mozilla
/
fxa-auth-server
зеркало из https://github.com/mozilla/fxa-auth-server.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
4 387 коммитов 174 Ветки 259 Теги 21 MiB
Граф коммитов

831 Коммитов

Автор SHA1 Сообщение Дата
Ryan Kelly bb17257d4a fix(validators): Normalize redirectTo url to avoid parsing edge-cases. (#71) r=@vladikoff 
See https://bugzilla.mozilla.org/show_bug.cgi?id=1445927 for an example
of the kind of edge-cases we want to avoid.
 2018-03-15 20:48:56 -04:00
Phil Booth 8da511c82c
fix(emails): prevent unsafe content from reaching rendered email body 
https://github.com/mozilla/fxa-auth-server-private/pull/70
r=rfk
 2018-03-15 20:54:36 +00:00
Ryan Kelly 86de08ba33
fix(totp): Restrict allowed chars in TOTP code input. (#2340); r=vbudhram 2018-03-14 16:59:49 +11:00
Phil Booth c68105343e
fix(metrics): ensure service is set when possible on amplitude events 
https://github.com/mozilla/fxa-auth-server/pull/2342
r=vbudhram
 2018-03-13 18:59:50 +00:00
Vijay Budhram ab7ba5a500
fix(emails): add location to `verify primary email` (#2341), r=@philbooth 2018-03-13 17:55:39 +00:00
Ryan Kelly ab17bf85fe fix(codes): Take token-code uid from the token, not the request payload. (#2339), r=@vbudhram 2018-03-13 13:16:04 +00:00
Deepti 481550543d fix(buffers): migrate from 'Buffer()' constructor calls r=@vladikoff 
Fixes #2333
 2018-03-12 19:51:37 -04:00
Deepti a7549e44e5 Fixes issue #2334 Pass an encoded hex email to DEL /emails (#2337) r=@vladikoff,@vbudhram 
Fixes https://github.com/mozilla/fxa-auth-server/issues/2334
 2018-03-12 11:38:14 -04:00
Vijay Budhram 70564d20cb Merge branch 'train-107' 2018-03-10 14:09:57 -05:00
Vijay Budhram a35411a2dd chore(uplift): uplift token validation fixes (#2335) r=@vladikoff 2018-03-09 17:25:17 -05:00
Hritvi Bhandari 65f9802f79 fix(params): use default parameters in options (#2332) r=@vladikoff 
Fixes https://github.com/mozilla/fxa-auth-server/issues/2308
 2018-03-09 12:27:33 -05:00
Vlad Filippov e2d2a7ecd5 feat(emails): delete bounced registrations that are younger than 6 hours (#2305); r=rfk 
Fixes https://github.com/mozilla/fxa-content-server/issues/5629
 2018-03-05 09:38:35 +11:00
Vijay Budhram 45ae7b2048
feat(totp): update to use new verification methods (#2321), r=@philbooth, @vladikoff 2018-02-28 19:35:40 +00:00
Phil Booth e9ec39d6cb
fix(redis): delete clashing tokens from redis in createSessionToken 
Our pruning of session tokens from Redis is not perfect because we can
only delete tokens that are expired-but-not-yet-pruned-from-MySQL. This
leaves us with some number of zombie session tokens that are lying
around in Redis, the effect of which could be to sometimes show
incorrect session information in the device manager (albeit with very
low probability).

To eliminate that possbility, this change speculatively deletes from
Redis when creating the session token. In addition, the maximum number
of Redis connections is bumped up from 100 to 200, because we can expect
the number of concurrent Redis operations to increase significantly.

https://github.com/mozilla/fxa-auth-server/pull/2316
r=vbudhram
 2018-02-22 16:29:41 +00:00
Vijay Budhram c805f9c334
feat(totp): TOTP Management APIs (#2300), r=@philbooth 2018-02-21 01:58:47 +00:00
Ryan Kelly e2cd9f91e7 fix(reauth): Don't send a "new device" email during session re-auth. 2018-02-21 06:12:24 +11:00
Ryan Kelly 9254e31ae8 fix(docs): Support declaration of extra error types in route config. 
This provides a simple hack for declaring extra error types that
can be thrown by a route, but aren't detected by the automatic
docs generator.

