8f36f6274c
feat(recovery): add account recovery email templates ( #2553 ), r=philbooth
2018-08-01 12:46:23 -04:00
2bfa482d45
fix(package): fixes for npm security audit
...
https://github.com/mozilla/fxa-auth-server/pull/2530
r=vbudhram
2018-07-19 15:52:56 +01:00
4d109a05a7
feat(recovery): update delete recovery key and get recovery key endpoints ( #2518 ), r=@rfk
2018-07-17 15:20:40 -04:00
ba27d4101d
feat(recovery): account recovery apis ( #2463 ), r=@rfk
2018-06-26 11:28:56 -04:00
7793de3cde
fix(totp): check totp before account deletion ( #2405 ), r=@philbooth
2018-04-24 10:19:57 -04:00
b830707e32
fix(recovery): set assuranceLevel when verifying with recovery code ( #2388 ), r=@rfk
2018-04-09 14:54:41 +00:00
35da0bdf49
fix(email): only send new sign-in emails for sync when verifying with totp ( #2381 ), r=@philbooth
2018-04-09 13:51:05 +00:00
6e0b56ce3e
fix(metrics): pass metricsContext to consumeRecoveryCode ( #2367 ) r=@vladikoff
2018-03-26 18:07:08 -04:00
81700dae04
feat(totp): initial recovery codes ( #2349 ), r=@philbooth
2018-03-22 15:46:10 +00:00
517f482240
feat(amr): Report AMR and AAL in relier-facing APIs. ( #2346 ); r=vbudhram
...
This helps expose the user's MFA state to reliers, by reporting
the "authentication methods" and "authenticator assurance level"
used when creating a sessionToken, along with the available methods
and maximum level achieveable by the account.
2018-03-20 13:18:51 +11:00
ab17bf85fe
fix(codes): Take token-code uid from the token, not the request payload. ( #2339 ), r=@vbudhram
2018-03-13 13:16:04 +00:00
481550543d
fix(buffers): migrate from 'Buffer()' constructor calls r=@vladikoff
...
Fixes #2333
2018-03-12 19:51:37 -04:00
65f9802f79
fix(params): use default parameters in options ( #2332 ) r=@vladikoff
...
Fixes https://github.com/mozilla/fxa-auth-server/issues/2308
2018-03-09 12:27:33 -05:00
c805f9c334
feat(totp): TOTP Management APIs ( #2300 ), r=@philbooth
2018-02-21 01:58:47 +00:00
aa388cc5eb
feat(sessions): Add ability to reauth within an existing login session.
2018-02-21 06:12:12 +11:00
669f59a963
feat(sessions): Add /session/duplicate API
2018-02-06 14:39:26 +11:00
677bdbb6a8
Add ability to verify login with token code ( #2218 ), r=@rfk
2017-12-20 12:03:32 -05:00
dd68d88a9e
feat(session): Add email templates ( #2184 ), r=@philbooth
2017-10-26 10:53:04 -04:00
00e69f27e2
fix(devices): Always report a name and type in device registration response.
...
https://github.com/mozilla/fxa-auth-server/pull/2172
r=philbooth
2017-10-17 07:28:48 +01:00
df6cd60442
fix(server): enforce 'use strict' everywhere ( #2124 ), r=@vbudhram
2017-09-19 09:00:37 -04:00
0541f131ec
feat(emails): Add ability to change email ( #1983 ), r=@philbooth
2017-07-18 16:15:26 -04:00
0cfd39ca05
refactor(lib): use strings instead of buffers for as much as possible
...
This settles our dance of `Buffer` vs `String` down to simply this:
> You have a `String`. You should (almost) never have a `Buffer`.
Buffers are useful for talking about a specific set of bytes, without an
encoding. In our app, the places where this is useful are:
- crypto
- mysql
We don't actually speak MySQL in this repo anywhere, so that leaves us
with only crypto. Instead of requiring the mental overhead of "Do I have
a buffer or a string?" throughout all our code base, we can just push
that completely into the crypto code.
This *should* reduce bugs where we aren't sure if we have a `Buffer` or
a `String`. If you're not in crypto, you should just have a `String`.
2017-06-28 16:05:30 -07:00
f10655d1b7
feat(server): add endpoint for consuming signinCodes
...
https://github.com/mozilla/fxa-auth-server/pull/1906
r=vbudhram,shane-tomlinson
2017-05-29 09:54:27 +01:00
2610d2f5f4
feat(server): include signinCode in the installFirefox SMS
...
https://github.com/mozilla/fxa-auth-server/pull/1904
r=shane-tomlinson,vbudhram
2017-05-22 16:03:13 +01:00
7ecad758ff
feat(emails): Add secondary emails api support Part 2 ( #1768 ) r=vladikoff
2017-04-17 19:16:40 -04:00
9ac11acdb8
fix(tests): add remote tests for POST /sms
...
https://github.com/mozilla/fxa-auth-server/pull/1788
r=vbudhram
2017-04-06 17:48:00 +01:00
e9ed457ebc
feat(sms): return country code from /sms/status
...
https://github.com/mozilla/fxa-auth-server/pull/1766
r=shane-tomlinson
2017-03-29 11:14:58 +01:00
e440d8f220
refactor(routes): remove preVerifyToken support ( #1690 ) r=rfk
...
