mozilla
/
fxa-auth-server
зеркало из https://github.com/mozilla/fxa-auth-server.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
3 084 коммитов 174 Ветки 259 Теги 21 MiB
Граф коммитов

972 Коммитов

Автор SHA1 Сообщение Дата
Phil Booth d205c9abee fix(logging): more clearly distinguish amplitude error messages 
https://github.com/mozilla/fxa-auth-server/pull/2169
r=vbudhram
 2017-10-17 09:28:45 +01:00
Phil Booth faab408a7b Merge branch 'train-97' 2017-10-17 07:34:31 +01:00
Ryan Kelly 00e69f27e2 fix(devices): Always report a name and type in device registration response. 
https://github.com/mozilla/fxa-auth-server/pull/2172
r=philbooth
 2017-10-17 07:28:48 +01:00
Vijay Budhram 89e1ad1b18 feat(sqs): Add timestamp to notify services sqs message (#2168), r=@rfk 2017-10-16 08:17:23 -04:00
Phil Booth c60f198b62 fix(metrics): don't emit os_version if os_name is unset (#2165), r=@vbudhram 2017-10-13 18:38:00 -04:00
Vijay Budhram ff988cb397 fix(push): Allow sending verification messages from /devices/notify (#2161), r=@rfk (#2166) 2017-10-13 13:32:34 -04:00
Vijay Budhram 717253fc1d fix(push): Allow sending verification messages from /devices/notify (#2161), r=@rfk 2017-10-13 12:37:00 -04:00
Phil Booth 5be347517c fix(metrics): map service event property from client id 
https://github.com/mozilla/fxa-auth-server/pull/2162
r=vbudhram
 2017-10-13 08:56:44 +01:00
Phil Booth a397b6792b fix(logging): silence annoying redis log noise (#2164), r=@vbudhram 2017-10-12 11:09:18 -04:00
Phil Booth d9594912b0 fix(tests): unify the mock log implementations 
https://github.com/mozilla/fxa-auth-server/pull/2159
r=rfk
 2017-10-11 07:28:02 +01:00
Phil Booth 80d3de10e2 refactor(tokens): prefer token.id to token.tokenId 
https://github.com/mozilla/fxa-auth-server/pull/2157
r=rfk
 2017-10-11 06:55:18 +01:00
Phil Booth 8d23ca987e chore(logging): log email headers to diagnose #2133 2017-10-05 16:07:30 +01:00
Edouard Oger b6d9490568 feat(push): Drop collection_changed push notifications for first sync sent to iOS devices (#2148) r=rfk 2017-10-04 14:09:28 -04:00
Ryan Kelly 272a4cf99d fix(email): Make blocking rule for complaints match that for hard bounces (#2152), r=@vbudhram 2017-10-04 11:16:48 -04:00
Vlad Filippov 2543bf09e0 fix(sessions): update the access time on /sign checking (#2149) r=rfk 
Fixes bz1403275
 2017-10-03 19:33:05 -04:00
Phil Booth 925760aacd feat(metrics): implement email_version amplitude property 
https://github.com/mozilla/fxa-auth-server/pull/2145
r=vbudhram
 2017-10-03 14:09:41 +01:00
Vijay Budhram f4c54dae72 fix(email): Show proper error and delete email if postfix fails to send (#2147), r=@vladikoff 2017-10-02 23:55:50 -04:00
Vijay Budhram 1d834a9e75 fix(email): Update secondary email footers (#2136), r=@rfk 2017-09-25 19:45:55 -04:00
Phil Booth ef81ff8c1c Merge branch 'train-96' 2017-09-25 18:06:16 +01:00
Phil Booth 8a255c90b5 fix(metrics): prefer standard amplitude properties 
https://github.com/mozilla/fxa-auth-server/pull/2140
r=vbudhram
 2017-09-25 18:04:37 +01:00
Phil Booth 4f6f367f5e fix(metrics): fix the data on email sent events 
https://github.com/mozilla/fxa-auth-server/pull/2139
r=rfk
 2017-09-25 08:11:43 +01:00
Edouard Oger 6fe2dac838 fix(devices): return the whole device record in POST /device response (#2132); r=rfk 2017-09-25 09:35:45 +10:00
Phil Booth 34bf4926f9 chore(logs): log error if headers are missing in email notifications 
https://github.com/mozilla/fxa-auth-server/pull/2135
r=shane-tomlinson
 2017-09-22 13:21:35 +01:00
Vijay Budhram 4325eb0aab feat(email): Throw error when attempting to resend email code for email that doesn't belong to account (#2129), r=philbooth 2017-09-20 11:36:03 -04:00
Phil Booth 938ef5cbdf feat(metrics): include fxa_services_used in amplitude user properties 
https://github.com/mozilla/fxa-auth-server/pull/2125
r=vbudhram
 2017-09-19 22:49:20 +01:00
Phil Booth 189240fcc0 refactor(server): extract unblock_codes routes to a separate module (#2126) r=vladikoff 
Fixes #1445.