It also sorts the list of errors when generating the docs,
because sorting is cool.
 2018-02-21 06:12:21 +11:00
Ryan Kelly aa388cc5eb feat(sessions): Add ability to reauth within an existing login session. 2018-02-21 06:12:12 +11:00
Phil Booth d219cdd823 chore(logging): downgrade redis.watch.conflict to warning level (#2307) r=@vladikoff 2018-02-16 09:52:31 -05:00
Vlad Filippov a937c168f2
feat(reset): improve reset for reliers (#2298) r=@ryanfeeley,@vbudhram 
Connets to mozilla/fxa-content-server#5776
Ref: mozilla/fxa-content-server#5896
 2018-02-09 20:11:34 -05:00
Ryan Kelly bb2c67747b fix(logging): Make oauth_client_info use shared logging instance. (#2299) r=@vladikoff 
Previously it would require() its own version of the logging module, and hence would not correctly use various test stubs and mocks, and hence caused npm test to dump a bunch of logging output to the screen when executing the remote tests. This changes it to accept the log object as an argument in a similar style to other modules in this repo.
 2018-02-09 00:45:55 -05:00
Phil Booth 6411c5a527 fix(api): make authentication required on GET /account/profile (#2290) r=@vladikoff 2018-02-08 10:19:25 -05:00
Phil Booth a33756e8cd
chore(emails): remove all verification reminder code 
https://github.com/mozilla/fxa-auth-server/pull/2283
r=vbudhram
 2018-02-08 08:09:35 +00:00
Vlad Filippov f0ecf0ae4b
feat(emails): fetch service names from OAuth servers, use in emails (#2284) r=@rfk 
Fixes #2213
fixes #2249
 2018-02-07 20:22:02 -05:00
John Morrison 993fd02755 fix(email): log to recipient alongside smtp message-id 
https://github.com/mozilla/fxa-auth-server/pull/2286
r=philbooth
 2018-02-06 10:09:40 +00:00
Ryan Kelly 669f59a963 feat(sessions): Add /session/duplicate API 2018-02-06 14:39:26 +11:00
Phil Booth 924e8ca4ee
chore(code): eliminate duplicate pool and db modules 
https://github.com/mozilla/fxa-auth-server/pull/2282
r=vbudhram
 2018-02-05 14:44:55 +00:00
Phil Booth 11f7024f91
fix(redis): delete session tokens from redis in db.deleteDevice 
https://github.com/mozilla/fxa-auth-server/pull/2270
r=vbudhram
 2018-01-31 08:17:25 +00:00
Vijay Budhram 3953051b18 fix(bounce): Update bounces lib to use `accountRecord` (#2273) r=@rfk,@vladikoff 
Fixes #2272
 2018-01-30 19:12:38 -05:00
Vijay Budhram 0e4b77fec4
fix(unblock): Send correct primary email when blocked (#2271), r=@rfk 2018-01-30 20:13:58 +00:00
Phil Booth acf4b8bb17 Merge branch 'train-104' 2018-01-29 17:43:37 +00:00
Phil Booth f7ce4d0267
fix(metrics): ensure amplitude events always have a metrics context 
https://github.com/mozilla/fxa-auth-server/pull/2267
r=vbudhram
 2018-01-29 17:33:33 +00:00
Ryan Kelly 70d0f96792
fix(emails): Reset account tokens when deleting an email address. (#2266); r=philbooth 2018-01-29 19:21:14 +11:00
Vijay Budhram 220d57d45e
fix(tests): Fix account destroy device test (#2263), r=@rfk 2018-01-23 21:58:31 +00:00
Phil Booth e7bbb86de3
chore(deps): update fxa-geodb 
https://github.com/mozilla/fxa-auth-server/pull/2259
r=vbudhram
 2018-01-20 09:03:38 +00:00
Phil Booth 1b2d1d95c0
fix(redis): pack redis tokens inside db.deleteSessionToken 
https://github.com/mozilla/fxa-auth-server/pull/2261
r=vbudhram
 2018-01-20 08:28:32 +00:00
Phil Booth a9a61f0cc5
feat(redis): prune expired session tokens from redis 
https://github.com/mozilla/fxa-auth-server/pull/2257
r=vbudhram
 2018-01-18 19:23:29 +00:00
Ryan Kelly af3a9eb423
feat(auth): Enable hawk payload validation for additional replay protection (#2252); r=pbooth 
Thanks to Mahmoud Abdelmonem for reporting this issue!
See also https://bugzilla.mozilla.org/show_bug.cgi?id=1427157
 2018-01-16 19:52:52 +11:00
Phil Booth fcddf0b8a2
feat(redis): eliminate property names from redis-stored tokens 
https://github.com/mozilla/fxa-auth-server/pull/2254
r=rfk
 2018-01-11 08:42:03 +00:00
Vijay Budhram 677bdbb6a8
Add ability to verify login with token code (#2218), r=@rfk 2017-12-20 12:03:32 -05:00
Vijay Budhram ae36ddf9a5
feat(codes): don't send delete notification when deleting unverified email (#2246), r=@rfk 2017-12-09 20:45:17 -05:00
Ryan Kelly 9da5305cd3
fix(push): Send a notification to the device that's being disconnected. (#2245); r=eoger 2017-12-06 10:06:41 +11:00
Phil Booth 91cd5398b6
fix(db): implement safe redis write semantics 
https://github.com/mozilla/fxa-auth-server/pull/2235
r=rfk,vbudhram
 2017-11-28 08:02:37 +00:00
Phil Booth 3034a41d0f fix(metrics): include oauth_client_id in amplitude event properties (#2240); r=rfk 2017-11-27 14:43:21 +11:00
Phil Booth 0069873a1d fix(metrics): stop sending raw client ids to amplitude (#2239) r=@vladikoff 2017-11-23 14:36:13 -05:00
Vijay Budhram 90646b9058
chore(email): remove check_can_add_secondary_address route (#2234), r=@philbooth 2017-11-17 13:52:20 -05:00
Vijay Budhram 2617b5abbd
chore(email): Remove FF57 gating logic (#2232), r=@philbooth 2017-11-17 09:19:17 -05:00
Vijay Budhram a8130d372d fix(emails): update accountExists to check for secondary emails (#2216); r=rfk 2017-11-13 10:33:02 +11:00
Phil Booth 8826364483
fix(db): sanely handle redis errors 
https://github.com/mozilla/fxa-auth-server/pull/2215
r=vbudhram
 2017-11-10 16:14:26 +00:00
Vlad Filippov 9f7473540b
fix(logo): fix FF57 logo width and height (#2204) r=@ryanfeeley 
Fixes #2203
 2017-11-02 17:26:08 -04:00
Ryan Feeley 633fc5c72d Updated emails to Photon colours 
Replaced our few scant colours with Photon colours
 2017-11-02 15:40:37 -04:00
Phil Booth a928f27d22 Merge branch 'train-99' 2017-11-02 14:03:51 +00:00
Phil Booth ddb3bc9ebd fix(logging): don't log errors if location is not set (#2200) 2017-11-02 09:08:54 -04:00
Vijay Budhram f3261a6137
fix(emails): add post change email template (#2194), r=@philbooth 2017-11-01 10:48:29 -04:00
Vijay Budhram e6da576b47
fix(links): use a custom url when verifying primary email (#2196), r=@vladikoff 2017-11-01 10:30:42 -04:00
Phil Booth 563851faf9
feat(tokens): add city and stateCode to sessionTokens 
https://github.com/mozilla/fxa-auth-server/pull/2180
r=vbudhram
 2017-10-31 21:11:01 +00:00
Phil Booth 23c54c1210 chore(email): regenerate templates from partials (#2193) r=vladikoff 2017-10-30 10:40:24 -04:00
Phil Booth a86ee5a4c2 Merge branch 'train-98' 2017-10-30 14:00:02 +00:00
Vijay Budhram a5c41058f4
chore(logo): add new logo to email templates (#2190), r=@philbooth 2017-10-30 09:38:35 -04:00
Phil Booth 0a5ea8c7bc fix(email): add missing whitespace after semi-colon (#2192), r=@vbudhram 2017-10-30 08:42:05 -04:00
Phil Booth b18079f9a0 feat(devices): translate location in devices and sessions response 
https://github.com/mozilla/fxa-auth-server/pull/2188
r=vbudhram
 2017-10-27 16:21:55 +01:00
Vijay Budhram dd68d88a9e feat(session): Add email templates (#2184), r=@philbooth 2017-10-26 10:53:04 -04:00
Phil Booth b55bfb0eaa feat(metrics): add newsletter_state property to amplitude events 
https://github.com/mozilla/fxa-auth-server/pull/2183
r=vbudhram
 2017-10-23 18:43:50 +01:00
Phil Booth b498fbd941 feat(devices): return approximateLastAccessTime for old devices 
https://github.com/mozilla/fxa-auth-server/pull/2182
r=shane-tomlinson
 2017-10-23 12:34:39 +01:00
Shane Tomlinson e7dd869e40 Merge pull request #2178 from mozilla/issue-2176-formatted-phone-number r=@philbooth 
formattedPhoneNumber is used by the content server to display the
telephone number the SMS was sent to, formatted for the user's country.

fixes #2176
 2017-10-19 11:23:54 +01:00
Ryan Feeley 163dd9cbd2 fix(email): Added secondary to subject line (#2174), r=@vbudhram 2017-10-18 14:32:08 -04:00
Ryan Kelly e8ce38259b fix(devices): Avoid reporting stale last-access times when feature is disabled. (#2144); r=philbooth 2017-10-18 13:18:14 +11:00
Phil Booth d205c9abee fix(logging): more clearly distinguish amplitude error messages 
https://github.com/mozilla/fxa-auth-server/pull/2169
r=vbudhram
 2017-10-17 09:28:45 +01:00
Phil Booth faab408a7b Merge branch 'train-97' 2017-10-17 07:34:31 +01:00
Ryan Kelly 00e69f27e2 fix(devices): Always report a name and type in device registration response. 
https://github.com/mozilla/fxa-auth-server/pull/2172
r=philbooth
 2017-10-17 07:28:48 +01:00
Vijay Budhram 37349fe6e0 fix(push): Target `Firefox Beta` for account verification messages (#2167), r=@rfk (#2170) 2017-10-16 13:43:10 -04:00
Vijay Budhram 6490471ec0 fix(push): Target `Firefox Beta` for account verification messages (#2167), r=@rfk 2017-10-16 08:39:51 -04:00
Vijay Budhram 89e1ad1b18 feat(sqs): Add timestamp to notify services sqs message (#2168), r=@rfk 2017-10-16 08:17:23 -04:00
Phil Booth c60f198b62 fix(metrics): don't emit os_version if os_name is unset (#2165), r=@vbudhram 2017-10-13 18:38:00 -04:00
Vijay Budhram ff988cb397 fix(push): Allow sending verification messages from /devices/notify (#2161), r=@rfk (#2166) 2017-10-13 13:32:34 -04:00
Vijay Budhram 717253fc1d fix(push): Allow sending verification messages from /devices/notify (#2161), r=@rfk 2017-10-13 12:37:00 -04:00
Phil Booth 5be347517c fix(metrics): map service event property from client id 
https://github.com/mozilla/fxa-auth-server/pull/2162
r=vbudhram
 2017-10-13 08:56:44 +01:00
Phil Booth a397b6792b fix(logging): silence annoying redis log noise (#2164), r=@vbudhram 2017-10-12 11:09:18 -04:00
Phil Booth 80d3de10e2 refactor(tokens): prefer token.id to token.tokenId 
https://github.com/mozilla/fxa-auth-server/pull/2157
r=rfk
 2017-10-11 06:55:18 +01:00
Phil Booth 8d23ca987e chore(logging): log email headers to diagnose #2133 2017-10-05 16:07:30 +01:00
Edouard Oger b6d9490568 feat(push): Drop collection_changed push notifications for first sync sent to iOS devices (#2148) r=rfk 2017-10-04 14:09:28 -04:00
Vlad Filippov 2543bf09e0 fix(sessions): update the access time on /sign checking (#2149) r=rfk 
Fixes bz1403275
 2017-10-03 19:33:05 -04:00
Phil Booth 925760aacd feat(metrics): implement email_version amplitude property 
https://github.com/mozilla/fxa-auth-server/pull/2145
r=vbudhram
 2017-10-03 14:09:41 +01:00
Vijay Budhram f4c54dae72 fix(email): Show proper error and delete email if postfix fails to send (#2147), r=@vladikoff 2017-10-02 23:55:50 -04:00
Vijay Budhram 1d834a9e75 fix(email): Update secondary email footers (#2136), r=@rfk 2017-09-25 19:45:55 -04:00
Phil Booth ef81ff8c1c Merge branch 'train-96' 2017-09-25 18:06:16 +01:00
Phil Booth 8a255c90b5 fix(metrics): prefer standard amplitude properties 
https://github.com/mozilla/fxa-auth-server/pull/2140
r=vbudhram
 2017-09-25 18:04:37 +01:00
Phil Booth 4f6f367f5e fix(metrics): fix the data on email sent events 
https://github.com/mozilla/fxa-auth-server/pull/2139
r=rfk
 2017-09-25 08:11:43 +01:00
Edouard Oger 6fe2dac838 fix(devices): return the whole device record in POST /device response (#2132); r=rfk 2017-09-25 09:35:45 +10:00
Phil Booth 34bf4926f9 chore(logs): log error if headers are missing in email notifications 
https://github.com/mozilla/fxa-auth-server/pull/2135
r=shane-tomlinson
 2017-09-22 13:21:35 +01:00
Vijay Budhram 4325eb0aab feat(email): Throw error when attempting to resend email code for email that doesn't belong to account (#2129), r=philbooth 2017-09-20 11:36:03 -04:00
Edouard Oger eec0a434fe fix(push): return pushEndpointExpired as a boolean (#2127); r=rfk 2017-09-20 08:19:16 +10:00
Phil Booth 938ef5cbdf feat(metrics): include fxa_services_used in amplitude user properties 
https://github.com/mozilla/fxa-auth-server/pull/2125
r=vbudhram
 2017-09-19 22:49:20 +01:00
Phil Booth 189240fcc0 refactor(server): extract unblock_codes routes to a separate module (#2126) r=vladikoff 
Fixes #1445.

This is the last remaining nicely-extractable chunk from lib/routes/account
 2017-09-19 15:22:55 -04:00
Phil Booth df6cd60442 fix(server): enforce 'use strict' everywhere (#2124), r=@vbudhram 2017-09-19 09:00:37 -04:00
Phil Booth 3518b0c0d7 feat(server): lazily get all request.app properties 
https://github.com/mozilla/fxa-auth-server/pull/2123
r=shane-tomlinson
 2017-09-18 18:01:28 +01:00
Shane Tomlinson 359caeb4fc refactor(secondary-email): Remove "add secondary email" feature flag. (#2121), r=@vbudhram 2017-09-18 12:10:39 -04:00
Phil Booth 0567350615 fix(metrics): include missing user_properties on amplitude events 
https://github.com/mozilla/fxa-auth-server/pull/2114
r=rfk
 2017-09-18 08:24:50 +01:00
Vlad Filippov ceab903e26 feat(logs): add Sentry integration (#2116) r=vbudhram 
Fixes #2115
 2017-09-14 14:37:29 -04:00
Phil Booth 549b89187c fix(basket): reinstate utm params to the metrics context bundle 
https://github.com/mozilla/fxa-auth-server/pull/2119
r=vbudhram
 2017-09-14 14:38:52 +01:00
Vlad Filippov e8cc49d86b feat(password): notify attached services when a user changes their password (#2117); r=rfk 2017-09-14 07:53:58 +10:00
Ryan Kelly 68e2c12ee9 chore(deps): Update hapi to latest version 2017-09-13 09:01:40 -04:00
Phil Booth f084830bcf feat(server): lazily get devices array on the request object (#2107) r=vladikoff,vbudhram 
Fixes #2106.

