fafccce5ed
fix(metrics): prohibit overwriting stashed metrics context
2018-09-24 15:06:44 +01:00
973815e94b
fix(customs): increase customs timeout to 3000ms
...
Fixes https://github.com/mozilla/fxa-customs-server/issues/275
2018-09-19 11:33:01 -04:00
28ed315231
fix(codes): increase token code font size in email
2018-09-19 11:01:37 -04:00
4954b69d2d
fix(keys): return proper error when failing to create duplicate recovery key
2018-09-12 12:23:44 -04:00
fa988786d2
feat(totp): allow reliers to request totp on login
2018-09-12 09:56:01 -04:00
fb9a8b3edc
Merge branch 'train-119' into train-120
...
# Conflicts:
# CHANGELOG.md
# npm-shrinkwrap.json
# package.json
2018-09-09 13:16:21 -04:00
e41522f732
fix(validation): allow https pushCallback URLs that contain :443
2018-09-07 20:28:13 +01:00
e9bb25cd4e
fix(recovery): update to support hashing recoveryKeyId
2018-09-05 11:00:38 -04:00
9fe542ea03
fix(logging): log errors when reading/parsing live email config
2018-08-29 20:48:00 +01:00
000b15d4ec
fix(test): update to latest token requirements ( #2601 ), r=@philbooth
2018-08-28 12:17:56 -04:00
67b70534d0
fix(config): update correct recoveryCodes config ( #2604 ), r=@philbooth
2018-08-28 11:27:45 -04:00
a00dcac4da
chore(email): force value to boolean in account deletion check
2018-08-28 15:15:39 +01:00
2e9b9e65b1
fix(errors): Surface a backendServiceFailure when connection to db fails. ( #2600 ) r=@philbooth
...
fixes #2599
2018-08-27 13:48:14 +01:00
85889ee917
fix(devices): Add feature-flag for the "device commands" functionality. ( #2591 ) r=@vladikoff
2018-08-23 11:23:45 -04:00
326881b3f9
fix(devices): disable cached devices in account destroy ( #2588 ) r=@philbooth
...
Fixes https://github.com/mozilla/fxa-content-server/issues/6467
2018-08-21 19:21:20 -04:00
0bce944b5f
refactor(devices): shortcut redundant tests for spurious device updates
...
As soon as one property is found to be different, we know an update is
not spurious. At that point any further testing is redundant, so we can
return from isSpuriousUpdate early and save ourselves the extra work to
continue testing other properties.
2018-08-21 12:28:14 +01:00
71f8c18e2d
fix(devices): treat matching device commands as spurious updates
...
The logic in devices.isSpuriousUpdate was incorrectly failing to negate
a boolean condition, meaning that matching device commands were being
treated as non-spurious. This change fixes that so they are deemed
spurious instead.
2018-08-21 12:28:14 +01:00
bebee792ce
refactor(devices): extract and write tests for devices.isSpuriousUpdate
2018-08-21 12:28:13 +01:00
eedf3212dc
fix(devices): check token.deviceAvailableCommands before dereferencing
2018-08-21 06:45:03 +01:00
3015a40669
fix(devices): used cached devices property during requests
2018-08-18 15:52:32 +01:00
8dee2e8551
refactor(validation): simplify the validation logic for email addresses
...
There was a lot of stuff going on in the validation logic that could be
replaced by one call to `RegExp.test`. And some of it was quite weird,
like running a regex individually on each character in a string instead
of running one regex on the whole string. Regexes are fast but doing it
like that slows them down unnecessarily because you're paying for the
initialisation cost on every iteration.
This replaces all that with just two regexes that run over the whole
string, one for the user part and the other for the domain part. We can
do this refactoring confidently because of the test coverage added in
eaf36151fa
2018-08-17 11:18:16 +01:00
cfb97043f9
fix(validation): don't treat `+-\/` as a character range in email regex
2018-08-17 11:15:39 +01:00
a872363c94
fix(validation): validate length of user and domain email address parts
...
Fixes #2568 .
The maximum length for the user part of an email address is 64 and the
maximum for the domain part is 255.
2018-08-17 11:14:45 +01:00
4998f2b2ba
fix(server): do not return customs.flag in the destroy route ( #2573 )
...
Fixes #2563
2018-08-10 08:34:28 -04:00
577237d5de
feat(email): change the email service errno values to numbers
...
