f10655d1b7
feat(server): add endpoint for consuming signinCodes
...
https://github.com/mozilla/fxa-auth-server/pull/1906
r=vbudhram,shane-tomlinson
2017-05-29 09:54:27 +01:00
8ca537cbcc
feat(space-unary-ops) : changes according to space unary ops eslint rule ( #1639 ) r=vladikoff
2017-02-08 10:39:56 -05:00
02e8f19031
fix(customs): Mark suspicious requests, even if they were rate-limited.
...
With unblock codes in place, it's possible that we will continue
processing a request even if customs-server says to block it.
We don't want to lose the isSuspiciousRequest bit in that case.
2016-12-21 16:37:46 +11:00
76aad23394
fix(customs): Sanitize 'oldAuthPW' field when sending to customs
...
https://github.com/mozilla/fxa-auth-server/pull/1569
r=philbooth
2016-11-28 07:06:24 +00:00
957a8837f6
refactor(logging): move activity/flow event decision out of log object
...
#1512
r=seanmonstar,rfk,vbudhram
2016-10-18 20:58:46 +01:00
c3a66c217f
feat(unblock): add Signin Unblock feature
...
Adds a `unblockCode` parameter to the `/account/login` route, which can
be used to bypass select rate-limits.
Also addes `/account/login/send_unblock_code` and
`/account/login/reject_unblock_code` routes, to facilitate receiving an
unblock code through email, or to reject and report one if someone tried
attacking your account.
Closes #1398
2016-10-11 17:26:37 -07:00
5603ad33f8
feat(customs): return localized retry after data ( #1453 ) r=vbudhram
...
* feat(customs): return localized retry after data
* chore(docs): add localized retry docs
* fix(tests): adjust retryAfter test
2016-09-14 16:57:27 -04:00
8d36f00ca0
feat(metrics): add flowEvent support to all activityEvents and customs ( #1409 ) r=philbooth
...
Fixes #1402
Fixes #1403
2016-08-12 21:22:48 -04:00
09aee430de
feat(server): Rate limit account/devices/notify with the new UIDRecord ( #1394 ) r=vladikoff
...
fixes #1372
2016-08-05 13:33:55 -04:00
074a84a09b
Merge pull request #1361 from mozilla/signin-confirmation-on-suspect-requests
...
feat(signin): Always do sign-in confirmation on suspicious requests.
2016-07-26 18:50:39 +10:00
2fba0450e1
chore(server): Add some comments about why a some strange patterns are used.
2016-07-25 14:09:59 +01:00
e26569467d
fix(server): Return undefined from Customs.prototype.flag if everyting is OK
2016-07-25 14:09:59 +01:00
df3b0dea41
feat(server): Remove the account lockout feature.
...
With signin confirmation and email caphta we have more targeted
meant to keep bad people at bay while minimizing friction for valid
users, account lockout no longer seems particularly elegant.
fixes #1359
2016-07-25 14:09:59 +01:00
cb8f33bb08
feat(signin): Always do sign-in confirmation on suspicious requests.
2016-07-22 16:11:47 +10:00
f44872d002
refactor(customs): Add function to scrub payload before performing customs check
2016-07-20 12:18:01 -04:00
70944d35a4
feat(customs): Send more request metadata to customs-server for checking.
2016-06-30 15:33:39 +10:00
d4176440c1
chore(customs): use named error constant for UNEXPECTED_ERROR
2016-04-11 22:22:30 -04:00
3dcdaf81d8
feat(customs): include errno in customs flags and merge fixes
2016-04-11 22:19:24 -04:00
5d7ca53461
feat(api): Add get account status by email endpoint
2016-02-24 00:12:21 -05:00
07a8ba1dff
chore(build): Replacing JSHint with ESLint
2015-06-18 17:39:32 -07:00
4cabe83c1a
switch promises to bluebird from p-promise to match newer fxa services
2015-05-17 18:08:24 -07:00
2817971924
reorganized source files
2015-05-10 12:11:59 -07:00
Phil Booth
Divya Biyani
Ryan Kelly
Ryan Kelly
Sean McArthur
Vlad Filippov
Larissa Gaulia
Shane Tomlinson
Vijay Budhram
Peter deHaan
Danny Coates