Fixes #1599
2017-03-20 19:27:14 -04:00
d79f63af3c
feat(sessions): add /sessions support ( #1617 ) r=vbudhram
2017-03-06 17:57:17 -05:00
0acab56c8e
fix(server): disallow any query or payload params without validation ( #1668 ) r=vladikoff
2017-02-22 09:58:20 -05:00
8ca537cbcc
feat(space-unary-ops) : changes according to space unary ops eslint rule ( #1639 ) r=vladikoff
2017-02-08 10:39:56 -05:00
69552618cf
refactor(signin): Add support for sending flow metrics in email ( #1593 ); r=pb,vladikoff
...
Emails now include X-Flow-Id and X-Flow-Begin-Time headers, and we use them
to emit flow events if the email bounces.
2017-01-04 16:37:52 +11:00
f027f0bda5
fix(server): remove redundant metrics context fields
2016-12-04 04:31:00 -10:00
51d7cdd081
fix(server): hide session token lastAccessTime updates behind a flag
2016-09-27 16:02:43 +01:00
0649a3082a
fix(server): remove metricsContext from payloads where it is never sent
2016-07-21 09:04:04 +01:00
10ee3224f2
feat(signin): Add support for keyFetchToken verification ( #1320 ), r=@rfk
...
This allows sign-in confirmation to work correctly on Fennec
and iOS devices.
2016-07-12 10:08:17 -04:00
06bf05a8ec
fix(verify): Don't sent post-verify email when `service` is blank.
2016-06-21 14:26:25 +10:00
f68eea1eb7
feat(signin): Signin confirmation feature ( #1275 ) r=rfk
...
* feat(signin): Signin confirmation feature
* feat(signin): Fix some merge and failing test cases
* feat(signin): Show device info on signin email
* feat(signin): Send new device email if sign-in confirmation disabled
* feat(signin): Added fallback in recovery_email/status endpoint
* feat(signin): Simplify /resend_code and add legacy fallback
* feat(signin): PR Fixes and signin confirm only for desktop clients
* feat(signin): Removed metricsContext from resend_code
* feat(signin): PR Fixes
* feat(signin): Latest PR Fixes
* feat(signin): Fixed typos
* feat(signin): Add check for invalid verification code
* Final nits on signin confirmation PR (#1288 ) r=vbudhram
* fix(signin): Final nits on signin confirmation PR
* fix(signin): Add test for legacy account verification functionality
* feat(signin): Fix cert sign with verified session=true test
2016-06-10 12:33:05 -04:00
3b23422baf
Merge pull request #1272 from l-hedgehog/multiple-cors-origin
...
feat(config): accept CORS requests from multiple origins
2016-06-08 15:21:19 +10:00
f423ab4799
Merge pull request #1268 from mozilla/post-verify-email-only-for-sync
...
fix(verify): Only send post-verify email when service=sync
2016-06-01 11:25:24 -07:00
f792d352a9
feat(config): accept CORS requests from multiple origins
2016-05-31 10:01:42 +08:00
e0cacf826a
fix(verify): Only send post-verify email when service=sync
2016-05-20 12:10:38 +10:00
333451ef15
feat(signin): Updated password/change/finish and account/reset
2016-05-19 12:24:23 -04:00
09d3851426
feat(logging): add metrics context metadata to activity events
2016-03-17 09:35:20 +00:00
405932314c
fix(api): permit lastAccessTime 0 in devices response
2016-02-29 09:49:10 +00:00
5d7ca53461
feat(api): Add get account status by email endpoint
2016-02-24 00:12:21 -05:00
d7e976b973
feat(server): implement device registration api
2015-11-17 10:28:30 +00:00
9ebec1a32b
feat(profile): Add oauth-authenticated /account/profile endpoint.
2015-10-30 14:58:04 +11:00
664d73ef14
feat(server): optionally enforce a strict CORS origin
2015-10-16 10:29:25 +01:00
e630ed61a7
fix(tests): changes for "Firefox Account Verified" in train-46
2015-09-21 16:28:25 -07:00
Vijay Budhram
Phil Booth
Ryan Kelly
Deepti
Hritvi Bhandari
Ryan Kelly
Sean McArthur
Vlad Filippov
Divya Biyani
Hector Zhao
Vijay Budhram
John Morrison