From 3e8da719eea9605ec6f1632a5c3ba1aa1f1379ef Mon Sep 17 00:00:00 2001
From: lloan alas
Date: Wed, 27 Sep 2023 13:57:54 -0700
Subject: [PATCH] initial round of string changes - firefox account(s) to
mozilla account(s)
---
README.md | 20 +-
docs/end-to-end-local-email-dev.md | 311 +++++++++---------
docs/frontend-architecture.md | 12 +-
docs/fx-integration.md | 2 +-
docs/translations.md | 3 +-
e2e-tests/specs/relay-e2e.spec.ts | 2 +-
frontend/pendingTranslations.ftl | 9 +
.../layout/navigation/MobileNavigation.tsx | 3 +-
frontend/src/hooks/api/profile.ts | 2 +-
frontend/src/hooks/api/runtimeData.ts | 1 +
frontend/src/pages/faq.page.tsx | 4 +-
frontend/src/pages/vpn-relay-welcome.page.tsx | 2 +-
.../sync_phone_related_dates_on_profile.py | 2 +-
privaterelay/tests/views_tests.py | 2 +-
privaterelay/utils.py | 2 +-
15 files changed, 197 insertions(+), 180 deletions(-)
diff --git a/README.md b/README.md
index acf6be2eb..64a4f154d 100644
--- a/README.md
+++ b/README.md
@@ -2,16 +2,15 @@
-
-# Private Relay
+# Private Relay
+
[![License: MPL 2.0](https://img.shields.io/badge/License-MPL%202.0-brightgreen.svg)](https://raw.githubusercontent.com/mozilla/fx-private-relay/main/LICENSE)
![Repo Size](https://img.shields.io/github/repo-size/Mozilla/fx-private-relay)
[![Coverage Status](https://coveralls.io/repos/github/mozilla/fx-private-relay/badge.svg?branch=main)](https://coveralls.io/github/mozilla/fx-private-relay?branch=main)
[![What's Deployed](https://img.shields.io/badge/whatsdeployed-dev,stage,prod-green.svg)](https://whatsdeployed.io/s/60j/mozilla/fx-private-relay)
[![CircleCI](https://dl.circleci.com/status-badge/img/gh/mozilla/fx-private-relay/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/mozilla/fx-private-relay/tree/main)
-
Private Relay provides generated email addresses to use in place of personal
email addresses.
@@ -30,7 +29,7 @@ them](https://www.facebook.com/business/help/606443329504150?helpref=faq_content
- [Getting the latest translations](#getting-the-latest-translations)
- [Add/update messages for translation](#addupdate-messages-for-translation)
- [Commit translations for release](#commit-translations-for-release)
- - [Recommended: Enable Firefox Accounts authentication](#recommended-enable-firefox-accounts-authentication)
+ - [Recommended: Enable Mozilla Accounts authentication](#recommended-enable-mozilla-accounts-authentication)
- [Optional: Install and run the add-on locally](#optional-install-and-run-the-add-on-locally)
- [Optional: Run a development server to compile the frontend](#optional-run-a-development-server-to-compile-the-frontend)
- [Optional: Enable Premium Features](#optional-enable-premium-features)
@@ -39,6 +38,7 @@ them](https://www.facebook.com/business/help/606443329504150?helpref=faq_content
- [Production Environments](#production-environments)
- [Requirements](#requirements-1)
- [Environment Variables](#environment-variables)
+
## Development
Please refer to our [coding standards](docs/coding-standards.md) for code styles, naming conventions and other methodologies.
@@ -194,9 +194,9 @@ of the translations submodule:
An automated process updates the submodule daily, bringing in any new changes
and translations from the Localization Team.
-### Recommended: Enable Firefox Accounts authentication
+### Recommended: Enable Mozilla Accounts authentication
-To enable Firefox Accounts authentication on your local server, you can use the
+To enable Mozilla Accounts authentication on your local server, you can use the
"Firefox Private Relay local dev" OAuth app on accounts.stage.mozaws.net.
To do so:
@@ -222,11 +222,11 @@ To do so:
6. [Go to the django-allauth social app admin
page](http://127.0.0.1:8000/admin/socialaccount/socialapp/), sign in with the
- superuser account you created above, and add a social app for Firefox Accounts:
+ superuser account you created above, and add a social app for Mozilla Accounts:
| Field | Value |
| ---------- | ------------------------------------------------------- |
-| Provider | Firefox Accounts |
+| Provider | Mozilla Accounts |
| Name | `accounts.stage.mozaws.net` |
| Client id | `9ebfe2c2f9ea3c58` |
| Secret key | Request this from `#fx-private-relay-eng` Slack channel |
@@ -274,7 +274,7 @@ To enable the premium Relay features, we integrate with the [FXA Subscription
Platform](https://mozilla.github.io/ecosystem-platform/relying-parties/reference/sub-plat-overview).
At a high level, to set up Relay premium subscription, we:
-1. [Enable Firefox Accounts Authentication](#recommended-enable-firefox-accounts-authentication) as described above.
