c05f914506
Release v1.53.0
2016-01-11 19:08:57 -08:00
a3d36be936
chore(tasks): add markdown changelog
...
Fixes #1089
2016-01-04 10:28:30 -05:00
9267b6109d
Release v1.51.1
2015-12-14 16:48:15 -08:00
83323a614b
Release v1.51.0
2015-12-14 12:16:47 -08:00
81b9429bd3
Release v1.50.1
2015-11-23 10:34:10 -08:00
ab6632259e
Release v1.50.0
2015-11-18 15:09:25 -08:00
f1306c9854
feat(oauth): pass email=false when verifying oauth tokens
...
Closes #1109
2015-11-13 09:37:51 -08:00
c2a2368a42
Release v1.49.0
2015-11-04 10:05:41 -08:00
80722d1054
chore(build): Switch to grunt-nsp
2015-11-04 16:10:51 +11:00
9ebec1a32b
feat(profile): Add oauth-authenticated /account/profile endpoint.
2015-10-30 14:58:04 +11:00
54510d8e0e
Release v1.48.3
2015-10-29 17:14:24 -04:00
39942de876
Release v1.48.2
2015-10-23 11:20:45 -07:00
12421b23b5
Release v1.48.1
2015-10-21 14:25:02 -07:00
ffe145e33d
fix(deps): shrinkwrap excludes fxa-jwtool->pem-jwk dep if pem-jwk is a devDep
2015-10-21 14:22:20 -07:00
966968d1a3
Release v1.48.0
2015-10-20 17:13:01 -07:00
193d16ffec
updated dependencies
2015-10-20 17:12:51 -07:00
f09a37be07
Merge pull request #1078 from mozilla/phil/issue-550
...
feat(server): support stricter access-control origin on most endpoints
2015-10-20 16:36:41 +11:00
664d73ef14
feat(server): optionally enforce a strict CORS origin
2015-10-16 10:29:25 +01:00
6ba432c486
Release v1.47.1
2015-10-12 18:30:18 -07:00
c20f871a06
Release v1.47.0
2015-10-08 15:27:38 +11:00
8bcc0649e0
Release v1.46.0
2015-09-22 18:58:58 -07:00
98e2ee0fa3
Merge pull request #1050 from jrgm/e2e-email-notifications-script-changes
...
fix(tests): improved script to checking email of all supported locales
2015-09-21 13:10:17 -07:00
f90a8c11da
fix(tests): run mysql tests on travis
...
Fixes #1032
2015-09-18 18:59:47 -04:00
af12f19711
Release v1.45.0
2015-09-13 18:20:05 -07:00
67ffcd127b
fix(tests): improved script to checking email of all supported locales
2015-09-12 20:18:33 -07:00
487830e904
Release v1.44.0
2015-08-28 10:37:20 -04:00
63842b0016
feat(metrics): add DataDog to activity events, email verified activity events
...
Fixes #922
2015-08-25 20:25:41 -04:00
ff5dd20a6c
WIP on openid
2015-08-18 15:29:44 -07:00
9f4747fa2d
refactor(config): Use human-readable duration values in config
2015-08-11 14:40:44 -07:00
f0d80ffb16
feat(db): store user agent and last-access time in sessionTokens
2015-08-07 08:51:29 +01:00
de000859c9
chore(deps): switch from db-mem to db-mysql
2015-08-03 09:41:59 +01:00
3a9b0fe3a4
Release v1.42.0
2015-07-23 23:15:52 -07:00
3c9d509887
Release v1.41.0
2015-07-06 19:45:30 -07:00
affb4e6da9
Release v1.40.0
2015-06-30 14:42:37 -07:00
07a8ba1dff
chore(build): Replacing JSHint with ESLint
2015-06-18 17:39:32 -07:00
1b2964bb5f
Release v1.39.0
2015-06-11 13:47:54 -07:00
2c5d523795
chore(config): Update convict and switch on strict validation.
2015-06-10 11:43:50 +10:00
c20c83adf4
Release v1.38.0
2015-05-27 12:16:58 -07:00
3b31c52eed
fix(test): use a version of node-ass with updated node-temp
2015-05-19 21:58:36 -07:00
4cabe83c1a
switch promises to bluebird from p-promise to match newer fxa services
2015-05-17 18:08:24 -07:00
27bb971c83
Merge pull request #931 from dannycoates/env
...
moar ENV
2015-05-17 18:01:17 -07:00
1521ea5d8e
Release v1.37.0
2015-05-14 22:09:38 -07:00
7df36f4ff0
moar ENV
...
