85889ee917
fix(devices): Add feature-flag for the "device commands" functionality. ( #2591 ) r=@vladikoff
2018-08-23 11:23:45 -04:00
08f5ee9070
fix(tests): temporarily disable deviceCommands assertions
2018-08-21 15:31:56 +01:00
bebee792ce
refactor(devices): extract and write tests for devices.isSpuriousUpdate
2018-08-21 12:28:13 +01:00
eedf3212dc
fix(devices): check token.deviceAvailableCommands before dereferencing
2018-08-21 06:45:03 +01:00
3015a40669
fix(devices): used cached devices property during requests
2018-08-18 15:52:32 +01:00
cfb97043f9
fix(validation): don't treat `+-\/` as a character range in email regex
2018-08-17 11:15:39 +01:00
a872363c94
fix(validation): validate length of user and domain email address parts
...
Fixes #2568 .
The maximum length for the user part of an email address is 64 and the
maximum for the domain part is 255.
2018-08-17 11:14:45 +01:00
eaf36151fa
feat(tests): write unit tests for email address validation
2018-08-17 11:13:28 +01:00
14694e441e
fix(scripts): improve regex validation for email-config script
2018-08-15 09:48:59 +01:00
cd5f341287
fix(tests): increase timeout on selectEmailService integration tests
2018-08-10 18:33:22 +01:00
122ce3baa0
feat(scripts): validate inputs in the email-config script
2018-08-10 17:42:17 +01:00
c6ad40270a
feat(email): write live email-sending config to redis
2018-08-10 15:19:51 +01:00
9e20e694a7
fix(tests): adjust async tests
2018-08-09 16:47:16 -04:00
dd262a9380
fix(email): JSON.parse live email config after reading from redis
2018-08-09 16:07:00 +01:00
fb256ff175
feat(codes): expose verificationMethod as optional ( #2564 ), r=@philbooth
2018-08-08 14:39:33 -04:00
bdc7c7aa60
fix(email): ensure email-service errors fail the call to sendMail
2018-08-07 12:40:00 +01:00
bc55e8b3f5
feat(email): read live email-sending config from redis
...
https://github.com/mozilla/fxa-auth-server/pull/2535
r=brizental
2018-08-03 08:11:26 +01:00
72809f8f1c
fix(sessionTokens): actually prune expired session tokens
...
https://github.com/mozilla/fxa-auth-server/pull/2562
r=philbooth
2018-08-03 08:09:03 +01:00
8f36f6274c
feat(recovery): add account recovery email templates ( #2553 ), r=philbooth
2018-08-01 12:46:23 -04:00
7f60f8c39d
fix(tests): add a check from sentry setup
2018-08-01 01:00:33 -07:00
fecc9e3044
fix(test): increase totp code window ( #2548 ), r=@vladikoff
2018-07-31 09:30:36 -04:00
db8022f07c
fix(redis): recover from invalid token JSON in Redis
...
https://github.com/mozilla/fxa-auth-server/pull/2550
r=shane-tomlinson
2018-07-30 16:31:19 +01:00
855d6814ec
fix(redis): Close the redis pool when closing the DB.
...
Otherwise node will hang forever waiting for further
activity on open redis sockets.
2018-07-30 07:35:18 +01:00
abfb6be34a
chore(tests): add tests to email_service.js
...
https://github.com/mozilla/fxa-auth-server/pull/2549
r=philbooth
2018-07-30 07:33:40 +01:00
a1e64dd093
chore(browserid): Remove unnecessary browserid routes. ( #2539 ); r=philbooth,stomlinson
...
The BrowserID verifier insists that we advertize "provisioning" and
"authentication" routes in /.well-known/browserid but nothing in the
current architecture requires these routes to actually exist. Let's
remove the unused HTML content to reduce future potential attack
surface.
2018-07-24 02:15:43 -07:00
2bfa482d45
fix(package): fixes for npm security audit
...
https://github.com/mozilla/fxa-auth-server/pull/2530
r=vbudhram
2018-07-19 15:52:56 +01:00
4d109a05a7
feat(recovery): update delete recovery key and get recovery key endpoints ( #2518 ), r=@rfk
2018-07-17 15:20:40 -04:00
b6908b9fb0
feat(email): add a service property to the X-SES-MESSAGE-TAGS header
...
Adding a `service` property to the `X-SES-MESSAGE-TAGS` header lets us
track the email-sending service in AWS metrics. If something goes wrong
with the new service, this will help ops to identify the problem.