This is the last remaining nicely-extractable chunk from lib/routes/account
 2017-09-19 15:22:55 -04:00
Phil Booth df6cd60442 fix(server): enforce 'use strict' everywhere (#2124), r=@vbudhram 2017-09-19 09:00:37 -04:00
Phil Booth 3518b0c0d7 feat(server): lazily get all request.app properties 
https://github.com/mozilla/fxa-auth-server/pull/2123
r=shane-tomlinson
 2017-09-18 18:01:28 +01:00
Shane Tomlinson 359caeb4fc refactor(secondary-email): Remove "add secondary email" feature flag. (#2121), r=@vbudhram 2017-09-18 12:10:39 -04:00
Phil Booth 0567350615 fix(metrics): include missing user_properties on amplitude events 
https://github.com/mozilla/fxa-auth-server/pull/2114
r=rfk
 2017-09-18 08:24:50 +01:00
Phil Booth 549b89187c fix(basket): reinstate utm params to the metrics context bundle 
https://github.com/mozilla/fxa-auth-server/pull/2119
r=vbudhram
 2017-09-14 14:38:52 +01:00
Vlad Filippov e8cc49d86b feat(password): notify attached services when a user changes their password (#2117); r=rfk 2017-09-14 07:53:58 +10:00
Ryan Kelly 68e2c12ee9 chore(deps): Update hapi to latest version 2017-09-13 09:01:40 -04:00
Phil Booth f084830bcf feat(server): lazily get devices array on the request object (#2107) r=vladikoff,vbudhram 
Fixes #2106.

Prevents us from accidentally calling db.devices more than once per request. I saw one definite case of this in /recovery_email/verify_code and it's possible there were others. I'll also be making use of this property heavily for the amplitude events, so it will get further usage imminently.

Making the change necessitated pulling calls to db.devices out of lib/push, which triggered some refactoring that almost got away from me. I'll add inline commentary to call out why things have changed the way they have, but most push methods now take an extra devices argument and a few other methods became redundant so I deleted them. I don't think I've broken anything.
 2017-09-12 15:17:08 -04:00
Phil Booth dae0e58340 fix(tests): silence obnoxious "possible memory leak detected" warning 
https://github.com/mozilla/fxa-auth-server/pull/2110
r=shane-tomlinson
 2017-09-12 16:35:27 +01:00
Vlad Filippov 2e8e6747c6 feat(db): allow BMP chars in device name (#2053) r=rfk,jbuck 
Fixes https://github.com/mozilla/fxa-auth-server/issues/1285
 2017-09-12 11:14:12 -04:00
Ryan Kelly c6486ba0dc Merge branch 'train-95' 2017-09-12 12:30:36 +10:00
Ryan Kelly 6b1f73da96 fix(push): Only send device connection push msgs to iOS 10+ (#2108) r=vladikoff 
The client-side code for this is not going to make the 9.0 release
of Firefox for iOS, so we need to push the target version back on
the server-side as well.
 2017-09-11 09:39:23 -04:00
Ryan Kelly 36ba0480d7 fix(email): Block sending if gated primary and unverified secondary. (#2098), r=@vbudhram 2017-09-08 12:01:14 -04:00
Phil Booth 2238b37b6f fix(server): make geo data lazily available on the request 
https://github.com/mozilla/fxa-auth-server/pull/2095
r=vbudhram
 2017-09-07 22:23:33 +01:00
John Morrison 55e1a91287 fix(profile): progress logging for handleProfileUpdated (#2094) r=vladikoff,eoger 2017-09-07 14:40:43 -04:00
Phil Booth b36ea326d6 fix(metrics): add missing device_id and user_id amplitude properties 
https://github.com/mozilla/fxa-auth-server/pull/2092
r=rfk
 2017-09-06 12:19:54 +01:00
Ryan Kelly d04778c17f fix(push): Allow device connection push messages for Firefox iOS >= 9.0 (#2088); r=vbudhram 
fix(push): Allow device-connection push messages for iOS >= 9.0
 2017-09-06 15:48:44 +10:00
Ryan Kelly a2e3d1ee27 fix(bounces): Handle mis-formatted bounce addrs as best we can. (#2090); r=jrgm 
Different mail servers format the addresses in their bounce messages
in different ways, not all of them strictly RFC compliant.  This change
makes us more lenient in what we accept, so that we don't error out
when receiving a bounce from a noncompliant server, so long as the result
ends up looking like a valid email address.

Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=1393961
 2017-09-06 13:30:36 +10:00
Edouard Oger 87a410ed5b fix(push): send push notification after a device is deleted 
https://github.com/mozilla/fxa-auth-server/pull/2086
r=philbooth
 2017-09-05 19:27:39 +01:00
Ryan Kelly a6d8bc0c9c fix(profile): Handle incoming uids as strings, not buffers. (#2089) r=philbooth 
This also adds some additional tests to guard against similar
mistakes in the future.
 2017-09-05 18:31:01 +10:00
Edouard Oger 735f323775 feat(push): add a pushEndpointExpired flag for devices that need to re-register their push endpoint (#2087) r=rfk 2017-08-31 13:25:54 -04:00
Phil Booth 32f2caa131 fix(metrics): remove the forgot_sent amplitude event (#2078) r=vladikoff 2017-08-29 13:48:22 -04:00
Phil Booth 5800418902 feat(logging): send amplitude events to the logs 
https://github.com/mozilla/fxa-auth-server/pull/2069
r=rfk,vbudhram
 2017-08-28 10:53:25 +01:00
Phil Booth f136268dd9 refactor(api): extract device schema to a common definition 
https://github.com/mozilla/fxa-auth-server/pull/2074
r=vbudhram
 2017-08-25 20:43:08 +01:00
Phil Booth c4d1e50952 fix(tests): update remote db tests for uaFormFactor column 2017-08-23 14:58:23 +01:00
Vijay Budhram 7bbdd44879 feat(email): Notify services when user changes primary email (#2066) r=vladikoff,rfk 2017-08-22 08:14:15 -04:00
Phil Booth cc69b36d1c feat(server): add parsed user agent info to the request object (#2061), r=@vbudhram 2017-08-17 14:53:39 -04:00
Phil Booth 3e5859f930 fix(devices): saner mobile/tablet recognition for devices (#2051), r=@vbudhram 2017-08-14 12:57:36 -04:00
Phil Booth d96f299b8f fix(devices): ditch OS in synthesized name if form factor is present (#2047) r=vladikoff 2017-08-11 13:44:55 -04:00
Phil Booth 5a59afa3a9 feat(devices): include form factor in synthesized device name 
https://github.com/mozilla/fxa-auth-server/pull/2041
r=vbudhram
 2017-08-07 16:25:44 +01:00
Vijay Budhram 26f6104c08 fix(push): Send push notification to devices when email has changed (#2038), r=@philbooth 2017-08-07 10:53:40 -04:00
Vijay Budhram 5eca134a78 fix(email): Fix issue where you couldn't delete account after changing email (#2036) r=vladikoff 2017-08-04 13:36:54 -04:00
Phil Booth 3cced62ecf fix(tests): add coverage for failing redis requests 2017-08-04 09:35:31 -04:00
Phil Booth 3031098599 chore(tests): tidy up the remote db session token tests 2017-08-04 09:35:31 -04:00
Udara Weerasinghege 10e8310657 fix(redisSessions): improve redis session lookup performance (#2026) r=vladikoff,rfk 
Fixes #2025
 2017-07-31 09:35:43 -04:00
Ryan Feeley 1d80d81e8d fix(sms): make the sms copy friendlier 
https://github.com/mozilla/fxa-auth-server/pull/2022
r=philbooth
 2017-07-28 10:26:30 +01:00
Udara Weerasinghege b58e8221c8 chore(logs): add log when stale emails hit recovery endpoint (#2020) r=vladikoff 2017-07-27 16:58:23 -04:00
Vijay Budhram 4c394cf35f fix(email): Notify all verified emails when a secondary email is removed (#2016) r=vladikoff 
Fixes #1948
 2017-07-27 14:06:38 -04:00
Udara Weerasinghege 27ca0e4ca2 feat(session): add location to sessions query (#1993) r=vladikoff,philbooth 2017-07-26 11:45:36 -04:00
Vijay Budhram 76aedd2800 fix(emails): check against original account email (#2011), r=@philbooth 2017-07-24 09:02:41 -04:00
Vijay Budhram 310e199f6a feat(tokens): delete account all reset tokens on password reset (#1979) r=vladikoff 2017-07-21 12:51:35 -04:00
Phil Booth 50c55f1cda feat(metrics): emit route performance events 
https://github.com/mozilla/fxa-auth-server/pull/2012
r=vbudhram
 2017-07-21 16:23:33 +01:00
Udara Weerasinghege 516826b581 chore(timestamps): add two timestamps to sessions and devices (#2009) r=vladikoff 
Fixes https://github.com/mozilla/fxa-auth-server/issues/2008
 2017-07-20 17:08:05 -04:00
Phil Booth 4941dd5b9f feat(tokens): expire session tokens that have no device record 
Session tokens that have no device record and are older than 4 weeks old
(by default) will now be rejected as expired by all auth server endpoints.
Additionally, the `/account/sessions` endpoint will filter out expired session
tokens on the same basis.

https://github.com/mozilla/fxa-auth-server/pull/1996

r=vbudhram
 2017-07-20 13:38:56 +01:00
Udara Weerasinghege 1f578212c3 fix(tokens): add is memory token property to sessions (#2004) r=vladikoff 2017-07-19 15:58:06 -04:00
Vijay Budhram 0541f131ec feat(emails): Add ability to change email (#1983), r=@philbooth 2017-07-18 16:15:26 -04:00
Phil Booth 23ab4f8ed8 Merge branch 'train-91' 2017-07-18 04:30:51 +01:00
Phil Booth c0595182d1 fix(tests): update tests to match recent db changes (#1995), r=@vbudhram 2017-07-17 21:56:06 -04:00
Phil Booth 29036090e7 refactor(server): extract email-related routes to a separate module (#1989), r=@vbudhram 2017-07-14 09:47:59 -04:00
Udara Weerasinghege 5742ffff3a * feat(cache): store updated session tokens in redis 
https://github.com/mozilla/fxa-auth-server/pull/1968
r=philbooth,vladikoff
 2017-07-14 08:56:21 +01:00
Shane Tomlinson 9900c4226d feat(signin): Skip signin confirmation for new accounts by default (#1992) r=vladikoff 
* feat(signin): Skip signin confirmation for new accounts by default

fixes #1991

* fix(test): Fix the tests broken by the config change.