This adds environment variable names for all config parameters. It
also adds 'envc' to help make using them easier in dev and replaces
the default json files. This is a baby step in configuring the
process purely with the env which should make containerizing easier.
2015-05-13 20:33:58 -07:00
c01e9f88de
switch from bunyan to mozlog
2015-05-11 11:03:40 -07:00
095224a668
updated scrypt-hash for iojs 2.0
2015-05-05 11:10:29 -07:00
4a2a6fa3c1
ready for all nodes
2015-04-30 12:38:21 -07:00
14204cfa57
replace browserid-crypto with fxa-jwtool
...
uses native node crypto instead of bigint
2015-04-29 16:03:45 -07:00
c369baa392
Release v1.36.0
2015-04-27 18:36:13 -07:00
94c9cc3274
Release v1.35.0
2015-04-13 17:55:16 -07:00
c3a79943e5
updated scrypt-hash
2015-04-10 15:12:51 -07:00
dd5f7b7567
Release v1.34.0
2015-03-31 19:25:55 -07:00
b43b562737
chore(versions): update fxa-auth-mailer and fxa-auth-db-mem to master, no git sha
2015-03-31 14:07:07 -07:00
a22dec3071
Release v1.33.0
2015-03-17 13:47:04 +11:00
0680f0e695
chore(release): add tasks "grunt version" and "grunt version:patch" to create release tags
2015-03-16 16:19:40 -07:00
875e9f9072
Enable build on ARM platforms (including Raspberry Pi)
2015-03-04 15:04:23 +01:00
b0dacaa4a8
Merge pull request #886 from dannycoates/hapi8
...
update hapi to 8.2.0
2015-03-04 15:59:38 +11:00
8d95432c3c
train-32
2015-03-04 13:23:25 +11:00
ffcd8f37fc
updated hapi to 8.2.0
2015-03-03 15:13:21 -08:00
cbad29619c
Locked account updates.
...
* `lockAccount` takes both `lockedAt` and `unlockCode`
* Expose the `unlockCode` endpoint to get the unlock code
* Add an `/account/lock` endpoint. Used for testing.
* Sending an account unlock email requires the account to be locked.
* Add API docs for /account/lock
* Point to the mozilla repo for fxa-auth-db-mem
* Add an `enableLockout` configuration option.
* Extract the route removal code into a module.
* Add a new error `accountNotLocked`. Error is only returned for `/account/unlock/resend_code`
* A new `locked` event is logged whenever an account is locked. Can be used to determine the number of locked accounts over a timespan.
2015-02-26 20:43:37 +00:00
087abb2d99
Initial account lockout work
...
* API spec
* Add account/unlock/resend_code, account/unlock/verify_code routes and and related logic.
2015-02-26 16:06:22 +00:00
4574d12dd9
train-31
2015-02-17 16:16:19 -08:00
fed441ee6e
change description to refer to Firefox Accounts, not 'PiCl'
2015-02-13 19:36:07 -08:00
02f8850270
train-30
2015-02-03 13:28:01 -08:00
fcc6988c57
train-29
2015-01-21 14:17:40 -08:00
7bd8c3bc52
train-28
2015-01-05 16:34:52 -08:00
78267a1ee6
Update hapi to latest stable version.
2015-01-06 09:36:41 +11:00
f475a2b72b
added locale to basket api response logging
2014-12-10 11:35:25 -08:00
8919d3b59c
train-27
2014-12-08 16:31:06 -08:00
6a551663de
Update to convict 0.6
2014-11-14 10:42:04 +11:00
60e9ffae23
Update from old jwcrypto to latest browserid-crypto.
