Skip to content
This repository has been archived by the owner. It is now read-only.

User must sign in again after completing password reset #4763

Closed
shane-tomlinson opened this issue Feb 28, 2017 · 2 comments
Closed

User must sign in again after completing password reset #4763

shane-tomlinson opened this issue Feb 28, 2017 · 2 comments
Assignees

Comments

@shane-tomlinson
Copy link
Member

@shane-tomlinson shane-tomlinson commented Feb 28, 2017

I have a feeling this links to a whole bunch of bugs, and could be the cause of why so many users have > 1 stored account.

STR

  1. In Fx Desktop, ensure e10s is enabled, create and verify an account.
  2. Create a new Fx profile.
  3. Open `about:preferences#sync", click "Sign in".
  4. Instead of signing in, initiate password reset w/ account from 1. Keep tab open.
  5. In a new tab of the same browser, open the password reset email, enter a new password.
  6. The browser will show a notification that says "Sync will start momentarily"
  7. Now, in the tab from 3, click "Manage account"
  8. The user has to sign in again. :(

AND! Check out this account data from localStorage:

__fxa_storage.accounts: "{\"undefined\":{\"lastLogin\":1488298413174}}"

The userId isundefined!

cc @ryanfeeley

Ref #4060, #4115, #4748, #4769

@shane-tomlinson
Copy link
Member Author

@shane-tomlinson shane-tomlinson commented Feb 28, 2017

Oddly, I'm unable to reproduce against local dev servers, only prod.

@shane-tomlinson
Copy link
Member Author

@shane-tomlinson shane-tomlinson commented Feb 28, 2017

Oddly, I'm unable to reproduce against local dev servers, only prod.

Aha! I can locally, with Nightly, after creating a profile using fxa-dev-launcher:

FXA_ENV=local FXA_E10S=true npm start
@shane-tomlinson shane-tomlinson self-assigned this Mar 1, 2017
shane-tomlinson pushed a commit that referenced this issue Mar 1, 2017
What is the problem?
Fx w/ e10s enabled isolates localStorage in about:accounts from
localStorage in normal web content. If a user created a new profile
and did the reset password flow, completed the reset password flow
in the same browser, and then clicked "Manage account", the
user would have to sign in again because of this localStorage isolation.
The last localStorage write in about:accounts blew away the user's
account information, and in fact added a junk account with a uid
of `undefined`.

How does this fix it?
Pass all the data needed to retain the user's session from
the confirm_reset_account tab to the about:accounts tab. The
passed data will be written to localStorage from the about:accounts
tab. Whenever the user clicks Manage Account, the data will
be in localStorage, as expected.

What is `user.removeAccountsWithInvalidUid`?
A bunch of users report having > 1 stored account, it may
be most of these are users who have reset their password
and have one of these junk accounts. Remove them.

fixes #4763
fixes #4769
shane-tomlinson pushed a commit that referenced this issue Mar 1, 2017
What is the problem?
Fx w/ e10s enabled isolates localStorage in about:accounts from
localStorage in normal web content. If a user created a new profile
and did the reset password flow, completed the reset password flow
in the same browser, and then clicked "Manage account", the
user would have to sign in again because of this localStorage isolation.
The last localStorage write in about:accounts blew away the user's
account information, and in fact added a junk account with a uid
of `undefined`.

How does this fix it?
Pass all the data needed to retain the user's session from
the confirm_reset_account tab to the about:accounts tab. The
passed data will be written to localStorage from the about:accounts
tab. Whenever the user clicks Manage Account, the data will
be in localStorage, as expected.

What is `user.removeAccountsWithInvalidUid`?
A bunch of users report having > 1 stored account, it may
be most of these are users who have reset their password
and have one of these junk accounts. Remove them.

fixes #4763
fixes #4769
shane-tomlinson pushed a commit that referenced this issue Mar 2, 2017
What is the problem?
Fx w/ e10s enabled isolates localStorage in about:accounts from
localStorage in normal web content. If a user created a new profile
and did the reset password flow, completed the reset password flow
in the same browser, and then clicked "Manage account", the
user would have to sign in again because of this localStorage isolation.
The last localStorage write in about:accounts blew away the user's
account information, and in fact added a junk account with a uid
of `undefined`.

How does this fix it?
Pass all the data needed to retain the user's session from
the confirm_reset_account tab to the about:accounts tab. The
passed data will be written to localStorage from the about:accounts
tab. Whenever the user clicks Manage Account, the data will
be in localStorage, as expected.

What is `user.removeAccountsWithInvalidUid`?
A bunch of users report having > 1 stored account, it may
be most of these are users who have reset their password
and have one of these junk accounts. Remove them.

fixes #4763
fixes #4769
@shane-tomlinson shane-tomlinson added this to the FxA-0: quality milestone Mar 2, 2017
vladikoff added a commit that referenced this issue Mar 3, 2017
) r=vladikoff

What is the problem?
Fx w/ e10s enabled isolates localStorage in about:accounts from
localStorage in normal web content. If a user created a new profile
and did the reset password flow, completed the reset password flow
in the same browser, and then clicked "Manage account", the
user would have to sign in again because of this localStorage isolation.
The last localStorage write in about:accounts blew away the user's
account information, and in fact added a junk account with a uid
of `undefined`.

How does this fix it?
Pass all the data needed to retain the user's session from
the confirm_reset_account tab to the about:accounts tab. The
passed data will be written to localStorage from the about:accounts
tab. Whenever the user clicks Manage Account, the data will
be in localStorage, as expected.

What is `user.removeAccountsWithInvalidUid`?
A bunch of users report having > 1 stored account, it may
be most of these are users who have reset their password
and have one of these junk accounts. Remove them.

fixes #4763
fixes #4769
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants