f359006c87
feat(devices): Introduce infrastructure for "device commands". ( #2449 ); r=philbooth,eoger
2018-06-26 18:04:28 -07:00
ba27d4101d
feat(recovery): account recovery apis ( #2463 ), r=@rfk
2018-06-26 11:28:56 -04:00
e6b3043e50
fix(recovery-codes): Correctly rate-limit recovery code consumption.
2018-06-21 15:07:09 +10:00
9bbc715a32
fix(devices): Do not echo 'capabilities' field in device registration response. ( #2478 ); r=jrgm
...
The 'capabilities' field has been removed, but some clients still send it.
We need to explicitly avoid echoing it back to them in the registration
response, or the response will fail validation.
2018-06-18 18:21:53 -07:00
be7e6f1b79
chore(merge): Reverse merge v1.113.5-private into origin/master ( #2472 ) r=@vbudhram
...
* fix(signing): Don't let mustVerify sessions sign a certificate if unverified.
* fix(2FA): enforce 2FA on /reauth
2018-06-13 10:21:04 -07:00
9e53247eb6
fix(devices): Remove the unused "device capabilities" API. ( #2460 ); r=eoger
...
This was never used by production clients and is being replaced
with "device commands" in a future release.
2018-06-05 14:50:35 +10:00
95c33643cb
fix(sms): follow documented conventions for AWS GetMetricStatistics call
...
https://github.com/mozilla/fxa-auth-server/pull/2451
r=rfk
2018-05-29 14:25:29 +01:00
dc1bb4413d
fix(params): remove query param for verificationMethod ( #2456 ) r=@vladikoff
2018-05-25 13:03:40 -04:00
1f63621ae8
feat(pool): Allow pool requests to specify headers and query params.
2018-05-18 08:24:45 +10:00
a9c6e0eab8
chore(devices): Remove notifyUpdate and filter target devices in the /devices/notify handler
...
We used to filter target devices in the push module, but that's about to be
refactored, so this moves responsibilities around to make the refactor easier.
2018-05-18 08:24:45 +10:00
c2767f5359
refactor(metrics): move amplitude email types back here from fxa-shared
...
https://github.com/mozilla/fxa-auth-server/pull/2442
r=vbudhram
2018-05-16 23:00:31 +01:00
ab05574bb3
fix(password): require totp verified session to change password ( #2437 ), r=@rfk
2018-05-15 10:25:58 -04:00
9731a08058
fix(logging): log successful sms budget checks
...
https://github.com/mozilla/fxa-auth-server/pull/2436
r=shane-tomlinson
2018-05-14 13:37:30 +01:00
f8bbffff15
fix(metrics): don't emit route flow events for 404s
...
https://github.com/mozilla/fxa-auth-server/pull/2435
r=vbudhram
2018-05-14 08:06:25 +01:00
6b58bf9b7c
chore(logging): downgrade location translation error to warning
...
https://github.com/mozilla/fxa-auth-server/pull/2432
r=shane-tomlinson,vbudhram
2018-05-12 07:18:10 +01:00
a9c8aca42a
feat(emails): notify users when they are running low on recovery codes ( #2429 ), r=@shane-tomlinson
...
Add a new email template `lowRecoveryCodes` that is sent when the user is running low on codes.
2018-05-10 12:44:38 -04:00
4fc70a0b2b
fix(metrics): remove old flow signature fallback code
...
Added in 445cf30609https://github.com/mozilla/fxa-auth-server/pull/2420
r=shane-tomlinson
2018-05-04 12:31:16 +01:00
7aedef2fde
feat(sms): query the available budget in /sms/status
...
https://github.com/mozilla/fxa-auth-server/pull/2401
r=vbudhram,jbuck
2018-04-30 13:56:56 +01:00
0cf1bc402d
feat(notifications): Add SNS msg attributes for service notification filtering ( #2412 ); r=philbooth
2018-04-27 19:46:38 +10:00
7793de3cde
fix(totp): check totp before account deletion ( #2405 ), r=@philbooth
2018-04-24 10:19:57 -04:00
308d7ffd58
feat(emails): add email to all manage account email links ( #2392 ), r=@philbooth, @shane-tomlinson
2018-04-23 11:25:50 -04:00
ed3d99edcf
fix(recovery): update to latest recovery code requirements ( #2397 ), r=@philbooth
2018-04-17 09:52:44 -04:00
5128fd8cdb
fix(totp): Change 2FA removed email title to `Two-step authentication disabled` ( #2396 ) r=@vladikoff
...
