Closed Bug 837201 Opened 10 years ago Closed 9 years ago

Deal with users logging in with a different account than their marketplace account

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P4)

defect

Tracking

(Not tracked)

RESOLVED FIXED
2013-11-12

People

(Reporter: krupa.mozbugs, Assigned: andy+bugzilla)

References

Details

(Whiteboard: p=2 kanbanzilla[Review])

steps to reproduce:
1. Tester is logged in as user1
2. Click on the purchase button for private yacht
3. In the Enter your PIN screen, click on 'Forgot PIN?' button
4. When prompted to sign in, sign in as User2

expected behavior:
We catch whenever the sign in doesn't match and gracefully return the user to the app details page with an informative user message.

observed behavior:
We allow user to log in as User2 and reset their PIN while they are still logged in as User1
For 1.1 I think we should just cancel the flow if the email is different. This means:

- add in a hashed version of a users email
- after any login compare the two
- if it changes cancel the entire flow and let them start again
Version: 1.0 → 1.1
(In reply to krupa raj 82[:krupa] from comment #0)
> steps to reproduce:
> 1. Tester is logged in as user1
> 2. Click on the purchase button for private yacht
> 3. In the Enter your PIN screen, click on 'Forgot PIN?' button
> 4. When prompted to sign in, sign in as User2
> 
> expected behavior:
> We catch whenever the sign in doesn't match and gracefully return the user
> to the app details page with an informative user message.
> 
> observed behavior:
> We allow user to log in as User2 and reset their PIN while they are still
> logged in as User1


After the user resets their PIN, we show them a "Page not Found!" error
(In reply to Andy McKay [:andym] from comment #1)
> For 1.1 I think we should just cancel the flow if the email is different.
> This means:
> 
> - add in a hashed version of a users email
> - after any login compare the two
> - if it changes cancel the entire flow and let them start again

agreed
Priority: -- → P3
Renamed. Kumar and I agree this is a 1.2 thing and we will look into just preventing the user from using a different account than their marketplace account.
Summary: Deal with users logging in with a different account while resetting their PIN → Deal with users logging in with a different account than their marketplace account
Version: 1.1 → 1.2
Whiteboard: p=
This now results in the following traceback: http://sentry.dmz.phx1.mozilla.com/marketplace-dev-webpay/group/11905/

ValueError: A user tried to reverify herself with a new email: krupa.mozbugs+78@gmail.com

Stacktrace (most recent call last):

  File "django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "django/views/decorators/http.py", line 41, in inner
    return func(request, *args, **kwargs)
  File "webpay/base/decorators.py", line 11, in wrapper
    response = func(*args, **kw)
  File "webpay/auth/views.py", line 48, in reverify
    'new email: %s' % email)
Whiteboard: p= → p=2
Assignee: nobody → wraithan
Priority: P3 → P4
Version: 1.2 → 1.3
Blocks: 875295
Target Milestone: --- → 2013-10-01
Assignee: wraithan → nobody
Assignee: nobody → amckay
Target Milestone: 2013-10-01 → 2013-10-14
Trying this now, after changing my account, I get the following:

Content JS LOG at https://marketplace-dev-cdn.allizom.org/mozpay/media/js/pay-min.js?build=9f05ceb-5249bd4e:5 in o: [reset] nav.id onlogin
Content JS LOG at https://marketplace-dev-cdn.allizom.org/mozpay/media/js/pay-min.js?build=9f05ceb-5249bd4e:5 in a: [reset] login error

And I'm stuck on the "connecting to persona" spinner.
We can pass through an experimental_emailHint to persona now to pre-fill the Persona form.

https://github.com/mozilla/browserid/pull/3843
Whilst yak shaving on this: https://github.com/mozilla/webpay/commit/c97f7f
Status: NEW → ASSIGNED
Version: 1.3 → 1.4
CC list accessible: false
Not accessible to reporter
Target Milestone: 2013-10-14 → 2013-10-21
Target Milestone: 2013-10-21 → 2013-10-28
Target Milestone: 2013-10-28 → 2013-11-05
Target Milestone: 2013-11-05 → 2013-11-12
Whiteboard: p=2 → p=2 kanbanzilla[Review]
https://github.com/mozilla/webpay/commit/fc7f2a
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.