Opting in to recommendations asks you to sign in with the wrong text

Bug #967064 reported by Matthew Paul Thomas on 2012-03-28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
software-center (Ubuntu)
Gary Lasker
Nominated for Quantal by Gary Lasker

Bug Description

1. Create a new admin user account and log in to it. (Or, once bug 967048 is fixed, log in to a guest session.)
2. Launch USC.
3. Click "Turn on Recommendations".
4. Wait a minute.

What happens: A sign-in dialog appears, saying "To reinstall previous purchases, sign in to the Ubuntu Single Sign-On account you used to pay for them."

What should happen: No sign-in dialog should appear.

<https://wiki.ubuntu.com/SoftwareCenter/Recommendations>: "USC submits the list of software currently installed to the recommendation service, together with a UUID and (*only if* you’re already signed in) your SSO ID to link with your ratings."

Related branches

Michael Vogt (mvo) on 2012-03-28
Changed in software-center (Ubuntu):
status: New → Triaged
importance: Undecided → High
Michael Vogt (mvo) wrote :

So the client needs to change so that:
- if there is no token, we use the
    api/1.0/profile/(?P<uuid>[\dabcdef]{32})/$ [name='api-anon-profile'] API to opt-in
- if there is a token, we use what we had before

- if there is no token the server needs to provide a API for recommend_me that works without auth
- if there is a token, nothing will change

- if the user opts in for e.g. purchase or reviews use the authenticted submit_profile call on the next
  submit_profile call (the one that is done regularly)

Michael Vogt (mvo) on 2012-03-28
Changed in software-center (Ubuntu):
milestone: none → ubuntu-12.04
Michael Vogt (mvo) wrote :

If there is consensus if that is the right approach or not the following branch lp:~mvo/software-center/recommendations-by-uuid-only should mostly implement the client bits, the server needs a new recommend_me call that works by uuid only (instead of token).

Gary Lasker (gary-lasker) wrote :

Hi mpt, I believe you had a few conversations last week regarding this issue. Could you let us know if the final decision was to implement this change? For now, I will remove it from the milestoned list. If we are to make this change, please let us know asap and we can retarget.

Many thanks!

Changed in software-center (Ubuntu):
status: Triaged → Incomplete
assignee: nobody → Matthew Paul Thomas (mpt)
milestone: ubuntu-12.04 → none
Michael Vogt (mvo) wrote :

The bug itself that there is a sign-in dialog at startup for invalid tokens and that the dialog has a misleading text needs to be sorted for 12.04.

At this point my suggestion is to simply show the "opt-in" button again if the token is not working. Does that work for you mpt?
The alternative would be to show the login dialog at startup with a better text. This requires a string freeze exception unless
we can reuse the opt-in text that is already in the application.

Changed in software-center (Ubuntu):
milestone: none → ubuntu-12.04
Matthew Paul Thomas (mpt) wrote :

I asked David about this on the 4th. He preferred requiring sign-in for recommendations, on the grounds that it would lower the barrier for later purchases. Unfortunately I didn't realize, until after the call, that you still need to sign in for purchases even after signing in for recommendations. (Maybe that's fixable, but certainly not for 12.04.) And I have not succeeded in contacting David since.

As I understand it, if we remove the sign-in requirement, we need to:
- merge the recommendations-by-uuid-only branch
- finish implementing the corresponding function on the server before release day.

If we keep the sign-in requirement, we need to:
- fix the dialog text (string freeze exception)
- remove the word "anonymous" from the recommendations blurb (string freeze exception)
- as you suggest, revert to opted-out state if the token is not working.

Changed in software-center (Ubuntu):
status: Incomplete → New
assignee: Matthew Paul Thomas (mpt) → nobody
Gary Lasker (gary-lasker) wrote :

Just a note that the token check you mention will be part of the fix I already have planned for bug 973612.

Gary Lasker (gary-lasker) wrote :

In reference to mpt's comment #5, the issue about having to sign in for purchases is that we require a web-based sign-in to Ubuntu SSO each time a purchase is initiated (this is required only once per Software Center session). This is different to the one-time sign-in that we do in the client with the client-side Ubuntu SSO dialog for recommendations and ratings/reviews. The issue is that we don't currently use this local logged-in status in the purchase flow, even though we could and that would allow us to skip this step in the webkit flow. However, it's apparently not trivial to do this currently (this last from a conversation last week with Ricardo Kirckner), so this will have to wait for next cycle.

David Pitkin (dpitkin) wrote :

re #4, the goal is to increase the number of people who have logged in (or created accounts) locally/clientside in USC, this is a pre-requisite for a client side logged in experience.

The subsequent login with the same credentials during the purchase is something that is also required.

Having some timeout based on our risk level for fraudulent/child purchases is a future discussion when we save payment details.