Fixes #2569
2018-08-09 16:47:16 -04:00
dd262a9380
fix(email): JSON.parse live email config after reading from redis
2018-08-09 16:07:00 +01:00
fb256ff175
feat(codes): expose verificationMethod as optional ( #2564 ), r=@philbooth
2018-08-08 14:39:33 -04:00
bdc7c7aa60
fix(email): ensure email-service errors fail the call to sendMail
2018-08-07 12:40:00 +01:00
bc55e8b3f5
feat(email): read live email-sending config from redis
...
https://github.com/mozilla/fxa-auth-server/pull/2535
r=brizental
2018-08-03 08:11:26 +01:00
72809f8f1c
fix(sessionTokens): actually prune expired session tokens
...
https://github.com/mozilla/fxa-auth-server/pull/2562
r=philbooth
2018-08-03 08:09:03 +01:00
8f36f6274c
feat(recovery): add account recovery email templates ( #2553 ), r=philbooth
2018-08-01 12:46:23 -04:00
7f60f8c39d
fix(tests): add a check from sentry setup
2018-08-01 01:00:33 -07:00
7d69830a66
fix(sentry): server.events.on takes channels, not channel
2018-07-31 18:14:14 -07:00
db8022f07c
fix(redis): recover from invalid token JSON in Redis
...
https://github.com/mozilla/fxa-auth-server/pull/2550
r=shane-tomlinson
2018-07-30 16:31:19 +01:00
855d6814ec
fix(redis): Close the redis pool when closing the DB.
...
Otherwise node will hang forever waiting for further
activity on open redis sockets.
2018-07-30 07:35:18 +01:00
2d52887104
fix(hapi): use the new server event error handler ( #2543 ) r=@rfk
...
Fixes #2542
Per hapijs/hapi#3658
2018-07-25 21:44:16 -04:00
a1e64dd093
chore(browserid): Remove unnecessary browserid routes. ( #2539 ); r=philbooth,stomlinson
...
The BrowserID verifier insists that we advertize "provisioning" and
"authentication" routes in /.well-known/browserid but nothing in the
current architecture requires these routes to actually exist. Let's
remove the unused HTML content to reduce future potential attack
surface.
2018-07-24 02:15:43 -07:00
59de0ae2e1
feat(scopes): Use shared code lib for checking OAuth scopes. ( #2501 ); r=vbudhram,shane-tomlinson
2018-07-22 23:42:39 -07:00
4d109a05a7
feat(recovery): update delete recovery key and get recovery key endpoints ( #2518 ), r=@rfk
2018-07-17 15:20:40 -04:00
b6908b9fb0
feat(email): add a service property to the X-SES-MESSAGE-TAGS header
...
Adding a `service` property to the `X-SES-MESSAGE-TAGS` header lets us
track the email-sending service in AWS metrics. If something goes wrong
with the new service, this will help ops to identify the problem.
While implementing that, I also opted to rejig some of the surrounding
code in `lib/senders/email.js`, which was unnecessarily repetitive in
some parts and difficult to follow in others. I think far greater
improvements can still be made in that module, though, if we pursue a
more data-driven/functional approach to the whole thing.
https://github.com/mozilla/fxa-auth-server/pull/2526
r=vbudhram
2018-07-17 18:52:34 +01:00
834c0f1cea
Merge branch 'master' into train-116
2018-07-16 20:15:25 +01:00
a3c994f426
fix(email): fix broken X-SES-CONFIGURATION-SET header ( #2523 ) r=@vladikoff
...
@jrgm just noticed this typo just now, looks like a search/replace went wrong in the mailer constructor.
Unfortunately the tests didn't pick it up because they skip the constructor and directly set the correct property name on the mailer object. I added an extra test that asserts the constructor sets the things as we expect.
2018-07-16 13:58:45 -04:00
c020798213
fix(push): send FxA commands push messages to iOS devices ( #2517 ) r=@vladikoff,@eoger
2018-07-11 17:26:46 -04:00
63738c85b5
feat(server): Update to hapi 17 ( #2486 ) r=@vbudhram,@philbooth
...