Prevents us from accidentally calling db.devices more than once per request. I saw one definite case of this in /recovery_email/verify_code and it's possible there were others. I'll also be making use of this property heavily for the amplitude events, so it will get further usage imminently.

Making the change necessitated pulling calls to db.devices out of lib/push, which triggered some refactoring that almost got away from me. I'll add inline commentary to call out why things have changed the way they have, but most push methods now take an extra devices argument and a few other methods became redundant so I deleted them. I don't think I've broken anything.
 2017-09-12 15:17:08 -04:00
Vlad Filippov 2e8e6747c6 feat(db): allow BMP chars in device name (#2053) r=rfk,jbuck 
Fixes https://github.com/mozilla/fxa-auth-server/issues/1285
 2017-09-12 11:14:12 -04:00
Ryan Kelly c6486ba0dc Merge branch 'train-95' 2017-09-12 12:30:36 +10:00
Ryan Kelly 6b1f73da96 fix(push): Only send device connection push msgs to iOS 10+ (#2108) r=vladikoff 
The client-side code for this is not going to make the 9.0 release
of Firefox for iOS, so we need to push the target version back on
the server-side as well.
 2017-09-11 09:39:23 -04:00
Ryan Kelly 36ba0480d7 fix(email): Block sending if gated primary and unverified secondary. (#2098), r=@vbudhram 2017-09-08 12:01:14 -04:00
Phil Booth 2238b37b6f fix(server): make geo data lazily available on the request 
https://github.com/mozilla/fxa-auth-server/pull/2095
r=vbudhram
 2017-09-07 22:23:33 +01:00
John Morrison 55e1a91287 fix(profile): progress logging for handleProfileUpdated (#2094) r=vladikoff,eoger 2017-09-07 14:40:43 -04:00
Vlad Filippov 1f36c6d3a7 refactor(l10n): take l10n repo out of node_modules (#2079) 
Same as https://github.com/mozilla/fxa-content-server/pull/5395

Fixes #1678
 2017-09-06 09:33:19 -04:00
Phil Booth b36ea326d6 fix(metrics): add missing device_id and user_id amplitude properties 
https://github.com/mozilla/fxa-auth-server/pull/2092
r=rfk
 2017-09-06 12:19:54 +01:00
Ryan Kelly d04778c17f fix(push): Allow device connection push messages for Firefox iOS >= 9.0 (#2088); r=vbudhram 
fix(push): Allow device-connection push messages for iOS >= 9.0
 2017-09-06 15:48:44 +10:00
Ryan Kelly a2e3d1ee27 fix(bounces): Handle mis-formatted bounce addrs as best we can. (#2090); r=jrgm 
Different mail servers format the addresses in their bounce messages
in different ways, not all of them strictly RFC compliant.  This change
makes us more lenient in what we accept, so that we don't error out
when receiving a bounce from a noncompliant server, so long as the result
ends up looking like a valid email address.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1393961
 2017-09-06 13:30:36 +10:00
Edouard Oger 87a410ed5b fix(push): send push notification after a device is deleted 
https://github.com/mozilla/fxa-auth-server/pull/2086
r=philbooth
 2017-09-05 19:27:39 +01:00
Ryan Kelly a6d8bc0c9c fix(profile): Handle incoming uids as strings, not buffers. (#2089) r=philbooth 
This also adds some additional tests to guard against similar
mistakes in the future.
 2017-09-05 18:31:01 +10:00
Edouard Oger 735f323775 feat(push): add a pushEndpointExpired flag for devices that need to re-register their push endpoint (#2087) r=rfk 2017-08-31 13:25:54 -04:00
Phil Booth 32f2caa131 fix(metrics): remove the forgot_sent amplitude event (#2078) r=vladikoff 2017-08-29 13:48:22 -04:00
Phil Booth cc2da2a0f2 refactor(mailer): automatically pass through args to mailer methods (#2075) r=vladikoff,shane-tomlinson 2017-08-29 09:34:12 -04:00
Phil Booth 5800418902 feat(logging): send amplitude events to the logs 
https://github.com/mozilla/fxa-auth-server/pull/2069
r=rfk,vbudhram
 2017-08-28 10:53:25 +01:00
Phil Booth f136268dd9 refactor(api): extract device schema to a common definition 
https://github.com/mozilla/fxa-auth-server/pull/2074
r=vbudhram
 2017-08-25 20:43:08 +01:00
Vijay Budhram 7bbdd44879 feat(email): Notify services when user changes primary email (#2066) r=vladikoff,rfk 2017-08-22 08:14:15 -04:00
Phil Booth 8d5f2b07c6 refactor(email): extract common flow id boilerplate (#2065) r=vladikoff 2017-08-18 09:45:24 -04:00
Phil Booth a37589c1e8 refactor(sms): unleash es6 in senders/sms (#2064), r=@vbudhram 2017-08-18 09:10:24 -04:00
Phil Booth cc69b36d1c feat(server): add parsed user agent info to the request object (#2061), r=@vbudhram 2017-08-17 14:53:39 -04:00
Sean McArthur 12dd0fe9a2 fix(senders): update gettext dependency that can parse es6 syntax (#2057) r=vladikoff 2017-08-15 14:46:28 -04:00
Phil Booth 3e5859f930 fix(devices): saner mobile/tablet recognition for devices (#2051), r=@vbudhram 2017-08-14 12:57:36 -04:00
Phil Booth c48e48421b Merge branch 'train-93' 2017-08-11 18:52:24 +01:00
Phil Booth d96f299b8f fix(devices): ditch OS in synthesized name if form factor is present (#2047) r=vladikoff 2017-08-11 13:44:55 -04:00
Phil Booth 742be7545b fix(strings): change "to" to "for" for verify secondary email (#2048), r=@vbudhram 2017-08-10 14:59:12 -04:00
Emin Mastizada e72e5b15ef fix(strings) change "to" to "from" in remove secondary email message 
https://github.com/mozilla/fxa-auth-server/pull/2040
r=ryanfeeley
 2017-08-10 18:34:07 +01:00
Phil Booth 5a59afa3a9 feat(devices): include form factor in synthesized device name 
https://github.com/mozilla/fxa-auth-server/pull/2041
r=vbudhram
 2017-08-07 16:25:44 +01:00
Vijay Budhram 26f6104c08 fix(push): Send push notification to devices when email has changed (#2038), r=@philbooth 2017-08-07 10:53:40 -04:00
Vijay Budhram 5eca134a78 fix(email): Fix issue where you couldn't delete account after changing email (#2036) r=vladikoff 2017-08-04 13:36:54 -04:00
John Morrison bfecf6d884 fix(db): expose config options for Poolee timeout and maxPending (#2027) 2017-08-01 17:09:00 +10:00
Udara Weerasinghege 10e8310657 fix(redisSessions): improve redis session lookup performance (#2026) r=vladikoff,rfk 
Fixes #2025
 2017-07-31 09:35:43 -04:00
Ryan Feeley 1d80d81e8d fix(sms): make the sms copy friendlier 
https://github.com/mozilla/fxa-auth-server/pull/2022
r=philbooth
 2017-07-28 10:26:30 +01:00
Udara Weerasinghege b58e8221c8 chore(logs): add log when stale emails hit recovery endpoint (#2020) r=vladikoff 2017-07-27 16:58:23 -04:00
Vijay Budhram 4c394cf35f fix(email): Notify all verified emails when a secondary email is removed (#2016) r=vladikoff 
Fixes #1948
 2017-07-27 14:06:38 -04:00
Udara Weerasinghege 27ca0e4ca2 feat(session): add location to sessions query (#1993) r=vladikoff,philbooth 2017-07-26 11:45:36 -04:00
Vlad Filippov 9568c706e0 feat(style): update to new device image (#2014) r=ryanfeeley 
Fixes #1914
 2017-07-25 13:16:02 -04:00
Vijay Budhram 76aedd2800 fix(emails): check against original account email (#2011), r=@philbooth 2017-07-24 09:02:41 -04:00
Vijay Budhram 310e199f6a feat(tokens): delete account all reset tokens on password reset (#1979) r=vladikoff 2017-07-21 12:51:35 -04:00
Phil Booth 50c55f1cda feat(metrics): emit route performance events 
https://github.com/mozilla/fxa-auth-server/pull/2012
r=vbudhram
 2017-07-21 16:23:33 +01:00
Udara Weerasinghege 516826b581 chore(timestamps): add two timestamps to sessions and devices (#2009) r=vladikoff 
Fixes https://github.com/mozilla/fxa-auth-server/issues/2008
 2017-07-20 17:08:05 -04:00
Phil Booth 4941dd5b9f feat(tokens): expire session tokens that have no device record 
Session tokens that have no device record and are older than 4 weeks old
(by default) will now be rejected as expired by all auth server endpoints.
Additionally, the `/account/sessions` endpoint will filter out expired session
tokens on the same basis.

