Fixes#2916. The signature didn't cause any bugs, since the DB object is only used for very specific things in the profile_server_messaging and must-reset scripts, but this corrects the invocation.
Also makes the UnblockCode parameter explicitly optional.
Fixes#2633.
Once the email service starts handling bounce and complaint events we
will need a way for it to tell the auth server to emit metrics. This
change adds a handler + config for a new SQS queue to that end. It
duplicates some of the code from other handlers but that's intentional,
we plan to remove those queues eventually.
Previously it would require() its own version of the logging module, and hence would not correctly use various test stubs and mocks, and hence caused npm test to dump a bunch of logging output to the screen when executing the remote tests. This changes it to accept the log object as an argument in a similar style to other modules in this repo.
Fixes#2106.
Prevents us from accidentally calling db.devices more than once per request. I saw one definite case of this in /recovery_email/verify_code and it's possible there were others. I'll also be making use of this property heavily for the amplitude events, so it will get further usage imminently.
Making the change necessitated pulling calls to db.devices out of lib/push, which triggered some refactoring that almost got away from me. I'll add inline commentary to call out why things have changed the way they have, but most push methods now take an extra devices argument and a few other methods became redundant so I deleted them. I don't think I've broken anything.
This settles our dance of `Buffer` vs `String` down to simply this:
> You have a `String`. You should (almost) never have a `Buffer`.
Buffers are useful for talking about a specific set of bytes, without an
encoding. In our app, the places where this is useful are:
- crypto
- mysql
We don't actually speak MySQL in this repo anywhere, so that leaves us
with only crypto. Instead of requiring the mental overhead of "Do I have
a buffer or a string?" throughout all our code base, we can just push
that completely into the crypto code.
This *should* reduce bugs where we aren't sure if we have a `Buffer` or
a `String`. If you're not in crypto, you should just have a `String`.
This refactors our remote test driver to stop spawning multiple
child processes to run our servers, and instead to run the servers
in the same process.
- By using the same process, we can pass configuration as a plain old
JavaScript object, and not have to be adjusting the `process.env`.
While writing this patch, `process.env` pollution was already found
to make some tests dependent on others running first. Now, we can
isolate the tests by starting a server with a private config object,
and the other tests are non the wiser.
- By not starting up and tear down child processes for each suite of
remote tests, the full set runs much faster. In my case, running the
remote tests went from ~4 minutes to ~1 minute.
Adds a `unblockCode` parameter to the `/account/login` route, which can
be used to bypass select rate-limits.
Also addes `/account/login/send_unblock_code` and
`/account/login/reject_unblock_code` routes, to facilitate receiving an
unblock code through email, or to reject and report one if someone tried
attacking your account.
Closes#1398
hritvi
Ian Bicking
vladikoff
Ryan Kelly
Phil Booth
Vijay Budhram
Ryan Kelly
John Morrison
Sean McArthur
Edouard Oger