Closed Bug 877243 Opened 11 years ago Closed 11 years ago

Pin was locked doesn't log the user out.

Categories

(Marketplace Graveyard :: Payments/Refunds, defect, P2)

defect

Tracking

(Not tracked)

VERIFIED FIXED
2013-09-24

People

(Reporter: krupa.mozbugs, Assigned: wraithan)

References

Details

steps to reproduce:
1. Start the purchase of a paid app
2. Enter PIN incorrectly until it gets locked
3. Start the purchase flow after 5 mins
4. Notice that the 'Your Pin was locked' screen loads with 'Continue' and 'Reset Pin' screens
5. Click on the Continue button

expected behavior:
User is prompted to sign in to proceed

observed behavior:
Nothing happens on clicking the Continue button.
Priority: -- → P2
https://github.com/mozilla/webpay/commit/f8bb52a2da6f5d4f7d171d973c51a53541f41da5

Removed this page because it shouldn't have been part of the flow anymore.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-06-06
This page is still accessible on dev and the Continue button doesn't work
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Ah, I mistook what page this is. Also I have a rebuilt env so I can fix this!
https://github.com/mozilla/webpay/commit/53398d071fac223b088d42823c960344eb322f4e

commit has wrong bug number in it, but it is fixed. Just double and triple checked locally. There is still the bug that the enter your pin screen is shown once before showing is_locked. Investigating.
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Now , the "Continue" button is working, but user is asked to Enter PIN instead of signing in with Persona.
Entering the correct locked PIN will start the payments flow.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Flags: affects-moss+
Summary: Clicking the Continue button on 'Your Pin was locked' screen does nothing → Pin was locked doesn't log the user out.
Target Milestone: 2013-06-06 → 2013-07-18
Flags: affects-tricycle+
Flags: affects-seville+
Flags: affects-seahorse+
Flags: affects-durango+
Target Milestone: 2013-07-18 → 2013-07-25
Target Milestone: 2013-07-25 → 2013-08-01
Target Milestone: 2013-08-01 → 2013-08-06
Target Milestone: 2013-08-06 → 2013-08-13
Version: 1.2 → 1.3
Target Milestone: 2013-08-13 → 2013-09-03
Target Milestone: 2013-09-03 → 2013-09-10
Target Milestone: 2013-09-10 → 2013-09-17
I had been implementing what the ticket said, but then I looked into the mocks at: 

https://www.dropbox.com/s/am1ecw2j6o0a0ji/Marketplace_Payments_Flows_PinLockOut.pdf

It looks like once you are locked out, we are supposed to initiate a forceAuth then show the was locked page, then not have to do the forceAuth when you hit reset.

I'd like to propose that we keep what we have currently.

1) get locked out
2) wait 5 mins
3) get the was locked warning
4a) click reset and go through forceAuth like the forgot pin? flow of the normal pin entry
4b) click continue and just enter your pin like normal

Maureen, these are your mocks so it is ultimately up to you, but I'd like to hear your thoughts.
Flags: needinfo?(mhanratty)
Bumping milestone, blocked on UX.
Target Milestone: 2013-09-17 → 2013-09-24
Ok, so are you proposing this:

1) User sees locked out pin error message and clicks "OK"
2) Trusted UI closes and purchase is cancelled
3) User waits 5 minutes
4) User clicks "1.99" on app
5) Show "Your pin was locked. Continue or Reset"

If "Continue"
6A) Show "Enter Pin" screen

If "Reset"
6B) Logout user and require them to sign in again

If that is your proposal it sounds good to me--actually a better flow then I proposed :)  Question: instead of requiring the user to enter their account name what if we pre-fill the account name and just require the password? Would that be ok in your opinion?
Flags: needinfo?(mhanratty)
I'm happy you like that flow.

The name requirement isn't on our side, but rather, it is on Persona's side. ForceAuth requires the user to type their name in again. I would love if it just required them to type their password instead of typing the name as well.

QA: See steps in comment 8 for the new flow.
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
The flow from step 8 is working , but when I tried to reset the PIN and then cancel the reset flow, I was asked for the PIN and old pin worked.
Should I log another bug for this one?
Flags: needinfo?(wraithan)
If you cancel half way through the reset flow it should disregard anything you typed in the reset flow and leave your account how it was before you started resetting your pin, so that sounds like it is doing the right thing.
Flags: needinfo?(wraithan)
(In reply to Wraithan (Chris McDonald) [:wraithan] from comment #11)
> If you cancel half way through the reset flow it should disregard anything
> you typed in the reset flow and leave your account how it was before you
> started resetting your pin, so that sounds like it is doing the right thing.

Thank you , I will mark the bug as verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.