Closed Bug 1470902 Opened 7 years ago Closed 7 years ago

Signing in to sync from an extension is no longer possible after an invalid age is entered when creating an account

Categories

(WebExtensions :: Untriaged, defect)

defect
Not set
normal

Tracking

(firefox60 affected, firefox61 affected, firefox62 affected)

RESOLVED WONTFIX
Tracking Status
firefox60 --- affected
firefox61 --- affected
firefox62 --- affected

People

(Reporter: acupsa, Unassigned)

Details

Attachments

(1 file)

[Affected Versions]: - Firefox Release 60.0.2 Build ID: 20180605171542 - Firefox Beta 61.0 Build ID: 20180621125625 - Firefox Nightly 62.0a1 Build ID: 20180625100047 [Affected Platforms]: - Windows 10 64bit - Mac 10.13.3 - Arch Linux 64bit [Prerequisites] - Have "Notes" experiment enabled from https://testpilot.firefox.com/experiments/notes on a new clean profile. [Steps to reproduce]: 1. Open Firefox and open the "Notes" sidebar 2. Click the "Sign in to Sync" button from the bottom left of the "Notes" sidebar. 3. Enter a valid e-mail adress and a valid password. 4. Enter an invalid age (under 13). 5. Click the "Create account" button and close the "accounts.firefox.com" tab. 6. Click the "three dot" button from the "Notes" sidebar and cancel the setup. 7. Click the "Sign in to Sync" button and observe the "accounts.firefox.com" page. [Expected result]: - The "Sign in" page is displayed. [Actual result]: - "Cannot create account" message is displayed. [Notes]: - The issue remains even if the browser is restarted. - This issue is also reproducible with Screenshots Dev (installed from https://screenshots.dev.mozaws.net/homepage/install-test-local.html), when you attempt to create a new account with an invalid age. - This issue is not reproducible if you create a new account with an invalid age using the Firefox' Sync service. - Attached a screen recording of the issue:
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
From Slack: ``` If you have the "Show your windows and tabs from last time" option selected (Release) or Restore previous session (Nightly), the "Cannot create account" message will always be displayed even after the browser is restarted and the user will not be able to use the sync service ``` Shane, what are your thoughts on that?
Flags: needinfo?(stomlinson)
I'm leery of making any changes to COPPA w/o explicit Legal approval. The whole point of COPPA is to make it so users who are too young cannot sign in, and making it easier to work around that could land us in hot water.
Flags: needinfo?(stomlinson)
Let me clarify this a bit: Firefox' Sync service refreshes its instance after a failed attempt to sign-up with an invalid age. When the "accounts.firefox.com" page is closed and the user attempts to sign in a second time, the user is able to sign in to sync even without performing a browser restart. Even if you have the "Show your windows and tabs from last time" option set, the login flow can be attempted a second time, just by closing and clicking the button again. On the other hand, if you attempt login from a webextension (Notes, Screenshots) while having the "Show your windows and tabs from last time" and you use an invalid age, the service will be blocked off forever. This issue continues to reproduce even after the flow is restarted, the browser is restarted or updated. The only thing that "unblocks" the FxA login is clearing the browser's cache. Without the "Show your windows and tabs from last time" option set, the login flow unblocks after the browser is restarted. @Shane, which of these two behaviors is the correct one?
Flags: needinfo?(stomlinson)
(In reply to Ciprian Muresan [:cmuresan], Experiments QA, :steve from comment #4) > Let me clarify this a bit: > > > On the other hand, if you attempt login from a webextension (Notes, > Screenshots) while having the "Show your windows and tabs from last time" > and you use an invalid age, the service will be blocked off forever. This > issue continues to reproduce even after the flow is restarted, the browser > is restarted or updated. The only thing that "unblocks" the FxA login is > clearing the browser's cache. > Without the "Show your windows and tabs from last time" option set, the > login flow unblocks after the browser is restarted. Does this happen if the web extension window is closed and the user restarts?
Flags: needinfo?(stomlinson)
Yes, this happens even after the web extension window is closed and the user restarts, but only IF the "Show your windows and tabs from last time" option is set (Release) or "Restore previous session" option is set (Nightly). It also continues to happen until the Browsers cache & cookies are cleared. I've made an additional screen recording with this scenario: https://goo.gl/TXnKp9.
Attached the wrong screen recording in comment 6. Here is the correct one: https://goo.gl/7thSzK.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: