STR - open Marketplace dev - search :paid - purchase an app - log in with an email - create/confirm PIN - confirm mobile number via SMS (if necessary) - confirm the purchase, install the app - log out - log in as a second user with a different email and different persona account - search :paid, click to purchase another app within 3 minutes Actual: if you switch to the new user and initiate a purchase within 3 minutes, the PIN from the first user will be unlocked. You will immediately see a purchase confirmation screen (no PIN entry). You can then complete the purchase as the first user. Expected: you should be logged out of the payment flow entirely when you begin a purchase as the second user. You should be prompted to create/confirm a new PIN and you should start with a new Bango screen
To fix this, we would need to put an intermediate page in front of this redirect that allows Persona to log the user out (if necessary) https://github.com/mozilla/webpay/blob/master/webpay/pay/views.py#L118
Same as I just posted: https://bugzilla.mozilla.org/show_bug.cgi?id=887862#c3 This is a marketplace login/logout which are currently separate from webpay.
correction: pin unlock window is 5 minutes https://github.com/mozilla/webpay/blob/master/webpay/settings/base.py#L350
https://github.com/mozilla/webpay/commit/9170b4a6899572c5e17e025de0b5795cd0e8648b Had to clear last login and the new bounce code now covers this as well.
Verified as fixed. The new PIN is required after changing the users.