Fixes mozilla/fxa-content-server#6073
2018-04-16 13:01:33 -04:00
778fc33944
chore(logging): use a less confusing op on flow event errors
...
https://github.com/mozilla/fxa-auth-server/pull/2393
r=vbudhram
2018-04-12 18:41:10 +01:00
445cf30609
fix(metrics): stop using user-agent string in flow id check
...
https://github.com/mozilla/fxa-auth-server/pull/2391
r=vbudhram,shane-tomlinson
2018-04-12 17:32:41 +01:00
19162ff6ed
feat(profile): Send "profileDataChanged" event when modifying 2FA status. ( #2390 ); r=vbudhram
2018-04-12 14:06:26 +10:00
4a892017e4
feat(totp): rate limit totp verify actions ( #2386 ), r=@rfk
2018-04-11 12:19:03 -04:00
a6069e0880
refactor(metrics): use boiler-plate amplitude code from fxa-shared
...
https://github.com/mozilla/fxa-auth-server/pull/2384
r=vbudhram
2018-04-09 18:12:40 +01:00
b830707e32
fix(recovery): set assuranceLevel when verifying with recovery code ( #2388 ), r=@rfk
2018-04-09 14:54:41 +00:00
35da0bdf49
fix(email): only send new sign-in emails for sync when verifying with totp ( #2381 ), r=@philbooth
2018-04-09 13:51:05 +00:00
35544c731b
fix(metrics): emit route flow events from more endpoints
...
https://github.com/mozilla/fxa-auth-server/pull/2373
r=vbudhram
2018-03-29 22:33:58 +01:00
e327e4f62f
fix(metrics): count 28 days per metric month
...
https://github.com/mozilla/fxa-auth-server/pull/2378
r=rfk
2018-03-29 22:07:23 +01:00
110190d12d
fix(totp): add totp code window validation config ( #2371 ), r=@vladikoff
2018-03-29 18:20:34 +00:00
306b6ebb6d
goaws : test fake sqs/sns server ( #2369 ) r=@vladikoff
...
Use the fake goaws test sqs/sns server in dev
2018-03-29 10:17:28 -04:00
a23eeaad09
feat(metrics): add user properties for active device counts
...
Fixes mozilla/fxa-amplitude-send#60 .
Amplitude's view of devices is skewed by the randomly-generated
device_id that we're using until cross-project device_ids are
implemented. And the sync_device_count property is skewed to a
lesser degree by apparent session-related problems that seem to
force some users to sign in repeatedly on a single device.
To mitigate those problems, this change adds three new properties
that indicate the number of devices that were active in a given
time period: sync_active_devices_day, sync_active_devices_week and
sync_active_devices_month. In this case, a "month" is 30 days.
https://github.com/mozilla/fxa-auth-server/pull/2372
r=vbudhram
2018-03-28 17:10:43 +01:00
10e934f5fe
fix(validation): Reject URLs with unexpected characters. ( #2370 ); r=pb
...
Previously we could accept URLs with unescaped special characters
such as newlines or unicode, which means we were depending on other
layers of the code to handle them correctly. This change makes the
requestor responsible for properly escaping any special characters
in their URLs before passing them in to us.
2018-03-28 19:34:25 +11:00
fd26a4abb2
chore(db): prevent the possibility of future url-injection bugs
...
https://github.com/mozilla/fxa-auth-server/pull/2368
r=vbudhram
2018-03-27 19:02:28 +01:00
be6cc0089e
fix(sessions): only return major rev for browser version ( #2363 ) r=@vladikoff
2018-03-27 11:33:43 -04:00
6e0b56ce3e
fix(metrics): pass metricsContext to consumeRecoveryCode ( #2367 ) r=@vladikoff
2018-03-26 18:07:08 -04:00
0b1d075b50
fix(totp): ensure correct session verification state before deleting totp ( #2365 ), r=@rfk
2018-03-26 20:51:04 +00:00
575b899cda
fix(totp): throw unverified session in promise chain ( #2364 ), r=@rfk
2018-03-26 13:54:53 +00:00
b18173883e
fix(server): validate ip addresses before setting them on request object
...
https://github.com/mozilla/fxa-auth-server/pull/2359
r=vbudhram
2018-03-23 13:26:17 +00:00
85da7f2271
fix(metrics): include full version information in event data ( #2356 )
...
Fixes mozilla/fxa-amplitude-send#58 .
The user-agent parser was originally written with synthesized device
names in mind, so it didn't always return the full version string for
browsers and operating systems. Since then, we started using the same
code for our event data, meaning that we're getting an incomplete
picture of the browser/os that our users are on.
This change tweaks the user-agent code so that it returns full version
info, and tweaks the code for synthesizing device names so that it
remains consistent with its old behaviour.
2018-03-22 16:49:05 +00:00
81700dae04
feat(totp): initial recovery codes ( #2349 ), r=@philbooth
2018-03-22 15:46:10 +00:00
2067dba0de
feat(devices): Devices capabilities ( #2350 ) r=@philbooth
2018-03-20 10:31:36 -04:00
517f482240
feat(amr): Report AMR and AAL in relier-facing APIs. ( #2346 ); r=vbudhram
...
This helps expose the user's MFA state to reliers, by reporting
the "authentication methods" and "authenticator assurance level"
used when creating a sessionToken, along with the available methods
and maximum level achieveable by the account.
2018-03-20 13:18:51 +11:00
ab856aff66
Merge branch 'train-107'
2018-03-19 13:43:25 +11:00
01d37ee776
Merge branch 'train-107'
2018-03-17 08:14:10 +00:00
8d3928dc96
feat(emails): totp notification emails ( #2331 ), r=@philbooth
2018-03-16 19:30:29 +00:00
2262ce8de8
fix(deprecation): check for deprecated APIs r=@vladikoff
...
Fixes #2343
Co-authored-by: deeptibaghel <deeptibaghel@gmail.com>
2018-03-16 11:33:58 -04:00
bb17257d4a
fix(validators): Normalize redirectTo url to avoid parsing edge-cases. ( #71 ) r=@vladikoff
...
See https://bugzilla.mozilla.org/show_bug.cgi?id=1445927 for an example
of the kind of edge-cases we want to avoid.
2018-03-15 20:48:56 -04:00
8da511c82c
fix(emails): prevent unsafe content from reaching rendered email body
...
https://github.com/mozilla/fxa-auth-server-private/pull/70
r=rfk
2018-03-15 20:54:36 +00:00
86de08ba33
fix(totp): Restrict allowed chars in TOTP code input. ( #2340 ); r=vbudhram
2018-03-14 16:59:49 +11:00
c68105343e
fix(metrics): ensure service is set when possible on amplitude events
...
https://github.com/mozilla/fxa-auth-server/pull/2342
r=vbudhram
2018-03-13 18:59:50 +00:00
ab7ba5a500
fix(emails): add location to `verify primary email` ( #2341 ), r=@philbooth
2018-03-13 17:55:39 +00:00
ab17bf85fe
fix(codes): Take token-code uid from the token, not the request payload. ( #2339 ), r=@vbudhram
2018-03-13 13:16:04 +00:00
481550543d
fix(buffers): migrate from 'Buffer()' constructor calls r=@vladikoff
...
Fixes #2333
2018-03-12 19:51:37 -04:00
a7549e44e5
Fixes issue #2334 Pass an encoded hex email to DEL /emails ( #2337 ) r=@vladikoff,@vbudhram
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2334
2018-03-12 11:38:14 -04:00
70564d20cb
Merge branch 'train-107'
2018-03-10 14:09:57 -05:00
a35411a2dd
chore(uplift): uplift token validation fixes ( #2335 ) r=@vladikoff
2018-03-09 17:25:17 -05:00
65f9802f79
fix(params): use default parameters in options ( #2332 ) r=@vladikoff
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2308
2018-03-09 12:27:33 -05:00
e2d2a7ecd5
feat(emails): delete bounced registrations that are younger than 6 hours ( #2305 ); r=rfk
...
Fixes https://github.com/mozilla/fxa-content-server/issues/5629
2018-03-05 09:38:35 +11:00
45ae7b2048
feat(totp): update to use new verification methods ( #2321 ), r=@philbooth, @vladikoff
2018-02-28 19:35:40 +00:00
e9ec39d6cb
fix(redis): delete clashing tokens from redis in createSessionToken
...
Our pruning of session tokens from Redis is not perfect because we can
only delete tokens that are expired-but-not-yet-pruned-from-MySQL. This
leaves us with some number of zombie session tokens that are lying
around in Redis, the effect of which could be to sometimes show
incorrect session information in the device manager (albeit with very
low probability).
To eliminate that possbility, this change speculatively deletes from
Redis when creating the session token. In addition, the maximum number
of Redis connections is bumped up from 100 to 200, because we can expect
the number of concurrent Redis operations to increase significantly.
https://github.com/mozilla/fxa-auth-server/pull/2316
r=vbudhram
2018-02-22 16:29:41 +00:00
c805f9c334
feat(totp): TOTP Management APIs ( #2300 ), r=@philbooth
2018-02-21 01:58:47 +00:00
e2cd9f91e7
fix(reauth): Don't send a "new device" email during session re-auth.
2018-02-21 06:12:24 +11:00
9254e31ae8
fix(docs): Support declaration of extra error types in route config.
...
This provides a simple hack for declaring extra error types that
can be thrown by a route, but aren't detected by the automatic
docs generator.
It also sorts the list of errors when generating the docs,
because sorting is cool.
2018-02-21 06:12:21 +11:00
aa388cc5eb
feat(sessions): Add ability to reauth within an existing login session.
2018-02-21 06:12:12 +11:00
d219cdd823
chore(logging): downgrade redis.watch.conflict to warning level ( #2307 ) r=@vladikoff
2018-02-16 09:52:31 -05:00
a937c168f2
feat(reset): improve reset for reliers ( #2298 ) r=@ryanfeeley,@vbudhram
...
Connets to mozilla/fxa-content-server#5776
Ref: mozilla/fxa-content-server#5896
2018-02-09 20:11:34 -05:00
bb2c67747b
fix(logging): Make oauth_client_info use shared logging instance. ( #2299 ) r=@vladikoff
...
Previously it would require() its own version of the logging module, and hence would not correctly use various test stubs and mocks, and hence caused npm test to dump a bunch of logging output to the screen when executing the remote tests. This changes it to accept the log object as an argument in a similar style to other modules in this repo.
2018-02-09 00:45:55 -05:00
6411c5a527
fix(api): make authentication required on GET /account/profile ( #2290 ) r=@vladikoff
2018-02-08 10:19:25 -05:00
a33756e8cd
chore(emails): remove all verification reminder code
...
https://github.com/mozilla/fxa-auth-server/pull/2283
r=vbudhram
2018-02-08 08:09:35 +00:00
f0ecf0ae4b
feat(emails): fetch service names from OAuth servers, use in emails ( #2284 ) r=@rfk
...
Fixes #2213
fixes #2249
2018-02-07 20:22:02 -05:00
993fd02755
fix(email): log to recipient alongside smtp message-id
...
https://github.com/mozilla/fxa-auth-server/pull/2286
r=philbooth
2018-02-06 10:09:40 +00:00
669f59a963
feat(sessions): Add /session/duplicate API
2018-02-06 14:39:26 +11:00
924e8ca4ee
chore(code): eliminate duplicate pool and db modules
...
https://github.com/mozilla/fxa-auth-server/pull/2282
r=vbudhram
2018-02-05 14:44:55 +00:00
11f7024f91
fix(redis): delete session tokens from redis in db.deleteDevice
...
https://github.com/mozilla/fxa-auth-server/pull/2270
r=vbudhram
2018-01-31 08:17:25 +00:00
3953051b18
fix(bounce): Update bounces lib to use `accountRecord` ( #2273 ) r=@rfk,@vladikoff
...
Fixes #2272
2018-01-30 19:12:38 -05:00
0e4b77fec4
fix(unblock): Send correct primary email when blocked ( #2271 ), r=@rfk
2018-01-30 20:13:58 +00:00
acf4b8bb17
Merge branch 'train-104'
2018-01-29 17:43:37 +00:00
f7ce4d0267
fix(metrics): ensure amplitude events always have a metrics context
...
https://github.com/mozilla/fxa-auth-server/pull/2267
r=vbudhram
2018-01-29 17:33:33 +00:00
70d0f96792
fix(emails): Reset account tokens when deleting an email address. ( #2266 ); r=philbooth
2018-01-29 19:21:14 +11:00
220d57d45e
fix(tests): Fix account destroy device test ( #2263 ), r=@rfk
2018-01-23 21:58:31 +00:00
e7bbb86de3
chore(deps): update fxa-geodb
...
https://github.com/mozilla/fxa-auth-server/pull/2259
r=vbudhram
2018-01-20 09:03:38 +00:00
1b2d1d95c0
fix(redis): pack redis tokens inside db.deleteSessionToken
...
https://github.com/mozilla/fxa-auth-server/pull/2261
r=vbudhram
2018-01-20 08:28:32 +00:00
a9a61f0cc5
feat(redis): prune expired session tokens from redis
...
https://github.com/mozilla/fxa-auth-server/pull/2257
r=vbudhram
2018-01-18 19:23:29 +00:00
af3a9eb423
feat(auth): Enable hawk payload validation for additional replay protection ( #2252 ); r=pbooth
...
Thanks to Mahmoud Abdelmonem for reporting this issue!
See also https://bugzilla.mozilla.org/show_bug.cgi?id=1427157
2018-01-16 19:52:52 +11:00
fcddf0b8a2
feat(redis): eliminate property names from redis-stored tokens
...
https://github.com/mozilla/fxa-auth-server/pull/2254
r=rfk
2018-01-11 08:42:03 +00:00
677bdbb6a8
Add ability to verify login with token code ( #2218 ), r=@rfk
2017-12-20 12:03:32 -05:00
ae36ddf9a5
feat(codes): don't send delete notification when deleting unverified email ( #2246 ), r=@rfk
2017-12-09 20:45:17 -05:00
9da5305cd3
fix(push): Send a notification to the device that's being disconnected. ( #2245 ); r=eoger
2017-12-06 10:06:41 +11:00
91cd5398b6
fix(db): implement safe redis write semantics
...