Disabling signin confirmation caused a lot of test failures.

Tests that called `loginAndVerify` to get a verified
session have been updated to call `login`.

Tests that work with both unverified and verified sessions
are handled differently. So that it's possible to generate
unverified sessions, config in these tests override
signinConfirmation.skipForNewAccounts.enabled to false.
 2017-07-13 17:16:10 -04:00
Phil Booth 0217750ca2 feat(errors): include conflicting device id in errno 124 response 
https://github.com/mozilla/fxa-auth-server/pull/1990
r=seanmonstar
 2017-07-13 16:58:49 +01:00
Phil Booth aecb7f16c5 fix(tests): update db tests to match recent session token changes (#1986), r=@vbudhram 2017-07-12 10:57:07 -04:00
Phil Booth a1568e3e64 Merge branch 'train-90' 2017-07-12 10:03:56 +01:00
Sean McArthur 1d2a9f494c feat(account): receive marketingOptIn when verifying email codes 2017-07-11 09:54:51 -07:00
Phil Booth 2f10d1b0cc fix(server): return sane user agent from /account/sessions 
https://github.com/mozilla/fxa-auth-server/pull/1982
r=shane-tomlinson,vbudhram
 2017-07-10 17:30:43 +01:00
Sean McArthur ea936426bd feat(account): send marketingOptIn to attached services on registration 
Adds optional `marketingOptIn` payload parameter to `/account/create`.

If set, a flag is set in memcached that the user opted in to marketing.
The `/recovery_email/verify_code` route will check memcached for this
flag, and if found, will set `marketingOptIn` to the message sent to
attached services (SNS).

Closes #1973
 2017-07-06 09:38:58 -07:00
Vijay Budhram 979968a58b feat(email): When primary email gated, send to secondary email if avalible (#1954), r=@seanmonstar 2017-07-05 11:59:05 -04:00
Phil Booth 14f0bf946e fix(server): stop using raw user agent string for browser name 
Fixes [bug 1377919](https://bugzilla.mozilla.org/show_bug.cgi?id=1377919).
https://github.com/mozilla/fxa-auth-server-private/pull/67
r=vbudhram
 2017-07-05 15:47:16 +01:00
Ryan Kelly baed71d201 fix(push): Don't notify the originating device about pwd change. (#1931) r=mhammond,vladikoff 
* fix(push): Don't notify the originating device about pwd change.

The originating device should already know about the pwd change
thanks to a local WebChannel message from the content-server.
Avoid sending it a push notification as well, since this could
race with the WebChannel message and produce confusion.

* fix(docs): adjust doc string for password.js
 2017-07-04 14:09:00 -04:00
Phil Booth ba5c927b54 refactor(routes): break out device-related routes to a separate module 
https://github.com/mozilla/fxa-auth-server/pull/1971
r=vladikoff
 2017-07-04 16:12:32 +01:00
Sean McArthur 8d2a86180a fix(hawk): key passed to hawk must be a Buffer 
https://github.com/mozilla/fxa-auth-server/pull/1966
r=philbooth
 2017-06-29 09:18:13 -07:00
Sean McArthur 0cfd39ca05 refactor(lib): use strings instead of buffers for as much as possible 
This settles our dance of `Buffer` vs `String` down to simply this:

> You have a `String`. You should (almost) never have a `Buffer`.

Buffers are useful for talking about a specific set of bytes, without an
encoding. In our app, the places where this is useful are:

- crypto
- mysql

We don't actually speak MySQL in this repo anywhere, so that leaves us
with only crypto. Instead of requiring the mental overhead of "Do I have
a buffer or a string?" throughout all our code base, we can just push
that completely into the crypto code.

This *should* reduce bugs where we aren't sure if we have a `Buffer` or
a `String`. If you're not in crypto, you should just have a `String`.
 2017-06-28 16:05:30 -07:00
Phil Booth a6aa3c34d2 Merge branch 'train-89' 2017-06-28 13:45:31 -07:00
Phil Booth 7ce5c05250 feat(sms): Switch to AWS SNS for SMS 
https://github.com/mozilla/fxa-auth-server/pull/1964
r=philbooth,jbuck
 2017-06-28 13:17:29 -07:00
Udara Weerasinghege 111bfbb2db fix(ios): only notify ios devices for collection change events (#1960) r=vladikoff 2017-06-28 12:34:13 -07:00
Vijay Budhram ed4d9ad393 fix(test): Make db tests more independent and update auth-db dev version 
https://github.com/mozilla/fxa-auth-server/pull/1957
r=philbooth
 2017-06-28 10:27:14 -07:00
Phil Booth 6fd020dc7e fix(server): do not return flowId from consumeSigninCodes endpoint 
https://github.com/mozilla/fxa-auth-server/pull/1952
r=vbudhram
 2017-06-22 14:07:05 +01:00
Ryan Kelly 88a9fc8a9b fix(notifications): Make data fields consistent across all notifyAttachedServices calls. (#1879); r=philbooth 
Previously, some of them send a plain "uid" and some of them sent the "uid" as "uid@domain" for historical reasons.  Now they all just send a plain "uid", with the domain in a separate "iss" field.
 2017-06-21 12:21:38 +10:00
Phil Booth 3f78f6eefd fix(server): step in before node-uap parses Sync UA strings 
https://github.com/mozilla/fxa-auth-server/pull/1949
r=vbudhram
 2017-06-19 08:44:08 +01:00
Phil Booth 13eeab2b89 feat(metrics): emit a flow.continued event for signinCodes 
https://github.com/mozilla/fxa-auth-server/pull/1946
r=seanmonstar
 2017-06-16 11:53:05 +01:00
Vijay Budhram bcad58c76b fix(email): Escape device name in HTML emails. (#1944), r=@philbooth 
It's derived from user-provided data, so we can't trust it
enough to insert it as a raw string.