https://github.com/mozilla/fxa-auth-server/pull/1996

r=vbudhram
 2017-07-20 13:38:56 +01:00
Udara Weerasinghege 1f578212c3 fix(tokens): add is memory token property to sessions (#2004) r=vladikoff 2017-07-19 15:58:06 -04:00
Vijay Budhram 0541f131ec feat(emails): Add ability to change email (#1983), r=@philbooth 2017-07-18 16:15:26 -04:00
Phil Booth 29036090e7 refactor(server): extract email-related routes to a separate module (#1989), r=@vbudhram 2017-07-14 09:47:59 -04:00
Udara Weerasinghege 5742ffff3a * feat(cache): store updated session tokens in redis 
https://github.com/mozilla/fxa-auth-server/pull/1968
r=philbooth,vladikoff
 2017-07-14 08:56:21 +01:00
Phil Booth 0217750ca2 feat(errors): include conflicting device id in errno 124 response 
https://github.com/mozilla/fxa-auth-server/pull/1990
r=seanmonstar
 2017-07-13 16:58:49 +01:00
Phil Booth a1568e3e64 Merge branch 'train-90' 2017-07-12 10:03:56 +01:00
Sean McArthur 1d2a9f494c feat(account): receive marketingOptIn when verifying email codes 2017-07-11 09:54:51 -07:00
Phil Booth 2f10d1b0cc fix(server): return sane user agent from /account/sessions 
https://github.com/mozilla/fxa-auth-server/pull/1982
r=shane-tomlinson,vbudhram
 2017-07-10 17:30:43 +01:00
Sean McArthur ea936426bd feat(account): send marketingOptIn to attached services on registration 
Adds optional `marketingOptIn` payload parameter to `/account/create`.

If set, a flag is set in memcached that the user opted in to marketing.
The `/recovery_email/verify_code` route will check memcached for this
flag, and if found, will set `marketingOptIn` to the message sent to
attached services (SNS).

Closes #1973
 2017-07-06 09:38:58 -07:00
Vijay Budhram 979968a58b feat(email): When primary email gated, send to secondary email if avalible (#1954), r=@seanmonstar 2017-07-05 11:59:05 -04:00
Phil Booth 14f0bf946e fix(server): stop using raw user agent string for browser name 
Fixes [bug 1377919](https://bugzilla.mozilla.org/show_bug.cgi?id=1377919).
https://github.com/mozilla/fxa-auth-server-private/pull/67
r=vbudhram
 2017-07-05 15:47:16 +01:00
Ryan Kelly baed71d201 fix(push): Don't notify the originating device about pwd change. (#1931) r=mhammond,vladikoff 
* fix(push): Don't notify the originating device about pwd change.

The originating device should already know about the pwd change
thanks to a local WebChannel message from the content-server.
Avoid sending it a push notification as well, since this could
race with the WebChannel message and produce confusion.

* fix(docs): adjust doc string for password.js
 2017-07-04 14:09:00 -04:00
Phil Booth ba5c927b54 refactor(routes): break out device-related routes to a separate module 
https://github.com/mozilla/fxa-auth-server/pull/1971
r=vladikoff
 2017-07-04 16:12:32 +01:00
Phil Booth 91f8e4358c refactor(server): eliminate some unnecessary serial invocation (#1965), r=@vbudhram 2017-06-29 14:11:16 -07:00
Sean McArthur 8d2a86180a fix(hawk): key passed to hawk must be a Buffer 
https://github.com/mozilla/fxa-auth-server/pull/1966
r=philbooth
 2017-06-29 09:18:13 -07:00
Sean McArthur 0cfd39ca05 refactor(lib): use strings instead of buffers for as much as possible 
This settles our dance of `Buffer` vs `String` down to simply this:

> You have a `String`. You should (almost) never have a `Buffer`.

Buffers are useful for talking about a specific set of bytes, without an
encoding. In our app, the places where this is useful are:

- crypto
- mysql

We don't actually speak MySQL in this repo anywhere, so that leaves us
with only crypto. Instead of requiring the mental overhead of "Do I have
a buffer or a string?" throughout all our code base, we can just push
that completely into the crypto code.