Fixes #2438
Co-authored-by: deeptibaghel deeptibaghel@gmail.com
2018-07-11 09:19:05 -04:00
acef9eff27
fix(customs): Fail closed if customs-server gives an error. ( #2483 ) r=@vladikoff,@shane-tomlinson
2018-07-10 11:31:43 -04:00
55b3290082
feat(metrics): add amplitude event properties for email service/sender
...
https://github.com/mozilla/fxa-auth-server/pull/2508
r=rfk
2018-07-10 10:19:51 +01:00
d46526f38a
fix(email): gracefully handle errors from fxa-email-service ( #2510 ) r=@vladikoff
...
If, say, `fxa-email-service` isn't running and you try to send email
using it, the request fails and no `body` is passed to the response
handler. This causes the auth server to fail with a 500.
Better test coverage would have picked this up, so I've opened #2509 to
address that. In the meantime, this is a quick hack if we want to patch
it in train 116.
2018-07-09 18:30:46 -04:00
e47b7102e6
fix(metrics): don't force utm_source=email on links in emails
...
https://github.com/mozilla/fxa-auth-server/pull/2505
r=shane-tomlinson,vbudhram
2018-07-09 21:58:00 +01:00
4b5bd9aee9
feat(email): use fxa-email-server for specific email addresses
...
https://github.com/mozilla/fxa-auth-server/pull/2494
r=philbooth
2018-07-03 18:15:01 +01:00
ed9c6a0962
Merge v1.115.1 point-release to master. ( #2493 )
2018-06-28 17:07:58 -04:00
f359006c87
feat(devices): Introduce infrastructure for "device commands". ( #2449 ); r=philbooth,eoger
2018-06-26 18:04:28 -07:00
ba27d4101d
feat(recovery): account recovery apis ( #2463 ), r=@rfk
2018-06-26 11:28:56 -04:00
e6b3043e50
fix(recovery-codes): Correctly rate-limit recovery code consumption.
2018-06-21 15:07:09 +10:00
9bbc715a32
fix(devices): Do not echo 'capabilities' field in device registration response. ( #2478 ); r=jrgm
...
The 'capabilities' field has been removed, but some clients still send it.
We need to explicitly avoid echoing it back to them in the registration
response, or the response will fail validation.
2018-06-18 18:21:53 -07:00
be7e6f1b79
chore(merge): Reverse merge v1.113.5-private into origin/master ( #2472 ) r=@vbudhram
...
* fix(signing): Don't let mustVerify sessions sign a certificate if unverified.
* fix(2FA): enforce 2FA on /reauth
2018-06-13 10:21:04 -07:00
9e53247eb6
fix(devices): Remove the unused "device capabilities" API. ( #2460 ); r=eoger
...
This was never used by production clients and is being replaced
with "device commands" in a future release.
2018-06-05 14:50:35 +10:00
95c33643cb
fix(sms): follow documented conventions for AWS GetMetricStatistics call
...
https://github.com/mozilla/fxa-auth-server/pull/2451
r=rfk
2018-05-29 14:25:29 +01:00
dc1bb4413d
fix(params): remove query param for verificationMethod ( #2456 ) r=@vladikoff
2018-05-25 13:03:40 -04:00
1f63621ae8
feat(pool): Allow pool requests to specify headers and query params.
2018-05-18 08:24:45 +10:00
a9c6e0eab8
chore(devices): Remove notifyUpdate and filter target devices in the /devices/notify handler
...
We used to filter target devices in the push module, but that's about to be
refactored, so this moves responsibilities around to make the refactor easier.
2018-05-18 08:24:45 +10:00
c2767f5359
refactor(metrics): move amplitude email types back here from fxa-shared
...
https://github.com/mozilla/fxa-auth-server/pull/2442
r=vbudhram
2018-05-16 23:00:31 +01:00
ab05574bb3
fix(password): require totp verified session to change password ( #2437 ), r=@rfk
2018-05-15 10:25:58 -04:00
9731a08058
fix(logging): log successful sms budget checks
...
https://github.com/mozilla/fxa-auth-server/pull/2436
r=shane-tomlinson
2018-05-14 13:37:30 +01:00
f8bbffff15
fix(metrics): don't emit route flow events for 404s
...
https://github.com/mozilla/fxa-auth-server/pull/2435
r=vbudhram
2018-05-14 08:06:25 +01:00
6b58bf9b7c
chore(logging): downgrade location translation error to warning
...
https://github.com/mozilla/fxa-auth-server/pull/2432
r=shane-tomlinson,vbudhram
2018-05-12 07:18:10 +01:00
a9c8aca42a
feat(emails): notify users when they are running low on recovery codes ( #2429 ), r=@shane-tomlinson
...