https://github.com/mozilla/fxa-auth-server-private/pull/66

r=philbooth
 2017-06-14 06:43:47 -04:00
Ryan Kelly be2d1ef074 fix(tests): Update loadtests to cope with sign-in confirmation (#1890) r=jrgm,vladikoff 2017-06-12 16:27:05 -04:00
Vlad Filippov 8dfb5e3d33 fix(tests): add CC suport to mail_helper (#1937) r=vbudhram 2017-06-09 11:32:54 -04:00
Sean McArthur 82b24e24e8 fix(email): log a 'sent' email event for each CC address (#1936), r=@vbudhram 2017-06-09 10:25:08 -04:00
Sean McArthur 09e18e5161 feat(bounces): add tiers to bounce blocklist 
The config for each bounce type can now contain a map of counts vs
durations. This allows a tiered approach to blocking email actions based
on bounce history.

For example:

```
{
  0: 5000,
  5: 20000
}
```

This tier mapping is translated as "more than 0 in 5 seconds" or "more
than 5 in 20 seconds". If either condition is true, the appropriate
error is thrown.

The throw error also now includes the timestamp of the latest bounce, to
allow for reporting of when exactly that bounce was recorded at.

Closes #1893
 2017-06-07 17:04:16 -07:00
Vijay Budhram a459ff102f feat(emails): Add endpoint to check if secondary emails are enabled (#1926), r=@philbooth, @rfk 2017-06-07 10:49:52 -04:00
Shane Tomlinson ef2cc2a5dd fix(test): Fix the broken smsSend test. 
Also remove `sender` when sending a mail from the mock-nexmo.
It isn't needed to send the message.
 2017-06-07 12:54:22 +01:00
Shane Tomlinson 068791aff5 fix(test): Add tests for the `sender` and `from` fields in mock-nexmo. 2017-06-07 11:47:46 +01:00
Ryan Kelly 3f7ed68e09 chore(log): Remove datadog/statsd integration (#1921); r=vladikoff 
We've had too many doubts about the reliability of the numbers to get any
value out of it in practice, so let's remove it to keep things simple.
 2017-06-04 12:32:32 +10:00
Phil Booth 23946522b9 fix(sms): ditch the balance checks due to rate-limiting woe 
https://github.com/mozilla/fxa-auth-server/pull/1924

r=vbudhram,shane-tomlinson
 2017-06-01 22:13:15 +01:00
Shane Tomlinson fd4b85ad58 feat(sms): Show SMS links in the mail helper. 2017-05-30 17:27:15 +01:00
Vlad Filippov f2a3d156c1 Merge pull request #1918 from mozilla/public-87.1-backport 
Backport ECDH key validation from private repo
 2017-05-29 08:57:31 -04:00
Phil Booth f10655d1b7 feat(server): add endpoint for consuming signinCodes 
https://github.com/mozilla/fxa-auth-server/pull/1906

r=vbudhram,shane-tomlinson
 2017-05-29 09:54:27 +01:00
Ryan Kelly 5825341706 Merge tag 'v1.87.1-private' into public-87.1-backport 2017-05-29 14:51:29 +10:00
Ryan Kelly 8920a012d8 fix(push): Validate push public keys at registration time. 
We currently allow devices to submit invalid public keys with
their push registration, causing attempts to notify those devices
to fail in an ugly way.  This adds additional validation so that
only known-good keys get stored in the db.
 2017-05-26 09:21:24 -04:00
Sean McArthur 23593c75f3 fix(email): check case insensitive headers in EmailSent event (#1916), r=@philbooth, @vbudhram 2017-05-26 08:42:42 -04:00
Vlad Filippov 43b8fd839e fix(tests): adjust public keys in tests 2017-05-25 17:16:02 -04:00
udara 91ce14c3f0 fix(notifications): Send disable notification to all devices 2017-05-25 17:16:02 -04:00
Phil Booth 009428e422 fix(devices): handle new user agent string from Sync client lib 
https://github.com/mozilla/fxa-auth-server/pull/1909

r=seanmonstar
 2017-05-25 08:10:20 +01:00
Ryan Kelly 33d752d4f2 Merge pull request #1900 from eoger/push-on-account-destroy; r=rfk 
Send push notification on account destroy
 2017-05-23 08:08:06 +10:00
Phil Booth 2610d2f5f4 feat(server): include signinCode in the installFirefox SMS 
https://github.com/mozilla/fxa-auth-server/pull/1904

