus 6 (Android 7.0) - Build 56.0a1;


Steps to reproduce:

1. Launch Firefox and follow the account creation flow through each page of the Account Setup wizard. At age field type a number >13;
2. Tap on "Back" after the verification link is send and at age field type a number <13 (e.g. 2);
3. Tap on "Back" after the verification link is send and at age field type a number <13 (e.g. 4);

Expected:
After step 2 and 3 the user is not able to change the age and create again the same account. Maybe a message should be displayed.

Actual: 
After step 2 and 3 the user is able to create again the same account, but with age changed, and for the all steps 1, 2, 3 the verification mail/link is valid.


Note: 
- The account was not verified before performing steps 2 and 3.
(Reporter)

Updated

10 months ago
Blocks: 1372779

Comment 1

10 months ago
Thanks Sorina!  ISTM that at step (2) this should trigger our age-checking logic and prevent you from creating the account.

Out of curiosity, what would you expect the behaviour to be if, in step (2), you entered a different age that was >13 rather than <13?
(Reporter)

Comment 2

10 months ago
(In reply to Ryan Kelly [:rfkelly] from comment #1)
> Thanks Sorina!  ISTM that at step (2) this should trigger our age-checking
> logic and prevent you from creating the account.
> 
> Out of curiosity, what would you expect the behaviour to be if, in step (2),
> you entered a different age that was >13 rather than <13?

A message telling me that an account has already been created with the email address from step 1. For both cases >13 and <13.
(In reply to Ryan Kelly [:rfkelly] from comment #1)
> Thanks Sorina!  ISTM that at step (2) this should trigger our age-checking
> logic and prevent you from creating the account.

This is incorrect because of sign-in from sign-up. The account has already been created in step 1. Because of Sign-in from sign-up, an attempt to sign-in the user is *always* made, regardless of the user's age. Only if the account is not already created do we check the age. Since the account is already created, we ignore the age and attempt to sign-in the user.
Thanks for the STRs :sorina. I've done a bit of exploring, there is definitely some odd, but not totally unexpected behavior.

The oddness comes from sign-in from sign-up. For more info, see [1][2]. The strangest behavior I could find is:

1. Sign up with an age > 13, choose what to sync is displayed. Click "back".
2. Sign up with an age > 13, choose what to sync is displayed. Click "back".
3. Sign up with an age < 13, "Confirm your account" is displayed.

Again, this has to do with signin from signup. This is the interpretation of the behavior that was requested by Ryan Feeley in: "User enters too-young COPPA age, sign-in succeeds: User is signed in"

In step 3, since the account was already created, we attempt to sign in the user. We see they have an account that hasn't been verified and send them to the "Confirm your account" screen.


[1] - https://github.com/mozilla/fxa-content-server/issues/2778
[2] - https://github.com/mozilla/fxa-content-server/pull/3413

Comment 5

10 months ago
> 2. Sign up with an age > 13, choose what to sync is displayed. Click "back".

Does this happen because the account is unverified, so when we try to create it again, it gets deleted and re-created?

In any case, I think this feature continues to argue in favour us of doing an identifier-first login flow where you only enter the email up-front, and we take you to the right experience from there.  Let's take a good look at that as we do our Q3 planning.

Alex and/or Ryan, should we consider this "working as intended" given the signin-from-signup feature, or is there some tweak we can do to make the experience better here?
Flags: needinfo?(rfeeley)
Flags: needinfo?(adavis)
(In reply to Ryan Kelly [:rfkelly] from comment #5)
> > 2. Sign up with an age > 13, choose what to sync is displayed. Click "back".


> Alex and/or Ryan, should we consider this "working as intended" given the
> signin-from-signup feature, or is there some tweak we can do to make the
> experience better here?


I would argue strongly in favor of not fixing this and instead expend the
effort to do this:

> an identifier-first login flow where you only enter the email up-front, and we take you to the right experience from there.
(In reply to Shane Tomlinson [:stomlinson] from comment #6)
> I would argue strongly in favor of not fixing this and instead expend the
> effort to do this:

I will second that because there is work in Q3 that will likely eliminate this user flow.
Flags: needinfo?(adavis)
You need to log in before you can comment on or make changes to this bug.