Add a new email template `lowRecoveryCodes` that is sent when the user is running low on codes.
2018-05-10 12:44:38 -04:00
4fc70a0b2b
fix(metrics): remove old flow signature fallback code
...
Added in 445cf30609https://github.com/mozilla/fxa-auth-server/pull/2420
r=shane-tomlinson
2018-05-04 12:31:16 +01:00
7aedef2fde
feat(sms): query the available budget in /sms/status
...
https://github.com/mozilla/fxa-auth-server/pull/2401
r=vbudhram,jbuck
2018-04-30 13:56:56 +01:00
0cf1bc402d
feat(notifications): Add SNS msg attributes for service notification filtering ( #2412 ); r=philbooth
2018-04-27 19:46:38 +10:00
7793de3cde
fix(totp): check totp before account deletion ( #2405 ), r=@philbooth
2018-04-24 10:19:57 -04:00
308d7ffd58
feat(emails): add email to all manage account email links ( #2392 ), r=@philbooth, @shane-tomlinson
2018-04-23 11:25:50 -04:00
ed3d99edcf
fix(recovery): update to latest recovery code requirements ( #2397 ), r=@philbooth
2018-04-17 09:52:44 -04:00
5128fd8cdb
fix(totp): Change 2FA removed email title to `Two-step authentication disabled` ( #2396 ) r=@vladikoff
...
Fixes mozilla/fxa-content-server#6073
2018-04-16 13:01:33 -04:00
778fc33944
chore(logging): use a less confusing op on flow event errors
...
https://github.com/mozilla/fxa-auth-server/pull/2393
r=vbudhram
2018-04-12 18:41:10 +01:00
445cf30609
fix(metrics): stop using user-agent string in flow id check
...
https://github.com/mozilla/fxa-auth-server/pull/2391
r=vbudhram,shane-tomlinson
2018-04-12 17:32:41 +01:00
19162ff6ed
feat(profile): Send "profileDataChanged" event when modifying 2FA status. ( #2390 ); r=vbudhram
2018-04-12 14:06:26 +10:00
4a892017e4
feat(totp): rate limit totp verify actions ( #2386 ), r=@rfk
2018-04-11 12:19:03 -04:00
a6069e0880
refactor(metrics): use boiler-plate amplitude code from fxa-shared
...
https://github.com/mozilla/fxa-auth-server/pull/2384
r=vbudhram
2018-04-09 18:12:40 +01:00
b830707e32
fix(recovery): set assuranceLevel when verifying with recovery code ( #2388 ), r=@rfk
2018-04-09 14:54:41 +00:00
35da0bdf49
fix(email): only send new sign-in emails for sync when verifying with totp ( #2381 ), r=@philbooth
2018-04-09 13:51:05 +00:00
35544c731b
fix(metrics): emit route flow events from more endpoints
...
https://github.com/mozilla/fxa-auth-server/pull/2373
r=vbudhram
2018-03-29 22:33:58 +01:00
e327e4f62f
fix(metrics): count 28 days per metric month
...
https://github.com/mozilla/fxa-auth-server/pull/2378
r=rfk
2018-03-29 22:07:23 +01:00
110190d12d
fix(totp): add totp code window validation config ( #2371 ), r=@vladikoff
2018-03-29 18:20:34 +00:00
306b6ebb6d
goaws : test fake sqs/sns server ( #2369 ) r=@vladikoff
...
Use the fake goaws test sqs/sns server in dev
2018-03-29 10:17:28 -04:00
a23eeaad09
feat(metrics): add user properties for active device counts
...
Fixes mozilla/fxa-amplitude-send#60 .
Amplitude's view of devices is skewed by the randomly-generated
device_id that we're using until cross-project device_ids are
implemented. And the sync_device_count property is skewed to a
lesser degree by apparent session-related problems that seem to
force some users to sign in repeatedly on a single device.
To mitigate those problems, this change adds three new properties
that indicate the number of devices that were active in a given
time period: sync_active_devices_day, sync_active_devices_week and
sync_active_devices_month. In this case, a "month" is 30 days.
https://github.com/mozilla/fxa-auth-server/pull/2372
r=vbudhram
2018-03-28 17:10:43 +01:00
10e934f5fe
fix(validation): Reject URLs with unexpected characters. ( #2370 ); r=pb
...
