added fxa-verifiedEmail to the signed certificate. fixes #630

bin/signer.js

@@ -37,7 +37,8 @@ process.on('message', function (message) {
       {
         // include additional keys in the cert payload
         'fxa-generation': message.generation,
-        'fxa-lastAuthAt': message.lastAuthAt
+        'fxa-lastAuthAt': message.lastAuthAt,
+        'fxa-verifiedEmail': message.verifiedEmail
       },
       _privKey,
       function (err, cert) {

routes/sign.js

@@ -70,7 +70,8 @@ module.exports = function (log, isA, error, signer, domain) {
             publicKey: publicKey,
             duration: duration,
             generation: sessionToken.verifierSetAt,
-            lastAuthAt: sessionToken.lastAuthAt()
+            lastAuthAt: sessionToken.lastAuthAt(),
+            verifiedEmail: sessionToken.email
           },
           function (err, result) {
             if (err) {

test/remote/certificate_sign_tests.js

@@ -42,6 +42,7 @@ TestServer.start(config)
             t.equal(payload.principal.email.split('@')[0], client.uid, 'cert has correct uid')
             t.ok(payload['fxa-generation'] > 0, 'cert has non-zero generation number')
             t.ok(new Date() - new Date(payload['fxa-lastAuthAt'] * 1000) < 1000 * 60 * 60, 'lastAuthAt is plausible')
+            t.equal(payload['fxa-verifiedEmail'], email, 'verifiedEmail is correct')
           }
         )
     }