Closed Bug 892068 Opened 6 years ago Closed 6 years ago

Expose MCC/MNC to payment providers in mozPay() so Webpay can disable payments per region

Categories

(Core :: DOM: Device Interfaces, defect, P2)

x86
macOS
defect

Tracking

()

RESOLVED FIXED
mozilla25
blocking-b2g leo+
Tracking Status
firefox23 --- wontfix
firefox24 --- wontfix
firefox25 --- fixed
b2g18 --- fixed
b2g18-v1.0.0 --- wontfix
b2g18-v1.0.1 --- wontfix
b2g-v1.1hd --- fixed

People

(Reporter: andy+bugzilla, Assigned: ferjm)

References

Details

(Whiteboard: [LeoVB+])

Attachments

(2 files, 1 obsolete file)

At first there was an email whitelist in webpay to allow payments to work for that whitelist.

Then it was requested to do it by region. The whitelist doesn't work to well for that, so we put a region setting in marketplace. That works great for paid apps.

However in-app payments never hit the marketplace, they hit webpay directly.

We need some way to block in-app payments in a region as well if possible.

Perhaps something when we check the price tiers against the marketplace?
This will require a device API change to know the region that the user is purchasing in.

nav.mozPay() will need to expose MCC info to Webpay so that we can use it like the Marketplace app does: https://github.com/mozilla/fireplace/blob/2dd55b5e7546089571113d9641d65ae8c8ec4190/hearth/media/js/mobilenetwork.js#L263
Blocks: PayId-v1next
Summary: Disabling in-app payments per region → Disabling in-app payments per region in Webpay
What's the deadline for this?
Assignee: nobody → ferjmoreno
Antonio, Jonas, any objection to exposing the MCC/MNC to the payment provider?
Flags: needinfo?(jonas)
Flags: needinfo?(amac)
Hmm... I think that's on the same boat that a broad geolocation, and as such it should probably be communicated to the user somehow (I'm ok with that being on the terms of use or something like that). Other than that, I don't have any objection.
Flags: needinfo?(amac)
blocking-b2g: --- → leo?
Priority: -- → P2
Component: Payments/Refunds → DOM: Device Interfaces
Product: Marketplace → Core
Version: 1.5 → Trunk
Summary: Disabling in-app payments per region in Webpay → Expose MCC/MNC to payment providers in mozPay() so Webpay can disable payments per region
Andy/Kumar - I'm curious: if you try to use navigator.mozMobileConnection, do you have privileged access to use it? (I think not, but it's worth trying.)

https://github.com/mozilla/fireplace/blob/master/hearth/media/js/mobilenetwork.js#L263-271
The Mobile Connection API can only be accessed from certified apps and the payment provider flow is unprivileged web content.
The `mobilenetwork` permission though is available to privileged apps though (which is what we use on the Marketplace): http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsTable.jsm#121

Is there a way to make the payment provider flow `privileged`?
Unfortunately, there is no way to make the payment provider flow privileged, as it is just a regular web content loaded in a somehow trusted chrome frame. All its payments "superpowers" are given by explicitly injecting the required functionality in its content. The only way to expose the MCC/MNC to the payment provider is by also injecting it in the payment flow, the same way that we did with the ICC in bug 872987.
Talked with Andy & in triage about this - kicking this out to koi. It's too late to take features into 1.1 at this point. We also shipped without this for 1.01.

Agreed this is important, so product should weigh in if this is a blocker for 1.2.
blocking-b2g: leo? → koi?
Flags: needinfo?(ffos-product)
Not from me
Flags: needinfo?(jonas)
Attached patch v1Splinter Review
This patch exposes mozPaymentProvider.mcc and mozPaymentProvider.mnc.
Attachment #781653 - Flags: review?(fabrice)
Removing needinfo on product since we've got a patch already.
Flags: needinfo?(ffos-product)
Comment on attachment 781653 [details] [diff] [review]
v1

Review of attachment 781653 [details] [diff] [review]:
-----------------------------------------------------------------

::: b2g/chrome/content/payment.js
@@ +58,5 @@
>      this._onsuccess = aSuccessCallback;
>    },
>  
>    set onerror(aErrorCallback) {
> +    _debug("ON ERROR set " + aErrorCallback);

Oops. This will be gone on the final patch.
Attachment #781653 - Flags: review?(fabrice) → review+
https://hg.mozilla.org/mozilla-central/rev/776f2e0b6860
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla25
Mozilla is unable to tell which Operator is loading the Marketplace which means we will not be able to load the right content for a given user. 

Rick has escalated this and I agree this is a product blocker for 1.1. 

Nom'ing for leo and asking all our OEM partners to pick this up if at all possible.
blocking-b2g: koi? → leo?
blocking-b2g: leo? → leo+
Needs a branch-specific patch for uplift.
Flags: needinfo?(ferjmoreno)
Fabrice, any chance you could help since ferjm is on PTO?
Flags: needinfo?(fabrice)
Attached patch b2g18 patch (obsolete) — Splinter Review
Sorry for the delay on this, I've been on PTO for a while.
Flags: needinfo?(ferjmoreno)
Flags: needinfo?(fabrice)
Comment on attachment 795489 [details] [diff] [review]
b2g18 patch

Wrong patch
Attachment #795489 - Attachment is obsolete: true
Attached patch b2g18 patchSplinter Review
Whiteboard: [LeoVB+]
You need to log in before you can comment on or make changes to this bug.