Merge pull request #20103 from mozilla/dont-await-push

vbudhram · web-flow · commit 8014bb09a780 · 2026-02-24T12:28:29.000-05:00
fix(push): Failures in push notification should not fail verify code endpoint
diff --git a/packages/fxa-auth-server/lib/routes/session.js b/packages/fxa-auth-server/lib/routes/session.js
@@ -517,7 +517,9 @@ module.exports = function (
           await request.emitMetricsEvent('account.confirmed', { uid });
           glean.login.verifyCodeConfirmed(request, { uid });
           await signinUtils.cleanupReminders({ verified: true }, account);
-          await push.notifyAccountUpdated(uid, devices, 'accountConfirm');
+          push.notifyAccountUpdated(uid, devices, 'accountConfirm').catch((err) =>
+            log.error('push.accountConfirm.error', { uid, err })
+          );
 
           // Send new device login notification email after successful verification
           const geoData = request.app.geo;
@@ -885,7 +887,9 @@ module.exports = function (
         glean.login.verifyCodeConfirmed(request, { uid });
         await signinUtils.cleanupReminders({ verified: true }, account);
         const devices = await db.devices(uid);
-        await push.notifyAccountUpdated(uid, devices, 'accountConfirm');
+        push.notifyAccountUpdated(uid, devices, 'accountConfirm').catch((err) =>
+          log.error('push.accountConfirm.error', { uid, err })
+        );
 
         // Send new device login notification email after successful verification
         if (account.primaryEmail.isVerified) {
diff --git a/packages/fxa-auth-server/test/local/routes/session.js b/packages/fxa-auth-server/test/local/routes/session.js
@@ -1592,6 +1592,28 @@ describe('/session/verify_code', () => {
     assert.calledOnce(fxaMailer.sendNewDeviceLoginEmail);
   });
 
+  it('should succeed even if push notification fails', async () => {
+    setup({ emailVerified: true });
+    push.notifyAccountUpdated = sinon.spy(() =>
+      Promise.reject(new Error('push timeout'))
+    );
+    const routes = makeRoutes({
+      log,
+      config: {},
+      db,
+      mailer,
+      push,
+      customs,
+      cadReminders,
+      gleanMock,
+    });
+    route = getRoute(routes, '/session/verify_code');
+
+    const response = await runTest(route, request);
+    assert.deepEqual(response, {});
+    assert.calledOnce(push.notifyAccountUpdated);
+  });
+
   it('should fail for invalid code', async () => {
     request.payload.code =
       request.payload.code === '123123' ? '123122' : '123123';