Previously we could accept URLs with unescaped special characters
such as newlines or unicode, which means we were depending on other
layers of the code to handle them correctly. This change makes the
requestor responsible for properly escaping any special characters
in their URLs before passing them in to us.
2018-03-28 19:34:25 +11:00
fd26a4abb2
chore(db): prevent the possibility of future url-injection bugs
...
https://github.com/mozilla/fxa-auth-server/pull/2368
r=vbudhram
2018-03-27 19:02:28 +01:00
be6cc0089e
fix(sessions): only return major rev for browser version ( #2363 ) r=@vladikoff
2018-03-27 11:33:43 -04:00
6e0b56ce3e
fix(metrics): pass metricsContext to consumeRecoveryCode ( #2367 ) r=@vladikoff
2018-03-26 18:07:08 -04:00
0b1d075b50
fix(totp): ensure correct session verification state before deleting totp ( #2365 ), r=@rfk
2018-03-26 20:51:04 +00:00
575b899cda
fix(totp): throw unverified session in promise chain ( #2364 ), r=@rfk
2018-03-26 13:54:53 +00:00
b18173883e
fix(server): validate ip addresses before setting them on request object
...
https://github.com/mozilla/fxa-auth-server/pull/2359
r=vbudhram
2018-03-23 13:26:17 +00:00
85da7f2271
fix(metrics): include full version information in event data ( #2356 )
...
Fixes mozilla/fxa-amplitude-send#58 .
The user-agent parser was originally written with synthesized device
names in mind, so it didn't always return the full version string for
browsers and operating systems. Since then, we started using the same
code for our event data, meaning that we're getting an incomplete
picture of the browser/os that our users are on.
This change tweaks the user-agent code so that it returns full version
info, and tweaks the code for synthesizing device names so that it
remains consistent with its old behaviour.
2018-03-22 16:49:05 +00:00
81700dae04
feat(totp): initial recovery codes ( #2349 ), r=@philbooth
2018-03-22 15:46:10 +00:00
2067dba0de
feat(devices): Devices capabilities ( #2350 ) r=@philbooth
2018-03-20 10:31:36 -04:00
517f482240
feat(amr): Report AMR and AAL in relier-facing APIs. ( #2346 ); r=vbudhram
...
This helps expose the user's MFA state to reliers, by reporting
the "authentication methods" and "authenticator assurance level"
used when creating a sessionToken, along with the available methods
and maximum level achieveable by the account.
2018-03-20 13:18:51 +11:00
ab856aff66
Merge branch 'train-107'
2018-03-19 13:43:25 +11:00
01d37ee776
Merge branch 'train-107'
2018-03-17 08:14:10 +00:00
8d3928dc96
feat(emails): totp notification emails ( #2331 ), r=@philbooth
2018-03-16 19:30:29 +00:00
2262ce8de8
fix(deprecation): check for deprecated APIs r=@vladikoff
...
Fixes #2343
Co-authored-by: deeptibaghel <deeptibaghel@gmail.com>
2018-03-16 11:33:58 -04:00
bb17257d4a
fix(validators): Normalize redirectTo url to avoid parsing edge-cases. ( #71 ) r=@vladikoff
...
See https://bugzilla.mozilla.org/show_bug.cgi?id=1445927 for an example
of the kind of edge-cases we want to avoid.
2018-03-15 20:48:56 -04:00
8da511c82c
fix(emails): prevent unsafe content from reaching rendered email body
...
https://github.com/mozilla/fxa-auth-server-private/pull/70
r=rfk
2018-03-15 20:54:36 +00:00
86de08ba33
fix(totp): Restrict allowed chars in TOTP code input. ( #2340 ); r=vbudhram
2018-03-14 16:59:49 +11:00
c68105343e
fix(metrics): ensure service is set when possible on amplitude events
...
https://github.com/mozilla/fxa-auth-server/pull/2342
r=vbudhram
2018-03-13 18:59:50 +00:00
ab7ba5a500
fix(emails): add location to `verify primary email` ( #2341 ), r=@philbooth
2018-03-13 17:55:39 +00:00
ab17bf85fe
fix(codes): Take token-code uid from the token, not the request payload. ( #2339 ), r=@vbudhram
2018-03-13 13:16:04 +00:00
481550543d
fix(buffers): migrate from 'Buffer()' constructor calls r=@vladikoff
...