https://github.com/mozilla/fxa-auth-server/pull/2235
r=rfk,vbudhram
2017-11-28 08:02:37 +00:00
3034a41d0f
fix(metrics): include oauth_client_id in amplitude event properties ( #2240 ); r=rfk
2017-11-27 14:43:21 +11:00
0069873a1d
fix(metrics): stop sending raw client ids to amplitude ( #2239 ) r=@vladikoff
2017-11-23 14:36:13 -05:00
90646b9058
chore(email): remove check_can_add_secondary_address route ( #2234 ), r=@philbooth
2017-11-17 13:52:20 -05:00
2617b5abbd
chore(email): Remove FF57 gating logic ( #2232 ), r=@philbooth
2017-11-17 09:19:17 -05:00
a8130d372d
fix(emails): update accountExists to check for secondary emails ( #2216 ); r=rfk
2017-11-13 10:33:02 +11:00
8826364483
fix(db): sanely handle redis errors
...
https://github.com/mozilla/fxa-auth-server/pull/2215
r=vbudhram
2017-11-10 16:14:26 +00:00
9f7473540b
fix(logo): fix FF57 logo width and height ( #2204 ) r=@ryanfeeley
...
Fixes #2203
2017-11-02 17:26:08 -04:00
633fc5c72d
Updated emails to Photon colours
...
Replaced our few scant colours with Photon colours
2017-11-02 15:40:37 -04:00
a928f27d22
Merge branch 'train-99'
2017-11-02 14:03:51 +00:00
ddb3bc9ebd
fix(logging): don't log errors if location is not set ( #2200 )
2017-11-02 09:08:54 -04:00
f3261a6137
fix(emails): add post change email template ( #2194 ), r=@philbooth
2017-11-01 10:48:29 -04:00
e6da576b47
fix(links): use a custom url when verifying primary email ( #2196 ), r=@vladikoff
2017-11-01 10:30:42 -04:00
563851faf9
feat(tokens): add city and stateCode to sessionTokens
...
https://github.com/mozilla/fxa-auth-server/pull/2180
r=vbudhram
2017-10-31 21:11:01 +00:00
23c54c1210
chore(email): regenerate templates from partials ( #2193 ) r=vladikoff
2017-10-30 10:40:24 -04:00
a86ee5a4c2
Merge branch 'train-98'
2017-10-30 14:00:02 +00:00
a5c41058f4
chore(logo): add new logo to email templates ( #2190 ), r=@philbooth
2017-10-30 09:38:35 -04:00
0a5ea8c7bc
fix(email): add missing whitespace after semi-colon ( #2192 ), r=@vbudhram
2017-10-30 08:42:05 -04:00
b18079f9a0
feat(devices): translate location in devices and sessions response
...
https://github.com/mozilla/fxa-auth-server/pull/2188
r=vbudhram
2017-10-27 16:21:55 +01:00
dd68d88a9e
feat(session): Add email templates ( #2184 ), r=@philbooth
2017-10-26 10:53:04 -04:00
b55bfb0eaa
feat(metrics): add newsletter_state property to amplitude events
...
https://github.com/mozilla/fxa-auth-server/pull/2183
r=vbudhram
2017-10-23 18:43:50 +01:00
b498fbd941
feat(devices): return approximateLastAccessTime for old devices
...
https://github.com/mozilla/fxa-auth-server/pull/2182
r=shane-tomlinson
2017-10-23 12:34:39 +01:00
e7dd869e40
Merge pull request #2178 from mozilla/issue-2176-formatted-phone-number r=@philbooth
...
formattedPhoneNumber is used by the content server to display the
telephone number the SMS was sent to, formatted for the user's country.
fixes #2176
2017-10-19 11:23:54 +01:00
163dd9cbd2
fix(email): Added secondary to subject line ( #2174 ), r=@vbudhram
2017-10-18 14:32:08 -04:00
e8ce38259b
fix(devices): Avoid reporting stale last-access times when feature is disabled. ( #2144 ); r=philbooth
2017-10-18 13:18:14 +11:00
d205c9abee
fix(logging): more clearly distinguish amplitude error messages
...
https://github.com/mozilla/fxa-auth-server/pull/2169
r=vbudhram
2017-10-17 09:28:45 +01:00
faab408a7b
Merge branch 'train-97'
2017-10-17 07:34:31 +01:00
00e69f27e2
fix(devices): Always report a name and type in device registration response.
...
https://github.com/mozilla/fxa-auth-server/pull/2172
r=philbooth
2017-10-17 07:28:48 +01:00
37349fe6e0
fix(push): Target `Firefox Beta` for account verification messages ( #2167 ), r=@rfk ( #2170 )
2017-10-16 13:43:10 -04:00
6490471ec0
fix(push): Target `Firefox Beta` for account verification messages ( #2167 ), r=@rfk
2017-10-16 08:39:51 -04:00
89e1ad1b18
feat(sqs): Add timestamp to notify services sqs message ( #2168 ), r=@rfk
2017-10-16 08:17:23 -04:00
c60f198b62
fix(metrics): don't emit os_version if os_name is unset ( #2165 ), r=@vbudhram
2017-10-13 18:38:00 -04:00
ff988cb397
fix(push): Allow sending verification messages from /devices/notify ( #2161 ), r=@rfk ( #2166 )
2017-10-13 13:32:34 -04:00
717253fc1d
fix(push): Allow sending verification messages from /devices/notify ( #2161 ), r=@rfk
2017-10-13 12:37:00 -04:00
5be347517c
fix(metrics): map service event property from client id
...
https://github.com/mozilla/fxa-auth-server/pull/2162
r=vbudhram
2017-10-13 08:56:44 +01:00
a397b6792b
fix(logging): silence annoying redis log noise ( #2164 ), r=@vbudhram
2017-10-12 11:09:18 -04:00
80d3de10e2
refactor(tokens): prefer token.id to token.tokenId
...
https://github.com/mozilla/fxa-auth-server/pull/2157
r=rfk
2017-10-11 06:55:18 +01:00
8d23ca987e
chore(logging): log email headers to diagnose #2133
2017-10-05 16:07:30 +01:00
b6d9490568
feat(push): Drop collection_changed push notifications for first sync sent to iOS devices ( #2148 ) r=rfk
2017-10-04 14:09:28 -04:00
2543bf09e0
fix(sessions): update the access time on /sign checking ( #2149 ) r=rfk
...
Fixes bz1403275
2017-10-03 19:33:05 -04:00
925760aacd
feat(metrics): implement email_version amplitude property
...
https://github.com/mozilla/fxa-auth-server/pull/2145
r=vbudhram
2017-10-03 14:09:41 +01:00
f4c54dae72
fix(email): Show proper error and delete email if postfix fails to send ( #2147 ), r=@vladikoff
2017-10-02 23:55:50 -04:00
1d834a9e75
fix(email): Update secondary email footers ( #2136 ), r=@rfk
2017-09-25 19:45:55 -04:00
ef81ff8c1c
Merge branch 'train-96'
2017-09-25 18:06:16 +01:00
8a255c90b5
fix(metrics): prefer standard amplitude properties
...
https://github.com/mozilla/fxa-auth-server/pull/2140
r=vbudhram
2017-09-25 18:04:37 +01:00
4f6f367f5e
fix(metrics): fix the data on email sent events
...
https://github.com/mozilla/fxa-auth-server/pull/2139
r=rfk
2017-09-25 08:11:43 +01:00
6fe2dac838
fix(devices): return the whole device record in POST /device response ( #2132 ); r=rfk
2017-09-25 09:35:45 +10:00
34bf4926f9
chore(logs): log error if headers are missing in email notifications
...
https://github.com/mozilla/fxa-auth-server/pull/2135
r=shane-tomlinson
2017-09-22 13:21:35 +01:00
4325eb0aab
feat(email): Throw error when attempting to resend email code for email that doesn't belong to account ( #2129 ), r=philbooth
2017-09-20 11:36:03 -04:00
eec0a434fe
fix(push): return pushEndpointExpired as a boolean ( #2127 ); r=rfk
2017-09-20 08:19:16 +10:00
938ef5cbdf
feat(metrics): include fxa_services_used in amplitude user properties
...
https://github.com/mozilla/fxa-auth-server/pull/2125
r=vbudhram
2017-09-19 22:49:20 +01:00
189240fcc0
refactor(server): extract unblock_codes routes to a separate module ( #2126 ) r=vladikoff
...
Fixes #1445 .
This is the last remaining nicely-extractable chunk from lib/routes/account
2017-09-19 15:22:55 -04:00
df6cd60442
fix(server): enforce 'use strict' everywhere ( #2124 ), r=@vbudhram
2017-09-19 09:00:37 -04:00
3518b0c0d7
feat(server): lazily get all request.app properties
...
https://github.com/mozilla/fxa-auth-server/pull/2123
r=shane-tomlinson
2017-09-18 18:01:28 +01:00
359caeb4fc
refactor(secondary-email): Remove "add secondary email" feature flag. ( #2121 ), r=@vbudhram
2017-09-18 12:10:39 -04:00
0567350615
fix(metrics): include missing user_properties on amplitude events
...
https://github.com/mozilla/fxa-auth-server/pull/2114
r=rfk
2017-09-18 08:24:50 +01:00
ceab903e26
feat(logs): add Sentry integration ( #2116 ) r=vbudhram
...
Fixes #2115
2017-09-14 14:37:29 -04:00
549b89187c
fix(basket): reinstate utm params to the metrics context bundle
...
https://github.com/mozilla/fxa-auth-server/pull/2119
r=vbudhram
2017-09-14 14:38:52 +01:00
e8cc49d86b
feat(password): notify attached services when a user changes their password ( #2117 ); r=rfk
2017-09-14 07:53:58 +10:00
68e2c12ee9
chore(deps): Update hapi to latest version
2017-09-13 09:01:40 -04:00
f084830bcf
feat(server): lazily get devices array on the request object ( #2107 ) r=vladikoff,vbudhram
...