This *should* reduce bugs where we aren't sure if we have a `Buffer` or
a `String`. If you're not in crypto, you should just have a `String`.
 2017-06-28 16:05:30 -07:00
Phil Booth a6aa3c34d2 Merge branch 'train-89' 2017-06-28 13:45:31 -07:00
Phil Booth 7ce5c05250 feat(sms): Switch to AWS SNS for SMS 
https://github.com/mozilla/fxa-auth-server/pull/1964
r=philbooth,jbuck
 2017-06-28 13:17:29 -07:00
Udara Weerasinghege 111bfbb2db fix(ios): only notify ios devices for collection change events (#1960) r=vladikoff 2017-06-28 12:34:13 -07:00
Phil Booth 6fd020dc7e fix(server): do not return flowId from consumeSigninCodes endpoint 
https://github.com/mozilla/fxa-auth-server/pull/1952
r=vbudhram
 2017-06-22 14:07:05 +01:00
Ryan Kelly 88a9fc8a9b fix(notifications): Make data fields consistent across all notifyAttachedServices calls. (#1879); r=philbooth 
Previously, some of them send a plain "uid" and some of them sent the "uid" as "uid@domain" for historical reasons.  Now they all just send a plain "uid", with the domain in a separate "iss" field.
 2017-06-21 12:21:38 +10:00
Phil Booth 3f78f6eefd fix(server): step in before node-uap parses Sync UA strings 
https://github.com/mozilla/fxa-auth-server/pull/1949
r=vbudhram
 2017-06-19 08:44:08 +01:00
Phil Booth 13eeab2b89 feat(metrics): emit a flow.continued event for signinCodes 
https://github.com/mozilla/fxa-auth-server/pull/1946
r=seanmonstar
 2017-06-16 11:53:05 +01:00
Vijay Budhram bcad58c76b fix(email): Escape device name in HTML emails. (#1944), r=@philbooth 
It's derived from user-provided data, so we can't trust it
enough to insert it as a raw string.

https://github.com/mozilla/fxa-auth-server-private/pull/66

r=philbooth
 2017-06-14 06:43:47 -04:00
Sean McArthur 5ca2acbf35 Make our test suite faster (again) (#1938) r=vladikoff 
* test(i18n): cache parsing of po files

When running our remote tests, every time we restarted the server, we
would re-parse all of the po translation files. Each time takes around
500ms. By caching files we've already parsed, this shaves around 12s off
the remote test suite.

* test(dev): make `npm test` faster, provide `npm run test-ci`

Since `npm test` is what we run constantly when working on features, if
we can make it faster, we make development faster.

- Disable memcache. We never specifically start a memcached, but the
  tests were running trying to look for it. With the default settings
  being to retry once with a 500ms timeout, many test would hang for 1s
  checking memcached for data that wasn't even useful to the test. By
  setting to 'none', this saved 45s.

- Disable scrypt. scrypt is **slow**. While developing locally, and
  running the tests, we don't actually need to test that some value run
  through scrypt turns out to be correctly encrypted. By using the
  verifier version '0', this saved 55s.

- Disable coverage. Using coverage takes some time to instrument the
  code, and spawn in a child process. While nyc is pretty good at caching,
  and the slow down isn't that much, it's also more annoying to debug
  with. First, it ruins all stack trace lines numbers. Second, it spits a
  gigantic coverage report at the end of the test run, requiring scrolling
  back up to see the actual test results.

To make sure we still run the test suite with the default options
enabled, this provides a `test-ci` target, that is enabled to be always
be run from TravisCI and Circle.
 2017-06-09 15:30:45 -04:00
Sean McArthur 82b24e24e8 fix(email): log a 'sent' email event for each CC address (#1936), r=@vbudhram 2017-06-09 10:25:08 -04:00
Sean McArthur 09e18e5161 feat(bounces): add tiers to bounce blocklist 
The config for each bounce type can now contain a map of counts vs
durations. This allows a tiered approach to blocking email actions based
on bounce history.

For example:

```
{
  0: 5000,
  5: 20000
}
```

This tier mapping is translated as "more than 0 in 5 seconds" or "more
than 5 in 20 seconds". If either condition is true, the appropriate
error is thrown.

The throw error also now includes the timestamp of the latest bounce, to
allow for reporting of when exactly that bounce was recorded at.

Closes #1893
 2017-06-07 17:04:16 -07:00
Phil Booth 50f63036f2 fix(server): remove duplicate URL-safe base 64 validator 2017-06-07 18:10:51 +01:00
Vijay Budhram a459ff102f feat(emails): Add endpoint to check if secondary emails are enabled (#1926), r=@philbooth, @rfk 2017-06-07 10:49:52 -04:00
Shane Tomlinson ef2cc2a5dd fix(test): Fix the broken smsSend test. 
Also remove `sender` when sending a mail from the mock-nexmo.
It isn't needed to send the message.
 2017-06-07 12:54:22 +01:00
Shane Tomlinson 577db706a9 fix(sms): Use the real email sender when sending via MockNexmo 
We were using a made up sender, which caused our email provider
to drop the messages on the ground when testing on fxa-ci. Messages
were reported as delivered, but never seen again.
 2017-06-07 11:47:46 +01:00
Ryan Kelly 3f7ed68e09 chore(log): Remove datadog/statsd integration (#1921); r=vladikoff 
We've had too many doubts about the reliability of the numbers to get any
value out of it in practice, so let's remove it to keep things simple.
 2017-06-04 12:32:32 +10:00
Phil Booth 23946522b9 fix(sms): ditch the balance checks due to rate-limiting woe 
https://github.com/mozilla/fxa-auth-server/pull/1924

r=vbudhram,shane-tomlinson
 2017-06-01 22:13:15 +01:00
Vlad Filippov f2a3d156c1 Merge pull request #1918 from mozilla/public-87.1-backport 
Backport ECDH key validation from private repo
 2017-05-29 08:57:31 -04:00
Phil Booth f10655d1b7 feat(server): add endpoint for consuming signinCodes 
https://github.com/mozilla/fxa-auth-server/pull/1906

