HIB coupons go to the wrong account when logged into different accounts with USC and SCA
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Software Center Agent |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Over the past couple HIB releases, I've had several reports that
customers could not redeem their HIB coupons, or that USC still
required them to buy the titles after redeeming the coupon. Not
just the usual 'button says "buy" instead of "install"' issue,
but genuinely requiring payment.
I think I've determined the causes of these issues.
First, SCA requires that the user has an address on their SSO
account which matches the address they use at the Humble Bundle
site. When this isn't the case, they can't redeem the coupons
until they add that address to their SSO account.
Second, when the user has more than one account, SCA attaches the
subscription to the account with the HIB address even if it's not
the account they're logged in to in Software Center.
The former can be fixed by redeeming for whatever account the
user is logged in to, regardless of whether the address matches.
This does, however, make it theoretically possible to steal the
coupon by sniffing the URL out of their email and using it first.
The multiple-account issue may be trickier though, since we have
no way to guarantee that they're using the same account in both
Software Center and their web browser.
This is somewhat related to Software Center's lack of a "log out"
button (recently fixed for 13.04), and its lack of indication
about which account is being used.
So, ideas? Do both of these cases have a common solution?
tags: |
added: u1-support removed: u1 |
Changed in software-center-agent: | |
status: | New → Confirmed |
tags: | added: u1-by-support |
tags: | removed: u1-support |
The design I did for the "Sign Out" function would also show the ID of your account. <https:/ /wiki.ubuntu. com/SoftwareCen ter#store- account>