Last Comment Bug 830062 - App purchase requires a double log in
: App purchase requires a double log in
Status: RESOLVED FIXED
u=patron p=1
:
Product: Marketplace
Classification: Server Software
Component: Payments/Refunds (show other bugs)
: 1.1
: All All
: P1 major (vote)
: 2013-01-24
Assigned To: Christopher Van Wiemeersch [:cvan]
:
Mentors:
Depends on:
Blocks: marketplace-payments
  Show dependency treegraph
 
Reported: 2013-01-12 22:21 PST by krupa raj[:krupa]
Modified: 2013-01-31 14:43 PST (History)
7 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description krupa raj[:krupa] 2013-01-12 22:21:03 PST
steps to reproduce:
1. Launch marketplace-dev app on your unagi phone
2. Click on the Login/Register button
3. Log in using unverified account
4. Navigate to 'private yacht'
5. Click on the purchase button

expected behavior:
Payment Flow opens in the trustedUI and PIN creation screen loads.

observed behavior:
Payment Flow opens in the trustedUI but user is prompted to log in.
Comment 1 Jason Smith [:jsmith] 2013-01-13 04:49:48 PST
Login in what sense in the observed behavior? Was the persona cookie saved?

You can validate if the persona cookie was saved if after step #5, you should not have to enter your username and password, but instead, select to login with the account saved.
Comment 2 Kumar McMillan [:kumar] (needinfo all the things) 2013-01-14 10:24:01 PST
This is a Marketplace bug. You can reproduce it on desktop B2G too. The *second* time you log in using the same account, everything works. The bug is something in the way that Marketplace is using the Persona observer API. Even after logging in successfully, Marketplace still calls nav.id.request() which is why it appears to take two logins instead of one.
Comment 3 krupa raj[:krupa] 2013-01-16 15:36:25 PST
Supposedly webpay is prompting the user to log in during purchase if they have been logged into marketplace for a while. This should not happen. We have PIN verification to avoid any malicious intent. Logged-in users should directly be prompted to enter their PIN.
Comment 4 Christopher Van Wiemeersch [:cvan] 2013-01-16 18:43:50 PST
Unfortunately, using the exact STR with a new unverified account I was able to start a purchase and get to the mozPay window.

(In reply to krupa raj 82[:krupa] from comment #3)
> Supposedly webpay is prompting the user to log in during purchase

By "webpay" do you mean "Marketplace"? If it looks like this - http://f.cl.ly/items/2Y3v3O2s1f180O10132C/Screen%20Shot%202013-01-16%20at%206.40.04%20PM.png - that's the Marketplace, not webpay.

> if they have been logged into marketplace for a while. This should not happen.

What do you mean a while? Did you close the app or anything? I can't think of what effect duration would have on login.

I'm sure this is happening (and likely blamable on some Persona wonkiness). Any advice to repro would be bawse.
Comment 5 Jed Parsons (use needinfo, please) [:jedp, :jparsons] 2013-01-16 21:06:17 PST
I've noticed this double-login as well, and would be happy to help diagnose.  Where does the marketplace code live?  I'd be glad to look at the way the observer api is being used; if, as kumar says, there's a second call to navigator.id.request(), then this is the expected behavior.  And if, as cvan suspects, there's something wonky with persona, we certainly want to know that, too :)

Trying to reproduce now and follow the debug logs (which would give some idea about the way persona is being used and the way it is behaving) is unsuccessful: After clicking on the private yacht, I get a "Something went wrong!" error in the Trusted UI, so I can't do any more at present.

(Debug logs: If you pref toolkit.identity.debug to true, you'll get a lot of information about how persona is being called and what it's doing behind the scenes.)
Comment 6 Christopher Van Wiemeersch [:cvan] 2013-01-18 15:58:46 PST
https://github.com/mozilla/webpay/commit/dbc1a43
Comment 7 Victor Carciu 2013-01-23 05:25:29 PST
Verified as fixed using a new account : http://screencast.com/t/jq4Iv6EZ
Comment 8 krupa raj[:krupa] 2013-01-23 09:06:49 PST
moving back to verify the bug on the phone.
Comment 9 krupa raj[:krupa] 2013-01-30 09:34:51 PST
I suspect that this still happens.Kumar and i saw this happen on marketplace-dev

STR:
1. Log into marketplace-dev
2. Wait for > 40 mins
3. Search for a paid app and try to purchase it

observed behavior:
Payment Flow opens in the trustedUI but user is prompted to log in again.
Comment 10 Wil Clouser [:clouserw] 2013-01-31 14:43:39 PST
krupa will file a separate bug for cvan

Note You need to log in before you can comment on or make changes to this bug.