r=shane-tomlinson,vbudhram
 2017-05-22 16:03:13 +01:00
Edouard Oger 163e2f4d0c feat(push): send push notification on account deletion 2017-05-18 14:19:49 -04:00
Edouard Oger 7ba4f67fcf fix(push): correct params types in push.js 2017-05-18 14:19:47 -04:00
Phil Booth 362aa6b750 chore(deps): update nexmo (#1899), r=@vbudhram 2017-05-17 09:37:20 -04:00
Vijay Budhram 34e38411dc fix(emails): Can create secondary email if it is unverified in another account (#1892) r=vladikoff,seanmonstar 
Fixes https://github.com/mozilla/fxa-bugzilla-mirror/issues/275
 2017-05-14 22:18:25 -04:00
Vlad Filippov 495acd6d58 fix(push): add support for dev and stage push servers (#1895) r=vbudhram 
Fixes #1799
 2017-05-12 15:49:41 -04:00
Vijay Budhram e62aab1c3e fix(emails): Fix issue where change password link was undefined (#1886) r=vladikoff 2017-05-10 10:43:40 -04:00
Vijay Budhram 3bc36ebd4c fix(emails): Only send email notifications to verified secondary emails (#1888) r=rfk,philbooth,vladikoff 
Fixes #1887
 2017-05-09 13:24:36 -04:00
Vijay Budhram d62995ea50 fix(config): Add email regex feature flag for secondary email 2017-05-05 17:21:37 -04:00
Ryan Kelly 46861c3356 fix(devices): Add test for unicode device names. (#1758) r=vladikoff 2017-05-05 13:15:47 -04:00
Sean McArthur 4948a7eb3b feat(mailer): disable X-Mailer header in emails (#1881) r=vladikoff,philbooth 2017-05-04 09:33:35 -04:00
Vlad Filippov 36ec6f7e35 fix(metrics): handle and log missing payload (#1875) r=vbudhram 
Fixes #1817
 2017-05-03 12:07:09 -04:00
Sean McArthur a74a1f74a3 feat(session): add a 'state' property in `/session/status` 
This can return the current status of the authenticated sessionToken.
For now, it only returns the two states we know: `verified` and
`unverified`. In the future, this could return additional states, such
as `bounced`, or `reset`, which would allow clients to behave
differently to try to repair the situation.
 2017-05-02 09:14:05 -07:00
Phil Booth 569853728a refactor(server): extract memcached usage to a dedicated module 
https://github.com/mozilla/fxa-auth-server/pull/1801

r=vbudhram
 2017-05-02 07:24:17 +01:00
Phil Booth 2e9963c9bb fix(metrics): include template name in sms.sent event 
https://github.com/mozilla/fxa-auth-server/pull/1843

r=shane-tomlinson
 2017-05-02 07:09:38 +01:00
Vijay Budhram d1fae0d145 feat(emails): Throw unique error if initiating password reset from secondary email (#1874) r=vladikoff 
This PR fixes mozilla/fxa-content-server#4996 (comment) by sending a unique error if a user is attempting to reset an account from a secondary email.
 2017-05-01 14:28:11 -04:00
Vijay Budhram ae955824f1 fix(config): Correctly resolve isSecondaryEmailEnabled and add more checks for config (#1872) r=vladikoff 2017-04-30 19:57:20 -04:00
Vlad Filippov 10d5b56ede chore(deps): update shrinkwrap and latest eslint (#1868) 2017-04-28 15:07:53 -04:00
Vijay Budhram e7697e0258 feat(emails): Use new verification link, pass type, pass email verified (#1864), r=@vladikoff 2017-04-28 12:48:31 -04:00
Vijay Budhram f509bcb7c0 feat(emails): Add custom error for users logging in with secondary email (#1850), r=@vladikoff 2017-04-27 17:55:47 -04:00
Vijay Budhram 93bb872c7e fix(tests): Add timeout for sms (#1866) r=vladikoff 2017-04-27 17:28:40 -04:00
Vlad Filippov 3fd0418187 feat(devices): return OS from user agent os (#1848) r=philbooth 
Fixes #1829
 2017-04-25 03:23:02 -04:00
Vijay Budhram a5ff7cae98 chore(email): Remove unused `emailSent` (#1846) r=vladikoff,philbooth 2017-04-24 10:04:27 -04:00
John Morrison 90cac2c138 fix(sms); DRY up sms.{regions,senderIds} 
https://github.com/mozilla/fxa-auth-server/pull/1847

r=philbooth
 2017-04-24 06:46:44 +01:00
Vlad Filippov 7414ee8ac1 refactor(server): remove separate notifier process (#1800) r=vbudhram 2017-04-20 17:25:47 -04:00
Vijay Budhram d0b59768dc fix(config): Add config for unverified account to exist before secondary email can be create with the same email (#1845) r=vladikoff 2017-04-20 09:58:10 -04:00
John Morrison 646fa649ae fix(tests): remove leftover ./test/.env.dev file (#1836) r=vladikoff 2017-04-18 11:46:00 -04:00
Vijay Budhram 7ecad758ff feat(emails): Add secondary emails api support Part 2 (#1768) r=vladikoff 2017-04-17 19:16:40 -04:00
Vlad Filippov e9f8c2357b fix(config): bring back signin confirmation in dev (#1830) 2017-04-17 15:33:45 -04:00
Sean McArthur 9cb75ac8df fix(config): change default BOUNCES_SOFT_DURATION to '5 minutes' (#1813) r=vladikoff 2017-04-12 13:53:21 -04:00
Vijay Budhram 64c96d652f fix(config): Merge auth and mailer configs (#1798), r=@philbooth 2017-04-11 09:56:50 -04:00
Ryan Kelly 89f5cac3eb fix(routes): Add a /__lbheartbeat__ route. (#1807) r=vladikoff 2017-04-09 23:43:30 -04:00
Phil Booth 9ac11acdb8 fix(tests): add remote tests for POST /sms 
https://github.com/mozilla/fxa-auth-server/pull/1788

