[Marketplace] Developer Log In / Registration

RESOLVED FIXED in 6.4.3

Status

P1
normal
RESOLVED FIXED
7 years ago
3 years ago

People

(Reporter: cvan, Assigned: ashort)

Tracking

unspecified
6.4.3

Details

Log In / Registration will be handled through BrowserID. We may want to either password protect all Developer Hub pages for the developer beta - or we can just keep the /developers/ and docs pages public (like they currently are for AMO) and keep the submission, etc. pages behind authentication. (Since the pages/flow aren't finalized, I'd rather just get everything behind authentication and not worry about those pages getting indexed by Google, etc.)

We also get into issue of whether we want to force users to choose a display name and username after registration (see bug 704634 for the implementation of this for apps-preview). Thoughts?
Also, how do we instruct people who currently already have AMO accounts that they can/must use BrowserID now?

Comment 2

7 years ago
The possible user types/flows here are :

a) No browserID; No AMO account
b) No browserID; Has AMO account
c) Has browserID; No AMO account
d) Has BrowserID; Has AMO account

We also need to consider people who are 

e) retrieving their login credentials

I do not know if this is a concern-

f) users with active AMO session cookies who are logging in with different credentials via browserID
The following is a proposal but I think it makes sense.  Comments?

a) No browserID; No AMO account
- Visiting marketplace: create browserid account, log in.  No problems.
- Visiting AMO: create AMO account, log in.  No problems.

b) No browserID; Has AMO account
- Visiting marketplace: We let them log in as usual (assuming not editor/admin).  Email has been verified by both parties so this is secure.  We preserve their AMO password hash for now, so they can log in to AMO if necessary.  No problems.
- Visiting AMO: Log in. No problems.

c) Has browserID; No AMO account
- Visiting marketplace: Log in.  No problems
- Visiting AMO: Will have to go through the normal AMO flow.  This is the most time consuming piece in the proposal I think.  An alternative would be to enable browserid for these folks on AMO, again, still the most time consuming.

d) Has BrowserID; Has AMO account
- Visiting marketplace: Log in, similar to (b).  No problems.
- Visiting AMO: Log in with AMO auth.  No problems.

We also need to consider people who are 

e) retrieving their login credentials
- Visiting marketplace: They'll use browserid (I think we need to modify a link here). No problems.
- Visiting AMO: They reset as usual, No problems.

f) users with active AMO session cookies who are logging in with different credentials via browserID
- Different credentials are fine, but at no point is there a session from one user on both sites.  Logging in to one will terminate the other.

There may be some confusion based on using different credentials (eg. changed browserid password but that didn't change my AMO password).

Thoughts?
Blocks: 710074
Per fligtar, we can remove the display name/username prompt after registration. (Make sure mobile login/registration isn't broken.)
     - we can reuse what we have from apps preview. the copy needs to change.
     - we need to get rid of the post-registration modal that prompts you for username/display name.
     - this needs to not be have the consumer-page styles. that means no navigation, no search bar, etc.
Assignee: cvan → ashort

Comment 6

7 years ago
https://github.com/mozilla/zamboni/commit/8ef230e 

We should create a mkt-specific @login_required decorator that refers to the new login view.
https://github.com/mozilla/zamboni/commit/3f79849
Assignee: ashort → cvan
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Target Milestone: 6.4.2 → 6.4.3
(Assignee)

Updated

7 years ago
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Updated

7 years ago
Assignee: cvan → ashort
(Assignee)

Comment 8

7 years ago
This still needs to handle the case where users sign up for AMO after browserID login on mkt. Currently it'll reject them from login as well as registration.
(Assignee)

Comment 9

7 years ago
https://github.com/mozilla/zamboni/commit/e1d7b51
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago7 years ago
Resolution: --- → FIXED
(Assignee)

Comment 10

7 years ago
Reverted.
https://github.com/mozilla/zamboni/commit/5a6d45776c6aeeff136859e53a79454fbb858d5a
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I think everything left on this is covered in ashort's bug 729806 so closing
Status: REOPENED → RESOLVED
Last Resolved: 7 years ago7 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.