2014-11-06 14:42:25 +11:00
7767d853d3
Upgrade convict dependency
2014-11-06 14:25:09 +11:00
1f8a2412e8
train-24.1
2014-10-20 11:57:25 -07:00
8c71f95c37
train-24
2014-10-20 11:18:08 -07:00
21ef416cb4
updated dependencies
2014-10-20 10:38:02 -07:00
b989946c78
train-23
2014-10-06 16:43:25 -07:00
60df983ac3
fixed #825 preverifytoken exp seconds
2014-10-06 14:00:31 -07:00
4bb2c546b9
Fixes #799 - Adds tests for customs.js which hits the fxa-customs-server
2014-10-02 10:07:05 +13:00
49aeb54cfb
train-22
2014-09-28 19:03:16 -07:00
0de308f1ae
updated deps
2014-09-11 11:42:03 -07:00
314d09a795
train-21
2014-09-08 17:08:46 -07:00
696b43ffc3
added 'resume' optional parameter for email sending endpoints
2014-09-04 14:17:52 -07:00
d18e786700
use b64url encoding for JWKs as in the spec
2014-08-28 11:19:08 -07:00
674ed5de72
WIP on public-key preVerifyTokens
2014-08-22 18:06:34 -07:00
0e66115b9e
initial sketch of preVerifiedTokens
2014-08-22 11:15:21 -07:00
c388e2d5c8
train-20
2014-08-22 11:13:34 -07:00
4796d08549
train-19
2014-08-11 11:36:19 -07:00
0d37733ffe
updated dependencies for qs
2014-08-06 18:00:54 -07:00
57f73da833
updated dependencies
2014-08-06 14:11:57 -07:00
a4fb9cb819
remove awsbox dev dependency
2014-08-02 04:04:55 +00:00
fc55fec1bc
updated fxa-auth-db-mem should fix #773 , for real
2014-07-30 17:01:18 -07:00
d70f463fa4
updated fxa-auth-db-mem should fix #773
2014-07-30 11:00:23 -07:00
c52598e147
fix #700
2014-07-27 20:54:38 -07:00
34cdb89181
too soon to rm customs-server dep
2014-07-27 15:34:48 -07:00
e6ea9c0f14
resolved all custom git dependencies and removed mysql and heap db.
...
the new fxa-auth-db-mem dev dep hosts a memory db over the httpdb
api.
2014-07-23 12:49:59 -07:00
de12adb26b
Update to hapi 6.2.0
2014-07-21 14:28:31 +10:00
930a5881a1
train-17
2014-07-15 11:21:02 -07:00
c7a4bf83ab
Merge branch 'train-16' into train-17
...
Conflicts:
npm-shrinkwrap.json
2014-07-15 11:16:41 -07:00
eb802ec8f0
Update to the latest version of the customs server
...
This version of the customs server includes the SQS API for banning
IP and email addresses.
2014-07-15 11:47:46 +12:00
b7a242f98e
train-16
2014-07-01 10:47:28 -07:00
e6e8a95dc4
updated hapi to 6.0.2
2014-06-19 14:33:01 -07:00
229df2010a
updated dependencies
2014-06-16 12:46:12 -07:00
5a6325c483
Upgrade to the latest customs-server
2014-06-13 16:20:27 +12:00
7762e95d42
fixed fxa-auth-mailer case sensitivity issue
2014-06-09 17:40:44 -07:00
dc30319ea3
updated dependencies
2014-06-08 18:40:17 -07:00
14524dfd77
removed toobusy dependency & improved graceful shutdown
2014-06-08 17:19:34 -07:00
261815a782
updated hapi to 5.1
2014-06-04 13:05:21 -07:00
b56207323f
better json parsing in pool
2014-06-04 11:57:43 -07:00
80e91b922d
use poolee as the http client instead of request
2014-06-03 17:01:31 -07:00
7ff7821c65
updated fxa-auth-mailer
2014-06-02 19:41:03 -07:00
7c06d7f346
train-14
2014-06-02 15:11:49 -07:00
c364d1fc02
use fxa-auth-mailer as a library
2014-06-02 11:00:29 -07:00
2870613926
updated hapi-auth-hawk
2014-06-01 15:29:08 -07:00
cda9a41ce6
train-13
2014-05-19 11:57:00 -07:00
8bbeb2bfc8
possible fix for hapi-auth-hawk payloadHash crash
2014-05-13 11:19:25 -07:00
fa13d30129
train-12
2014-05-05 11:16:32 -07:00
eab58fce5b
use heap db backend for travis
2014-05-05 10:41:13 -07:00
6c58e0083c
add http datastore api
...
The intent here is to eventually eliminate the mysql specific
implementation and only have heap (for quick testing) and httpdb
for real life. To ease the transition I've kept db/mysql.js
so we can test the httpdb implementation on a subset of
instances in parallel with the current setup. I already moved
db_patcher and the schema patches to the db server codebase
because those are run manually in production. The httpdb.js
implementation is working but could probably use some tidying up.
2014-05-04 19:31:22 -07:00
1d4a67305c
Update the URL for the customs server
...
This got moved to the mozilla namespace and so we should avoid
relying on Github maintaining the redirection.
