Last Comment Bug 828068 - Unable to make a purchase/login with unverified Persona account
: Unable to make a purchase/login with unverified Persona account
Status: VERIFIED FIXED
u=patron p=2
:
Product: Marketplace
Classification: Server Software
Component: Payments/Refunds (show other bugs)
: 1.0
: All All
: P1 blocker (vote)
: 2013-01-10
Assigned To: Christopher Van Wiemeersch [:cvan]
:
:
Mentors:
: 828117 (view as bug list)
Depends on:
Blocks: marketplace-payments
  Show dependency treegraph
 
Reported: 2013-01-08 15:43 PST by krupa raj[:krupa]
Modified: 2013-06-27 07:37 PDT (History)
8 users (show)
jsmith: mkt‑blocker+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description krupa raj[:krupa] 2013-01-08 15:43:31 PST
steps to reproduce:
1. Launch your marketplace-dev on your unagi phone
2. Log in using an unverified email 
3. Search for 'Private yacht' and navigate to its details page
4. Click on the purchase button


expected behavior:
User is allowed to purchase

observed behavior:
We show "Please use a verified persona account" notification and abort the purchase.
Comment 1 Jason Smith [:jsmith] 2013-01-09 04:35:54 PST
*** Bug 828117 has been marked as a duplicate of this bug. ***
Comment 2 Jason Smith [:jsmith] 2013-01-09 04:37:15 PST
Apparently this reproduces with a general persona login as well.
Comment 3 Wil Clouser [:clouserw] 2013-01-09 09:29:29 PST
I'm assigning to cvan because of bug 794634.  Kumar can help if I'm off base.
Comment 4 krupa raj[:krupa] 2013-01-09 10:54:09 PST
This is blocking QA from testing payments. So marking it as a blocker.

cc'ing JR for some insights into what might be causing this.
Comment 6 Christopher Van Wiemeersch [:cvan] 2013-01-09 11:00:59 PST
(In reply to krupa raj 82[:krupa] from comment #5)
> For reference: 
> https://github.com/mozilla/zamboni/commit/
> b65fad4f6d0f9f7d76fb2c89ec7d7dfef5070963#L2R341

Assertion is failing. https://github.com/mozilla/zamboni/commit/b65fad4f6#L2R323 is more helpful.
Comment 7 Alex Keybl [:akeybl] 2013-01-09 12:22:11 PST
I think this is blocking-basecamp+, even if the fix doesn't end up being in-product, given the impact to testing. Let's get this fixed today, regardless. Only a few more days of testing left.
Comment 8 Jason Smith [:jsmith] 2013-01-09 13:32:45 PST
(In reply to Alex Keybl [:akeybl] from comment #7)
> I think this is blocking-basecamp+, even if the fix doesn't end up being
> in-product, given the impact to testing. Let's get this fixed today,
> regardless. Only a few more days of testing left.

This won't block unless this impacts the on device implementation. We can fix off device issues separately from basecamp.

It's a marketplace v1.0 blocker though.
Comment 9 Christopher Van Wiemeersch [:cvan] 2013-01-09 13:59:44 PST
https://github.com/mozilla/zamboni/commit/68c315a
Comment 10 JR Conlin [:jrconlin,:jconlin] 2013-01-09 16:17:47 PST
Very late r+ on cvan's fix. 

Sorry, the thread was far down my email list. 

We may want to ping the Persona folks about this state to make sure that we're not introducing a potential exploit. I understand that there's a different issuer, and that we're forcing it, but we may want to make sure that we secure against someone using an arbitrary issuer to spoof the connect. 

Then again, I tend to be overly paranoid.
Comment 11 Victor Carciu 2013-06-27 07:37:16 PDT
Verified as fixed : I was able to buy using a completely new email account.

Note You need to log in before you can comment on or make changes to this bug.