Skip to content

fix(settings): respect Firefox-signed-in user on cached signin page#20466

Merged
vbudhram merged 1 commit intomainfrom
fxa-13494
Apr 29, 2026
Merged

fix(settings): respect Firefox-signed-in user on cached signin page#20466
vbudhram merged 1 commit intomainfrom
fxa-13494

Conversation

@vbudhram
Copy link
Copy Markdown
Contributor

@vbudhram vbudhram commented Apr 27, 2026
edited
Loading

Because

  • When localStorage is cleared (e.g. "Clear cookies and site data on close" or "Forget about this site") but Firefox already has a signed-in user via WebChannel, the Index/cached signin page asked for the email instead of recognising the user.
  • For OAuth-native flows like SmartWindow and VPN, the browser's signedInUser.verified flag stays false even after a successful SyncOAuth signin, because SigninTokenCode deliberately does not send a follow-up fxaLogin with verified=true after token-code completion (pages/Signin/SigninTokenCode/index.tsx:180). The existing App session-init only trusts verified === true, so it fell through to empty localStorage.

This pull request

  • Adds a WebChannel browser-user fallback in pages/Index/container.tsx: when localStorage is empty and we are in Firefox, calls firefox.requestSignedInUser and persists { uid, email } so the cached signin page suggests the right account.
  • Omits sessionToken when the browser reports verified=false so we never trust a stale token; the user is routed to the password form, which is the safe path.
  • Holds the isLoading state until the WebChannel check completes so the email-first form does not briefly flash before the suggested email appears.

Issue that this pull request solves

Closes: https://mozilla-hub.atlassian.net/browse/FXA-13494

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).
  • I have manually reviewed all AI generated code.

Other information

How to test (manual):

  1. In Firefox, sign into Sync via SyncOAuth and complete the email token verification.
  2. Open about:preferences#privacy and use "Clear data" / "Forget about this site" for accounts.firefox.com (or set "Delete cookies and site data when Firefox is closed" and restart).
  3. Trigger a SmartWindow or VPN signin flow.
  4. Expect the password page with your email already shown — not the email-first form.

Copilot AI review requested due to automatic review settings April 27, 2026 19:23
@vbudhram vbudhram requested a review from a team as a code owner April 27, 2026 19:23
@vbudhram vbudhram self-assigned this Apr 27, 2026
Copilot AI reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes cached sign-in behavior in Firefox when site storage is cleared but the browser still has a signed-in user via WebChannel, ensuring the correct account is suggested and routing is safe for unverified browser sessions.

Changes:

  • Add a Firefox/WebChannel fallback in IndexContainer to fetch and persist {uid, email} when local storage is empty.
  • Gate rendering/loading so the email-first UI doesn’t flash before the WebChannel check completes.
  • Add unit + functional test coverage for the WebChannel fallback and SmartWindow flow after clearing storage.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
packages/fxa-settings/src/pages/Index/container.tsx Adds WebChannel fallback + loading gate; conditionally persists sessionToken only when verified === true.
packages/fxa-settings/src/pages/Index/container.test.tsx Adds unit tests validating WebChannel fallback persistence behavior and skip conditions.
packages/functional-tests/tests/oauth/syncSignIn.spec.ts Adds functional coverage for SmartWindow OAuth-native flow after SyncOAuth + cleared storage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/fxa-settings/src/pages/Index/container.tsx Outdated
Comment on lines +138 to +140
...(isTrustedSession
? { sessionToken: userFromBrowser.sessionToken }
: {}),
Copy link

Copilot AI Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

persistAccount merges with any existing accounts[uid] entry. In the verified !== true path you omit sessionToken, but that does not clear a previously stored sessionToken (or other sensitive fields like verified) for the same uid; it would be retained via the merge. To ensure we never trust a stale token, explicitly overwrite/clear these fields when the browser user is not trusted (e.g., pass sessionToken: undefined and, if applicable, reset related verification flags) rather than omitting them from the update.

Suggested change
...(isTrustedSession
? { sessionToken: userFromBrowser.sessionToken }
: {}),
verified: isTrustedSession,
sessionToken: isTrustedSession
? userFromBrowser.sessionToken
: undefined,

Copilot uses AI. Check for mistakes.
@vbudhram
fix(settings): respect Firefox-signed-in user on cached signin page
cfd89ba 
Because: When localStorage is cleared but Firefox already has a
signed-in user via WebChannel, the Index page asked for the email
instead of recognising the user. Mark observed this for SmartWindow
and VPN flows when "Clear cookies and site data on close" was enabled,
or after using "Forget about this site" for accounts.firefox.com.

This commit:
- Adds a WebChannel browser-user fallback in IndexContainer: when
  localStorage is empty and we are in Firefox, request the signed-in
  user from the browser and persist { uid, email } so the cached
  signin page suggests the right account.
- Omits sessionToken when the browser reports verified=false. The
  browser's signedInUser record can be stale for the target service
  (e.g. SmartWindow) since SyncOAuth never sends a follow-up
  fxaLogin with verified=true after token-code completion. Routing
  the user through the password form is the safe path.
- Holds the loading state until the WebChannel check completes so
  the email-first form does not briefly flash before the suggested
  email appears.
- Adds unit tests for the new fallback behaviour.
- Adds functional tests under "signin with OAuth after Sync" that
  drive a real SyncOAuth flow, clear cookies/localStorage, then
  enter SmartWindow and assert the password form is shown with the
  email pre-filled (instead of the email-first form). The second
  test takes the flow through token-code to /settings.

Fixes FXA-13494
vpomerleau
vpomerleau approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@vpomerleau vpomerleau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works as described, code looks good.

Copilot's comment is a nice to have but in practice unlikely to cause problems.

@vbudhram vbudhram merged commit ec8c228 into main Apr 29, 2026
21 checks passed
@vbudhram vbudhram deleted the fxa-13494 branch April 29, 2026 00:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vpomerleau vpomerleau vpomerleau approved these changes

Assignees

@vbudhram vbudhram

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vbudhram @vpomerleau