Closed Bug 828068 Opened 12 years ago Closed 12 years ago

Unable to make a purchase/login with unverified Persona account

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

defect

Tracking

(Not tracked)

VERIFIED FIXED
2013-01-10

People

(Reporter: krupa.mozbugs, Assigned: cvan)

References

Details

(Whiteboard: u=patron p=2)

steps to reproduce:
1. Launch your marketplace-dev on your unagi phone
2. Log in using an unverified email 
3. Search for 'Private yacht' and navigate to its details page
4. Click on the purchase button


expected behavior:
User is allowed to purchase

observed behavior:
We show "Please use a verified persona account" notification and abort the purchase.
Apparently this reproduces with a general persona login as well.
Summary: Unable to make a purchase with unverified Persona account → Unable to make a purchase/login with unverified Persona account
I'm assigning to cvan because of bug 794634.  Kumar can help if I'm off base.
Assignee: nobody → cvan
Priority: -- → P1
Whiteboard: u=patron p=2
Target Milestone: --- → 2013-01-17
This is blocking QA from testing payments. So marking it as a blocker.

cc'ing JR for some insights into what might be causing this.
Severity: major → blocker
(In reply to krupa raj 82[:krupa] from comment #5)
> For reference: 
> https://github.com/mozilla/zamboni/commit/
> b65fad4f6d0f9f7d76fb2c89ec7d7dfef5070963#L2R341

Assertion is failing. https://github.com/mozilla/zamboni/commit/b65fad4f6#L2R323 is more helpful.
blocking-basecamp: --- → ?
I think this is blocking-basecamp+, even if the fix doesn't end up being in-product, given the impact to testing. Let's get this fixed today, regardless. Only a few more days of testing left.
(In reply to Alex Keybl [:akeybl] from comment #7)
> I think this is blocking-basecamp+, even if the fix doesn't end up being
> in-product, given the impact to testing. Let's get this fixed today,
> regardless. Only a few more days of testing left.

This won't block unless this impacts the on device implementation. We can fix off device issues separately from basecamp.

It's a marketplace v1.0 blocker though.
blocking-basecamp: ? → ---
Flags: mkt-blocker+
https://github.com/mozilla/zamboni/commit/68c315a
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: 2013-01-17 → 2013-01-10
Very late r+ on cvan's fix. 

Sorry, the thread was far down my email list. 

We may want to ping the Persona folks about this state to make sure that we're not introducing a potential exploit. I understand that there's a different issuer, and that we're forcing it, but we may want to make sure that we secure against someone using an arbitrary issuer to spoof the connect. 

Then again, I tend to be overly paranoid.
Verified as fixed : I was able to buy using a completely new email account.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.