72eba1aace
minor api.md doc fixes
2014-01-07 18:41:12 -08:00
45a1281624
Merge pull request #466 from mozilla/onepw
...
ONEPW to rule them all
2014-01-07 18:07:13 -08:00
203197c01d
updating grunt dependencies and using grunt-copyright package
2014-01-07 16:57:52 -08:00
50571901b9
jshint cleanup
2014-01-07 16:01:04 -08:00
3d88bc81b2
slightly consolidate onepw functions under crypto/password.js
2014-01-07 15:02:48 -08:00
0879b14770
removed keystretch.js
2014-01-07 13:48:59 -08:00
abf68d70ec
rearranged cryptic ;) code. added a lazy email validator
2014-01-07 11:04:23 -08:00
1cbbca3206
Merge pull request #463 from dannycoates/normalizeEmail
...
normalize email on create account using mysql lower()
2014-01-06 16:46:23 -08:00
9529d929e7
added test for incorrect email case on login
2014-01-06 14:21:08 -08:00
f607491bf1
use rawEmail when sending mail
2014-01-06 13:45:23 -08:00
43d36c1aed
normalize email on create account using mysql lower()
2014-01-06 10:56:35 -08:00
451ca9b853
updated api.md for onepw
2014-01-05 12:45:39 -08:00
d9e74ff2a0
deleted more dead code
2014-01-05 12:45:39 -08:00
ecb2cdec6b
update onepw.graffle: replace stretchWrap with 'wrapwrapKb'
2014-01-03 18:54:43 -08:00
c4d4fcf78a
cleanup deps
2014-01-03 18:32:48 -08:00
e285cb8ac3
delete stuff
2014-01-03 18:11:33 -08:00
e973ffed85
use wrapWrapKb on the backend
2014-01-03 16:10:37 -08:00
a1a31767ae
updated the api frontend for /account/login?keys=true revision
2014-01-03 11:54:54 -08:00
8207f432ea
renamed ForgotPasswordToken to PasswordForgotToken
2014-01-02 16:30:49 -08:00
4b24c07f2b
updated dependencies
2014-01-02 15:52:36 -08:00
2dde6d32f6
replace emscrypt.js with scrypt-hash
2014-01-02 13:05:00 -08:00
f1ce569390
Merge remote-tracking branch 'mozilla/master' into onepw
...
I made a couple changes to the log.security tests that
I'm not 100% sure about. I've created and issue to verify
the new assertions.
Conflicts:
client/api.js
package.json
routes/account.js
routes/password.js
test/run/pbkdf2_tests.js
2014-01-02 12:40:20 -08:00
bbc8fd8eb3
added vmware fusion to vagrantfile
2014-01-02 10:42:27 -08:00
69e441fdf5
Update awsbox config to use port 587 for SES SMTP access.
2014-01-02 15:26:13 +11:00
9986ca3e12
Merge pull request #459 from dannycoates/dc/onepw
...
Naive implementation of onepw
2013-12-20 17:45:29 -08:00
679268f7df
update onepw.graffle: HKDF details, new token names
2013-12-20 17:25:56 -08:00
44057436a1
Naive implementation of onepw
2013-12-20 17:03:07 -08:00
aa55db1d2e
add the OmniGraffle source for the "onepw" protocol diagrams
...
Recently exported PNG images from this are included in this repo's
related wiki, on this page:
https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol
2013-12-20 13:03:53 -08:00
ad40f6e44b
Merge pull request #453 from mozilla/rfk/security-events
...
Add ability to log security-related events.
2013-12-20 04:00:36 -08:00
7677f41cba
Add comment re: filtering of XFF header.
2013-12-20 22:53:46 +11:00
95c193c965
Add tests for security-event logging output.
2013-12-20 22:53:46 +11:00
d79b3c31f5
Move log-testing dependencies into devDependencies
2013-12-20 22:53:46 +11:00
77b2bbb623
sketch of asserting logs in tests
2013-12-20 22:53:46 +11:00
512b5aa94e
Ensure 'uid' is present on all relevant security events.
2013-12-20 22:53:46 +11:00
6184aeaf2b
Filter empty strings from the remoteAddressChain
2013-12-20 22:53:46 +11:00
42c20f22c3
Add ability to log security-related events.
2013-12-20 22:53:46 +11:00
283f27c703
fixed client in 'prod-y' environments
2013-12-19 17:51:56 -08:00
9a4e467930
awsbox needs a verified sender address
2013-12-20 09:38:48 +11:00
9227ef016a
Stop sending bound emails to rfkelly; there's only noise in there.
2013-12-20 09:30:22 +11:00
d067d04a6b
Merge pull request #446 from lloyd/master
...
use ass for code coverage - issue #94
2013-12-18 12:49:38 -08:00
daf772af28
use ass for code coverage - issue #94
2013-12-18 09:03:17 +02:00
6a609a2926
Merge pull request #342 from mozilla/rfk/rpid-in-email-links
...
Add optional opaque "rpid" parameter to verification emails.
2013-12-17 21:45:13 -08:00
dd0acf8885
Add optional opaque "service" parameter to verification emails.
2013-12-18 16:37:46 +11:00
8a8b5218ee
fixed #447 jshint
2013-12-17 12:14:36 -08:00
1337b5025e
Merge pull request #442 from mozilla/rfk/config-scrypt-helper-url
...
Simplest possible patch to make scrypt-helper URL configurable.
2013-12-16 22:56:34 -08:00
3b36f2370f
Merge pull request #443 from dannycoates/stupidEmail
...
use restmail api for mail_helper and verification tests
2013-12-16 22:55:51 -08:00
57448828f7
Simplest possible patch to make scrypt-helper URL configurable.
2013-12-17 16:43:00 +11:00
f349569ed3
use restmail api for mail_helper and verification tests
2013-12-16 21:36:42 -08:00
d7e32c2d7b
Merge pull request #439 from mozilla/rfk/rename-node-env-prod
...
Rename NODE_ENV=production to NODE_ENV=prod
2013-12-16 21:01:21 -08:00
97a7ca0b21
Rename NODE_ENV=production to NODE_ENV=prod
2013-12-17 15:36:34 +11:00
Danny Coates
Peter deHaan
Brian Warner
Ryan Kelly
Ryan Kelly
Lloyd Hilaiel