LeoMcA
commented
4 years ago This is what I'm pretty confident happened in this case:
- The account was created on FxA and on SUMO
- The account was deleted on FxA, but we didn't have notifications set up yet, so wasn't deleted on SUMO
- The account was then created again on FxA, with the same email address, but was given a different user id
- That account could still be used to log into the SUMO account, because when we can't match on user id we fall back to the default
mozilla-django-oidcbehaviour of matching on email. However, we don't update the user id to the new one - Notifications that are send by FxA are sent with the new user id, which we haven't associated with the SUMO account, so we can't associate those notifications with their SUMO account
The "ignored" notifications (ones we can't associate with a user) on dev all belong to the same FxA user id, lending credibility to this idea, and I confirmed locally that deleting and recreating a FxA account doesn't update the user id we store.
The fix should probably be twofold:
- Update FxA user id whenever we fallback to email for login, to ensure future notifications can be associated correctly with the account.
- When processing jobs, recheck to see if a user's FxA user id and the user id in the notification match. If not, error and don't process the job. This is to prevent a situation like the following:
- User deletes FxA account
- User recreates FxA account and logs back into SUMO before notification is sent/processed
- User's account then, seemingly randomly, gets deleted on SUMO when the notification is processed
Continuing from https://github.com/mozilla/sumo-project/issues/452#issuecomment-639443230: