Cannot switch users while PIN is unlocked

VERIFIED FIXED in 2013-09-10

Status

Marketplace
Payments/Refunds
P2
normal
VERIFIED FIXED
5 years ago
4 years ago

People

(Reporter: kumar, Assigned: wraithan)

Tracking

2013-09-10
x86
Mac OS X
Points:
---

Details

STR
- open Marketplace dev
- search :paid
- purchase an app
- log in with an email
- create/confirm PIN
- confirm mobile number via SMS (if necessary)
- confirm the purchase, install the app
- log out
- log in as a second user with a different email and different persona account
- search :paid, click to purchase another app within 3 minutes

Actual: if you switch to the new user and initiate a purchase within 3 minutes, the PIN from the first user will be unlocked. You will immediately see a purchase confirmation screen (no PIN entry). You can then complete the purchase as the first user.

Expected: you should be logged out of the payment flow entirely when you begin a purchase as the second user. You should be prompted to create/confirm a new PIN and you should start with a new Bango screen
To fix this, we would need to put an intermediate page in front of this redirect that allows Persona to log the user out (if necessary) https://github.com/mozilla/webpay/blob/master/webpay/pay/views.py#L118

Updated

5 years ago
Priority: -- → P2
(Assignee)

Updated

5 years ago
Assignee: nobody → wraithan
Same as I just posted: https://bugzilla.mozilla.org/show_bug.cgi?id=887862#c3

This is a marketplace login/logout which are currently separate from webpay.

Updated

4 years ago
Version: 1.0 → 1.3
correction: pin unlock window is 5 minutes https://github.com/mozilla/webpay/blob/master/webpay/settings/base.py#L350
(Assignee)

Updated

4 years ago
Target Milestone: --- → 2013-09-10
https://github.com/mozilla/webpay/commit/9170b4a6899572c5e17e025de0b5795cd0e8648b

Had to clear last login and the new bounce code now covers this as well.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED

Comment 5

4 years ago
Verified as fixed. The new PIN is required after changing the users.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.