Closed Bug 871591 Opened 12 years ago Closed 11 years ago

the user can buy normally after changing the Sim card in WiFi mode

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P3)

Avenir
x86
Windows 7
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: eder.mozbugs, Unassigned)

References

Details

(Keywords: productwanted, uiwanted)

steps to reproduce: 1.-Open Marketplace app via WIFI connection 2.-Turn off carrier network connection and start WiFi and Find a paid app and try to purchase it 3.-Enter a new email address to Persona 4.-create and confirm new Persona password 5.-Create a new Persona password and continue 6.-Create and confirm PIN 7.-Confirm phone number and continue 8. Enter the 4 digit credentials received in the SMS and continue 9-Cancel the purchase, turn off the phone and replace the SIM with the Movistar SIM. Open Marketplace app and purchase an app via direct billing using WiFi network connection. expected behavior: must show the error message when trying to purchase via direct billing after switching Sim. observed behavior: the user can buy normally after changing the Sim card in WiFi mode
To confirm my understanding: This bug is saying we purchase an app via direct billing, change the SIM card, and purchase another app, the second app will be billed to the first SIM's carrier?
comment #1 is something we should definitely address regardless. The only way to address it is for webpay to receive a system level event saying that a new SIM card was inserted. At that point we can log out of Bango which will clear the cookie that was saved for the last SIM.
Ferjm - Any insight in the potential fix here?
Flags: needinfo?(ferjmoreno)
When we were in Spain, I talked to Jorge from bluevia about this usecase. Bluevia/Bango currently invalidate their cookie every two weeks (or a month?). So, that might mitigate the risk a little bit.
I am not overly worried about this case, though it is something we should fix. I think it is a bit of a corner case, and the original user should get a confirmation email. It would also only happen, right now, if this is within 5 minutes of a PIN unlock since the person would need to enter a PIN tied to the account. Most likely it is the same person and not a stranger. They just may not know which SIM they are billing. I am wondering what happens on other platforms as this wouldn't be unique to us. Do other stores receive a system level event when a SIM is inserted?
I am not overly worried about this case, though it is something we should fix. I think it is a bit of a corner case, and the original user should get a confirmation email. It would also only happen, right now, if this is within 5 minutes of a PIN unlock since the person would need to enter a PIN tied to the account. Most likely it is the same person and not a stranger. They just may not know which SIM they are billing. I am wondering what happens on other platforms as this wouldn't be unique to us. Do other stores receive a system level event when a SIM is inserted?
This may also be an issue with a dual SIM device as well. https://bugzilla.mozilla.org/show_bug.cgi?id=838722
We can probably expose the ICC info[*] to the payment provider so it can check if the cookie was set for that specific SIM or not. We probably want to let user pay with a SIM that is not inserted in the device during the payment flow if it was previously authenticated, but we need to warn the user about that situation and let her choose the SIM to be charged. [*] https://mxr.mozilla.org/mozilla-central/source/dom/network/interfaces/nsIDOMMobileConnection.idl#491
Flags: needinfo?(ferjmoreno)
Today I repeated the test with better signal of Wifi network now, the test is correct , MP sent the error message "User does not exist"
I agree with comment 8. Though we also need to keep in mind the scenario when the device has multiple sim cards.
Depends on: 872751
marking uiwanted and productwanted. It sounds like this isn't important to product (comment 5 and comment 6) so marking P3. Maria/David: Let me know what you want to do regarding functionality/messaging.
Assignee: nobody → msandberg
Severity: major → normal
Priority: -- → P3
Same behavior in Colombia. The mobile number isn't confirmed after SIM changing.
Flags: affects-seville+
Flags: affects-durango+
Version: 1.0 → Avenir
Is this fixed with the Moz_User_id changes? If not, still pretty much a corner case so low priority.
Assignee: msandberg → amckay
This was fixed with the iccInfo change that landed in bug 961794, that gave the iccInfo to webpay so it could call the Bango log out.
Assignee: amckay → nobody
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.