If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[stage] Unable to confirm PIN; blocked from purchasing apps

VERIFIED FIXED in 2013-04-25

Status

Marketplace
Payments/Refunds
--
blocker
VERIFIED FIXED
5 years ago
5 years ago

People

(Reporter: krupa, Assigned: kumar)

Tracking

2013-04-25
Points:
---

Details

(Whiteboard: p=1)

(Reporter)

Description

5 years ago
steps to reproduce:
1. Load (marketplace.allizom.org) stage app
2. Log in using persona
3. Create PIN (1234)
4. Confirm PIN (1234)

observed behavior:
Confirm PIN fails with incorrect PIN even on entering the right PIN.

Happens only in stage. This blocks payments testing on stage.
(Reporter)

Comment 1

5 years ago
Now I get CSRF failure everytime.

Starting: 48618db0
I/PRLog   (  109): 2013-04-22 08:35:31.097210 UTC - 1074943224[40404160]: http request [
I/PRLog   (  109): 2013-04-22 08:35:31.097271 UTC - 1074943224[40404160]:   POST /mozpay/pin/create HTTP/1.1
I/PRLog   (  109): 2013-04-22 08:35:31.097332 UTC - 1074943224[40404160]:   Host: marketplace.allizom.org
I/PRLog   (  109): 2013-04-22 08:35:31.097363 UTC - 1074943224[40404160]:   User-Agent: Mozilla/5.0 (Mobile; rv:18.0) Gecko/18.0 Firefox/18.0
I/PRLog   (  109): 2013-04-22 08:35:31.098858 UTC - 9896384[40404470]:   [secinfo=44341ab0 callbacks=47d74768]
I/PRLog   (  109): 2013-04-22 08:35:31.097424 UTC - 1074943224[40404160]:   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
I/PRLog   (  109): 2013-04-22 08:35:31.099743 UTC - 1074943224[40404160]:   Accept-Language: en-US,en;q=0.5
I/PRLog   (  109): 2013-04-22 08:35:31.099804 UTC - 1074943224[40404160]:   Accept-Encoding: gzip, deflate
I/PRLog   (  109): 2013-04-22 08:35:31.099835 UTC - 1074943224[40404160]:   Referer: https://marketplace.allizom.org/mozpay/pin/create
I/PRLog   (  109): 2013-04-22 08:35:31.099896 UTC - 1074943224[40404160]:   Cookie: webpay_sessionid=a6646562fb5f6f04354d674d63d97c64; webpay_anoncsrf=X8V4mxjks1FuJxOxngNYOZf5Ho4xe7ZW
I/PRLog   (  109): 2013-04-22 08:35:31.101269 UTC - 9896384[40404470]:   active=4 idle=1
I/PRLog   (  109): 2013-04-22 08:35:31.101299 UTC - 9896384[40404470]:   advancing to STATE_CONNECTING
I/PRLog   (  109): 2013-04-22 08:35:31.099926 UTC - 1074943224[40404160]:   Connection: keep-alive
I/PRLog   (  109): 2013-04-22 08:35:31.101849 UTC - 1074943224[40404160]: ]
I/PRLog   (  109): 2013-04-22 08:35:31.432934 UTC - 9896384[40404470]: nsHttpTransaction::HandleContentStart [this=48618db0]
Duration:        0.337 48618db0       (marketplace.allizom.org -> POST /mozpay/pin/create)
I/PRLog   (  109): 2013-04-22 08:35:31.432964 UTC - 9896384[40404470]: http response [
I/PRLog   (  109): 2013-04-22 08:35:31.433026 UTC - 9896384[40404470]:   HTTP/1.0 200 OK
I/PRLog   (  109): 2013-04-22 08:35:31.433056 UTC - 9896384[40404470]: ]
I/PRLog   (  109): 2013-04-22 08:35:33.207226 UTC - 9896384[40404470]: nsHttpTransaction::HandleContentStart [this=48618db0]
I/PRLog   (  109): 2013-04-22 08:35:33.207287 UTC - 9896384[40404470]: http response [
I/PRLog   (  109): 2013-04-22 08:35:33.207409 UTC - 9896384[40404470]:   HTTP/1.1 403 FORBIDDEN
I/PRLog   (  109): 2013-04-22 08:35:33.207470 UTC - 9896384[40404470]:   Server: gunicorn/0.14.6
I/PRLog   (  109): 2013-04-22 08:35:33.207562 UTC - 9896384[40404470]:   Vary: X-Mobile, User-Agent, Cookie, Accept-Language, Accept-Encoding
I/PRLog   (  109): 2013-04-22 08:35:33.207623 UTC - 9896384[40404470]:   Content-Type: text/html; charset=utf-8
I/PRLog   (  109): 2013-04-22 08:35:33.207684 UTC - 9896384[40404470]:   Content-Encoding: gzip
I/PRLog   (  109): 2013-04-22 08:35:33.207775 UTC - 9896384[40404470]:   Date: Mon, 22 Apr 2013 08:35:29 GMT
I/PRLog   (  109): 2013-04-22 08:35:33.207836 UTC - 9896384[40404470]:   Transfer-Encoding: chunked
I/PRLog   (  109): 2013-04-22 08:35:33.207897 UTC - 9896384[40404470]:   Via: Moz-pp-zlb09
I/PRLog   (  109): 2013-04-22 08:35:33.207958 UTC - 9896384[40404470]:   Connection: keep-alive
I/PRLog   (  109): 2013-04-22 08:35:33.208050 UTC - 9896384[40404470]:   Set-Cookie: multidb_pin_writes=y; expires=Mon, 22-Apr-2013 08:35:44 GMT; Max-Age=15; Path=/
I/PRLog   (  109): 2013-04-22 08:35:33.208111 UTC - 9896384[40404470]:   x-frame-options: DENY
I/PRLog   (  109): 2013-04-22 08:35:33.208172 UTC - 9896384[40404470]: ]
(Reporter)