+1. [Enable Mozilla Accounts Authentication](#recommended-enable-firefox-accounts-authentication) as described above.
2. Create a product & price in our [Stripe dashboard](https://dashboard.stripe.com/).
(Ask in #subscription-platform Slack channel to get access to our Stripe dashboard.)
@@ -286,7 +286,7 @@ At a high level, to set up Relay premium subscription, we:
In detail:
-1. [Enable Firefox Accounts Authentication](#recommended-enable-firefox-accounts-authentication) as described above.
+1. [Enable Mozilla Accounts Authentication](#recommended-enable-firefox-accounts-authentication) as described above.
2. Go to our [Stripe dashboard](https://dashboard.stripe.com/).
(Ask in #subscription-platform Slack channel to get access to our Stripe dashboard.)
diff --git a/docs/end-to-end-local-email-dev.md b/docs/end-to-end-local-email-dev.md
index a416a85ca..c591f7f1c 100644
--- a/docs/end-to-end-local-email-dev.md
+++ b/docs/end-to-end-local-email-dev.md
@@ -1,4 +1,5 @@
# End-to-end Local Development
+
Rather than operate SMTP directly, Relay uses AWS SES via HTTPS. So, a full
local end-to-end setup works like this:
@@ -16,12 +17,13 @@ sequenceDiagram
## Requirements
-* Your own domain and the ability to publish MX and CNAME records to it
-* AWS account
-* (Suggested) [ngrok.io][ngrok] account
-* Enable Firefox Accounts authentication (see README)
+- Your own domain and the ability to publish MX and CNAME records to it
+- AWS account
+- (Suggested) [ngrok.io][ngrok] account
+- Enable Mozilla Accounts authentication (see README)
## Overview
+
At a high level, you will need to:
1. Publish an MX record at your domain pointing to AWS SES
@@ -33,20 +35,21 @@ At a high level, you will need to:
7. (Optional) [Convert to back-end processing](#convert-to-back-end-processing)
### Publish MX at your domain
-When a sending Mail Transfer Agents (MTA) delivers email to a domain, it
-queries that domain's DNS for an MX record. The MX record is the address of
-the SMTP server to which the sending MTA can connect. For Relay, that SMTP
+
+When a sending Mail Transfer Agents (MTA) delivers email to a domain, it
+queries that domain's DNS for an MX record. The MX record is the address of
+the SMTP server to which the sending MTA can connect. For Relay, that SMTP
server is AWS. So:
1. Go to your domain's DNS and add a new MX record pointing to your AWS
region. E.g.:
- * Hostname: `*`
- * Priority: 10
- * Server: inbound-smtp.us-east-1.amazonaws.com
- * TTL: 15
-
+ - Hostname: `*`
+ - Priority: 10
+ - Server: inbound-smtp.us-east-1.amazonaws.com
+ - TTL: 15
### Set up your AWS SES to send emails TO your app via HTTPS
+
Since AWS will accept SMTP traffic from MTAs sending email to your domain,
you will need to verify your domain ownership for AWS. Then, configure
SES to send all inbound email to your app (via SNS HTTPS subscription). A
@@ -54,6 +57,7 @@ helpful tool for this is [ngrok][ngrok], which can proxy a public domain to
your 127.0.0.1 server.
#### Verify your domain ownership
+
AWS needs to verify you own the domain before it will send its email to you.
1. [Create a new domain identity][create-new-identity] in your SES "Verified
@@ -63,6 +67,7 @@ AWS needs to verify you own the domain before it will send its email to you.
SES generated for you.
#### (Suggested) Use ngrok to make your local server available
+
When SES sends email thru an SNS HTTPS subscription, it is helpful to have a
permanent public domain that proxies your local server. [ngrok](ngrok) is a
handy tool for this.
@@ -83,17 +88,18 @@ Forwarding https://myrelay.ngrok.io -> 127.0.0.1:8000
Add the ngrok.io domain to the allowed hosts:
-* `DJANGO_ALLOWED_HOST=127.0.0.1,myrelay.ngrok.io`
+- `DJANGO_ALLOWED_HOST=127.0.0.1,myrelay.ngrok.io`
In a different console, run the development server. Ensure:
-* The destination host works, such as http://127.0.0.1:8000
-* The ngrok.io hostname works, such as https://myrelay.ngrok.io
+- The destination host works, such as http://127.0.0.1:8000
+- The ngrok.io hostname works, such as https://myrelay.ngrok.io
-Firefox Accounts authentication doesn't work with multiple domains. Most
+Mozilla Accounts authentication doesn't work with multiple domains. Most
developers will continue to log in with FxA at http://127.0.0.1:8000
#### Create SNS topic subscription that sends HTTPS POSTs to your local server
+
To confirm an SNS HTTPS topic subscription, you need to receive and visit a
confirmation link from AWS. But Relay also checks HTTPS POSTs are for the
proper Topic ARN, so you need to do these steps in this order:
@@ -107,6 +113,7 @@ proper Topic ARN, so you need to do these steps in this order:
url.
