03d80cd0cb
Fixes #606 : Add back in it-CH as default, remove en-AU, fix tests
2014-03-05 10:16:17 +13:00
6b8019e0a2
i18n is busted. hacked up until we get the errors sorted. should fix #598
2014-02-28 12:35:48 -08:00
de6e64dc72
allow repeat signup against unverified emails
2014-02-27 11:35:51 -08:00
45ddd028fb
Merge pull request #567 from chilts/issue-155-fetch-templates-from-content-server
...
Issue 155 fetch templates from content server
2014-02-26 13:29:14 -08:00
7332cb4f6e
update vagrantfile and test/bench for new log lines
2014-02-25 16:53:33 -08:00
da09a5a884
Make sure all tests pass by defining where the template server is
2014-02-26 12:01:19 +13:00
76361514c9
Add a templateServer config item
2014-02-26 12:01:19 +13:00
01a1097cca
Add separate config files for various tests for local template server
2014-02-26 12:01:19 +13:00
b4bacd8560
Disable timestamp checking in authentication.
...
We're seeing too many problems due to clock skew between client and
server. This turns off the timestamp checking and instead just logs
the skew for future analysis.
2014-02-24 16:21:29 +11:00
76bf65c289
Check and cache ts+nonce pairs, not just plain nonces.
2014-02-24 15:52:43 +11:00
2fef3126e3
update verifierVersion on account reset and password change
2014-02-19 18:19:39 -08:00
cd4ab20756
change pbkdf2.derive len parameter to use byte length instead of bit length to be consistent with other functions
2014-02-19 16:28:37 -08:00
7ef3dcbac3
More comprehensive validation of email addresses.
2014-02-18 21:54:52 +11:00
c75223cc4c
fixes #512
2014-02-14 16:20:33 -08:00
15113ca8ff
removed assertLogs
2014-02-14 12:10:39 -08:00
5cd39e419e
Implement log summary line
2014-02-13 22:21:26 -08:00
c24dd9dcb9
Merge pull request #547 from dannycoates/sessionRefresh
...
implement lastAuthAt
2014-02-12 17:53:37 -08:00
08734f0882
fixed #563 redirectTo not in resend verify link
2014-02-12 10:58:04 -08:00
9643a51756
first steps in lastAuthAt
2014-02-11 10:53:40 -08:00
4edde9b099
Removing unused require() statements
2014-02-05 16:59:56 -08:00
9c025190ff
Merge pull request #533 from chilts/issue-513-add-ver-txt
...
Fixes #513 : Read the relevant file to report the version being run
2014-02-05 12:51:47 -08:00
a9a213b303
Fixes #513 : Read the relevant file to report the version being run
2014-02-05 10:45:43 +13:00
62602bd945
Fixes #527 : Remove 'Report It' link
2014-02-04 10:31:43 +13:00
3a6dac1121
Include 'fxa-generation' field in signed certificates.
2014-01-30 10:12:31 +11:00
3ac7077eaf
split the bad email case into a separate error case
2014-01-23 18:23:34 -08:00
679604da05
implemented login on /account/create
2014-01-23 17:46:55 -08:00
24d959da9a
Set issuedAt to 10 seconds in the past.
2014-01-23 14:58:27 +11:00
6cd6e69435
Merge pull request #510 from chilts/moar-db-tests
...
Add more db tests to check after when things have been deleted
2014-01-21 17:15:45 -08:00
cbee1ff689
Add more db tests to check after when things have been deleted
2014-01-22 10:25:54 +13:00
04803c739c
made test-quick faster by only starting one TestServer
2014-01-21 12:22:36 -08:00
e6a5729642
refactored crypto/password.js and added verifierVersion config parameter
2014-01-21 11:26:26 -08:00
a658008abe
fixed lint errors before @pdehaan flips a table
2014-01-18 11:29:39 -08:00
61367a80b0
increased test coverage
2014-01-18 00:00:40 -08:00
1a525bc2c6
remote tests working against prod
2014-01-17 23:34:27 -08:00
1013c15726
increased test coverage
2014-01-17 21:05:42 -08:00
8f3509fc7e
restructure tests
...
* created test/local for tests that can only be run locally
* created test/remote for tests that can run remotely or locally
* moved most api level tests to test/remote
* much more of the test suite can run remotely now :)
2014-01-17 19:20:00 -08:00
8c1263055a
fixed a couple testing nits
2014-01-17 14:14:47 -08:00
1281d2698c
fix a serious bug in /account/destroy
...
in the transition from a token to password auth on this
endpoint I forgot to check whether the password matches,
since before the token validated your credentials. This
allowed *anyone* to delete any account. oops!
