mozilla
/
fxa-auth-server
зеркало из https://github.com/mozilla/fxa-auth-server.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
1 229 коммитов 174 Ветки 259 Теги 21 MiB
Граф коммитов

311 Коммитов

Автор SHA1 Сообщение Дата
Ryan Kelly 087abb2d99 Initial account lockout work 
* API spec
* Add account/unlock/resend_code, account/unlock/verify_code routes and and related logic.
 2015-02-26 16:06:22 +00:00
Ryan Kelly de28ab61e1 Increase passwordForgotToken lifetime to 1 hour. 2015-01-28 15:04:22 +11:00
Ryan Kelly f9e8c1cced Use shiny new PyFxA library for the python loadtests. 2015-01-06 16:00:27 +11:00
Ryan Kelly 60e9ffae23 Update from old jwcrypto to latest browserid-crypto. 2014-11-06 14:42:25 +11:00
Danny Coates 955d4b22b2 added uid to /session/status response. fixes #830 2014-10-20 11:55:06 -07:00
Danny Coates 60df983ac3 fixed #825 preverifytoken exp seconds 2014-10-06 14:00:31 -07:00
Chris Karlof ce99af62b4 base64URL decode the sig of JWTs before verifying 
The preverified token verifier was expecting the signature portion to be hex encoded, which is incorrect.
Fixes #823
 2014-10-03 15:57:47 -07:00
Ryan Kelly 79fb729e45 Merge pull request #821 from chilts/i799-tests-for-customs-server 
Fixes #799 - Adds tests for customs.js which hits the fxa-customs-server
 2014-10-02 07:37:38 +10:00
Andrew Chilton 4bb2c546b9 Fixes #799 - Adds tests for customs.js which hits the fxa-customs-server 2014-10-02 10:07:05 +13:00
Danny Coates 12e526cf05 Merge pull request #819 from mozilla/rfk/config-scrypt-backlog 
Improve operational affordances for scrypt max-pending limit
 2014-10-01 10:57:16 -07:00
Ryan Kelly 77b65b6155 Refactor stat reporting to use opaque methods on each service. 2014-10-01 14:04:58 +10:00
Ryan Kelly b64426d1e8 Log a warning when scrypt.maxPending limit is exceeded. 2014-09-30 16:45:10 +10:00
Ryan Kelly a21da17962 Periodically log statistics on scrypt queue backlog. 2014-09-30 16:43:26 +10:00
Ryan Kelly 6ead098acc Make scrypt.maxPending a config option. 
This also renames some internal uses of "max_pending" to match the
prevailing capitalization style.
 2014-09-30 16:27:51 +10:00
Ryan Kelly d826fce497 Pass 'log' and 'config' as options to the scrypt module. 2014-09-30 16:13:24 +10:00
Danny Coates cebd88ffa5 Merge pull request #815 from jrgm/local-email-valid 
move valid email checks to local tests
 2014-09-29 14:02:30 -07:00
Danny Coates 70c3cc9a20 basket api notifier 2014-09-28 18:51:53 -07:00
John Morrison 274a820521 move valid email checks to local tests 2014-09-24 09:47:28 -07:00
Danny Coates 696b43ffc3 added 'resume' optional parameter for email sending endpoints 2014-09-04 14:17:52 -07:00
ckarlof 53e3591105 Merge pull request #784 from dannycoates/pvt 
Support for preVerifiedTokens in /account/create to allow trusted reliers who have already verified the the user's email to more easily transition users to FxA. A valid preVerified token allows the user to skip the email verification step, i.e., the user's account is verified after /account/create completes.

fixes #780
r=rfk,ckarlof
 2014-09-03 14:15:32 -07:00
Peter deHaan c4f5e0b75a Removed some bonus trailing commas and dupe vars 2014-09-03 13:20:06 -07:00
Danny Coates 90c192d975 removed iss from preVerifyToken JWT 2014-09-03 11:55:23 -07:00
Danny Coates ebe39b1354 test re-create with preVerifyToken 2014-08-28 15:37:14 -07:00
Danny Coates 74145117d8 config cleanup 2014-08-28 11:26:23 -07:00
Danny Coates d18e786700 use b64url encoding for JWKs as in the spec 2014-08-28 11:19:08 -07:00
Danny Coates 674ed5de72 WIP on public-key preVerifyTokens 2014-08-22 18:06:34 -07:00
Danny Coates 73a0432d31 added a test for invalid preverifytoken, default config to no secret 2014-08-22 11:15:21 -07:00
Danny Coates 0e66115b9e initial sketch of preVerifiedTokens 2014-08-22 11:15:21 -07:00
Ryan Kelly 60672c972a Add a limit to the number of in-flight scrypt hashes. 2014-08-16 13:14:39 +10:00
John Morrison d38c1bd11b limit payload.maxBytes to 16384 2014-08-05 13:55:35 -07:00
Danny Coates c52598e147 fix #700 2014-07-27 20:54:38 -07:00
Danny Coates ca29eeee13 Merge pull request #770 from dannycoates/i759 
test client shouldn't send 'undefined' accept-language
 2014-07-27 20:03:03 -07:00
Danny Coates ae8fac776f test client shouldn't send 'undefined' accept-language 2014-07-27 16:04:16 -07:00
Danny Coates e6ea9c0f14 resolved all custom git dependencies and removed mysql and heap db. 
the new fxa-auth-db-mem dev dep hosts a memory db over the httpdb
api.
 2014-07-23 12:49:59 -07:00
Danny Coates 262aa816f1 another account status test case 2014-07-14 15:11:00 -07:00
Danny Coates a00f30aab1 allow /account/status to be authenticated with a sessionToken 2014-07-13 13:55:39 -07:00
Danny Coates ba3cbcaf8f additional locale tests 2014-07-09 12:13:08 -07:00
Danny Coates 3ca7277630 added locale to account 2014-07-08 14:54:25 -07:00
Danny Coates 650ac2c253 fixed #748 HSTS header 2014-06-15 14:37:01 -07:00
Robert Kowalski 4b0aeb4b02 Use Hapi's builtin config for the Strict-Transport-Security header 2014-06-13 22:21:38 +02:00
Danny Coates cb659fe5a7 default routes should get the basePath 2014-06-11 11:35:59 -07:00
Danny Coates 7454a9f357 don't move .well-known when there is a basePath in publicUrl 2014-06-11 10:48:28 -07:00
Danny Coates 2528676f66 append the base path from config.publicUrl to all routes 2014-06-10 13:47:23 -07:00
Danny Coates 7762e95d42 fixed fxa-auth-mailer case sensitivity issue 2014-06-09 17:40:44 -07:00
Danny Coates 100d816bd0 reorganize test related files and removed unuse code 2014-06-03 12:00:06 -07:00
Danny Coates 4a15d02726 moved client into test directory 2014-06-03 11:15:36 -07:00
Danny Coates c364d1fc02 use fxa-auth-mailer as a library 2014-06-02 11:00:29 -07:00
Danny Coates 212ec77d9c fix no method 'wrap' in sign route #716 2014-05-15 17:48:28 -07:00
Danny Coates cbead14449 verify an account if its unverified when forgot password verification succeeds 2014-04-23 14:55:10 -07:00
Danny Coates aa9a9ca22d fixed email complaint tests 2014-04-16 10:37:06 -07:00