Bug 1023463 - [FxA] Leave user logged in after failed RP refresh authentication. r=jedp

2024-09-13 09:24:08 -07:00 · 2014-06-10 16:38:55 -07:00 · 2014-06-10 16:38:55 -07:00 · fcca7e87d8
commit fcca7e87d8
parent 2e80794d71
1 changed files with 20 additions and 7 deletions
--- a/services/fxaccounts/FxAccountsManager.jsm
+++ b/services/fxaccounts/FxAccountsManager.jsm
@ -177,7 +177,7 @@ this.FxAccountsManager = {
          if (exists) {
            return this.getAccount().then(
              (user) => {
-                return this._refreshAuthentication(aAudience, user.email);
+                return this._refreshAuthentication(aAudience, user.email, true);
              }
            );
          // ... otherwise, the account was deleted, so ask for Sign In/Up
@ -209,7 +209,17 @@ this.FxAccountsManager = {
    );
  },

-  _refreshAuthentication: function(aAudience, aEmail) {
+  /**
+   * "Refresh authentication" means:
+   *   Interactively demonstrate knowledge of the FxA password
+   *   for the currently logged-in account.
+   * There are two very different scenarios:
+   *   1) The password has changed on the server. Failure should log
+   *      the current account OUT.
+   *   2) The person typing can't prove knowledge of the password used
+   *      to log in. Failure should do nothing.
+   */
+  _refreshAuthentication: function(aAudience, aEmail, logoutOnFailure=false) {
    this._refreshing = true;
    return this._uiRequest(UI_REQUEST_REFRESH_AUTH,
                           aAudience, aEmail).then(
@ -219,11 +229,14 @@ this.FxAccountsManager = {
      },
      (reason) => {
        this._refreshing = false;
-        return this._signOut().then(
-          () => {
-            return this._error(reason);
-          }
-        );
+        if (logoutOnFailure) {
+          return this._signOut().then(
+            () => {
+              return this._error(reason);
+            }
+          );
+        }
+        return this._error(reason);
      }
    );
  },