2014-05-05 14:08:02 +12:00
acb7791bba
train-11.1 ... already
2014-04-21 17:22:51 -07:00
4a71c82493
train-11
2014-04-21 15:05:08 -07:00
ce13952724
updated customs server
2014-04-21 11:13:03 -07:00
099d6dd090
updated customs server
2014-04-21 10:05:12 -07:00
515678ca13
broke out customs server into a seperate process/repo
2014-04-18 19:05:47 -07:00
89b529a44d
train-10.3 fixed complaint bounces
2014-04-16 09:53:29 -07:00
70c0ee7add
fixed sqs max messages
2014-04-15 16:07:57 -07:00
cee39365d5
train-10.1 email validation bugfix
2014-04-15 12:12:21 -07:00
360ba8f7ef
train-10
2014-04-14 11:46:22 -07:00
b84cf7df88
train-08
2014-03-31 17:21:23 -07:00
7aaa3279f2
Moving grunt validate-shrinkwrap from npm postinstall to Travis
2014-03-26 12:39:25 -07:00
291aa5b421
Adding grunt validate-shrinkwrap task to npm postinstall script
2014-03-25 16:53:53 -07:00
cfb196f4c5
train-07
2014-03-24 11:25:47 -07:00
6c76467d5a
better mysql connection error handling
2014-03-23 20:00:12 -07:00
927482aa71
Minor tweaks from review of Issue #494
2014-03-24 12:24:57 +13:00
6fcf0b056f
Fixes #632 : Remove then-redis, regenerate npm-shrinkwrap.json
2014-03-19 14:16:09 +13:00
49e344feeb
sns notifier as a downstream process
2014-03-18 12:12:39 -07:00
85c62912f5
Add (temporary) SNS notifications of account delete events.
2014-03-18 11:24:22 -07:00
3054826d45
train-06
2014-03-14 14:52:26 -07:00
0c0e3fb5c5
default config.env to prod
2014-03-11 14:53:44 -07:00
45f9bf7849
train-05
2014-03-10 12:06:27 -07:00
cdb8012a25
switch from lockdown to shrinkwrap. closes #603
2014-03-09 17:59:20 -07:00
278cc596ae
step 1 in fixing i18n
2014-03-09 17:33:52 -07:00
c53c06be02
train-04
2014-03-03 11:09:41 -08:00
c8bc7a4957
request is now a real dependency
2014-02-27 15:59:01 -08:00
07929f3256
Merge remote-tracking branch 'jrgm/issue-19'
2014-02-24 14:17:37 -08:00
bd5dda4a78
train-03
2014-02-24 10:39:53 -08:00
9c6a02dbc0
add npm lockdown; fixes issue #19
2014-02-23 19:28:18 -08:00
fda701ee3e
updated mysql module
2014-02-23 18:34:22 -08:00
ccf1cd98ee
Upgrade to hapi v2.4.0
2014-02-20 23:27:42 +13:00
8a22b398aa
Update mysql dependency to latest version.
2014-02-13 14:47:00 +11:00
c7ee4152b2
update hapi
2014-02-11 11:06:18 -08:00
517352b3be
fixes #544
2014-02-06 17:32:34 -08:00
176b3854b1
refactored errors
2014-02-06 10:24:46 +13:00
82a4b6dca9
Hapi v2 : Updates to error handling to handle a 400 (when account already exists)
2014-02-06 10:22:51 +13:00
104da9e052
Hapi v2 : Updates to stop server crashing on startup
2014-02-06 10:22:46 +13:00
b452e2810e
updated then-redis for promise compatibility
2014-01-21 14:29:04 -08:00
04803c739c
made test-quick faster by only starting one TestServer
2014-01-21 12:22:36 -08:00
4bc4b68a36
added grunt to npm test-all
2014-01-18 11:34:32 -08:00
8f3509fc7e
restructure tests
...
* created test/local for tests that can only be run locally
* created test/remote for tests that can run remotely or locally
* moved most api level tests to test/remote
* much more of the test suite can run remotely now :)
2014-01-17 19:20:00 -08:00
cdf5ec2415
b-sides
2014-01-14 16:18:04 -08:00
0123d19cc3
updated deps
2014-01-09 20:57:50 -08:00
85e4fb5e87
fixes #465
2014-01-09 14:45:28 -08:00
5ecf906cfb
Merge pull request #473 from pdehaan/grunt-refac
...