r=vbudhram,shane-tomlinson
 2017-05-29 09:54:27 +01:00
Ryan Kelly 05034798bb chore(push): Add a link to nodejs ECDH issue in code comments. 2017-05-29 14:53:36 +10:00
Ryan Kelly 5825341706 Merge tag 'v1.87.1-private' into public-87.1-backport 2017-05-29 14:51:29 +10:00
Vlad Filippov 5362c64ee6 fix(push): add extra logs 2017-05-26 09:21:24 -04:00
Ryan Kelly 8920a012d8 fix(push): Validate push public keys at registration time. 
We currently allow devices to submit invalid public keys with
their push registration, causing attempts to notify those devices
to fail in an ugly way.  This adds additional validation so that
only known-good keys get stored in the db.
 2017-05-26 09:21:24 -04:00
Sean McArthur 23593c75f3 fix(email): check case insensitive headers in EmailSent event (#1916), r=@philbooth, @vbudhram 2017-05-26 08:42:42 -04:00
udara 91ce14c3f0 fix(notifications): Send disable notification to all devices 2017-05-25 17:16:02 -04:00
Phil Booth 009428e422 fix(devices): handle new user agent string from Sync client lib 
https://github.com/mozilla/fxa-auth-server/pull/1909

r=seanmonstar
 2017-05-25 08:10:20 +01:00
Ryan Kelly 33d752d4f2 Merge pull request #1900 from eoger/push-on-account-destroy; r=rfk 
Send push notification on account destroy
 2017-05-23 08:08:06 +10:00
Phil Booth 2610d2f5f4 feat(server): include signinCode in the installFirefox SMS 
https://github.com/mozilla/fxa-auth-server/pull/1904

r=shane-tomlinson,vbudhram
 2017-05-22 16:03:13 +01:00
Edouard Oger 163e2f4d0c feat(push): send push notification on account deletion 2017-05-18 14:19:49 -04:00
Edouard Oger 7ba4f67fcf fix(push): correct params types in push.js 2017-05-18 14:19:47 -04:00
Phil Booth 643ed85864 feat(docs): automatically generate API docs from the code 
https://github.com/mozilla/fxa-auth-server/pull/1786

r=vladikoff
 2017-05-18 11:48:04 +01:00
Vijay Budhram 34e38411dc fix(emails): Can create secondary email if it is unverified in another account (#1892) r=vladikoff,seanmonstar 
Fixes https://github.com/mozilla/fxa-bugzilla-mirror/issues/275
 2017-05-14 22:18:25 -04:00
Vijay Budhram e62aab1c3e fix(emails): Fix issue where change password link was undefined (#1886) r=vladikoff 2017-05-10 10:43:40 -04:00
Vijay Budhram 3bc36ebd4c fix(emails): Only send email notifications to verified secondary emails (#1888) r=rfk,philbooth,vladikoff 
Fixes #1887
 2017-05-09 13:24:36 -04:00
Vijay Budhram d62995ea50 fix(config): Add email regex feature flag for secondary email 2017-05-05 17:21:37 -04:00
Sean McArthur 4948a7eb3b feat(mailer): disable X-Mailer header in emails (#1881) r=vladikoff,philbooth 2017-05-04 09:33:35 -04:00
Vlad Filippov 36ec6f7e35 fix(metrics): handle and log missing payload (#1875) r=vbudhram 
Fixes #1817
 2017-05-03 12:07:09 -04:00
Sean McArthur a74a1f74a3 feat(session): add a 'state' property in `/session/status` 
This can return the current status of the authenticated sessionToken.
For now, it only returns the two states we know: `verified` and
`unverified`. In the future, this could return additional states, such
as `bounced`, or `reset`, which would allow clients to behave
differently to try to repair the situation.
 2017-05-02 09:14:05 -07:00
Phil Booth 569853728a refactor(server): extract memcached usage to a dedicated module 
https://github.com/mozilla/fxa-auth-server/pull/1801

r=vbudhram
 2017-05-02 07:24:17 +01:00
Phil Booth 2e9963c9bb fix(metrics): include template name in sms.sent event 
https://github.com/mozilla/fxa-auth-server/pull/1843

r=shane-tomlinson
 2017-05-02 07:09:38 +01:00
Vijay Budhram d1fae0d145 feat(emails): Throw unique error if initiating password reset from secondary email (#1874) r=vladikoff 
This PR fixes mozilla/fxa-content-server#4996 (comment) by sending a unique error if a user is attempting to reset an account from a secondary email.
 2017-05-01 14:28:11 -04:00
Vijay Budhram ae955824f1 fix(config): Correctly resolve isSecondaryEmailEnabled and add more checks for config (#1872) r=vladikoff 2017-04-30 19:57:20 -04:00
Vlad Filippov 10d5b56ede chore(deps): update shrinkwrap and latest eslint (#1868) 2017-04-28 15:07:53 -04:00
Vijay Budhram e7697e0258 feat(emails): Use new verification link, pass type, pass email verified (#1864), r=@vladikoff 2017-04-28 12:48:31 -04:00
Vijay Budhram f509bcb7c0 feat(emails): Add custom error for users logging in with secondary email (#1850), r=@vladikoff 2017-04-27 17:55:47 -04:00
Vlad Filippov 3fd0418187 feat(devices): return OS from user agent os (#1848) r=philbooth 
Fixes #1829
 2017-04-25 03:23:02 -04:00
Vijay Budhram a5ff7cae98 chore(email): Remove unused `emailSent` (#1846) r=vladikoff,philbooth 2017-04-24 10:04:27 -04:00
John Morrison 90cac2c138 fix(sms); DRY up sms.{regions,senderIds} 
https://github.com/mozilla/fxa-auth-server/pull/1847

r=philbooth
 2017-04-24 06:46:44 +01:00
Vlad Filippov 7414ee8ac1 refactor(server): remove separate notifier process (#1800) r=vbudhram 2017-04-20 17:25:47 -04:00
Vijay Budhram d0b59768dc fix(config): Add config for unverified account to exist before secondary email can be create with the same email (#1845) r=vladikoff 2017-04-20 09:58:10 -04:00
vladikoff fb5997e478 fix(metrics): fix metrics context errors 2017-04-17 22:48:15 -04:00
Vijay Budhram 7ecad758ff feat(emails): Add secondary emails api support Part 2 (#1768) r=vladikoff 2017-04-17 19:16:40 -04:00
Sean McArthur adc6d3e066 fix(promise): log unhandled rejections instead of throwing (#1818) r=vladikoff 
* fix(promise): log unhandled rejections instead of throwing
* fix(server): set useDomains to true
 2017-04-13 14:29:58 -04:00
Vijay Budhram 64c96d652f fix(config): Merge auth and mailer configs (#1798), r=@philbooth 2017-04-11 09:56:50 -04:00
Ryan Kelly 89f5cac3eb fix(routes): Add a /__lbheartbeat__ route. (#1807) r=vladikoff 2017-04-09 23:43:30 -04:00
Vijay Budhram 5a7e4a7f3f fix(locale): Fix merge conflicts (#1794) 2017-04-05 14:12:30 -07:00
Ryan Kelly 59cdb4ce34 feat(keys): Add key id and created-at timestamp to our public keys. (#1734); r=seanmonstar 
This will it easier for secops to audit our key rotation schedule.
 2017-04-04 13:09:28 -07:00
Phil Booth 72687c25f4 fix(server): recognise the new iOS client UA string 
https://github.com/mozilla/fxa-auth-server/pull/1787

