steps to reproduce:
1. Launch your marketplace-dev on your unagi phone
2. Log in using an unverified email
3. Search for 'Private yacht' and navigate to its details page
4. Click on the purchase button
User is allowed to purchase
We show "Please use a verified persona account" notification and abort the purchase.
*** Bug 828117 has been marked as a duplicate of this bug. ***
Apparently this reproduces with a general persona login as well.
I'm assigning to cvan because of bug 794634. Kumar can help if I'm off base.
This is blocking QA from testing payments. So marking it as a blocker.
cc'ing JR for some insights into what might be causing this.
For reference: https://github.com/mozilla/zamboni/commit/b65fad4f6d0f9f7d76fb2c89ec7d7dfef5070963#L2R341
(In reply to krupa raj 82[:krupa] from comment #5)
> For reference:
Assertion is failing. https://github.com/mozilla/zamboni/commit/b65fad4f6#L2R323 is more helpful.
I think this is blocking-basecamp+, even if the fix doesn't end up being in-product, given the impact to testing. Let's get this fixed today, regardless. Only a few more days of testing left.
(In reply to Alex Keybl [:akeybl] from comment #7)
> I think this is blocking-basecamp+, even if the fix doesn't end up being
> in-product, given the impact to testing. Let's get this fixed today,
> regardless. Only a few more days of testing left.
This won't block unless this impacts the on device implementation. We can fix off device issues separately from basecamp.
It's a marketplace v1.0 blocker though.
Very late r+ on cvan's fix.
Sorry, the thread was far down my email list.
We may want to ping the Persona folks about this state to make sure that we're not introducing a potential exploit. I understand that there's a different issuer, and that we're forcing it, but we may want to make sure that we secure against someone using an arbitrary issuer to spoof the connect.
Then again, I tend to be overly paranoid.
Verified as fixed : I was able to buy using a completely new email account.