During a security test of Mozillians.org, I noticed what appears to be a non-security related bug that prevents users from adding a secondary email address to their mozillians.org profile. Reproduction Steps: 1.) Go to profile 2.) Attempt add another email using the "Add email" button 3.) Get prompted for auth0 login 4.) Auth against auth0 login 5.) Get redirected back to the profile page 6.) Go back to #2 and repeat (infinite loop)
No longer blocks: 1357743
Viorela, can you please test this scenario?
Assignee: nobody → viorelaioia
(In reply to comment #0 and comment #1) It is not actually an infinite loop and secondary email can actually be added. Follow these steps: 1.) Go to profile 2.) Attempt add another email using the "Add email" button 3.) Get prompted for auth0 login 4.) Enter your email address that you want to add as secondary email address(e.g email@example.com) 5.) Confirm sign in from the email sent to your desired secondary email address (e.g firstname.lastname@example.org) You should now be redirected to your profile edit page and your new secondary email address should be added there. So, as you can see, the problem is not actually an infinite loop rather the problem is that when trying to add secondary email address, it is showing the default login page with no indication whatsoever that user should input their new email address not the existing one. My suggestion: 1. There should be some kind of message that asks user to input their new email address. 2. If the existing email address is given, it should show an error message as existing email address can not be added again as secondary address.
See also Bug 1328084
Commits pushed to master at https://github.com/mozilla/mozillians https://github.com/mozilla/mozillians/commit/170b2cc78797cb8507d756ceae3af99fcef61c7a [Fix bug 1374307] Add help text on secondary emails https://github.com/mozilla/mozillians/commit/c0c276345465394c82f6b9b19f44de7f27dd768a Merge pull request #1786 from comzeradd/1374307 [Fix bug 1374307] Add help text on secondary emails
Status: NEW → RESOLVED
Last Resolved: 10 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.