r=rfk,sleroux
 2017-04-03 21:43:29 +01:00
Vijay Budhram 2b7e712b27 fix(config): Graduate security history and ip profiling 2017-03-29 22:43:32 -04:00
Sean McArthur 470387fc24 Merge pull request #1765 from mozilla/unjection 
Remove some unnecessary dependency injection
 2017-03-29 09:35:00 -07:00
Shane Tomlinson 21bd1e8f62 Merge pull request #1772 from mozilla/mock-sms-provider r=@philbooth 
feat(sms): Mock out Nexmo for functional tests.
 2017-03-29 14:19:53 +01:00
Phil Booth b062d792ab feat(metrics): emit a flow event for the sms region 
https://github.com/mozilla/fxa-auth-server/pull/1783

r=shane-tomlinson
 2017-03-29 13:28:14 +01:00
Phil Booth e9ed457ebc feat(sms): return country code from /sms/status 
https://github.com/mozilla/fxa-auth-server/pull/1766

r=shane-tomlinson
 2017-03-29 11:14:58 +01:00
Sean McArthur 48d7625d65 refactor(bounces): pull bounce logic into separate module 2017-03-28 10:06:29 -07:00
Vijay Budhram b06b0da0e4 feat(emails): Mailer accept multiple emails Part 1 (#1767), r=@philbooth 2017-03-28 12:06:37 -04:00
Phil Booth 005eeca5f2 Merge branch 'train-83' 2017-03-28 13:38:26 +01:00
Phil Booth 176c63e0ee fix(sms): propagate countryCode through our fxa-geodb wrapper 
https://github.com/mozilla/fxa-auth-server/pull/1778

r=shane-tomlinson
 2017-03-28 13:31:42 +01:00
Phil Booth 23c58b9143 fix(logging): don't emit null or undefined uid on flow events 
https://github.com/mozilla/fxa-auth-server/pull/1771

r=vbudhram
 2017-03-28 13:09:24 +01:00
Sean McArthur 886aa824d2 Merge pull request #1764 from mozilla/burn-created-at 
refactor(token): remove ability to pass createdAt to Token.create
 2017-03-27 15:36:17 -07:00
Sean McArthur cbad916acd refactor(db): remove unnecessary dependency injection for DB 2017-03-27 11:54:08 -07:00
Sean McArthur a6b97a79cf refactor(routes): remove unnecessary dependency injection in routes 2017-03-27 11:54:08 -07:00
Sean McArthur a393413199 refactor(tokens): reduce unnecessary dependency injection in Tokens 2017-03-27 11:52:09 -07:00
Sean McArthur dac8f643ff refactor(token): remove ability to pass createdAt to Token.create 
This exists to support passing `_createdAt` as a query parameter, but
only for our tests. Those tests were to exercise our response
validation in a way that the `lastAccessTime` allows a value of 0. That
validation was fixed long ago, and supporting this hacky parameter has
done nothing but plague us since.

Burn the heretic.
 2017-03-27 11:51:39 -07:00
Sean McArthur 4604d5c209 Merge pull request #1735 from eoger/profile-server-push 
feat(profile): send push notifications after a profile update
 2017-03-27 11:49:56 -07:00
Shane Tomlinson e8a932d261 feat(sms): Mock out Nexmo for functional tests. 2017-03-27 13:50:22 +01:00
Sean McArthur 8d5c1ed29a test(remote): refactor to run remote tests in a single process 
This refactors our remote test driver to stop spawning multiple
child processes to run our servers, and instead to run the servers
in the same process.

- By using the same process, we can pass configuration as a plain old
  JavaScript object, and not have to be adjusting the `process.env`.
  While writing this patch, `process.env` pollution was already found
  to make some tests dependent on others running first. Now, we can
  isolate the tests by starting a server with a private config object,
  and the other tests are non the wiser.
- By not starting up and tear down child processes for each suite of
  remote tests, the full set runs much faster. In my case, running the
  remote tests went from ~4 minutes to ~1 minute.
 2017-03-23 11:30:24 -07:00
Phil Booth 7949706010 fix(sms): add config to disable geo-ip lookup in /sms/status 
https://github.com/mozilla/fxa-auth-server/pull/1756

r=shane-tomlinson
 2017-03-22 12:00:31 +00:00
Vijay Budhram 1fc861703b feat(email): Pass correct args to verify_email (#1754), r=@philbooth 2017-03-21 19:09:10 -04:00
Edouard Oger 2e8342093c feat(profile): send push notifications after a profile update 2017-03-21 18:56:26 -04:00
Edouard Oger c90719a041 fix(push): reject extra push-payloads properties instead of removing them 2017-03-21 18:56:18 -04:00
Ryan Kelly 3be60f3133 fix(tokens): Don't override createdAt when deserializing an existing token. (#1744); r=philbooth 2017-03-21 21:44:42 +11:00
Ryan Kelly d45cdb3caa Merge branch 'train-82-private' into public-master 
Conflicts:
	lib/email/utils/helpers.js
	test/local/email/bounce.js
	test/local/email/delivery.js
	test/local/lib/senders/email.js
 2017-03-21 16:40:28 +11:00
Phil Booth 33041e972c chore(config): change SMS region config from regex to array (#1743) r=vladikoff 2017-03-20 19:30:29 -04:00
Vlad Filippov e440d8f220 refactor(routes): remove preVerifyToken support (#1690) r=rfk 
Fixes #1599
 2017-03-20 19:27:14 -04:00
Vijay Budhram 1932afee05 feat(logging): Use correct logging format (#60) r=vladikoff 2017-03-17 15:10:14 -04:00
Vijay Budhram 37d656975a refactor(logging): Log email domain if popular otherwise log `other` (#1666), r=@rfk, @vladikoff (#59) 2017-03-17 13:19:55 -04:00
Vijay Budhram 357d2f7ce3 refactor(logging): Log email domain if popular otherwise log `other` (#1666), r=@rfk, @vladikoff 2017-03-17 12:51:10 -04:00
Sean McArthur 5138ad7d49 feat(db): make database fault tolerant of db server (#1716) r=vladikoff 2017-03-17 09:40:39 -04:00
Sean McArthur 8ea58bfce6 Merge pull request #1684 from mozilla/hard-bounce-error 
feat(mailer): check for hard bounced or complaints before sending emails
 2017-03-14 12:40:45 -07:00