Signing in a second user fails after a first unverified user is signed in

RESOLVED WORKSFORME

Status

()

defect
RESOLVED WORKSFORME
5 years ago
2 years ago

People

(Reporter: jedp, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

:ferjm discovered in manual testing that a user cannot sign into firefox accounts if it is still polling for a different user's email verification.

    Gecko  I  1391798125571 FirefoxAccounts  DEBUG     Clock offset vs https://api.accounts.firefox.com/v1: -571
    Gecko  I  1391798125573 FirefoxAccounts  DEBUG     checkEmailStatus -> {"email":"ttttt@gggggg","verified":false}
    Gecko  I  1391798125574 FirefoxAccounts  DEBUG     polling with step = 3000
    Gecko  I  1391798125575 FirefoxAccounts  DEBUG     time remaining: 267000
    Gecko  I  1391798125576 FirefoxAccounts  DEBUG     started timer 56
    Gecko  I  1391798128577 FirefoxAccounts  DEBUG     entering pollEmailStatus: timer 4
    Gecko  I  1391798128862 FirefoxAccounts  DEBUG     (Response) code: 200 - Status text: OK
    Gecko  I  1391798128863 FirefoxAccounts  DEBUG     Clock offset vs https://api.accounts.firefox.com/v1: -863
    Gecko  I  1391798128866 FirefoxAccounts  DEBUG     checkEmailStatus -> {"email":"ttttt@gggggg","verified":false}
    Gecko  I  1391798128867 FirefoxAccounts  DEBUG     polling with step = 3000
    Gecko  I  1391798128867 FirefoxAccounts  DEBUG     time remaining: 264000
    Gecko  I  1391798128868 FirefoxAccounts  DEBUG     started timer 57
    Gecko  I  1391798129397 FirefoxAccounts  DEBUG     Got content msg {"id":"497be3b6-d82f-99f2-8e6e-60918593a895","data":{"method":"logout"}}
    Gecko  I  1391798129398 FirefoxAccounts  DEBUG     Polling aborted; Another user signing in
    Gecko  I  1391798129399 FirefoxAccounts  DEBUG     generationCount: 5
    Gecko  I  1391798129434 FirefoxAccounts  DEBUG     Notifying observers of fxaccounts:onlogout
    Gecko  I  1391798129435 FirefoxAccounts  DEBUG     Observed fxaccounts:onlogout
    Gecko  I  1391798129436 FirefoxAccounts  DEBUG     Chrome event {"eventName":"onlogout"}
    Gecko  I  1391798129757 FirefoxAccounts  DEBUG     (Response) code: 200 - Status text: OK
    Gecko  I  1391798129760 FirefoxAccounts  DEBUG     Clock offset vs https://api.accounts.firefox.com/v1: -760
    Gecko  I  1391798129763 FirefoxAccounts  DEBUG     Signed out
    Gecko  I  1391798129764 FirefoxAccounts  DEBUG     Chrome event {"id":"497be3b6-d82f-99f2-8e6e-60918593a895","data":null}
    GeckoConsole  E  [JavaScript Error: "A promise chain failed to handle a rejection.
    GeckoConsole  E  Date: Fri Feb 07 2014 13:35:29 GMT-0500 (EST)
    GeckoConsole  E  Full Message: Error: Verification aborted; Another user signing in
    GeckoConsole  E  Full Stack: abortExistingFlow@resource://gre/modules/FxAccounts.jsm:119
    GeckoConsole  E  signOut@resource://gre/modules/FxAccounts.jsm:131
    GeckoConsole  E  signOut@resource://gre/modules/FxAccounts.jsm:635
    GeckoConsole  E  this.FxAccountsManager._signOut@resource://gre/modules/FxAccountsManager.jsm:178
    GeckoConsole  E  this.FxAccountsManager.signOut@resource://gre/modules/FxAccountsManager.jsm:232
    GeckoConsole  E  this.FxAccountsMgmtService.handleEvent@resource://gre/modules/FxAccountsMgmtService.jsm:111
    GeckoConsole  E  sendMessage@app://system.gaiamobile.org/js/fxa_client.js:35
    GeckoConsole  E  logout@app://system.gaiamobile.org/js/fxa_client.js:86
    GeckoConsole  E  fxa_mgmt_onPortMessage/</<@app://system.gaiamobile.org/js/fxa_manager.js:84
    GeckoConsole  E  perFileCallback@app://system.gaiamobile.org/shared/js/lazy_loader.js:72
    GeckoConsole  E  LazyLoader</LazyLoader.prototype.load@app://system.gaiamobile.org/shared/js/lazy_loader.js:80
    GeckoConsole  E  fxa_mgmt_onPortMessage/<@app://system.gaiamobile.org/js/fxa_m 

There is a test in test_accounts.js (test_overlapping_signins) that was written for this very case, but which is evidently not catching the problem.

Comment 1

5 years ago
I believe that in production the signin UI should not allow an attempted signin if a previously signed-in user has not signed out. Could this case be an artifact of using the test app?
(In reply to Sam Penrose from comment #1)
> I believe that in production the signin UI should not allow an attempted
> signin if a previously signed-in user has not signed out.

AFAIK this is true on Desktop, though it would be good for Mark to confirm.
Component: Sync → FxA
Product: Firefox → Core
(In reply to :Gavin Sharp (email gavin@gavinsharp.com) from comment #2)
> (In reply to Sam Penrose from comment #1)
> > I believe that in production the signin UI should not allow an attempted
> > signin if a previously signed-in user has not signed out.
> 
> AFAIK this is true on Desktop, though it would be good for Mark to confirm.

Yes, this is the intent.  I can't reproduce the problem - I'm forced to "forget" (or whatever the term the UI uses) the unverified account before I can sign in to a verified account, and that second sign in works fine for me.

Jed: can you supply any more context here, or should we close this WFM?
Flags: needinfo?(jparsons)
I think that sounds reasonable.  Thanks, Mark.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(jparsons)
Resolution: --- → WORKSFORME
Shouldn't the FirefoxAccounts API handle this case more gracefully, though? Not a practical problem for the moment, but still seems like an API design issue.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Or is the existing failure for this case (comment 0?) "reasonable"?

Comment 7

5 years ago
The API in question is a part of the user agent. Signing out of the user agent and back in as a different person makes sense. Allowing a second sign in while an identity is already logged in contradicts the very notion of a user agent (until we roll out a "four-hands tablet" or "multi-account phone" or something). I believe we can close this without fear it will need to be reopened for a long time. Gavin?
Flags: needinfo?(gavin.sharp)
Right, I agree that this should fail. My question was specifically about whether the failure case/error reporting is reasonable - I couldn't really tell from comment 0. If you're happy with it I have no objection!
Flags: needinfo?(gavin.sharp)

Comment 9

5 years ago
Yeah, I think it works. Thanks for looking at it.
Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → WORKSFORME

Updated

2 years ago
Product: Core → Firefox
You need to log in before you can comment on or make changes to this bug.