Comment 2

5 years ago
Starting: 48618db0
 http request [
POST /mozpay/pin/create HTTP/1.1
Host: marketplace.allizom.org
User-Agent: Mozilla/5.0 (Mobile; rv:18.0) Gecko/18.0 Firefox/18.0
[secinfo=44341ab0 callbacks=47d74768]
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://marketplace.allizom.org/mozpay/pin/create
Cookie: webpay_sessionid=a6646562fb5f6f04354d674d63d97c64; webpay_anoncsrf=X8V4mxjks1FuJxOxngNYOZf5Ho4xe7ZW
active=4 idle=1
advancing to STATE_CONNECTING
Connection: keep-alive
]
nsHttpTransaction::HandleContentStart [this=48618db0]
Duration:        0.337 48618db0       (marketplace.allizom.org -> POST /mozpay/pin/create)
http response [
HTTP/1.0 200 OK
]
nsHttpTransaction::HandleContentStart [this=48618db0]
http response [
HTTP/1.1 403 FORBIDDEN
Server: gunicorn/0.14.6
Vary: X-Mobile, User-Agent, Cookie, Accept-Language, Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Date: Mon, 22 Apr 2013 08:35:29 GMT
Transfer-Encoding: chunked
Via: Moz-pp-zlb09
Connection: keep-alive
Set-Cookie: multidb_pin_writes=y; expires=Mon, 22-Apr-2013 08:35:44 GMT; Max-Age=15; Path=/
x-frame-options: DENY
]
I think we need to push a solitude update to stage for some new_pin changes maybe
I pushed bug 863493 to stage but it did not shed any light on the problem
The PIN mismatch error went away for me after updating solitude on stage. Take note that the CSRF error appears if you've already made a payment on dev and then on the same phone you open stage. In other words, CSRF stopped failing for me when I flashed the phone, did not touch dev, then made a payment on stage. 

It sounds like something in the Trusted UI is getting cached but we can probably ignore it for the short term since no real user would be in that scenario.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 6

5 years ago
Verified as fixed on Unagi
Status: RESOLVED → VERIFIED
Assignee: nobody → kumar.mcmillan
Whiteboard: p=1
Target Milestone: --- → 2013-04-25
You need to log in before you can comment on or make changes to this bug.