Bug 1655518

Summary: [free-stg] The user needs wait 5 mins to reqeust next phone verification with the same phone number
Product: OpenShift Online Reporter: tzhou
Component: Accounts and BillingAssignee: Abhishek Gupta <abhgupta>
Status: VERIFIED --- QA Contact: tzhou
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, tzhou, wgordon
Target Milestone: ---Keywords: OnlineStarter
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Step6-8 none

Description tzhou 2018-12-03 11:14:55 UTC 
Description of problem:
When input 3 times 0~5 bit pin code, pin verification failed. The user needs wait 5 mins to reqeust next phone verification with the same phone number.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.Login openshift web console, and start to subscribe starter plan
2.Input a valid phone number, and click 'Verify Phone' to get pin code
3.Input a random six integers which is different from the pin code, click 'Confirm Pin'
4.Retry step3 for another 2 times and let first verification failed.
5.Input the same phone number, and click ‘Verify Phone’ to get pin code again
6.Leave the pin code blank or input a random 0<length<6, click 'Confirm Pin'
7.Retry step6 for another 2 times and let second verification failed.
8.Input the same phone number, and click ‘Verify Phone’ to get pin code again

Actual results:
5.Page will redirect to ‘Verify PIN’ page immediately
8.Page cannot redirect into pin verification page, with error message shown on web. But SMS or call belong to second phone attempt can still receive in phone. User needs wait for 5 mins that the pin was expired, and try the same phone number again.

Expected results:
8.After 3 times pin attempts failed, ticket in admin-panel will turn into failed status, and user can use same phone number to verify immediately.

Additional info:
Comment 1 Will Gordon 2018-12-04 01:31:38 UTC 
Unable to recreate: https://youtu.be/vA2hGI7krCc
Comment 2 Will Gordon 2018-12-04 22:09:55 UTC 
Please test this again in INT as STG has been reset.
Comment 3 tzhou 2018-12-05 07:58:12 UTC 
Created attachment 1511559 [details]
Step6-8

As your video shows, it is the correct performance that page will redirect to ‘Verify PIN’ page immediately after input random 6 integers. 
But when you don't input pin code or input a random 0<length<6, then click 'Confirm Pin'3 times, just like step6-8, page cannot redirect to ‘Verify PIN’ page immediately. Error message will show on web, and phone still receive message or call. Please check the attached video that reproduce step6-8.
Comment 4 Will Gordon 2018-12-06 02:02:34 UTC 
Hey tzhou,

I can definitely mark the attempt as failed in the DB, and I can *attempt* to cancel the verification request (the SMS verification provider does not allow cancellations within the first 30 seconds).

Would this change be considered a successful response to this bug?
Comment 5 tzhou 2018-12-06 08:45:18 UTC 
Hey Will,

We can accept the 30 seconds waiting instead of 5 minutes, after user input 3 times wrong pin code. Please just do as you said. Thanks
Comment 6 Will Gordon 2018-12-06 15:33:47 UTC 
Addressed in https://github.com/openshift/online-registration/pull/1423. Please note the 30 seconds waiting *must* be before submitting the 3rd invalid PIN. Once you end up back on the Enter Phone Number page, if it wasn't canceled because it was too soon, you're still stuck waiting 5 minutes. I'm unable to control this.
Comment 7 tzhou 2018-12-10 02:13:05 UTC 
Due to stg env do not have SMS feature now, i do the test in int. Even though i use more than 30 seconds to input 3 times pin(0=<length<6), but still need waiting 5 minutes to input same phone number again. Does the change already effect in int environment ?
Comment 8 Will Gordon 2018-12-10 15:07:10 UTC 
Yes, it's in int. Can you confirm failed status in admin side? Can you provide another screen capture?
Comment 9 Will Gordon 2018-12-10 16:01:49 UTC 
My apologies. It does not look like this had auto-merged into "int" as expected. It is deployed now. Can you please re-test?
Comment 10 tzhou 2018-12-11 06:28:45 UTC 
Confirmed on free-int, this issue has fixed.