#### Configure SES to send email to your SNS topic
+
1. In your [SES Email Receiving][ses-email-receiving] panel, create a new rule
set.
2. In that rule set, create a rule "ses-all-inbound-to-sns"
@@ -115,45 +122,45 @@ proper Topic ARN, so you need to do these steps in this order:
4. In [SES Email Receiving][ses-email-receiving], ensure the rule
"ses-all-inbound-to-sns" is Active.
-
### Configure your app to accept emails addressed to your domain
+
Django and our Relay code have checks to make sure the HTTPS POSTs are for the
right domain. So, you'll need to set some environment variable values:
-* `MOZMAIL_DOMAIN=yourdomain.com`
-* `RELAY_FROM_ADDRESS=relay@yourdomain.com`
+- `MOZMAIL_DOMAIN=yourdomain.com`
+- `RELAY_FROM_ADDRESS=relay@yourdomain.com`
Note again: These are NOT your ngrok.io domain.
### Set up your AWS SES to send emails FROM your app
+
The last part of Relay is sending emails FROM the Relay app to the real email
addresses of the owners of Relay aliases. You will need to create an AWS SES
Configuration set for your local Relay server. And, while in SES "sandbox"
mode, you need to add one of your own email addresses as a verified identity.
1. [Create an SES configuration set][create-ses-config].
- * (All defaults are fine)
+ - (All defaults are fine)
2. Set the AWS env vars:
- * `AWS_SES_CONFIGSET`
- * `AWS_REGION`
- * `AWS_ACCESS_KEY_ID` *Must be set in the environment, not just in .env*
- * `AWS_SECRET_ACCESS_KEY` *Also must be set in the environment*
-2. [Create a new verified identity][create-new-identity] email address.
- * AWS will send you a confirmation link to the address.
-3. Register a local Relay user with this email address.
-4. Create an alias with this Relay user.
+ - `AWS_SES_CONFIGSET`
+ - `AWS_REGION`
+ - `AWS_ACCESS_KEY_ID` _Must be set in the environment, not just in .env_
+ - `AWS_SECRET_ACCESS_KEY` _Also must be set in the environment_
+3. [Create a new verified identity][create-new-identity] email address.
+ - AWS will send you a confirmation link to the address.
+4. Register a local Relay user with this email address.
+5. Create an alias with this Relay user.
### Send a test email
1. Run your local Relay server and ngrok:
- * `python manage.py runserver 127.0.0.1:8000`
- * `ngrok http -subdomain=myrelay 127.0.0.1:8000`
+ - `python manage.py runserver 127.0.0.1:8000`
+ - `ngrok http -subdomain=myrelay 127.0.0.1:8000`
2. Go to your favorite email address and send an email to the Relay alias you
generated above.
3. You should see a POST to `/emails/sns-inbound` in your `runserver` process!
4. You should see the test email in the Inbox of the final destination/recipient of the alias!
- * Note: the final destination/recipient address for the alias must be in your SES "verified identities" for SES to actually send it emails.
-
+ - Note: the final destination/recipient address for the alias must be in your SES "verified identities" for SES to actually send it emails.
[create-new-identity]: https://console.aws.amazon.com/ses/home?region=us-east-1#/verified-identities/create
[ses-email-receiving]: https://console.aws.amazon.com/ses/home?region=us-east-1#/email-receiving
@@ -162,7 +169,6 @@ mode, you need to add one of your own email addresses as a verified identity.
[sns-topic-panel]: https://console.aws.amazon.com/sns/v3/home?region=us-east-1#/topics
[create-ses-config]: https://console.aws.amazon.com/ses/home?region=us-east-1#/configuration-sets/create
-
## (Optional) Convert to store in S3
In Q1 2022, we adjusted AWS SES to store emails in S3 before adding them to
@@ -182,30 +188,30 @@ The steps to setup S3 transfer:
By adding the encryption key first, the AWS console will be able to add
permissions as we use it.
-* Load the [Customer managed keys][customer-managed-keys] page, and select "Create Key"
- * Step 1: Configure key
- * Key type: Symmetric
- * Advanced options: defaults are OK:
- - Key material origin: KMS
- - Regionality: Single-Region key
- * Click "Next"
- * Step 2: Add labels
- * Alias: RelayKey or similar
- * Description: This key is used to encrypt incoming SES messages processed by SNS, SQS, and S3.
- * Tags: *None*
- * Click "Next"
- * Step 3: Define key administrative permissions
- * Key administrators: Add your login user, if applicable
- * Key deletion: Select Allow key administrators to delete this key (default)
- * Click "Next"
- * Step 4: Define key usage permissions
- * This account: Add the app key user, if applicable
- * Other AWS accounts: *None*
- * Step 5: Review
- * Add the statement below to the key policy
- * Click "Finish"
+- Load the [Customer managed keys][customer-managed-keys] page, and select "Create Key"
+ - Step 1: Configure key
+ - Key type: Symmetric
+ - Advanced options: defaults are OK:
+ - Key material origin: KMS
+ - Regionality: Single-Region key
+ - Click "Next"
+ - Step 2: Add labels
+ - Alias: RelayKey or similar
+ - Description: This key is used to encrypt incoming SES messages processed by SNS, SQS, and S3.
+ - Tags: _None_
+ - Click "Next"
+ - Step 3: Define key administrative permissions
+ - Key administrators: Add your login user, if applicable
+ - Key deletion: Select Allow key administrators to delete this key (default)
+ - Click "Next"
+ - Step 4: Define key usage permissions
+ - This account: Add the app key user, if applicable
+ - Other AWS accounts: _None_
+ - Step 5: Review
+ - Add the statement below to the key policy
+ - Click "Finish"
-This Key Policy statement (change ``111122223333`` to your account number)
+This Key Policy statement (change `111122223333` to your account number)
allows SES to access the key. Add it to key policy with the other statements:
```json
@@ -213,17 +219,13 @@ allows SES to access the key. Add it to key policy with the other statements:
"Sid": "AllowSESToEncryptMessagesBelongingToThisAccount",
"Effect": "Allow",
"Principal": {
- "Service":"ses.amazonaws.com"
+ "Service": "ses.amazonaws.com"
},
- "Action": [
- "kms:GenerateDataKey*",
- "kms:Encrypt",
- "kms:Decrypt"
- ],
+ "Action": ["kms:GenerateDataKey*", "kms:Encrypt", "kms:Decrypt"],
"Resource": "*",
- "Condition":{
- "StringEquals":{
- "AWS:SourceAccount":"111122223333"
+ "Condition": {
+ "StringEquals": {
+ "AWS:SourceAccount": "111122223333"
},
"StringLike": {
"AWS:SourceArn": "arn:aws:ses:*"
@@ -237,20 +239,20 @@ allows SES to access the key. Add it to key policy with the other statements:
### Convert AWS SES to store emails in a new S3 bucket
1. Go to [SES Email Receiving][ses-email-receiving].
-2. Select the ruleset ``ses-all-inbound-to-sns``
-3. Select the rule ``ses-all-inbound-to-sns``
+2. Select the ruleset `ses-all-inbound-to-sns`
+3. Select the rule `ses-all-inbound-to-sns`
4. Select the "Actions" tab, and the "Edit"
- - Step 3: Add actions:
- * Click "Remove" to remove "Publish to Amazon SNS topic"
- * In "Add new action", select "Deliver to S3 bucket"
- * S3 bucket: Select "Create S3 bucket", and select a name like "fxrelay-emails-myusername"
- * Object key prefix: emails
- * Message encryption: De-select Enable (default)
- * SNS topic: Select your existing SNS topic
- * Click Next
- - Review:
- * Step 3 now shows "S3Action" for Action type
- * Click "Save changes"
+ - Step 3: Add actions:
+ - Click "Remove" to remove "Publish to Amazon SNS topic"
+ - In "Add new action", select "Deliver to S3 bucket"
+ - S3 bucket: Select "Create S3 bucket", and select a name like "fxrelay-emails-myusername"
+ - Object key prefix: emails
+ - Message encryption: De-select Enable (default)
+ - SNS topic: Select your existing SNS topic
+ - Click Next
+ - Review:
+ - Step 3 now shows "S3Action" for Action type
+ - Click "Save changes"
### Configure the new AWS S3 Bucket
@@ -261,56 +263,58 @@ contains a fake email saying that SES is delivering to this S3 bucket.
These changes needed to line up with other deployments:
-* Properties - enable server-side encryption
-* Permissions - disabled public access
-* Management - delete after 3 days
+- Properties - enable server-side encryption
+- Permissions - disabled public access
+- Management - delete after 3 days
[s3-buckets-page]: https://s3.console.aws.amazon.com/s3/buckets?region=us-east-1
#### Update Properties - Enable encryption
+
On the **Properties** tab:
-* In the "Default encryption" section, select "Edit":
- - Server-side encryption: select Enable
- - Encryption key type: AWS Key Management Service key (SSE-KMS)
- - AWS KMS key: Choose from your AWS KMS keys, select the RelayKey
- - Bucket Key: Enable
- - Select "Save Changes"
+- In the "Default encryption" section, select "Edit":
+ - Server-side encryption: select Enable
+ - Encryption key type: AWS Key Management Service key (SSE-KMS)
+ - AWS KMS key: Choose from your AWS KMS keys, select the RelayKey
+ - Bucket Key: Enable
+ - Select "Save Changes"
#### Update Permissions
On the **Permissions** tab:
-* In the "Block public access (bucket settings), select "Edit":
- - Select "Block *all* public access"
- - Select "Save Changes"
- - Type "confirm" to confirm
+- In the "Block public access (bucket settings), select "Edit":
+ - Select "Block _all_ public access"
+ - Select "Save Changes"
+ - Type "confirm" to confirm
#### Update Management
On the **Management** tab:
-* In the "Lifecycle rules" section (top), select "Create lifecycle rule"
- * Lifecycle rule configuration
- * Lifecycle rule name: ``delete-expired``
- * Choose a rule scope: Leave at "Limit the scope of this rule using one or more filters"
- * Filter type - Prefix: ``emails/``
- * Leave with no tags, and no object size filters
- * Lifecycle rule actions
- * Select option 3, "Expire current versions of objects". For an
- unversioned bucket, this deletes the object.
- * Expire current versions of objects (this section appears after selecting the action)
- * Days after object creation: 3
- * Review transition and expiration actions (read-only, confirms settings)
- * Current version actions:
- * Day 0: Objects uploaded
- * Day 3: Objects expire
- * Noncurrent versions actions
- * Day 0: No actions defined.
- * Select "Create rule" to return to the Lifecycle Configuration details.
- * Select the bucket name from the breadcrumbs to return to bucket details
+- In the "Lifecycle rules" section (top), select "Create lifecycle rule"
+ - Lifecycle rule configuration
+ - Lifecycle rule name: `delete-expired`
+ - Choose a rule scope: Leave at "Limit the scope of this rule using one or more filters"
+ - Filter type - Prefix: `emails/`
+ - Leave with no tags, and no object size filters
+ - Lifecycle rule actions
+ - Select option 3, "Expire current versions of objects". For an
+ unversioned bucket, this deletes the object.
+ - Expire current versions of objects (this section appears after selecting the action)
+ - Days after object creation: 3
+ - Review transition and expiration actions (read-only, confirms settings)
+ - Current version actions:
+ - Day 0: Objects uploaded
+ - Day 3: Objects expire
+ - Noncurrent versions actions
+ - Day 0: No actions defined.
+ - Select "Create rule" to return to the Lifecycle Configuration details.
+ - Select the bucket name from the breadcrumbs to return to bucket details
### Allow the app AWS user to manage the S3 bucket
+
Starting at the [Identity and Access Management (IAM) Dashboard][iam-dashboard],
add the full access policy to the AWS user that you use from the app:
@@ -326,9 +330,9 @@ GetObject
DeleteObject
```
-You'll need the bucket permission (like ``arn:aws:s3:::fxrelay-emails-myusername``)
-for ``ListBucket``, and object permission (like
-``arn:aws:s3:::fxrelay-emails-myusername/*``) for ``GetObject`` and ``DeleteObject``.
+You'll need the bucket permission (like `arn:aws:s3:::fxrelay-emails-myusername`)
+for `ListBucket`, and object permission (like
+`arn:aws:s3:::fxrelay-emails-myusername/*`) for `GetObject` and `DeleteObject`.
[iam-dashboard]: https://us-east-1.console.aws.amazon.com/iamv2/home#/home
@@ -337,13 +341,13 @@ for ``ListBucket``, and object permission (like
Same as before:
1. Run your local Relay server and ngrok:
- * `python manage.py runserver 127.0.0.1:8000`
- * `ngrok http -subdomain=myrelay 127.0.0.1:8000`
+ - `python manage.py runserver 127.0.0.1:8000`
+ - `ngrok http -subdomain=myrelay 127.0.0.1:8000`
2. Go to your favorite email address and send an email to the Relay alias you
generated above.
3. You should see a POST to `/emails/sns-inbound` in your `runserver` process!
4. You should see the test email in the Inbox of the final destination/recipient of the alias!
- * Note: the final destination/recipient address for the alias must be in your SES "verified identities" for SES to actually send it emails.
+ - Note: the final destination/recipient address for the alias must be in your SES "verified identities" for SES to actually send it emails.
One way to see the S3 object is to add a breakpoint to your local code,
so that you can examine the object in the AWS console before it is deleted.
@@ -351,13 +355,12 @@ However, SNS will quickly try the request again, so be fast!
## (Optional) Convert to back-end processing
-*Note: this change is not yet in production*
+_Note: this change is not yet in production_
In Q2 2022, we are switching from handling email as a web request, POSTed via
an SNS subscription, to a back-end process, pulling from a Simple Queue Service
(SQS) queue.
-
```mermaid
sequenceDiagram
@@ -371,41 +374,43 @@ sequenceDiagram
To make this change:
-* (Optional) Add a dead-letter queue
-* Add an SQS queue
-* Enable the app user to read from the queue
-* Turn off the SNS push subscription
-* Subscribe to SNS topic
-* Run the email task
+- (Optional) Add a dead-letter queue
+- Add an SQS queue
+- Enable the app user to read from the queue
+- Turn off the SNS push subscription
+- Subscribe to SNS topic
+- Run the email task
### (Optional) Add a dead-letter queue
+
In production, undeliverable SNS messages are sent to a dead-letter queue
(DLQ). They can be undeliverable because the service is unavailable, or because
the email is malformed, or processing is broken. An SQS queue can also have a
-dead-letter queue. If you have a SNS DLQ, you can use it for the SQS DLQ as
+dead-letter queue. If you have a SNS DLQ, you can use it for the SQS DLQ as
well. If not, you can create it.
On the [SQS dashboard][sqs-dashboard], select "Create Queue":
-* Details
- * Type: Standard
- * Name: `fx-relay-emails-dlq`
-* Select "Create Queue" to accept other defaults.
+- Details
+ - Type: Standard
+ - Name: `fx-relay-emails-dlq`
+- Select "Create Queue" to accept other defaults.
### Add an SQS queue
On the [SQS dashboard][sqs-dashboard], select "Create Queue":
-* Details
- * Type: Standard
- * Name: `fx-relay-emails`
-* Dead-letter queue - *Optional* - If you created one in the previous step:
- * Set this queue to receive undeliverable messages: Enabled
- * Choose Queue: The ARN for `fx-relay-emails-dlq`
- * Maximum receives: 3
-* Select "Create queue"
+- Details
+ - Type: Standard
+ - Name: `fx-relay-emails`
+- Dead-letter queue - _Optional_ - If you created one in the previous step:
+ - Set this queue to receive undeliverable messages: Enabled
+ - Choose Queue: The ARN for `fx-relay-emails-dlq`
+ - Maximum receives: 3
+- Select "Create queue"
### Enable the app user to read from the queue
+
Starting at the [Identity and Access Management (IAM) Dashboard][iam-dashboard],
add the full access policy to the AWS user that you use from the app:
@@ -415,38 +420,38 @@ arn:aws:iam::aws:policy/AmazonSQSFullAccess
or add the specific permissions needed by the app:
-* ``sqs:ReceiveMessage`` - Needed to read messages
-* ``sqs:DeleteMessage`` - Needed to removed messages
-* ``sqs:ChangeMessageVisibility`` - Needed to reserve a message when reading
-* ``sqs:GetQueueAttributes`` - Needed to get (approximate) queue sizes
+- `sqs:ReceiveMessage` - Needed to read messages
+- `sqs:DeleteMessage` - Needed to removed messages
+- `sqs:ChangeMessageVisibility` - Needed to reserve a message when reading
+- `sqs:GetQueueAttributes` - Needed to get (approximate) queue sizes
### Turn off the SNS push subscription
On the [SNS Topics dashboard][sns-topic-panel]:
-* Select the relay topic
-* Select radio button to the left of the `/emails/sns-inbound` subscription
-* Select "Delete"
-* Confirm "Delete"
+- Select the relay topic
+- Select radio button to the left of the `/emails/sns-inbound` subscription
+- Select "Delete"
+- Confirm "Delete"
### Subscribe to SNS topic
Back on the [SQS dashboard][sqs-dashboard], select the queue.
In the "SNS Subscriptions" tab:
-* Select "Subscribe to Amazon SNS topic"
-* In the "Amazon SNS topic" panel, choose the relay topic
-* Select "Save"
+- Select "Subscribe to Amazon SNS topic"
+- In the "Amazon SNS topic" panel, choose the relay topic
+- Select "Save"
### Run the email task
Set environment variables:
-* `AWS_ACCESS_KEY_ID`
-* `AWS_SECRET_ACCESS_KEY`
-* `AWS_SQS_EMAIL_QUEUE_URL`: The URL of the `fx-relay-emails` queue
-* `AWS_SQS_EMAIL_DLQ_URL`: The URL of the `fx-relay-emails-dlq` queue, if
- configured, otherwise omit or set to an empty string (``""``)
+- `AWS_ACCESS_KEY_ID`
+- `AWS_SECRET_ACCESS_KEY`
+- `AWS_SQS_EMAIL_QUEUE_URL`: The URL of the `fx-relay-emails` queue
+- `AWS_SQS_EMAIL_DLQ_URL`: The URL of the `fx-relay-emails-dlq` queue, if
+ configured, otherwise omit or set to an empty string (`""`)
These URLs can be found by starting at the [SQS dashboard][sqs-dashboard] and
clicking on the queue name to view details.
diff --git a/docs/frontend-architecture.md b/docs/frontend-architecture.md
index fadf4b6e1..ba238ba61 100644
--- a/docs/frontend-architecture.md
+++ b/docs/frontend-architecture.md
@@ -84,14 +84,14 @@ different sets of data are defined for different user IDs, defined in the
(IDs are inspired by [the nine states of design](https://medium.com/swlh/the-nine-states-of-design-5bfe9b3d6d85)):
- `empty`: A user that just signed up for Relay, but has not created any aliases
- yet, nor have they upgraded to Premium.
+ yet, nor have they upgraded to Premium.
- `onboarding`: A user that has just upgraded to Premium, but hasn't completed
- the Premium onboarding flow yet.
+ the Premium onboarding flow yet.
- `some`: A user that has an account that has seen some use: they've upgraded to
- Premium, and have created some aliases.
+ Premium, and have created some aliases.
- `full`: A user that has utilised most of the features of Relay. They have
- Premium, set up a custom domain, have both random and custom aliases,
- and have experienced an email bounce.
+ Premium, set up a custom domain, have both random and custom aliases,
+ and have experienced an email bounce.
If you append `?mockId=` (e.g. `?mockId=some`) to the URL, it will
automatically log in as that mocked user. This is useful to quickly showcase a
@@ -122,7 +122,7 @@ happen in either direction, there are four situations to consider:
This is mainly to tell the add-on which user is currently logged in, and data
about them. (There are also plans to minimise this to only share the API key
with the add-on, which can then fetch the rest of the data from the API
-directly, and even to have the add-on authenticate against Firefox Accounts
+directly, and even to have the add-on authenticate against Mozilla Accounts
directly and then being able to communicate with the API without even needing to
interact with the website.)
diff --git a/docs/fx-integration.md b/docs/fx-integration.md
index 7915e3c21..8bdb1db7c 100644
--- a/docs/fx-integration.md
+++ b/docs/fx-integration.md
@@ -20,7 +20,7 @@ Firefox users signed into the browser with their FxA.
## Firefox users sign into their browsers with their FxA
Relay has to forward emails to someone's existing email address. So, to use Relay, users
-create a [Firefox Account][sumo-fxa], which requires and verifies an existing email address.
+create a [Mozilla Account][sumo-fxa], which requires and verifies an existing email address.
TODO: Link to tech doc for Firefox/FxA integration.
diff --git a/docs/translations.md b/docs/translations.md
index c93395517..b5e2ca316 100644
--- a/docs/translations.md
+++ b/docs/translations.md
@@ -1,4 +1,5 @@
# Translation and Localization
+
Translations are maintained in separate repositories that are managed by the
[Mozilla Localization Team](https://github.com/mozilla-l10n). There is a
Pontoon project for the
@@ -21,7 +22,7 @@ are also embedded in the JavaScript during the build process, so that the
website text is translated.
The user's desired language is parsed from the `Accept-Language` header,
-provided by their browser. When the user signs up for a Firefox Account, their
+provided by their browser. When the user signs up for a Mozilla Account, their
`Accept-Language` header is captured, and this is used for translated headers in
forwarded emails. When a user visits the Relay website or uses the add-on,
their current `Accept-Language` header is used.
diff --git a/e2e-tests/specs/relay-e2e.spec.ts b/e2e-tests/specs/relay-e2e.spec.ts
index e049e611e..ddfbae104 100644
--- a/e2e-tests/specs/relay-e2e.spec.ts
+++ b/e2e-tests/specs/relay-e2e.spec.ts
@@ -15,7 +15,7 @@ test.describe('Relay e2e function email forwarding', () => {
dashboardPage,
page
}) => {
- // This tests creates a new Firefox Account with a new mask, to have
+ // This tests creates a new Mozilla Account with a new mask, to have
// the signup confirmation email show up in the forwarded email count.
// This is a pretty slow process:
test.slow()
diff --git a/frontend/pendingTranslations.ftl b/frontend/pendingTranslations.ftl
index 7949c94d5..2ceaae19b 100644
--- a/frontend/pendingTranslations.ftl
+++ b/frontend/pendingTranslations.ftl
@@ -35,3 +35,12 @@ profile-label-set-your-custom-domain-free-user = Get your own email domain with
tooltip-email-domain-explanation-title-free = Get your own { -brand-name-relay } email domain
tooltip-email-domain-explanation-part-one-free = With { -brand-name-premium }, you can create unlimited, custom { -brand-name-relay } masks on the go using a unique { -brand-name-relay } email domain — you won’t even have to generate them here first.
+
+nav-profile-manage-fxa-v2 = Manage your { -brand-name-mozilla-account(capitalization: "uppercase") }
+nav-profile-image-alt-v2 = { -brand-name-mozilla-account(capitalization: "uppercase") } Avatar
+faq-question-acceptable-use-answer-measure-account-v2 = Requiring a { -brand-name-mozilla-account(capitalization: "uppercase") } with a verified email address
+-brand-name-mozilla-account =
+ { $capitalization ->
+ *[lowercase] Mozilla account
+ [uppercase] Mozilla Account
+ }
diff --git a/frontend/src/components/layout/navigation/MobileNavigation.tsx b/frontend/src/components/layout/navigation/MobileNavigation.tsx
index aacc41f14..fdd5dab76 100644
--- a/frontend/src/components/layout/navigation/MobileNavigation.tsx
+++ b/frontend/src/components/layout/navigation/MobileNavigation.tsx
@@ -16,6 +16,7 @@ import { useRuntimeData } from "../../../hooks/api/runtimeData";
import { getRuntimeConfig } from "../../../config";
import { getCsrfToken } from "../../../functions/cookies";
import { useL10n } from "../../../hooks/l10n";
+import { isFlagActive } from "../../../functions/waffle";
export type MenuItem = {
url: string;
@@ -95,7 +96,7 @@ export const MobileNavigation = (props: Props) => {
rel="noopener noreferrer"
className={styles["settings-link"]}
>
- {l10n.getString("nav-profile-manage-fxa")}
+ {l10n.getString(isFlagActive(runtimeData.data, "firefox-account-rebrand") ? "nav-profile-manage-fxa" : "nav-profile-manage-fxa-v2")}
diff --git a/frontend/src/hooks/api/profile.ts b/frontend/src/hooks/api/profile.ts
index 0aebdbc2d..feb7869be 100644
--- a/frontend/src/hooks/api/profile.ts
+++ b/frontend/src/hooks/api/profile.ts
@@ -104,7 +104,7 @@ export function useProfiles(): SWRResponse & {
/**
* Instead of using the `fetcher` from `api.ts`, this fetcher is specific to the profiles API.
* The reason that it's needed is that we have to tell the back-end to re-fetch data from
- * Firefox Accounts if the user was sent back here after trying to subscribe to Premium.
+ * Mozilla Accounts if the user was sent back here after trying to subscribe to Premium.
*/
const profileFetcher = async (
url: string,
diff --git a/frontend/src/hooks/api/runtimeData.ts b/frontend/src/hooks/api/runtimeData.ts
index 78822b0ae..e6cf5bdb8 100644
--- a/frontend/src/hooks/api/runtimeData.ts
+++ b/frontend/src/hooks/api/runtimeData.ts
@@ -11,6 +11,7 @@ export type FlagNames =
| "multi_replies"
| "firefox_integration"
| "mailing_list_announcement"
+ | "firefox-account-rebrand"
| "premium_promo_banners"
| "mask_redesign"
| "mobile_app";
diff --git a/frontend/src/pages/faq.page.tsx b/frontend/src/pages/faq.page.tsx
index 2eb26959c..45262a85e 100644
--- a/frontend/src/pages/faq.page.tsx
+++ b/frontend/src/pages/faq.page.tsx
@@ -440,8 +440,8 @@ const Faq: NextPage = () => {
-
- {l10n.getString(
- "faq-question-acceptable-use-answer-measure-account",
+ {l10n.getString( isFlagActive(runtimeData.data, "firefox-account-rebrand") ?
+ "faq-question-acceptable-use-answer-measure-account" : "faq-question-acceptable-use-answer-measure-account-v2",
)}
-
diff --git a/frontend/src/pages/vpn-relay-welcome.page.tsx b/frontend/src/pages/vpn-relay-welcome.page.tsx
index 1faf6b715..4b18167a8 100644
--- a/frontend/src/pages/vpn-relay-welcome.page.tsx
+++ b/frontend/src/pages/vpn-relay-welcome.page.tsx
@@ -21,7 +21,7 @@ const VpnRelayWelcome: NextPage = () => {
useEffect(() => {
// Tell the backend that there will probably be new subscriptions.
- // It will then ask Firefox Accounts for up-to-date subscription information,
+ // It will then ask Mozilla Accounts for up-to-date subscription information,
// and have that ready for the next request to `/profiles`.
authenticatedFetch("/accounts/profile/refresh");
}, []);
diff --git a/privaterelay/management/commands/sync_phone_related_dates_on_profile.py b/privaterelay/management/commands/sync_phone_related_dates_on_profile.py
index 50369e3bf..123740c1d 100644
--- a/privaterelay/management/commands/sync_phone_related_dates_on_profile.py
+++ b/privaterelay/management/commands/sync_phone_related_dates_on_profile.py
@@ -65,7 +65,7 @@ def sync_phone_related_dates_on_profile(group: str) -> int:
class Command(BaseCommand):
- help = "Sync date_subscribed_phone, date_phone_limits_reset, date_phone_subscription_end fields on Profile by syncing with Firefox Accounts data"
+ help = "Sync date_subscribed_phone, date_phone_limits_reset, date_phone_subscription_end fields on Profile by syncing with Mozilla Accounts data"
def add_arguments(self, parser: CommandParser) -> None:
parser.add_argument(
diff --git a/privaterelay/tests/views_tests.py b/privaterelay/tests/views_tests.py
index 308896965..2b9f8bed8 100644
--- a/privaterelay/tests/views_tests.py
+++ b/privaterelay/tests/views_tests.py
@@ -332,7 +332,7 @@ def get_fxa_event_jwt(
iat_skew: int = 0,
) -> str:
"""
- Return valid Firefox Accounts relying party event JWT
+ Return valid Mozilla Accounts relying party event JWT
See https://github.com/mozilla/fxa/tree/main/packages/fxa-event-broker
"""
diff --git a/privaterelay/utils.py b/privaterelay/utils.py
index 9b9680853..6e14bd81a 100644
--- a/privaterelay/utils.py
+++ b/privaterelay/utils.py
@@ -233,7 +233,7 @@ def guess_country_from_accept_lang(accept_lang: str) -> str:
If an issue is detected, a AcceptLanguageError is raised.
The header may come directly from a web request, or may be the header
- captured by Firefox Accounts (FxA) at signup.
+ captured by Mozilla Accounts (FxA) at signup.
Even with all this logic and special casing, it is still more accurate to
use a GeoIP lookup or a country code provided by the infrastructure.