Fixes #2333
2018-03-12 19:51:37 -04:00
a7549e44e5
Fixes issue #2334 Pass an encoded hex email to DEL /emails ( #2337 ) r=@vladikoff,@vbudhram
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2334
2018-03-12 11:38:14 -04:00
70564d20cb
Merge branch 'train-107'
2018-03-10 14:09:57 -05:00
a35411a2dd
chore(uplift): uplift token validation fixes ( #2335 ) r=@vladikoff
2018-03-09 17:25:17 -05:00
65f9802f79
fix(params): use default parameters in options ( #2332 ) r=@vladikoff
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2308
2018-03-09 12:27:33 -05:00
e2d2a7ecd5
feat(emails): delete bounced registrations that are younger than 6 hours ( #2305 ); r=rfk
...
Fixes https://github.com/mozilla/fxa-content-server/issues/5629
2018-03-05 09:38:35 +11:00
45ae7b2048
feat(totp): update to use new verification methods ( #2321 ), r=@philbooth, @vladikoff
2018-02-28 19:35:40 +00:00
e9ec39d6cb
fix(redis): delete clashing tokens from redis in createSessionToken
...
Our pruning of session tokens from Redis is not perfect because we can
only delete tokens that are expired-but-not-yet-pruned-from-MySQL. This
leaves us with some number of zombie session tokens that are lying
around in Redis, the effect of which could be to sometimes show
incorrect session information in the device manager (albeit with very
low probability).
To eliminate that possbility, this change speculatively deletes from
Redis when creating the session token. In addition, the maximum number
of Redis connections is bumped up from 100 to 200, because we can expect
the number of concurrent Redis operations to increase significantly.
https://github.com/mozilla/fxa-auth-server/pull/2316
r=vbudhram
2018-02-22 16:29:41 +00:00
c805f9c334
feat(totp): TOTP Management APIs ( #2300 ), r=@philbooth
2018-02-21 01:58:47 +00:00
e2cd9f91e7
fix(reauth): Don't send a "new device" email during session re-auth.
2018-02-21 06:12:24 +11:00
9254e31ae8
fix(docs): Support declaration of extra error types in route config.
...
This provides a simple hack for declaring extra error types that
can be thrown by a route, but aren't detected by the automatic
docs generator.
It also sorts the list of errors when generating the docs,
because sorting is cool.
2018-02-21 06:12:21 +11:00
aa388cc5eb
feat(sessions): Add ability to reauth within an existing login session.
2018-02-21 06:12:12 +11:00
d219cdd823
chore(logging): downgrade redis.watch.conflict to warning level ( #2307 ) r=@vladikoff
2018-02-16 09:52:31 -05:00
a937c168f2
feat(reset): improve reset for reliers ( #2298 ) r=@ryanfeeley,@vbudhram
...
Connets to mozilla/fxa-content-server#5776
Ref: mozilla/fxa-content-server#5896
2018-02-09 20:11:34 -05:00
bb2c67747b
fix(logging): Make oauth_client_info use shared logging instance. ( #2299 ) r=@vladikoff
...
Previously it would require() its own version of the logging module, and hence would not correctly use various test stubs and mocks, and hence caused npm test to dump a bunch of logging output to the screen when executing the remote tests. This changes it to accept the log object as an argument in a similar style to other modules in this repo.
2018-02-09 00:45:55 -05:00
6411c5a527
fix(api): make authentication required on GET /account/profile ( #2290 ) r=@vladikoff
2018-02-08 10:19:25 -05:00
a33756e8cd
chore(emails): remove all verification reminder code
...
https://github.com/mozilla/fxa-auth-server/pull/2283
r=vbudhram
2018-02-08 08:09:35 +00:00
f0ecf0ae4b
feat(emails): fetch service names from OAuth servers, use in emails ( #2284 ) r=@rfk
...
Fixes #2213
fixes #2249
2018-02-07 20:22:02 -05:00
993fd02755
fix(email): log to recipient alongside smtp message-id
...
https://github.com/mozilla/fxa-auth-server/pull/2286
r=philbooth
2018-02-06 10:09:40 +00:00
669f59a963
feat(sessions): Add /session/duplicate API
2018-02-06 14:39:26 +11:00
924e8ca4ee
chore(code): eliminate duplicate pool and db modules
...
https://github.com/mozilla/fxa-auth-server/pull/2282
r=vbudhram
2018-02-05 14:44:55 +00:00
11f7024f91
fix(redis): delete session tokens from redis in db.deleteDevice
...
https://github.com/mozilla/fxa-auth-server/pull/2270
r=vbudhram
2018-01-31 08:17:25 +00:00
3953051b18
fix(bounce): Update bounces lib to use `accountRecord` ( #2273 ) r=@rfk,@vladikoff
...