Changed in software-center (Ubuntu):
status: New → Triaged
assignee: nobody → Gary Lasker (gary-lasker)
status: Triaged → In Progress
Gary Lasker (gary-lasker) wrote :

Ok, so I have verified verbally with David (and per his comment #8 above) that we are to go with requiring sign-in along with recommendations opt-in. In fixing bug 973612, I have implemented most of what we need for this bug as well.


The above branch implements the SSO sign-in specifically for recommendations, and it reuses the already-existing opt-in text from the lobby panel in the SSO dialog itself so that we can avoid adding a whole new string so far after string freeze. This seems a perfectly reasonable approach to me, and I have added a FIXME in the code to change this text at a later date if we deem it necessary.

The above branch also handles the case where the user has previously opted-in but later the Ubuntu SSO token is found to have been removed, revoked, or otherwise invalid (in other words, it is always checked now). In this case, the SSO dialog is displayed again and if it it cancelled, the user is opted-out of recommendations and the previous opt-in panel is restored (see bug 973612).

The user can choose to opt-in again at any time.

The only piece remaining to do for *this* bug, then, is to remove the word "anonymous" from the opt-in text. I'll make a second branch (that depends on the branch above) to do that.

Thanks, all!

Gary Lasker (gary-lasker) wrote :

The attached branch lp:~gary-lasker/software-center/recommendations-sso-login-lp967064 makes the needed string change, and completes the changes needed for this bug.

NOTE that this branch will require a string freeze exception!!

Michael Vogt (mvo) on 2012-04-17
summary: - Opting in to recommendations asks you to sign in
+ Opting in to recommendations asks you to sign in with the wrong text
Michael Vogt (mvo) on 2012-04-20
Changed in software-center (Ubuntu):
status: In Progress → Fix Committed
Gary Lasker (gary-lasker) wrote :

The string freeze exception has been filed separatly and is in-process now at bug 986437. For purposes of *this* bug, the fix is now fully fix-committed.

Hello Matthew, or anyone else affected,

Accepted software-center into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in software-center (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed
Gary Lasker (gary-lasker) wrote :

I verified this fix in software-center version 5.2.1 in precise-proposed per steps to reproduce in the description.

Many thanks!

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-center - 5.2.1

software-center (5.2.1) precise-proposed; urgency=low

  [ Michael Vogt ]
  * lp:~mvo/software-center/lp977179:
    - make the review UI react correctly to conditions of network
      availability (LP: #977179)
  * lp:~mvo/software-center/fix-crash-deb-file-size-calc:
    - fix crash when installing a deb file that is not found in
      the current apt cache
  * lp:~mvo/software-center/lp981992:
    - fix a crash in the new a11y code if there is a row that has
      no data or is not yet preloaded (LP: #981992)
  * lp:~mvo/software-center/fix-gmenu-searcher:
    - fix the menu searcher for non-Unity configurations after
      the app-install-data-ubuntu file layout changed
  * lp:~mvo/software-center/lp808455:
    - trivial fix for crash on downstream distros (LP: #808455)
  * lp:~mvo/software-center/lp927262:
    - fix crash when get_vadjustment() returns None (LP: #927262)
  * lp:~mvo/software-center/utf8-fixes:
    - fix various utf8-related crashes (LP: #943500, LP: #922225,
      LP: #917755)
  * lp:~mvo/software-center/gwibber-utf8-lp985255:
    - fix a utf8 crash in the gwibber integration (LP: #985255)
  * lp:~mvo/software-center/workaround-gtk-regression-lp986186:
    - workaround performance issue with the Gtk.TreeView.set_model()
      call when there is a cell_data_func attached. Not every user is
      affected (settings dependant somehow), but when affected it causes
      a massive performance degration for huge list models like "System"
      (LP: #986186). This branch works around the problem by disconnecting
      the cell_data_func before setting the new model.
  * lp:~mvo/software-center/fix-clear-credentials-race:
    - fix an incorrect use of the sso dbus backend, we now correctly
      wait until it emits a CredentialsCleared signal (LP: #986117)

  [ Gary Lasker ]
  * lp:~gary-lasker/software-center/add-to-launcher-after-auth-lp972710:
    - fix bug where an application will be added to the Unity launcher
      in the case where the user cancels the installation auth dialog
      (LP: #972710)
  * lp:~gary-lasker/software-center/recommendations-sso-login-lp973612:
    - fix bug where the recommendations opt-in panel is hidden if
      the user declines the SSO dialog after opting in (LP: #973612)
    - fix the user experience if the user has previously opted-in to
      recommendations and their SSO token is found have been removed
      or revoked or otherwise found to be invalid (LP: #967064)
    - improve the responsiveness of the spinner in the recommendations
 -- Michael Vogt <email address hidden> Thu, 26 Apr 2012 09:47:19 +0200

Changed in software-center (Ubuntu):
status: Fix Committed → Fix Released
Changed in software-center (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers