Merge branch 'master' into fxa-updates

controllers/hibp.js

@@ -47,6 +47,9 @@ async function notify (req, res) {
   const hashes = req.body.hashSuffixes.map(suffix=>reqHashPrefix + suffix.toLowerCase());
   const subscribers = await DB.getSubscribersByHashes(hashes);
 
+  const utmID = "breach-alert";
+  const scanAnotherEmailHref = EmailUtils.getScanAnotherEmailUrl(utmID);
+
 
   log.info("notification", { length: subscribers.length, breachAlertName: breachAlert.Name });
 
@@ -62,7 +65,6 @@ async function notify (req, res) {
       req.app.locals.AVAILABLE_LANGUAGES,
       {defaultLocale: "en"}
     );
-    const unsubscribeUrl = EmailUtils.unsubscribeUrl(subscriber);
 
     if (!notifiedSubscribers.includes(email)) {
       await EmailUtils.sendEmail(
@@ -73,10 +75,10 @@ async function notify (req, res) {
           email,
           supportedLocales,
           date: HBSHelpers.prettyDate(supportedLocales, new Date()),
-          unsubscribeUrl,
           breachAlert,
           SERVER_URL: req.app.locals.SERVER_URL,
-          buttonValue: LocaleUtils.fluentFormat(supportedLocales, "report-scan-another-email"),
+          scanAnotherEmailHref: scanAnotherEmailHref,
+          unsubscribeUrl: EmailUtils.getUnsubscribeUrl(subscriber, utmID),
           whichView: "email_partials/report",
         },
       );

controllers/oauth.js

@@ -73,10 +73,10 @@ async function confirmed(req, res, next, client = FxAOAuthClient) {
   }
 
   const signupLanguage = req.headers["accept-language"];
+  const subscriber = await DB.addSubscriber(email, signupLanguage, fxaUser.refreshToken, data.body);
 
-  await DB.addSubscriber(email, signupLanguage, fxaUser.refreshToken, data.body);
-
-  const unsubscribeUrl = ""; // not totally sure yet how this gets handled long-term
+  const utmID = "report";
+  const unsubscribeUrl = await EmailUtils.getUnsubscribeUrl(subscriber[0], utmID);
 
   // duping some of user/verify for now
   let unsafeBreachesForEmail = [];
@@ -92,12 +92,12 @@ async function confirmed(req, res, next, client = FxAOAuthClient) {
     req.fluentFormat("user-verify-email-report-subject"),
     "default_email",
     {
-      supportedLocales: req.supportedLocales,
       email: email,
+      supportedLocales: req.supportedLocales,
       date: HBSHelpers.prettyDate(req.supportedLocales, new Date()),
       unsafeBreachesForEmail: unsafeBreachesForEmail,
+      scanAnotherEmailHref: EmailUtils.getScanAnotherEmailUrl(utmID),
       unsubscribeUrl: unsubscribeUrl,
-      buttonValue: req.fluentFormat("report-scan-another-email"),
       whichView: "email_partials/report",
     }
   );

controllers/user.js

@@ -26,10 +26,9 @@ async function add(req, res) {
     req.fluentFormat("user-add-email-verify-subject"),
     "default_email",
     { email,
-      verifyUrl: EmailUtils.verifyUrl(unverifiedSubscriber),
-      unsubscribeUrl: EmailUtils.unsubscribeUrl(unverifiedSubscriber),
-      buttonValue: req.fluentFormat("verify-my-email"),
       supportedLocales: req.supportedLocales,
+      verificationHref: EmailUtils.getVerificationUrl(unverifiedSubscriber),
+      unsubscribeUrl: EmailUtils.getUnsubscribeUrl(unverifiedSubscriber, "account-verification-email"),
       whichView: "email_partials/email_verify",
     });
 
@@ -43,28 +42,28 @@ async function verify(req, res) {
   if (!req.query.token) {
     throw new FluentError("user-verify-token-error");
   }
+  const verifiedEmailHash = await DB.verifyEmailHash(req.query.token);
 
   let unsafeBreachesForEmail = [];
-  const verifiedEmailHash = await DB.verifyEmailHash(req.query.token);
-  const unsubscribeUrl = EmailUtils.unsubscribeUrl(verifiedEmailHash);
-
   unsafeBreachesForEmail = await HIBP.getBreachesForEmail(
     sha1(verifiedEmailHash.email),
     req.app.locals.breaches,
     true,
   );
 
+  const utmID = "report";
+
   await EmailUtils.sendEmail(
     verifiedEmailHash.email,
     req.fluentFormat("user-verify-email-report-subject"),
     "default_email",
     {
-      supportedLocales: req.supportedLocales,
       email: verifiedEmailHash.email,
+      supportedLocales: req.supportedLocales,
       date: HBSHelpers.prettyDate(req.supportedLocales, new Date()),
       unsafeBreachesForEmail: unsafeBreachesForEmail,
-      unsubscribeUrl: unsubscribeUrl,
-      buttonValue: req.fluentFormat("report-scan-another-email"),
+      scanAnotherEmailHref: EmailUtils.getScanAnotherEmailUrl(utmID),
+      unsubscribeUrl: EmailUtils.getUnsubscribeUrl(verifiedEmailHash, utmID),
       whichView: "email_partials/report",
     }
   );
@@ -83,7 +82,9 @@ async function getUnsubscribe(req, res) {
   if (!req.query.token) {
     throw new FluentError("user-unsubscribe-token-error");
   }
+
   const subscriber = await DB.getSubscriberByToken(req.query.token);
+
   //throws error if user backs into and refreshes unsubscribe page
   if (!subscriber) {
     throw new FluentError("error-not-subscribed");

db/migrations/20190117150910_add_verified_index.js

@@ -0,0 +1,14 @@
+"use strict";
+
+
+exports.up = function(knex, Promise) {
+  return knex.schema.table("subscribers", table => {
+    table.index("verified", "subscribers_verified_idx");
+  });
+};
+
+exports.down = function(knex, Promise) {
+  return knex.schema.table("subscribers", table => {
+    table.dropIndex("verified", "subscribers_verified_idx");
+  });
+};

email-utils.js

@@ -1,4 +1,5 @@
 "use strict";
+const { URL } = require("url");
 
 const AppConstants = require("./app-constants");
 
@@ -78,15 +79,41 @@ const EmailUtils = {
     });
   },
 
-  verifyUrl (subscriber) {
-    return `${AppConstants.SERVER_URL}/user/verify?token=${encodeURIComponent(subscriber.verification_token)}`;
+  appendUtmParams(url, campaign, content) {
+    const utmParameters = {
+      utm_source: "fx-monitor-emails",
+      utm_medium: "email",
+      utm_campaign: campaign,
+      utm_content: content,
+    };
+    for (const param in utmParameters) {
+      url.searchParams.append(param, utmParameters[param]);
+    }
+    return url;
   },
 
-  unsubscribeUrl (subscriber) {
-    return `${AppConstants.SERVER_URL}/user/unsubscribe?token=${encodeURIComponent(subscriber.verification_token)}&hash=${encodeURIComponent(subscriber.sha1)}`;
+  getScanAnotherEmailUrl(emailType) {
+    let url = new URL(AppConstants.SERVER_URL);
+    url = this.appendUtmParams(url, "scan-another-email", emailType);
+    return url;
   },
 
-  getShareByEmail (req) {
+  getVerificationUrl(subscriber) {
+    let url = new URL(`${AppConstants.SERVER_URL}/user/verify`);
+    url.searchParams.append("token", encodeURIComponent(subscriber.verification_token));
+    url = this.appendUtmParams(url, "verified-subscribers", "account-verification-email");
+    return url;
+  },
+
+  getUnsubscribeUrl(subscriber, emailType) {
+    let url = new URL(`${AppConstants.SERVER_URL}/user/unsubscribe`);
+    url.searchParams.append("token", encodeURIComponent(subscriber.verification_token));
+    url.searchParams.append("hash", encodeURIComponent(subscriber.sha1));
+    url = this.appendUtmParams(url, "unsubscribe", emailType);
+    return url;
+  },
+
+  getShareByEmail(req) {
     const subject = encodeURIComponent(req.fluentFormat("share-by-email-subject"));
     const body = encodeURIComponent(req.fluentFormat("share-by-email-message"));
 

locales/de/app.ftl

@@ -180,7 +180,7 @@ copyright-info = Teile dieses Inhalts stehen unter einem Ⓒ 1998-2018 von
 # Breach data provided by Have I Been Pwned.
 hibp-attribution = Informationen zum Datenleck stammen von { $hibp-link }
 site-description = Wurden Ihre Kontodaten bei einem Datenleck öffentlich bekannt oder gestohlen? Erfahren Sie es mit { -product-name }. Durchsuchen Sie unsere Datenbank und abonnieren Sie die Warnungen.
-confirmation-headline = Ihr Bericht f+r { -product-name } ist unterwegs.
+confirmation-headline = Ihr Bericht für { -product-name } ist unterwegs.
 confirmation-blurb = Datenlecks können jeden betreffen. Erzählen Sie anderen davon, sodass Ihre Freunde und Familie überprüfen können, ob ihre Online-Konten sicher sind.
 share-email = E-Mail
 # Appears at the end of a list of email-clients and refers to any other unlisted email-client.

locales/el/data-classes.ftl

@@ -1,5 +1,6 @@
 ## Breach Data Classes
 
+account-balances = Υπόλοιπα λογαριασμών
 address-book-contacts = Επαφές βιβλίου διευθύνσεων
 age-groups = Ηλικιακές ομάδες
 ages = Ηλικίες

locales/en-GB/app.ftl

@@ -0,0 +1,206 @@
+# String IDs beginning with "-product" and "-brand" should remain in English.
+# They should not be:
+# - Declined to adapt to grammatical case.
+# - Transliterated.
+# - Translated.
+-product-name = Firefox Monitor
+-product-name-nowrap = <span class="nowrap">{ -product-name }</span>
+-brand-name = Firefox
+-brand-Quantum = Firefox Quantum
+-brand-Mozilla = Mozilla
+-brand-HIBP = Have I Been Pwned
+layout-Firefox = { -brand-name }
+# Descriptive headline for a column of links where users can give feedback, or get additional information about, Firefox Monitor.
+layout-support = Support
+# Link that takes the user to a blog post on blog.mozilla.org about the alerts
+about-firefox-alerts = About Firefox Alerts
+# Link that takes the user to a Firefox Monitor survey. 
+give-feedback = Give Feedback
+terms-and-privacy = Terms and Privacy
+error-could-not-add-email = Could not add email address to database.
+error-not-subscribed = This email address is not subscribed to { -product-name }.
+error-hibp-throttled = Too many connections to { -brand-HIBP }.
+error-hibp-connect = Error connecting to { -brand-HIBP }.
+error-hibp-load-breaches = Could not load breaches.
+hibp-notify-email-subject = { -product-name } Alert: Your account was involved in a breach.
+home-title = { -product-name }
+home-not-found = Page not found.
+oauth-invalid-session = Invalid session
+oauth-confirmed-title = { -product-name } : Subscribed
+scan-title = { -product-name } : Scan Results
+user-add-invalid-email = Invalid Email
+user-add-email-verify-subject = Verify your subscription to { -product-name }.
+user-add-title = { -product-name } : Confirm Email
+error-headline = Error
+user-verify-token-error = Verification token is required.
+user-verify-email-report-subject = Your { -product-name } report
+user-verify-title = { -product-name } : Subscribed
+user-unsubscribe-token-error = Unsubscribing requires a token.
+user-unsubscribe-token-email-error = Unsubscribing requires a token and emailHash.
+user-unsubscribe-title = { -product-name } : Unsubscribe
+user-unsubscribe-survey-title = { -product-name } : Unsubscribe Survey
+user-unsubscribed-title = { -product-name } : Unsubscribed
+
+## Password Tips
+
+pwt-section-headline = Stronger Passwords = Better Protection
+pwt-section-subhead = Your private information is only as safe as your passwords.
+pwt-section-blurb =
+    Your passwords protect more than your accounts. They protect every bit of personal information that resides in them. 
+    And hackers rely on bad habits, like using the same password everywhere or using common phrases (p@ssw0rd, anyone?) so 
+    that if they hack one account, they can hack many. Here’s how to better protect your accounts.
+pwt-headline-1 = Use a different password for every account
+pwt-summary-1 =
+    Reusing the same password everywhere leaves the door wide open for identity theft. 
+    Anyone with that password can log in to all your accounts.
+pwt-headline-2 = Create strong, hard-to-guess passwords
+pwt-summary-2 =
+    Hackers use thousands of common passwords to try to guess yours. 
+    The longer and more random your password is, the harder it will be to guess.
+pwt-headline-3 = Treat security questions like extra passwords
+pwt-summary-3 =
+    Websites don’t check that your answers are accurate, just that they match every time. 
+    Create long, random answers and store them somewhere safe.
+pwt-headline-4 = Get help remembering your passwords
+pwt-summary-4 =
+    Password managers like 1Password, LastPass, Dashlane, and Bitwarden generate strong, unique passwords. 
+    They also store passwords securely and fill them into web sites for you
+pwt-headline-5 = Add extra security with two-factor authentication
+pwt-summary-5 =
+    2FA requires an additional piece of information (like a one-time code sent via text message) to log in to your account. 
+    Even if someone has your password, they can’t get in.
+pwt-headline-6 = Sign up for { -product-name-nowrap } alerts
+pwt-summary-6 =
+    Website data breaches are on the rise. As soon as a new breach gets added to our database, 
+    { -product-name-nowrap } sends you an alert — so you can take action and protect your account.
+landing-headline = Your right to be safe from hackers starts here.
+landing-blurb =
+    { -product-name-nowrap } arms you with tools to keep your personal information safe. 
+    Find out what hackers already know about you, and learn how to stay a step ahead of them.
+scan-label = See if you’ve been involved in a data breach.
+scan-placeholder = Enter Email Address
+scan-privacy = Your email will not be stored.
+scan-submit = Search Your Email
+scan-another-email = Scan Another Email Address
+scan-featuredbreach-label = Find out if your <span class="bold"> { $featuredBreach } </span> account was compromised.
+sensitive-breach-email-required = Breach contains sensitive information. Email verification required.
+scan-error = Must be a valid email.
+signup-banner-headline = { -product-name-nowrap } detects threats against your online accounts.
+signup-banner-blurb =
+    Your detailed { -product-name-nowrap } report shows if information from your online accounts has been leaked or stolen. 
+    We’ll also alert you if your accounts appear in new website breaches.
+download-firefox-bar-blurb = { -product-name-nowrap } is brought to you by the <span class="nowrap">all-new { -brand-name }</span>.
+download-firefox-bar-link = Download { -brand-name } now
+download-firefox-banner-blurb = Take control of your browser
+download-firefox-banner-button = Download { -brand-name }
+signup-modal-headline = Sign Up for { -product-name-nowrap }
+signup-modal-blurb = Sign up for your full report, alerts when new breaches happen, and safety tips from { -product-name-nowrap }.
+signup-modal-close = Close
+get-your-report = Get Your Report
+signup-modal-verify-headline = Verify Your Subscription
+signup-modal-verify-blurb = We sent a verification link to <span id="submitted-email" class="medium"></span>.
+signup-modal-verify-expiration = This link expires in 24 hours.
+signup-modal-verify-resend = Not in inbox or spam folder? Resend.
+# Appears after Firefox Monitor has sent a verification email to a new user. 
+signup-modal-sent = Sent!
+signup-with-fxa = Sign Up with { -brand-name } Account
+form-signup-placeholder = Enter email
+form-signup-checkbox = Get the latest from { -brand-Mozilla } and { -brand-name }.
+sign-up = Sign Up
+form-signup-error = Must be a valid email
+no-breaches-headline = So far, so good.
+found-breaches-headline = Your information was part of a data breach.
+no-breaches =
+    Your email address did not appear in our basic scan.
+    That’s good news, but data breaches can happen any time and there is still more you can do. 
+    Subscribe to { -product-name-nowrap } for a full report, alerts when new breaches happen, and tips on protecting your passwords.
+featured-breach-results =
+    { $breachCount ->
+        [0] Your account appears in the <span class="bold">{ $featuredBreach }</span> breach, but does not appear in any other known data breaches.
+        [one] Your account appeared in the <span class="bold"> { $featuredBreach } </span> breach, as well as one other breach.
+       *[other] Your account appeared in the <span class="bold"> { $featuredBreach } </span> breach, as well as { $breachCount } other breaches.
+    }
+featured-breach-not-compromised =
+    { $breachCount ->
+        [0] { no-breaches }
+        [one] Your account did not appear in the <span class="bold">{ $featuredBreach }</span> breach, but did appear in one other breach.
+       *[other] Your account did not appear in the <span class="bold">{ $featuredBreach }</span> breach, but did appear in { $breachCount } other breaches.
+    }
+scan-results =
+    { $breachCount ->
+        [0] { no-breaches }
+        [one] Your account appeared in { $breachCount } breach.
+       *[other] Accounts associated with your email address appeared in the following { $breachCount } breaches.
+    }
+show-more-breaches = Show More
+what-to-do-headline = What To Do When Your Information is Exposed in a Data Breach
+what-to-do-subhead-1 = Change your passwords, even for old accounts
+what-to-do-blurb-1 =
+    If you can’t log in, contact the web site to ask how you can recover or shut down the account. 
+    See an account you don’t recognise? The site may have changed names or someone may have created an account for you.
+what-to-do-subhead-2 = If you reuse an exposed password, change it
+what-to-do-blurb-2 =
+    Hackers may try to reuse your exposed password to get into other accounts. 
+    Create a different password for each web site, especially for your bank account, 
+    email and other web sites where you save personal information.
+what-to-do-subhead-3 = Take extra steps to secure your financial accounts
+what-to-do-blurb-3 =
+    Most breaches only expose emails and passwords, but some do include sensitive financial information. 
+    If your bank account or credit card numbers were included in a breach, alert your bank to possible fraud, 
+    and monitor statements for charges you don’t recognise.
+what-to-do-subhead-4 = Get help creating good passwords and keeping them safe.
+what-to-do-blurb-4 =
+    Password managers like 1Password, LastPass, Dashlane, and Bitwarden generate strong passwords, 
+    store them securely, and fill them into web sites for you.
+# breach-date = the calendar date a particular data theft occurred. 
+breach-date = Breach date:
+# compromised accounts = the total number of user accounts exposed in data breach
+compromised-accounts = Compromised accounts:
+# compromised-data = the kind of user data exposed to hackers in data breach.
+compromised-data = Compromised data:
+confirmed = Confirmed!<br />You’re Subscribed!
+confirmed-blurb = { -product-name-nowrap } will email you a full report shortly, and will send an email alert if your account appears in a new reported breach.
+confirmed-social-blurb = If you’ve been breached, chances are your friends, family, or online connections have been too. Let them know about { -product-name-nowrap }.
+unsub-headline = Unsubscribe from { -product-name-nowrap }
+unsub-blurb = This will remove your email from the { -product-name-nowrap } list and you will no longer receive alerts when new breaches are announced.
+unsub-button = Unsubscribe
+unsub-survey-headline = You are no longer subscribed.
+unsub-survey-blurb =
+    Your email is unsubscribed from { -product-name-nowrap }. Thank you for using this service. 
+    Will you take a moment to answer one question about your experience?
+unsub-survey-form-label = Why are you unsubscribing from { -product-name-nowrap } alerts?
+unsub-reason-1 = I think that alerts don’t make my data safer
+unsub-reason-2 = I get too many emails from { -product-name-nowrap }
+unsub-reason-3 = I don’t find the service valuable
+unsub-reason-4 = I’ve already taken steps to protect my accounts
+unsub-reason-5 = I am using another service to monitor my accounts
+unsub-reason-6 = None of the above
+unsub-survey-thankyou = Thank you for your feedback.
+unsub-survey-error = Please select one.
+# Link to share Firefox Monitor on Facebook. Positioned next to Facebook logo.
+share = Share
+# Link to share Firefox Monitor on Twitter. Positioned next to Twitter logo.
+tweet = Tweet
+download-firefox-quantum = Download { -brand-Quantum }
+download-firefox-mobile = Download { -brand-name } Mobile
+# Features here refers to Firefox browser features. 
+features = Features
+# beta-nightly-developer-edition refers to additional versions of Firefox Browser
+beta-nightly-developer-edition = Beta, Nightly, Developer Edition
+# The following string contains HTML markup which should not be translated. 
+# Without HTML markup: copyright-info = Portions of this content are 1998-2018 by individual mozilla.org contributors. Content available under a Creative Commons license.
+copyright-info =
+    Portions of this content are &#x24B8; 1998-2018 by individual mozilla.org contributors. <br />
+    Content available under a  <a href="https://www.mozilla.org/foundation/licensing/website-content/" target="_blank" rel="noopener">Creative Commons licence</a>.
+# Breach data provided by Have I Been Pwned.
+hibp-attribution = Breach data provided by { $hibp-link }
+site-description = Have your accounts been leaked or stolen in a data breach? Find out at { -product-name }. Search our database and sign up for alerts.
+confirmation-headline = Your { -product-name } report is on its way.
+confirmation-blurb = Data breaches can affect anyone. Spread the word so your friends and family can check to see if their online accounts are safe.
+share-email = Email
+# Appears at the end of a list of email-clients and refers to any other unlisted email-client.
+share-other = Other
+share-twitter = Most people have about 100 online accounts. Have any of yours been exposed in a data breach? Find out.
+share-facebook-headline = Find out if you’ve been part of a data breach
+share-facebook-blurb = Have your online accounts been exposed in a data breach?
+og-site-description = Find out if you’ve been part of a data breach with { -product-name }. Sign up for alerts about future breaches and get tips to keep your accounts safe.

locales/en-GB/data-classes.ftl

@@ -0,0 +1,117 @@
+## Breach Data Classes
+
+account-balances = Account balances
+address-book-contacts = Address book contacts
+age-groups = Age groups
+ages = Ages
+apps-installed-on-devices = Apps installed on devices
+astrological-signs = Astrological signs
+audio-recordings = Audio recordings
+auth-tokens = Auth tokens
+avatars = Avatars
+bank-account-numbers = Bank account numbers
+beauty-ratings = Beauty ratings
+biometric-data = Biometric data
+browser-user-agent-details = Browser user agent details
+browsing-histories = Browsing histories
+buying-preferences = Buying preferences
+car-ownership-statuses = Car ownership statuses
+career-levels = Career levels
+cellular-network-names = Mobile network names
+charitable-donations = Charitable donations
+chat-logs = Chat logs
+credit-card-cvv = Credit card CVV
+credit-cards = Credit cards
+credit-status-information = Credit status information
+customer-feedback = Customer feedback
+customer-interactions = Customer interactions
+dates-of-birth = Dates of birth
+deceased-date = Deceased date
+deceased-statuses = Deceased statuses
+device-information = Device information
+device-usage-tracking-data = Device usage tracking data
+drinking-habits = Drinking habits
+drug-habits = Drug habits
+eating-habits = Eating habits
+education-levels = Education levels
+email-addresses = Email addresses
+email-messages = Email messages
+employers = Employers
+ethnicities = Ethnicities
+family-members-names = Family members’ names
+family-plans = Family plans
+family-structure = Family structure
+financial-investments = Financial investments
+financial-transactions = Financial transactions
+fitness-levels = Fitness levels
+genders = Genders
+geographic-locations = Geographic locations
+government-issued-ids = Government issued IDs
+health-insurance-information = Health insurance information
+historical-passwords = Historical passwords
+home-loan-information = Home loan information
+home-ownership-statuses = Home ownership statuses
+homepage-urls = Homepage URLs
+imei-numbers = IMEI numbers
+imsi-numbers = IMSI numbers
+income-levels = Income levels
+instant-messenger-identities = Instant messenger identities
+ip-addresses = IP addresses
+job-titles = Job titles
+mac-addresses = MAC addresses
+marital-statuses = Marital statuses
+names = Names
+nationalities = Nationalities
+net-worths = Net worths
+nicknames = Nicknames
+occupations = Occupations
+parenting-plans = Parenting plans
+partial-credit-card-data = Partial credit card data
+passport-numbers = Passport numbers
+password-hints = Password hints
+passwords = Passwords
+payment-histories = Payment histories
+payment-methods = Payment methods
+personal-descriptions = Personal descriptions
+personal-health-data = Personal health data
+personal-interests = Personal interests
+phone-numbers = Phone numbers
+photos = Photos
+physical-addresses = Physical addresses
+physical-attributes = Physical attributes
+pins = PINs
+political-donations = Political donations
+political-views = Political views
+private-messages = Private messages
+professional-skills = Professional skills
+profile-photos = Profile photos
+purchases = Purchases
+purchasing-habits = Purchasing habits
+races = Races
+recovery-email-addresses = Recovery email addresses
+relationship-statuses = Relationship statuses
+religions = Religions
+reward-program-balances = Reward program balances
+salutations = Salutations
+school-grades-class-levels = School grades (class levels)
+security-questions-and-answers = Security questions and answers
+sexual-fetishes = Sexual fetishes
+sexual-orientations = Sexual orientations
+smoking-habits = Smoking habits
+sms-messages = SMS messages
+social-connections = Social connections
+social-media-profiles = Social media profiles
+spoken-languages = Spoken languages
+support-tickets = Support tickets
+survey-results = Survey results
+time-zones = Time zones
+travel-habits = Travel habits
+user-statuses = User statuses
+user-website-urls = User web site URLs
+usernames = Usernames
+utility-bills = Utility bills
+vehicle-details = Vehicle details
+website-activity = Web site activity
+work-habits = Work habits
+years-of-birth = Years of birth
+years-of-professional-experience = Years of professional experience

locales/en-GB/email-strings.ftl

@@ -0,0 +1,67 @@
+# Firefox Monitor is a product name and should not be translated.
+-product-name = Firefox Monitor
+# Firefox is a brand name and should not be translated.
+-brand-name = Firefox
+click-to-verify =
+    Select the Verify My Email button within 24 hours to confirm your Firefox Monitor account. 
+    Your report will then be on its way.
+verify-my-email = Verify My Email
+report-scan-another-email = Scan Another Email in { -product-name }
+automated-message = This is an automated email; if you received it in error, no action is required.
+# Without HTML markup reads: We sent this message to [user’s email address] because the email address opted into alerts from Firefox Monitor.
+we-sent-this-alert = We sent this message to { $userEmail } because the email address opted into alerts from { -product-name }.
+unsubscribe-email-link = If you no longer want { -product-name } alerts, unsubscribe.
+# A Firefox Monitor Report is an emailed statement from Firefox Monitor containing a list of known data breaches where the user’s email address was found amongst the stolen data.
+firefox-monitor-report = { -product-name } Report
+report-date = Report Date:
+email-address = Email Address:
+# "full report" should be understood to mean the "complete report" or, the complete list of known data breaches that included the user’s information. 
+your-full-report = Here’s your full { -product-name } report, which includes all known data breaches that contain this email address.
+report-no-breaches =
+    Your email address did not appear in our database of known breaches. 
+    But breaches can happen at any time. Take these steps to keep your personal data safe online.
+# A list of next steps someone should take if their information has been involved in a data breach.
+what-to-do-next = What To Do Next
+report-headline =
+    { $breachCount ->
+        [0] So far, so good.
+        [one] Your account appeared in { $breachCount } breach.
+       *[other] Your accounts appeared in { $breachCount } breaches.
+    }
+report-subhead-no-breaches =
+    Your account doesn’t appear in our full report of breaches. 
+    That’s good news, but there is more you can do. 
+    Data breaches happen at any time, so read on to learn how you can protect your passwords.
+report-subhead-found-breaches = Here’s your full Firefox Monitor report, which includes all known data breaches that contain this email address.
+breach-alert-headline = Your account was involved in a data breach.
+breach-alert-subhead = A recently reported data breach contains your email and the following data
+report-pwt-blurb =
+    Passwords are so valuable, that thousands of them are stolen every day and traded or sold on the black market. 
+    Stronger passwords protect your accounts and all the personal information that resides inside them.
+report-pwt-headline-1 = Use a different password for every account
+report-pwt-summary-1 =
+    Reusing the same password everywhere opens the door for hackers. 
+    They can use that password to log into your other accounts.
+report-pwt-headline-2 = Create strong, unique passwords
+report-pwt-summary-2 =
+    Hackers use lists of common passwords to try to guess yours. 
+    The longer and more random your password is, the harder it will be to steal.
+report-pwt-headline-3 = Treat security questions like extra passwords
+report-pwt-summary-3 =
+    Websites don’t check that your answers are accurate, just that they match every time. 
+    Create long, random answers and store them somewhere safe.
+report-pwt-headline-4 = Use a password manager
+report-pwt-summary-4 =
+    Services like 1Password, LastPass, Dashlane, and Bitwarden generate strong passwords, store them securely, 
+    and fill them into web sites so you don’t have to remember every single one.
+# A link to legal information about mozilla products.
+legal = Legal
+# Share Firefox Monitor by email subject line
+share-by-email-subject = See if you’ve been part of a data breach.
+# Share Firefox Monitor by email message. {"https://monitor.firefox.com"} should not be translated or modified. 
+share-by-email-message =
+    Hi,
+    { -brand-name } has a free service where you can check to see if you’ve been part of a data breach. Here’s how it works:
+    1. Go to { "https://monitor.firefox.com" } and search your email.
+    2. See if your online accounts have been exposed in a data breach.
+    3. Get tips from { -product-name } about what to do next.

locales/es-MX/app.ftl

@@ -17,6 +17,7 @@ about-firefox-alerts = Acerca de las alertas de Firefox
 # Link that takes the user to a Firefox Monitor survey. 
 give-feedback = Enviar comentario
 terms-and-privacy = Términos y Privacidad
+error-could-not-add-email = No se pudo agregar la dirección de correo electrónico a la base de datos.
 error-not-subscribed = Esta dirección de correo electrónico no está suscrita a { -product-name }.
 error-hibp-throttled = Demasiadas conexiones para { -brand-HIBP }.
 error-hibp-connect = Error conectándose a { -brand-HIBP }.

locales/nn-NO/app.ftl

@@ -0,0 +1,70 @@
+# String IDs beginning with "-product" and "-brand" should remain in English.
+# They should not be:
+# - Declined to adapt to grammatical case.
+# - Transliterated.
+# - Translated.
+-product-name = Firefox Monitor
+-product-name-nowrap = <span class="nowrap">{ -product-name }</span>
+-brand-name = Firefox
+-brand-Quantum = Firefox Quantum
+-brand-Mozilla = Mozilla
+-brand-HIBP = Have I Been Pwned
+layout-Firefox = { -brand-name }
+# Descriptive headline for a column of links where users can give feedback, or get additional information about, Firefox Monitor.
+layout-support = Hjelp
+# Link that takes the user to a blog post on blog.mozilla.org about the alerts
+about-firefox-alerts = Om Firefox-varsel
+# Link that takes the user to a Firefox Monitor survey. 
+give-feedback = Tilbakemelding
+terms-and-privacy = Vilkår og personvern
+error-could-not-add-email = Klarte ikkje å leggje til e-postadressa i databasen.
+error-hibp-throttled = For mange tilkoplingar til { -brand-HIBP }.
+home-title = { -product-name }
+home-not-found = Fann ikkje sida.
+oauth-invalid-session = Ugyldig økt
+oauth-confirmed-title = { -product-name }: Abonnerer
+scan-title = { -product-name } : Skanningsresultat
+user-add-invalid-email = Ugyldig e-postadresse
+user-add-email-verify-subject = Stadfest abonnementet ditt på { -product-name }.
+user-add-title = { -product-name }: Stadfest e-postadressa
+error-headline = Feil
+user-verify-title = { -product-name }: Abonnerer
+user-unsubscribe-title = { -product-name }: Avslutt abonnementet
+
+## Password Tips
+
+scan-placeholder = Skriv inn e-postadresse
+scan-privacy = E-postadressa di vert ikkje lagra.
+scan-submit = Søk etter e-postadressa di
+scan-another-email = Skann ei anna e-postadresse
+download-firefox-bar-link = Last ned { -brand-name } no
+download-firefox-banner-blurb = Ta kontroll over nettlesaren din
+download-firefox-banner-button = LAst ned { -brand-name }
+signup-modal-headline = Registrer deg for { -product-name-nowrap }
+signup-modal-close = Lat att
+# Appears after Firefox Monitor has sent a verification email to a new user. 
+signup-modal-sent = Sendt!
+sign-up = Registrer deg
+show-more-breaches = Vis fleire
+# breach-date = the calendar date a particular data theft occurred. 
+breach-date = Dato for datalekasje:
+# compromised accounts = the total number of user accounts exposed in data breach
+compromised-accounts = Kompromiterte kontoar:
+# compromised-data = the kind of user data exposed to hackers in data breach.
+compromised-data = Kompromiterte data:
+confirmed = Stadfesta!<br />Du abonnerer!
+unsub-button = Avslutt abonnementet
+unsub-survey-headline = Du abonnerer ikkje lenger.
+# Link to share Firefox Monitor on Facebook. Positioned next to Facebook logo.
+share = Del
+# Link to share Firefox Monitor on Twitter. Positioned next to Twitter logo.
+tweet = Tweet
+download-firefox-quantum = Last ned { -brand-Quantum }
+download-firefox-mobile = Last ned { -brand-name } for mobil
+# Features here refers to Firefox browser features. 
+features = Funksjonar
+# beta-nightly-developer-edition refers to additional versions of Firefox Browser
+beta-nightly-developer-edition = Beta, Nightly, Developer Edition
+share-email = E-postadresse
+# Appears at the end of a list of email-clients and refers to any other unlisted email-client.
+share-other = Andre

locales/nn-NO/data-classes.ftl

@@ -0,0 +1,48 @@
+## Breach Data Classes
+
+account-balances = Konto-saldoar
+address-book-contacts = Adressebokskontaktar
+age-groups = Aldersgrupper
+ages = Aldrar
+apps-installed-on-devices = Appar er installerte på einingar
+astrological-signs = Stjerneteikn
+audio-recordings = Lydinnspelingar
+auth-tokens = Godkjenningstoken
+avatars = Avatarar
+bank-account-numbers = Bankkontonummer
+beauty-ratings = Venleiksvurderingar
+biometric-data = Biometriske data
+browsing-histories = Nettlesarhistorikk
+drinking-habits = Drikkevanar
+email-addresses = E-postadresser
+email-messages = E-postmeldingar
+employers = Arbeidsgjevarar
+ethnicities = Etnisitetar
+genders = Kjønn
+imei-numbers = IMEI-nummer
+imsi-numbers = IMSI-nummer
+ip-addresses = IP-adresser
+job-titles = Jobbtitlar
+mac-addresses = MAC-adresser
+marital-statuses = Sivilstand
+names = Namn
+nationalities = Nasjonalitetar
+nicknames = Kallenamn
+occupations = Yrke
+parenting-plans = Foreldreplanar
+passport-numbers = Passnummer
+password-hints = Passordhint
+passwords = Passord
+payment-histories = Betalingshistorikk
+payment-methods = Betalingsmåtar
+personal-descriptions = Personlege skildringar
+personal-health-data = Personlege helsedata
+personal-interests = Personlege interesser
+phone-numbers = Telefonnummer
+photos = Bilde
+physical-addresses = Fysiske adresser
+physical-attributes = Fysiske kjenneteikn
+pins = PIN-kodar
+political-donations = Donasjonar til politiske føremål
+political-views = Politisk syn
+private-messages = Private meldingar

locales/nn-NO/email-strings.ftl

@@ -0,0 +1,2 @@
+# A link to legal information about mozilla products.
+legal = Juridisk informasjon

locales/ru/app.ftl

@@ -9,7 +9,7 @@
 -brand-Quantum = Firefox Quantum
 -brand-Mozilla = Mozilla
 -brand-HIBP =
-    {
+    { $case ->
         [nominative] Сервис Have I Been Pwned
         [genitive] Сервисом Have I Been Pwned
        *[dative] Сервису Have I Been Pwned

package-lock.json

@@ -3278,9 +3278,9 @@
       }
     },
     "fluent": {
-      "version": "0.8.1",
-      "resolved": "https://registry.npmjs.org/fluent/-/fluent-0.8.1.tgz",
-      "integrity": "sha512-hVlyzl3N9okoqqQUd6cExsBAOmxBeaxP3JFmBBPkYqSRQs4d2U2y2a5KxwMSvno1m9nmwM4CsjeBWdJ9wSYWsA=="
+      "version": "0.10.0",
+      "resolved": "https://registry.npmjs.org/fluent/-/fluent-0.10.0.tgz",
+      "integrity": "sha512-2I6xaHecA76FiGavw6eKurXaHd6p25eenAgRYKSaMwJEpbvWpAlwFWAnC+BGzrGIKINUHwDlCQRtRenJvlbqQQ=="
     },
     "fluent-langneg": {
       "version": "0.1.0",