While implementing that, I also opted to rejig some of the surrounding
code in `lib/senders/email.js`, which was unnecessarily repetitive in
some parts and difficult to follow in others. I think far greater
improvements can still be made in that module, though, if we pursue a
more data-driven/functional approach to the whole thing.
https://github.com/mozilla/fxa-auth-server/pull/2526
r=vbudhram
2018-07-17 18:52:34 +01:00
35ac5f0d05
fix(email): make config.sesConfigurationSet default the empty string
...
https://github.com/mozilla/fxa-auth-server/pull/2525
r=philbooth
2018-07-17 10:39:11 +01:00
834c0f1cea
Merge branch 'master' into train-116
2018-07-16 20:15:25 +01:00
a3c994f426
fix(email): fix broken X-SES-CONFIGURATION-SET header ( #2523 ) r=@vladikoff
...
@jrgm just noticed this typo just now, looks like a search/replace went wrong in the mailer constructor.
Unfortunately the tests didn't pick it up because they skip the constructor and directly set the correct property name on the mailer object. I added an extra test that asserts the constructor sets the things as we expect.
2018-07-16 13:58:45 -04:00
6dbf15a064
chore(emails): log smtp port in mail_helper.js ( #2519 )
2018-07-12 09:29:58 -04:00
c020798213
fix(push): send FxA commands push messages to iOS devices ( #2517 ) r=@vladikoff,@eoger
2018-07-11 17:26:46 -04:00
63738c85b5
feat(server): Update to hapi 17 ( #2486 ) r=@vbudhram,@philbooth
...
Fixes #2438
Co-authored-by: deeptibaghel deeptibaghel@gmail.com
2018-07-11 09:19:05 -04:00
acef9eff27
fix(customs): Fail closed if customs-server gives an error. ( #2483 ) r=@vladikoff,@shane-tomlinson
2018-07-10 11:31:43 -04:00
55b3290082
feat(metrics): add amplitude event properties for email service/sender
...
https://github.com/mozilla/fxa-auth-server/pull/2508
r=rfk
2018-07-10 10:19:51 +01:00
e47b7102e6
fix(metrics): don't force utm_source=email on links in emails
...
https://github.com/mozilla/fxa-auth-server/pull/2505
r=shane-tomlinson,vbudhram
2018-07-09 21:58:00 +01:00
4b5bd9aee9
feat(email): use fxa-email-server for specific email addresses
...
https://github.com/mozilla/fxa-auth-server/pull/2494
r=philbooth
2018-07-03 18:15:01 +01:00
ed9c6a0962
Merge v1.115.1 point-release to master. ( #2493 )
2018-06-28 17:07:58 -04:00
f359006c87
feat(devices): Introduce infrastructure for "device commands". ( #2449 ); r=philbooth,eoger
2018-06-26 18:04:28 -07:00
ba27d4101d
feat(recovery): account recovery apis ( #2463 ), r=@rfk
2018-06-26 11:28:56 -04:00
e6b3043e50
fix(recovery-codes): Correctly rate-limit recovery code consumption.
2018-06-21 15:07:09 +10:00
9bbc715a32
fix(devices): Do not echo 'capabilities' field in device registration response. ( #2478 ); r=jrgm
...
The 'capabilities' field has been removed, but some clients still send it.
We need to explicitly avoid echoing it back to them in the registration
response, or the response will fail validation.
2018-06-18 18:21:53 -07:00
be7e6f1b79
chore(merge): Reverse merge v1.113.5-private into origin/master ( #2472 ) r=@vbudhram
...
* fix(signing): Don't let mustVerify sessions sign a certificate if unverified.
* fix(2FA): enforce 2FA on /reauth
2018-06-13 10:21:04 -07:00
9e53247eb6
fix(devices): Remove the unused "device capabilities" API. ( #2460 ); r=eoger
...
This was never used by production clients and is being replaced
with "device commands" in a future release.
2018-06-05 14:50:35 +10:00
95c33643cb
fix(sms): follow documented conventions for AWS GetMetricStatistics call
...
https://github.com/mozilla/fxa-auth-server/pull/2451
r=rfk
2018-05-29 14:25:29 +01:00
dc1bb4413d
fix(params): remove query param for verificationMethod ( #2456 ) r=@vladikoff
2018-05-25 13:03:40 -04:00
1f63621ae8
feat(pool): Allow pool requests to specify headers and query params.
2018-05-18 08:24:45 +10:00
a9c6e0eab8
chore(devices): Remove notifyUpdate and filter target devices in the /devices/notify handler
...
We used to filter target devices in the push module, but that's about to be
refactored, so this moves responsibilities around to make the refactor easier.
2018-05-18 08:24:45 +10:00
ab05574bb3
fix(password): require totp verified session to change password ( #2437 ), r=@rfk
2018-05-15 10:25:58 -04:00
Ryan Kelly
Phil Booth
vladikoff
Vijay Budhram
Edouard Oger
John Morrison
Ryan Kelly
Beatriz Rizental
Shane Tomlinson