Users that sign out from within account settings destroy their session token but we don't tell the browser it's become invalid. Users trying to access settings again in mobile run into a case where we redirect them to oauth signin, causing problems with at least 2FA login in this scenario
This commit:
Sends the integration down as a prop into DropDownAvatarMenu so we can conditionally send the webchannel message if the flow is Sync
Adds unit tests, updates all stories/tests/mocks
closes FXA-9919
Info
Product confirmed on Slack that this is the fix we want to implement. In at least iOS there's a menu that still comes up once the command is received for logout, see video/thread, and our mobile clients will update their response to the command to close this menu. Users caught in this state now are instructed to sign out of the browser and sign back in through the browser, since they're being redirected to oauth/signin under the hood, which expects a client_id query parameter.
The diff looks large, but the only real change happened in DropDownAvatarMenu. The rest is the result of some prop drilling and mock cleanup.
Testing
The error shown is different in Backbone and React (see ticket). To test this, first reproduce on main by following our instructions to set up at least iOS in XCode.` Create an account and enable 2FA (can do this part on desktop), then go into account settings from the browser menu in mobile and sign out through the drop down menu. Close out and try to access settings again in the same way and you'll see the error per the ticket.
In this branch, the error is avoided because on sign out, the user is signed out of the browser. The easiest way to test this for React signin is to turn signInRoutes.fullProdRollout to true in react-app/index.js. This can also be tested in desktop via our fxa-dev-launcher command where you should be able to just run yarn start, to confirm that the user is signed out of the desktop browser as well on Settings sign out after signing in or signing up for an account in React.
Because:
This commit:
closes FXA-9919
Info
Product confirmed on Slack that this is the fix we want to implement. In at least iOS there's a menu that still comes up once the command is received for logout, see video/thread, and our mobile clients will update their response to the command to close this menu. Users caught in this state now are instructed to sign out of the browser and sign back in through the browser, since they're being redirected to
oauth/signin
under the hood, which expects aclient_id
query parameter.The diff looks large, but the only real change happened in
DropDownAvatarMenu
. The rest is the result of some prop drilling and mock cleanup.Testing
The error shown is different in Backbone and React (see ticket). To test this, first reproduce on
main
by following our instructions to set up at least iOS in XCode.` Create an account and enable 2FA (can do this part on desktop), then go into account settings from the browser menu in mobile and sign out through the drop down menu. Close out and try to access settings again in the same way and you'll see the error per the ticket.In this branch, the error is avoided because on sign out, the user is signed out of the browser. The easiest way to test this for React signin is to turn
signInRoutes.fullProdRollout
totrue
inreact-app/index.js
. This can also be tested in desktop via ourfxa-dev-launcher
command where you should be able to just runyarn start
, to confirm that the user is signed out of the desktop browser as well on Settings sign out after signing in or signing up for an account in React.