Closed Bug 850899 Opened 10 years ago Closed 10 years ago

Confirm your mobile number screen should be shown only once per user

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P1)

defect

Tracking

(Not tracked)

VERIFIED FIXED
2013-04-04

People

(Reporter: krupa.mozbugs, Assigned: kumar)

References

Details

(Whiteboard: p=3)

Attachments

(6 files, 1 obsolete file)

steps to reproduce:
1. Start the purchase flow for a paid app on your unagi phone
2. Log in using Identity
3. Enter PIN
4. Confirm your mobile number and enter the SMS PIN
5. Confirm the purchase
6. Start the purchase of a second app
7. 

expected behavior:
We ask the user to confirm their mobile number only once per account.

observed behavior:
I am being asked to confirm my mobile number for the same account every time I make a purchase.
Mobile numbers are not linked to the account.  We place a cookie on the device. Clearing your cookies (by flashing your device / profile etc) will mean you'll need to re confirm you mobile number again.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
Attached file log file (obsolete) —
I have attached the entire log file when I hit this issue again. There are a lot of requests around PIN verification (since I was testing that piece. So, please ignore that part). I didn't edit the log since I felt it may be useful to have all the logs.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Attachment #725509 - Attachment is obsolete: true
Attached file log file
Notice that the POST /_/ws/UserInformation.asmx/SendMTMobileIdentityCode is done once at 05:39:31 and then again at 17:46:52.981619 and then once at 18:42:34.301997
Looking at the logs its seems that you do around 9 purchases / purchase attempts (around 05:40ish), then you leave the device for around 12hours, 

When you return at 17:46ish the bango cookie is gone (Not sure why?)

At 18:09 you explicitly logout (GET /mozpayment/logout), which will remove the bango cookie and will mean you'll need to re-authenticate.
Attached file more logging
This log file shows that I was asked to confirm my mobile number multiple times..
Again in this log - you make a purchase, then logout, then make another purchase attempt. When "/mozpayments/logout" is requested the bango identity cookie is removed, thus you need to re-authenticate (either automatically via headers, or manually by sending an SMS). 

Either way this looks like expected behaviour.
I think we are calling /logout incorrectly since I was not logging out during this purchase. Kumar, thoughts?
Krupa, I cannot reproduce this on device against the dev server. Can you find me on IRC so we can figure it out? When I try the STR, Bango remembers me as expected. Maybe this is related to AT&T somehow? I am on T-Mobile.
the log shows that Mozilla is calling logout so let me look at this
Assignee: keir → kumar.mcmillan
Priority: -- → P1
Target Milestone: --- → 2013-03-21
Attached file logging from 03/20
I'm pretty stumped on this; there's nothing obvious to trigger the bango logout. Krupa, I added some JS logging to try and pinpoint it. Can you try again and attach a logcat? 

Logging added in https://github.com/mozilla/webpay/commit/3570af39fae6e0e6a2542aa6e529bc496fd22116
Hold up, I had one of those "in the shower" moments. I suspect something to do with localStorage is behaving in an unexpected way within the Trusted UI to cause this. I am investigating...
Target Milestone: 2013-03-21 → 2013-03-28
Whiteboard: p=3
I'm having a hard time catching this in action. Krupa, I added more logging around the local storage code. Can you try to reproduce this on dev and, if so, attach a logcat? I don't need an http log, just the logcat.

https://github.com/mozilla/webpay/commit/11a16753ee9e6fc14f78aaac3c5e3dda6c103e4b
Attached file logs from 03/25
Can you attach a logcat not the http log?
Attached file logging from mar-27
Hey Krupa, there is unfortunately a shiny new setting on the phone in the developer section called Console Enabled :( Can you turn that on and re-capture the log? There is no content logging in the log you attached.
(In reply to Kumar McMillan [:kumar] from comment #17)
> Hey Krupa, there is unfortunately a shiny new setting on the phone in the
> developer section called Console Enabled :( Can you turn that on and
> re-capture the log? There is no content logging in the log you attached.

I'll try.
Attached file logging from 03/28
Target Milestone: 2013-03-28 → 2013-04-04
I haven't seen this error off late. Closing the bug.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Tried many time today and for subsequent purchases, the phone number was not required. Marking it as verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.