r=vbudhram
 2017-04-06 17:48:00 +01:00
Vijay Budhram 5a7e4a7f3f fix(locale): Fix merge conflicts (#1794) 2017-04-05 14:12:30 -07:00
Phil Booth 597371c8a0 chore(tests): move test/local/lib/* up to test/local/ (#1790) r=vladikoff 2017-04-04 10:31:37 -07:00
Phil Booth 72687c25f4 fix(server): recognise the new iOS client UA string 
https://github.com/mozilla/fxa-auth-server/pull/1787

r=rfk,sleroux
 2017-04-03 21:43:29 +01:00
Vijay Budhram 2b7e712b27 fix(config): Graduate security history and ip profiling 2017-03-29 22:43:32 -04:00
Phil Booth 79488e43a2 fix(tests): add missing require statement (#1784), r=@vbudhram 2017-03-29 16:10:22 -04:00
Sean McArthur 470387fc24 Merge pull request #1765 from mozilla/unjection 
Remove some unnecessary dependency injection
 2017-03-29 09:35:00 -07:00
Shane Tomlinson 21bd1e8f62 Merge pull request #1772 from mozilla/mock-sms-provider r=@philbooth 
feat(sms): Mock out Nexmo for functional tests.
 2017-03-29 14:19:53 +01:00
Phil Booth b062d792ab feat(metrics): emit a flow event for the sms region 
https://github.com/mozilla/fxa-auth-server/pull/1783

r=shane-tomlinson
 2017-03-29 13:28:14 +01:00
Phil Booth e9ed457ebc feat(sms): return country code from /sms/status 
https://github.com/mozilla/fxa-auth-server/pull/1766

r=shane-tomlinson
 2017-03-29 11:14:58 +01:00
Sean McArthur 48d7625d65 refactor(bounces): pull bounce logic into separate module 2017-03-28 10:06:29 -07:00
Vijay Budhram b06b0da0e4 feat(emails): Mailer accept multiple emails Part 1 (#1767), r=@philbooth 2017-03-28 12:06:37 -04:00
Phil Booth 005eeca5f2 Merge branch 'train-83' 2017-03-28 13:38:26 +01:00
Phil Booth 176c63e0ee fix(sms): propagate countryCode through our fxa-geodb wrapper 
https://github.com/mozilla/fxa-auth-server/pull/1778

r=shane-tomlinson
 2017-03-28 13:31:42 +01:00
Phil Booth 23c58b9143 fix(logging): don't emit null or undefined uid on flow events 
https://github.com/mozilla/fxa-auth-server/pull/1771

r=vbudhram
 2017-03-28 13:09:24 +01:00
Sean McArthur 886aa824d2 Merge pull request #1764 from mozilla/burn-created-at 
refactor(token): remove ability to pass createdAt to Token.create
 2017-03-27 15:36:17 -07:00
Sean McArthur 93da89bd3e test(mailer): simplify TestServer using in mailer remote tests 2017-03-27 11:54:08 -07:00
Sean McArthur cbad916acd refactor(db): remove unnecessary dependency injection for DB 2017-03-27 11:54:08 -07:00
Sean McArthur a6b97a79cf refactor(routes): remove unnecessary dependency injection in routes 2017-03-27 11:54:08 -07:00
Sean McArthur a393413199 refactor(tokens): reduce unnecessary dependency injection in Tokens 2017-03-27 11:52:09 -07:00
Sean McArthur dac8f643ff refactor(token): remove ability to pass createdAt to Token.create 
This exists to support passing `_createdAt` as a query parameter, but
only for our tests. Those tests were to exercise our response
validation in a way that the `lastAccessTime` allows a value of 0. That
validation was fixed long ago, and supporting this hacky parameter has
done nothing but plague us since.

Burn the heretic.
 2017-03-27 11:51:39 -07:00
Sean McArthur 4604d5c209 Merge pull request #1735 from eoger/profile-server-push 
feat(profile): send push notifications after a profile update
 2017-03-27 11:49:56 -07:00
Shane Tomlinson e8a932d261 feat(sms): Mock out Nexmo for functional tests. 2017-03-27 13:50:22 +01:00
Sean McArthur a77c591698 chore(test): fix mail_helper to run if require.main is mail_helper (#1763) 
Closes #1762
 2017-03-23 19:34:15 -04:00
Sean McArthur 8d5c1ed29a test(remote): refactor to run remote tests in a single process 
This refactors our remote test driver to stop spawning multiple
child processes to run our servers, and instead to run the servers
in the same process.

- By using the same process, we can pass configuration as a plain old
  JavaScript object, and not have to be adjusting the `process.env`.
  While writing this patch, `process.env` pollution was already found
  to make some tests dependent on others running first. Now, we can
  isolate the tests by starting a server with a private config object,
  and the other tests are non the wiser.
- By not starting up and tear down child processes for each suite of
  remote tests, the full set runs much faster. In my case, running the
  remote tests went from ~4 minutes to ~1 minute.
 2017-03-23 11:30:24 -07:00
Phil Booth 7949706010 fix(sms): add config to disable geo-ip lookup in /sms/status 
https://github.com/mozilla/fxa-auth-server/pull/1756

r=shane-tomlinson
 2017-03-22 12:00:31 +00:00
Edouard Oger 2e8342093c feat(profile): send push notifications after a profile update 2017-03-21 18:56:26 -04:00
Edouard Oger c90719a041 fix(push): reject extra push-payloads properties instead of removing them 2017-03-21 18:56:18 -04:00
Ryan Kelly 3be60f3133 fix(tokens): Don't override createdAt when deserializing an existing token. (#1744); r=philbooth 2017-03-21 21:44:42 +11:00
Ryan Kelly d45cdb3caa Merge branch 'train-82-private' into public-master 
Conflicts:
	lib/email/utils/helpers.js
	test/local/email/bounce.js
	test/local/email/delivery.js
	test/local/lib/senders/email.js
 2017-03-21 16:40:28 +11:00
Phil Booth 33041e972c chore(config): change SMS region config from regex to array (#1743) r=vladikoff 2017-03-20 19:30:29 -04:00
Vlad Filippov e440d8f220 refactor(routes): remove preVerifyToken support (#1690) r=rfk 
Fixes #1599
 2017-03-20 19:27:14 -04:00
Phil Booth fb916c25a7 fix(tests): fix bad assertion in mailer tests 
https://github.com/mozilla/fxa-auth-server/pull/1737

r=rfk
 2017-03-20 09:58:05 +00:00
Vijay Budhram 1932afee05 feat(logging): Use correct logging format (#60) r=vladikoff 2017-03-17 15:10:14 -04:00
Vijay Budhram 37d656975a refactor(logging): Log email domain if popular otherwise log `other` (#1666), r=@rfk, @vladikoff (#59) 2017-03-17 13:19:55 -04:00
Vijay Budhram 357d2f7ce3 refactor(logging): Log email domain if popular otherwise log `other` (#1666), r=@rfk, @vladikoff 2017-03-17 12:51:10 -04:00
Sean McArthur 8ea58bfce6 Merge pull request #1684 from mozilla/hard-bounce-error 
feat(mailer): check for hard bounced or complaints before sending emails
 2017-03-14 12:40:45 -07:00
Phil Booth 4cd6f9e17e fix(sms): ditch the silly ad-hoc config file for sender ids 
https://github.com/mozilla/fxa-auth-server/pull/1722

r=vbudhram
 2017-03-14 15:07:51 +00:00
vladikoff ba6a8de7f8 fix(mailer): fix sender from field. uplift 2017-03-11 13:04:37 -05:00
vladikoff 461c52f980 fix(mailer): fix sender from field. uplift 2017-03-10 22:25:38 -05:00
Phil Booth efed703641 fix(tokens): ensure account reset tokens get a fresh createdAt 
https://github.com/mozilla/fxa-auth-server/pull/1711

r=vbudhram
 2017-03-10 06:12:45 +00:00
Sean McArthur 51f85ced9a feat(mailer): check for hard bounced or complaints before sending emails 2017-03-09 10:17:49 -08:00
Phil Booth c2dc6fcfca fix(metrics): suppress route flow events if metrics context is invalid 
https://github.com/mozilla/fxa-auth-server/pull/1710

r=rfk
 2017-03-09 08:55:23 +00:00
Vlad Filippov bbdaa645b1 fix(sessions): improve tests and fix incorrect buffer conversion (#1708) r=vbuhdram 2017-03-08 20:25:27 -05:00
Edouard Oger 32750a290a fix(push): fix push payload validation and disallow additional props (#57) r=vladikoff 2017-03-08 12:37:50 -05:00
Phil Booth 2a5d3d0b77 fix(metrics): log locale instead of accept languages on flow events 
https://github.com/mozilla/fxa-auth-server/pull/1702

r=vbudhram,vladikoff
 2017-03-08 16:40:21 +00:00
Vlad Filippov 55bba26b2e feat(metrics): Log metrics event for sending a tab between devices. (#1700); r=pb,vbudhram,seanmonstar (#1706) 2017-03-08 11:13:29 -05:00
Ryan Kelly e2942c2371 feat(metrics): Log metrics event for sending a tab between devices. (#1700); r=pb,vbudhram,seanmonstar 2017-03-08 16:18:39 +11:00
Vlad Filippov d79f63af3c feat(sessions): add /sessions support (#1617) r=vbudhram 2017-03-06 17:57:17 -05:00
Vlad Filippov 9fd2ca334c fix(push): add extra validation to pushCallback payload param (#1698) r=rfk 2017-03-06 17:42:11 -05:00
Phil Booth 388fd504e1 refactor(sms): swap out ad hoc error structures for lib/error (#1696) r=vladikoff 2017-03-06 14:04:56 -05:00