updating grunt dependencies and using grunt-copyright package
2014-01-08 12:41:21 -08:00
203197c01d
updating grunt dependencies and using grunt-copyright package
2014-01-07 16:57:52 -08:00
c4d4fcf78a
cleanup deps
2014-01-03 18:32:48 -08:00
4b24c07f2b
updated dependencies
2014-01-02 15:52:36 -08:00
2dde6d32f6
replace emscrypt.js with scrypt-hash
2014-01-02 13:05:00 -08:00
d79b3c31f5
Move log-testing dependencies into devDependencies
2013-12-20 22:53:46 +11:00
77b2bbb623
sketch of asserting logs in tests
2013-12-20 22:53:46 +11:00
283f27c703
fixed client in 'prod-y' environments
2013-12-19 17:51:56 -08:00
daf772af28
use ass for code coverage - issue #94
2013-12-18 09:03:17 +02:00
f349569ed3
use restmail api for mail_helper and verification tests
2013-12-16 21:36:42 -08:00
8dde73becb
updated hapi
2013-12-13 11:41:50 -08:00
81cec9a1e1
made log level configurable in dev
2013-12-12 10:02:33 -08:00
0a6dba2606
Update the MySql drive to 2.0.0-rc2
2013-12-12 09:27:58 +13:00
d5c7d9c4ca
updated example.js, added npm scripts
2013-12-11 10:31:42 -08:00
fe82e1f098
First, rough attempt at internationalization of emails.
2013-12-09 12:53:24 +11:00
0860657c3a
Merge pull request #253 from mozilla/rfk/stale-nonce-checking
...
Enable checks for nonce re-use in hawk lib
2013-11-17 19:09:02 -08:00
34d57f8928
de-picling due to recent repo rename. A couple picl's remain, but I'll file separate bugs as they're less straight forward
2013-11-15 15:38:04 -08:00
306a2062dc
Implement basic in-memory nonce database
2013-11-14 16:22:07 +11:00
28775a086b
Fixes #261 - Switch to mysql v2 driver, remove db/mysql_wrapper.js
2013-11-13 17:44:37 +13:00
760fb94f7e
improved signer worker crash handling
2013-11-07 17:31:44 -08:00
50e7b6c25c
cleaned up client crypto dependencies
...
added a new scrypt library that is about 3x faster as
emscrypt.js. It should be factored into its own module
on npm eventually.
also updated the npm sjcl dependency to 1.0.0 (official)
and removed the sjcl-codec-bytes dep by using hex instead.
2013-11-04 13:43:02 -08:00
ab8f1a1ee0
Merge pull request #267 from dannycoates/validation
...
test for oversized payloads
2013-11-01 16:34:37 -07:00
7c63ecbbbd
fixed jshint complaints
2013-11-01 14:29:39 -07:00
9390251824
Merge pull request #257 from pdehaan/grunt
...
Adding Gruntfile w/ JSHint task and copyright checker
2013-11-01 14:03:25 -07:00
16f7a265f6
test for oversized payloads
2013-10-31 14:49:53 -07:00
aacdd4330e
Merge pull request #254 from dannycoates/db
...
Update DB API
2013-10-30 10:52:19 -07:00
5c81b13c75
Merge branch 'srp2' into db
...
Conflicts:
bin/key_server.js
db/heap.js
db/mysql.js
package.json
tokens/srp_token.js
2013-10-29 15:13:35 -07:00
b132e73492
Tweaking package.json to pass validator
2013-10-29 13:53:39 -07:00
9924a2e5e8
WIP on mysql api
2013-10-29 13:48:21 -07:00
1d4a6a1e92
updated dependencies
2013-10-29 13:48:21 -07:00
4e8d9ec41c
more WIP on db api
2013-10-29 13:47:00 -07:00
1d5228707d
Adding Gruntfile w/ JSHint task and copyright checker
2013-10-29 11:01:44 -07:00
a41fe08538
updated to node-srp 0.2.0
2013-10-28 17:20:13 -07:00
a360d688e8
updated dependencies
2013-10-28 11:42:16 -07:00
24d16852d0
more WIP on db api
2013-10-28 11:42:16 -07:00
20e376f5a7
naive implementation of /auth/password
2013-10-22 17:03:50 -07:00
73c2b97ef3
upgrade to 0.2.4 which fixes npm warnings
2013-10-14 11:21:18 +03:00
869a3f08b2
Merge branch 'master' into cassy
...
Conflicts:
scripts/start-local.sh
2013-09-23 11:37:52 -07:00
41964357ad
Simplify and cleanup heka+awsbox setup.
2013-09-23 11:52:48 +10:00
John Morrison
Vlad Filippov
Danny Coates
Sean McArthur
Peter deHaan
Ryan Kelly
Ryan Kelly
Phil Booth
Andreas Textor
Shane Tomlinson
Ryan Kelly
Andrew Chilton
Francois Marier
Lloyd Hilaiel
Peter deHaan