Fixes #2106 .
Prevents us from accidentally calling db.devices more than once per request. I saw one definite case of this in /recovery_email/verify_code and it's possible there were others. I'll also be making use of this property heavily for the amplitude events, so it will get further usage imminently.
Making the change necessitated pulling calls to db.devices out of lib/push, which triggered some refactoring that almost got away from me. I'll add inline commentary to call out why things have changed the way they have, but most push methods now take an extra devices argument and a few other methods became redundant so I deleted them. I don't think I've broken anything.
2017-09-12 15:17:08 -04:00
2e8e6747c6
feat(db): allow BMP chars in device name ( #2053 ) r=rfk,jbuck
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/1285
2017-09-12 11:14:12 -04:00
c6486ba0dc
Merge branch 'train-95'
2017-09-12 12:30:36 +10:00
6b1f73da96
fix(push): Only send device connection push msgs to iOS 10+ ( #2108 ) r=vladikoff
...
The client-side code for this is not going to make the 9.0 release
of Firefox for iOS, so we need to push the target version back on
the server-side as well.
2017-09-11 09:39:23 -04:00
36ba0480d7
fix(email): Block sending if gated primary and unverified secondary. ( #2098 ), r=@vbudhram
2017-09-08 12:01:14 -04:00
2238b37b6f
fix(server): make geo data lazily available on the request
...
https://github.com/mozilla/fxa-auth-server/pull/2095
r=vbudhram
2017-09-07 22:23:33 +01:00
55e1a91287
fix(profile): progress logging for handleProfileUpdated ( #2094 ) r=vladikoff,eoger
2017-09-07 14:40:43 -04:00
1f36c6d3a7
refactor(l10n): take l10n repo out of node_modules ( #2079 )
...
Same as https://github.com/mozilla/fxa-content-server/pull/5395
Fixes #1678
2017-09-06 09:33:19 -04:00
b36ea326d6
fix(metrics): add missing device_id and user_id amplitude properties
...
https://github.com/mozilla/fxa-auth-server/pull/2092
r=rfk
2017-09-06 12:19:54 +01:00
d04778c17f
fix(push): Allow device connection push messages for Firefox iOS >= 9.0 ( #2088 ); r=vbudhram
...
fix(push): Allow device-connection push messages for iOS >= 9.0
2017-09-06 15:48:44 +10:00
a2e3d1ee27
fix(bounces): Handle mis-formatted bounce addrs as best we can. ( #2090 ); r=jrgm
...
Different mail servers format the addresses in their bounce messages
in different ways, not all of them strictly RFC compliant. This change
makes us more lenient in what we accept, so that we don't error out
when receiving a bounce from a noncompliant server, so long as the result
ends up looking like a valid email address.
Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1393961
2017-09-06 13:30:36 +10:00
87a410ed5b
fix(push): send push notification after a device is deleted
...
https://github.com/mozilla/fxa-auth-server/pull/2086
r=philbooth
2017-09-05 19:27:39 +01:00
a6d8bc0c9c
fix(profile): Handle incoming uids as strings, not buffers. ( #2089 ) r=philbooth
...
This also adds some additional tests to guard against similar
mistakes in the future.
2017-09-05 18:31:01 +10:00
735f323775
feat(push): add a pushEndpointExpired flag for devices that need to re-register their push endpoint ( #2087 ) r=rfk
2017-08-31 13:25:54 -04:00
32f2caa131
fix(metrics): remove the forgot_sent amplitude event ( #2078 ) r=vladikoff
2017-08-29 13:48:22 -04:00
cc2da2a0f2
refactor(mailer): automatically pass through args to mailer methods ( #2075 ) r=vladikoff,shane-tomlinson
2017-08-29 09:34:12 -04:00
5800418902
feat(logging): send amplitude events to the logs
...
https://github.com/mozilla/fxa-auth-server/pull/2069
r=rfk,vbudhram
2017-08-28 10:53:25 +01:00
f136268dd9
refactor(api): extract device schema to a common definition
...
https://github.com/mozilla/fxa-auth-server/pull/2074
r=vbudhram
2017-08-25 20:43:08 +01:00
7bbdd44879
feat(email): Notify services when user changes primary email ( #2066 ) r=vladikoff,rfk
2017-08-22 08:14:15 -04:00
8d5f2b07c6
refactor(email): extract common flow id boilerplate ( #2065 ) r=vladikoff
2017-08-18 09:45:24 -04:00
a37589c1e8
refactor(sms): unleash es6 in senders/sms ( #2064 ), r=@vbudhram
2017-08-18 09:10:24 -04:00
cc69b36d1c
feat(server): add parsed user agent info to the request object ( #2061 ), r=@vbudhram
2017-08-17 14:53:39 -04:00
12dd0fe9a2
fix(senders): update gettext dependency that can parse es6 syntax ( #2057 ) r=vladikoff
2017-08-15 14:46:28 -04:00
3e5859f930
fix(devices): saner mobile/tablet recognition for devices ( #2051 ), r=@vbudhram
2017-08-14 12:57:36 -04:00
c48e48421b
Merge branch 'train-93'
2017-08-11 18:52:24 +01:00
d96f299b8f
fix(devices): ditch OS in synthesized name if form factor is present ( #2047 ) r=vladikoff
2017-08-11 13:44:55 -04:00
742be7545b
fix(strings): change "to" to "for" for verify secondary email ( #2048 ), r=@vbudhram
2017-08-10 14:59:12 -04:00
e72e5b15ef
fix(strings) change "to" to "from" in remove secondary email message
...