Fixes #2272
2018-01-30 19:12:38 -05:00
0e4b77fec4
fix(unblock): Send correct primary email when blocked ( #2271 ), r=@rfk
2018-01-30 20:13:58 +00:00
acf4b8bb17
Merge branch 'train-104'
2018-01-29 17:43:37 +00:00
f7ce4d0267
fix(metrics): ensure amplitude events always have a metrics context
...
https://github.com/mozilla/fxa-auth-server/pull/2267
r=vbudhram
2018-01-29 17:33:33 +00:00
70d0f96792
fix(emails): Reset account tokens when deleting an email address. ( #2266 ); r=philbooth
2018-01-29 19:21:14 +11:00
220d57d45e
fix(tests): Fix account destroy device test ( #2263 ), r=@rfk
2018-01-23 21:58:31 +00:00
e7bbb86de3
chore(deps): update fxa-geodb
...
https://github.com/mozilla/fxa-auth-server/pull/2259
r=vbudhram
2018-01-20 09:03:38 +00:00
1b2d1d95c0
fix(redis): pack redis tokens inside db.deleteSessionToken
...
https://github.com/mozilla/fxa-auth-server/pull/2261
r=vbudhram
2018-01-20 08:28:32 +00:00
a9a61f0cc5
feat(redis): prune expired session tokens from redis
...
https://github.com/mozilla/fxa-auth-server/pull/2257
r=vbudhram
2018-01-18 19:23:29 +00:00
af3a9eb423
feat(auth): Enable hawk payload validation for additional replay protection ( #2252 ); r=pbooth
...
Thanks to Mahmoud Abdelmonem for reporting this issue!
See also https://bugzilla.mozilla.org/show_bug.cgi?id=1427157
2018-01-16 19:52:52 +11:00
fcddf0b8a2
feat(redis): eliminate property names from redis-stored tokens
...
https://github.com/mozilla/fxa-auth-server/pull/2254
r=rfk
2018-01-11 08:42:03 +00:00
677bdbb6a8
Add ability to verify login with token code ( #2218 ), r=@rfk
2017-12-20 12:03:32 -05:00
ae36ddf9a5
feat(codes): don't send delete notification when deleting unverified email ( #2246 ), r=@rfk
2017-12-09 20:45:17 -05:00
9da5305cd3
fix(push): Send a notification to the device that's being disconnected. ( #2245 ); r=eoger
2017-12-06 10:06:41 +11:00
91cd5398b6
fix(db): implement safe redis write semantics
...
https://github.com/mozilla/fxa-auth-server/pull/2235
r=rfk,vbudhram
2017-11-28 08:02:37 +00:00
3034a41d0f
fix(metrics): include oauth_client_id in amplitude event properties ( #2240 ); r=rfk
2017-11-27 14:43:21 +11:00
0069873a1d
fix(metrics): stop sending raw client ids to amplitude ( #2239 ) r=@vladikoff
2017-11-23 14:36:13 -05:00
90646b9058
chore(email): remove check_can_add_secondary_address route ( #2234 ), r=@philbooth
2017-11-17 13:52:20 -05:00
2617b5abbd
chore(email): Remove FF57 gating logic ( #2232 ), r=@philbooth
2017-11-17 09:19:17 -05:00
a8130d372d
fix(emails): update accountExists to check for secondary emails ( #2216 ); r=rfk
2017-11-13 10:33:02 +11:00
8826364483
fix(db): sanely handle redis errors
...
https://github.com/mozilla/fxa-auth-server/pull/2215
r=vbudhram
2017-11-10 16:14:26 +00:00
9f7473540b
fix(logo): fix FF57 logo width and height ( #2204 ) r=@ryanfeeley
...
Fixes #2203
2017-11-02 17:26:08 -04:00
Phil Booth
vladikoff
Vijay Budhram
Shane Tomlinson
Ryan Kelly
Edouard Oger
John Morrison
Ryan Kelly
Beatriz Rizental
Deepti
Vijay Budhram
Hritvi Bhandari