Closed Bug 875295 Opened 10 years ago Closed 9 years ago

Blank screen on [reset] login error

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P3)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 837201

People

(Reporter: scolville, Unassigned)

References

Details

(Whiteboard: [ui-wanted])

Attachments

(1 file)

STR: 

* Click forget pin
* Start reset flow
* login with different account

What happens:

* You get a blank screen with _resetLoginError: [reset] login error in the console

What should happen:

* Assuming this happens due to the differing accounts there should be message that explains what's going on + an option to retry.
Priority: -- → P3
I'll grab some logs and see what's happening
Assignee: nobody → kumar.mcmillan
Flags: affects-tricycle+
Flags: affects-seville+
Flags: affects-seahorse+
Flags: affects-moss+
Flags: affects-durango+
Currently the code raises an explicit exception in this case https://github.com/mozilla/webpay/blob/master/webpay/auth/views.py#L61 I'm not totally sure what should happen here.
Blocks: 876808
Depends on: 837201
Bumping to 1.3 and taking this. I've worked in this area recently. I do need to ping UX to see what the desired outcome here is.

My thoughts:
User hits reset pin
logs in with different user at the force reauth prompt
We offer to let them try again, or if they hit cancel we log them out and take them out of the payment flow.
Assignee: kumar.mcmillan → wraithan
Flags: needinfo?(mhanratty)
Whiteboard: [ui-wanted]
Version: 1.5 → 1.3
When the user clicks "Forgot Pin" and we take them to sign into Persona (changing to Firefox Accounts) will they be considered a returning user and see this screen with their account name? I just want to get the full context of how a user would find themselves sign in as a different account in the flow.
Flags: needinfo?(mhanratty)
No, they don't see the screen with their name. We use Persona's ForceAuth feature which makes them type in their email and password regardless of saved ID settings.
Why are we using forceauth? Wouldn't it be better to reuse the last email wherever possible to lessen the chance of this edge case?

c

(In reply to Wraithan (Chris McDonald) [:wraithan] from comment #6)
> No, they don't see the screen with their name. We use Persona's ForceAuth
> feature which makes them type in their email and password regardless of
> saved ID settings.
(In reply to Crystal Beasley [:skinny, :crystal] from comment #7)
> Why are we using forceauth? Wouldn't it be better to reuse the last email
> wherever possible to lessen the chance of this edge case?

It's actually Persona that blanks out the email when we use forceAuthentication: true. Persona could chose to use the last email and I would be fine with that. All we want is to force the user to re-enter their *password*.

However, even after that we'll need to be prepared for this edge case.
Let's use the last email address and have the user enter their password as Crystal/Kumar suggested. 

As for addressing this edge case, I'm not sure it really warrants it's own error messaging.  Even the wording is super hard to come up with:

"You are logged in with a different account then the one you were using to reset your pin. Would you like to continue or sign back in with a different account?" (User can click "Continue" or "Sign Out"?)

It's really confusing. I'm ok with not showing a message and assuming the user logged in with an different identity on purpose.
(In reply to Maureen Hanratty from comment #9)
> Let's use the last email address and have the user enter their password as
> Crystal/Kumar suggested. 

Sure. That would be a feature request for Persona.

> It's really confusing. I'm ok with not showing a message and assuming the
> user logged in with an different identity on purpose.

I like that! It is the easiest to implement.
Logged in as A
Click reset and type in B as username

If we just put them at the start of payment, the purchase still goes on A's account in the marketplace, but then when they get back to marketplace next they are logged in as B (silently) because of how persona works.

So, when we detect they are a different user we would need to log them out of persona and dump them back at marketplace, so they can log in and make the transaction as the intended user. Unless my understanding of webpay/marketplace/persona is incorrect.
Target Milestone: --- → 2013-10-01
Assignee: wraithan → nobody
Target Milestone: 2013-10-01 → ---
Can we clarify what's actually needing to be done for this bug? Do we need bugs for Persona as per comment 10?
Oh this is what I currently get on bug 837201 comment 6.
Version: 1.3 → 1.4
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.