https://github.com/mozilla/fxa-auth-server/pull/2040
r=ryanfeeley
2017-08-10 18:34:07 +01:00
5a59afa3a9
feat(devices): include form factor in synthesized device name
...
https://github.com/mozilla/fxa-auth-server/pull/2041
r=vbudhram
2017-08-07 16:25:44 +01:00
26f6104c08
fix(push): Send push notification to devices when email has changed ( #2038 ), r=@philbooth
2017-08-07 10:53:40 -04:00
5eca134a78
fix(email): Fix issue where you couldn't delete account after changing email ( #2036 ) r=vladikoff
2017-08-04 13:36:54 -04:00
bfecf6d884
fix(db): expose config options for Poolee timeout and maxPending ( #2027 )
2017-08-01 17:09:00 +10:00
10e8310657
fix(redisSessions): improve redis session lookup performance ( #2026 ) r=vladikoff,rfk
...
Fixes #2025
2017-07-31 09:35:43 -04:00
1d80d81e8d
fix(sms): make the sms copy friendlier
...
https://github.com/mozilla/fxa-auth-server/pull/2022
r=philbooth
2017-07-28 10:26:30 +01:00
b58e8221c8
chore(logs): add log when stale emails hit recovery endpoint ( #2020 ) r=vladikoff
2017-07-27 16:58:23 -04:00
4c394cf35f
fix(email): Notify all verified emails when a secondary email is removed ( #2016 ) r=vladikoff
...
Fixes #1948
2017-07-27 14:06:38 -04:00
27ca0e4ca2
feat(session): add location to sessions query ( #1993 ) r=vladikoff,philbooth
2017-07-26 11:45:36 -04:00
9568c706e0
feat(style): update to new device image ( #2014 ) r=ryanfeeley
...
Fixes #1914
2017-07-25 13:16:02 -04:00
76aedd2800
fix(emails): check against original account email ( #2011 ), r=@philbooth
2017-07-24 09:02:41 -04:00
310e199f6a
feat(tokens): delete account all reset tokens on password reset ( #1979 ) r=vladikoff
2017-07-21 12:51:35 -04:00
50c55f1cda
feat(metrics): emit route performance events
...
https://github.com/mozilla/fxa-auth-server/pull/2012
r=vbudhram
2017-07-21 16:23:33 +01:00
516826b581
chore(timestamps): add two timestamps to sessions and devices ( #2009 ) r=vladikoff
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2008
2017-07-20 17:08:05 -04:00
4941dd5b9f
feat(tokens): expire session tokens that have no device record
...
Session tokens that have no device record and are older than 4 weeks old
(by default) will now be rejected as expired by all auth server endpoints.
Additionally, the `/account/sessions` endpoint will filter out expired session
tokens on the same basis.
https://github.com/mozilla/fxa-auth-server/pull/1996
r=vbudhram
2017-07-20 13:38:56 +01:00
1f578212c3
fix(tokens): add is memory token property to sessions ( #2004 ) r=vladikoff
2017-07-19 15:58:06 -04:00
0541f131ec
feat(emails): Add ability to change email ( #1983 ), r=@philbooth
2017-07-18 16:15:26 -04:00
29036090e7
refactor(server): extract email-related routes to a separate module ( #1989 ), r=@vbudhram
2017-07-14 09:47:59 -04:00
5742ffff3a
* feat(cache): store updated session tokens in redis
...
https://github.com/mozilla/fxa-auth-server/pull/1968
r=philbooth,vladikoff
2017-07-14 08:56:21 +01:00
0217750ca2
feat(errors): include conflicting device id in errno 124 response
...
https://github.com/mozilla/fxa-auth-server/pull/1990
r=seanmonstar
2017-07-13 16:58:49 +01:00
Ryan Kelly
Vijay Budhram
Ryan Kelly
Shane Tomlinson
Phil Booth
Edouard Oger
Deepti
Vijay Budhram
Hritvi Bhandari
Vlad Filippov
John Morrison
Ryan Feeley
Ryan Feeley
Sean McArthur
Emin Mastizada
Udara Weerasinghege