package.json

@@ -19,7 +19,7 @@
     "express": "^4.16.2",
     "express-bearer-token": "^2.2.0",
     "express-handlebars": "^3.0.0",
-    "fluent": "^0.8.1",
+    "fluent": "^0.10.0",
     "fluent-langneg": "^0.1.0",
     "full-icu": "^1.2.1",
     "git-rev-sync": "^1.12.0",

public/js/analytics_tracking_protection.js

@@ -29,14 +29,6 @@ function browserName() {
 }
 
 
-function removeUtms() {
-  const win = window;
-  const loc = win.location;
-  if (loc.search.includes("utm_") && win.history.replaceState) {
-    win.history.replaceState({}, "", loc.pathname);
-  }
-}
-
 
 if (browserName() === "firefox") {
   if (document.getElementById("download-firefox") || document.getElementById("download-firefox-bar")) {
@@ -67,5 +59,5 @@ if(typeof(ga) !== "undefined") {
     ga("set", "page", pageValue);
   }
 
-	ga("send", "pageview", {"hitCallback": removeUtms});
+	ga("send", "pageview");
 }

public/js/monitor.js

@@ -440,6 +440,10 @@ document.addEventListener("touchstart", function(){}, true);
 window.addEventListener("pageshow", function() {
   ga_sendPing("Pageview", false);
 
+  if (window.location.search.includes("utm_") && window.history.replaceState) {
+    window.history.replaceState({}, "", window.location.toString().replace(/[?&]utm_.*/g, ""));
+  }
+
   if (document.forms) {
     restoreInputs();
   }

tests/controllers/hibp.test.js

@@ -55,7 +55,7 @@ test("notify POST with breach, subscriber hash prefix and suffixes should call s
   await hibp.notify(mockRequest, mockResponse);
 
   const mockFluentFormatCalls = LocaleUtils.fluentFormat.mock.calls;
-  expect (mockFluentFormatCalls.length).toBe(2);
+  expect (mockFluentFormatCalls.length).toBe(1);
   const mockFluentFormatCallArgs = mockFluentFormatCalls[0];
   expect (mockFluentFormatCallArgs[0]).toEqual(["en"]);
   expect (mockFluentFormatCallArgs[1]).toBe("hibp-notify-email-subject");
@@ -95,6 +95,8 @@ test("notify POST for subscriber with no signup_language should default to en",
   jest.mock("../../hibp");
   EmailUtils.sendEmail = jest.fn();
   LocaleUtils.fluentFormat = jest.fn();
+  HIBPLib.subscribeHash = jest.fn();
+
   const testEmail = "subscriberWithoutLanguage@test.com";
 
   await DB.addSubscriber(testEmail);

tests/controllers/user.test.js

@@ -102,7 +102,7 @@ test("user unsubscribe GET request with valid token returns error", async () =>
   const validToken = "0e2cb147-2041-4e5b-8ca9-494e773b2cf0";
 
   // Set up mocks
-  const req = { fluentFormat: jest.fn(), query: { token: validToken } };
+  const req = { fluentFormat: jest.fn(), query: { token: validToken, hash: "ad9c69bcc69b3399775d2ddbe9b0b229369fca42" } };
   const resp = httpMocks.createResponse();
 
   // Call code-under-test

views/partials/email_partials/email_button.hbs

@@ -6,7 +6,7 @@
           <tr>
             <td class="email-button-wrapper" align="center" bgcolor="#0060df" style="width: 100%; max-width: 530px; border-radius: 2px;">
               <a class="email-button" href="{{ href }}" rel="noopener" style="text-align: center; text-decoration: none; color: #ffffff; padding-top: 12px; padding-right: 30px; padding-left: 30px; padding-bottom: 12px; border: 1px solid #0060df; display: inline-block; font-size: 13px;">
-               {{ buttonValue }}
+                {{fluentFormat supportedLocales fluentStringID}}
               </a>
             </td>
           </tr>

views/partials/email_partials/email_verify.hbs

@@ -12,7 +12,7 @@
   <table border="0" cellspacing="0" cellpadding="0" width="100%" style="width: 100%; padding-top: 30px; padding-bottom: 30px;">
     <tr>
       <td>
-        {{>email_partials/email_button href=verifyUrl}}
+        {{>email_partials/email_button href=verificationHref fluentStringID="verify-my-email"}}
       </td>
     </tr> 
   </table>

views/partials/email_partials/report.hbs

@@ -37,7 +37,7 @@
   <table class="table-button" border="0" cellpadding="0" cellspacing="0" width="100%" style="padding-top: 20px; padding-bottom: 20px; margin: 0px;">
     <tr>
       <td>
-        {{> email_partials/email_button href=SERVER_URL}}
+        {{> email_partials/email_button href=scanAnotherEmailHref fluentStringID="report-scan-another-email"}}
       </td>
     </tr>
   </table>

views/partials/hibp_attribution.hbs

@@ -1 +1,3 @@
-<span class="source-info">{{{fluentFormat req.supportedLocales "hibp-attribution" hibp-link='<a id="hibp-link" href="https://www.haveibeenpwned.com" target="_blank" rel="noopener noreferrer">Have I Been Pwned</a>'}}}</span>
+<span class="source-info">
+  {{{fluentFormat req.supportedLocales "hibp-attribution" hibp-link='<a id="hibp-link" href="https://www.haveibeenpwned.com" data-analytics-event="Link" data-analytics-label="Clicked HIBP" target="_blank" rel="noopener noreferrer">Have I Been Pwned</a>'}}}
+</span>