Skip to content

fix(settings): disable confirm-code buttons while throttled#20692

Open
vbudhram wants to merge 1 commit into
mainfrom
fxa-13742
Open

fix(settings): disable confirm-code buttons while throttled#20692
vbudhram wants to merge 1 commit into
mainfrom
fxa-13742

Conversation

@vbudhram

@vbudhram vbudhram commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Because

  • On a THROTTLED (errno 114) response from confirm-code pages, Submit and "Email new code" stayed clickable. Users clicked 10-12 times, which inflated error-rate metrics.
  • The lockout window was not announced to screen readers.

This pull request

  • Adds a useThrottleCountdown hook that counts down retryAfter seconds, or stays throttled when only retryAfterLocalized is present.
  • Adds throttleSecondsRemaining and throttleLocalizedFallback props to FormVerifyCode. The submit button is disabled while throttled, and an aria-live="polite" region shows "Try again in N seconds".
  • Hooks the throttle state into SigninTokenCode, SigninPasswordlessCode, and ConfirmSignupCode on their THROTTLED branches, and disables each page's "Email new code" button for the same window.
  • Adds FTL strings form-verify-code-throttled-countdown and form-verify-code-throttled-generic.
  • Adds unit tests for the hook and for the disabled-state assertions on each consumer page.

Issue that this pull request solves

Closes: https://mozilla-hub.atlassian.net/browse/FXA-13742

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).
  • I have verified that my changes render correctly in RTL (if appropriate).
  • I have manually reviewed all AI generated code.

@vbudhram vbudhram self-assigned this Jun 4, 2026
@vbudhram
fix(settings): disable confirm-code buttons while throttled
ee40cce 
Because:
  * After a THROTTLED (errno 114) response on the OTP code-entry
    screens, the Confirm and "Email new code" buttons stayed
    clickable, letting users fire requests guaranteed to fail.

This commit:
  * Adds a useThrottle hook that disables retry controls for the
    server's retryAfter window (a v2 rate-limit value, in
    milliseconds) and re-enables them when it elapses.
  * Adds an isThrottled prop to FormVerifyCode and disables the
    resend button on SigninTokenCode, SigninPasswordlessCode, and
    ConfirmSignupCode.
  * Ignores a missing or invalid retryAfter so controls never lock
    with no visible reason; the error banner remains the signal.
@vbudhram vbudhram force-pushed the fxa-13742 branch 3 times, most recently from 44d0ecd to ee40cce Compare June 8, 2026 16:52
@vbudhram vbudhram marked this pull request as ready for review June 8, 2026 17:13
@vbudhram vbudhram requested a review from a team as a code owner June 8, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vbudhram vbudhram

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vbudhram