2014-01-16 13:44:28 -08:00
215ed77dfe
allow any redirectTo when config.redirectDomain is an empty string
2014-01-15 18:20:12 -08:00
7c13517a07
added a test for expired tokens
2014-01-15 15:56:54 -08:00
7be72d8b1f
added app level token expiry
2014-01-15 13:23:29 -08:00
eccf4db4f2
sup dawg, i heard you like email
...
so i put some email in your email
so yyou can verify while you verify
2014-01-15 10:14:55 -08:00
7f0d608d4c
fixes #496 and also stops double url encoding links
2014-01-14 18:45:17 -08:00
cb2916abbd
updated bench
2014-01-14 17:49:33 -08:00
cdf5ec2415
b-sides
2014-01-14 16:18:04 -08:00
13aeeb0159
recased 'tokenId' and 'tokenData'
2014-01-14 12:14:57 -08:00
65ccfdb4ef
added 'verifierVersion' column to accounts
2014-01-14 12:02:31 -08:00
70bdcc6840
added 'createdAt' to accounts
2014-01-14 11:40:55 -08:00
19da97e705
rename 'verified' to 'emailVerified'
2014-01-14 10:59:37 -08:00
4b0bb50e2b
Merge pull request #485 from dannycoates/created-time
...
added 'created' to all tokens and 'generation' to accounts
2014-01-13 15:48:49 -08:00
e5d637c400
changed 'created' field to 'createdAt' and 'generation' to 'verifierSetAt'
2014-01-13 15:38:13 -08:00
7b2f555680
added 'created' to all tokens and 'generation' to accounts
2014-01-13 15:00:41 -08:00
f4ae4bb8bc
added service and redirectTo options to endpoints that send email
2014-01-13 14:49:43 -08:00
91b102ec5a
Merge pull request #475 from dannycoates/kft
...
don't delete keyFetchTokens on use until the account is verified
2014-01-12 20:53:11 -08:00
a3134ce331
convert verify and reset codes to 128 bit values
2014-01-09 18:32:27 -08:00
47361897fb
stubbed in HTTP 410 for #449
2014-01-09 14:03:11 -08:00
2adb0bf8a2
added a basic benchmark test
2014-01-09 11:28:25 -08:00
6caca11a5e
created promise.js for easy lib switching.
...
I was messing around with other promise libraries, so I did this.
Seems worth keeping.
2014-01-09 00:01:04 -08:00
9ae37707a3
don't delete keyFetchTokens on use until the account is verified
2014-01-08 13:38:54 -08:00
50571901b9
jshint cleanup
2014-01-07 16:01:04 -08:00
3d88bc81b2
slightly consolidate onepw functions under crypto/password.js
2014-01-07 15:02:48 -08:00
0879b14770
removed keystretch.js
2014-01-07 13:48:59 -08:00
abf68d70ec
rearranged cryptic ;) code. added a lazy email validator
2014-01-07 11:04:23 -08:00
9529d929e7
added test for incorrect email case on login
2014-01-06 14:21:08 -08:00
43d36c1aed
normalize email on create account using mysql lower()
2014-01-06 10:56:35 -08:00
d9e74ff2a0
deleted more dead code
2014-01-05 12:45:39 -08:00
e285cb8ac3
delete stuff
2014-01-03 18:11:33 -08:00
e973ffed85
use wrapWrapKb on the backend
2014-01-03 16:10:37 -08:00
8207f432ea
renamed ForgotPasswordToken to PasswordForgotToken
2014-01-02 16:30:49 -08:00
2dde6d32f6
replace emscrypt.js with scrypt-hash
2014-01-02 13:05:00 -08:00
f1ce569390
Merge remote-tracking branch 'mozilla/master' into onepw
...
I made a couple changes to the log.security tests that
I'm not 100% sure about. I've created and issue to verify
the new assertions.
Conflicts:
client/api.js
package.json
routes/account.js
routes/password.js
test/run/pbkdf2_tests.js
2014-01-02 12:40:20 -08:00
44057436a1
Naive implementation of onepw
2013-12-20 17:03:07 -08:00
95c193c965
Add tests for security-event logging output.
2013-12-20 22:53:46 +11:00
77b2bbb623
sketch of asserting logs in tests
2013-12-20 22:53:46 +11:00
daf772af28
use ass for code coverage - issue #94
2013-12-18 09:03:17 +02:00
dd0acf8885
Add optional opaque "service" parameter to verification emails.
2013-12-18 16:37:46 +11:00
8a8b5218ee
fixed #447 jshint
2013-12-17 12:14:36 -08:00
f349569ed3
use restmail api for mail_helper and verification tests
2013-12-16 21:36:42 -08:00
c9e1deb7b7
add ability to set client time offset to correct time skew
2013-12-11 15:21:39 -08:00
762ec50df8
Merge pull request #403 from dannycoates/i401
...
lockdown passwordStretching parameters
2013-12-11 10:43:42 -08:00
cf135707db
Add test for validation of email addresses.
2013-12-11 15:44:43 +11:00
8f85f173e6
lockdown passwordStretching parameters
2013-12-10 13:33:14 -08:00
98ac38359f
Fix failing test for email-formatting
2013-12-10 16:35:16 +11:00
a4b155b0bb
Hex-encode the uid for inclusion in browserid certificate.
2013-12-10 16:25:08 +11:00
c66352b8ec
Merge pull request #386 from chilts/fix-mysql-ping
...
Release the connection when pinging the database
2013-12-09 14:51:11 -08:00
4334b80aeb
Release the connection when pinging the database
2013-12-10 11:46:09 +13:00
4543823d0b
camelCase all the config options
2013-12-09 12:26:41 -08:00
fe82e1f098
First, rough attempt at internationalization of emails.
2013-12-09 12:53:24 +11:00
7bbcae4176
added mail_helper.js for local email testing
2013-12-07 15:56:11 -08:00
a35c94c54a
Use MySql pool, transactions and more promises
2013-12-06 18:07:09 +13:00
82b943c37d
Merge pull request #370 from dannycoates/emailz
...
added preVerified option to /account/create
2013-12-04 15:59:31 -08:00
45d557cf2f
added preVerified option to /account/create in non-production environments
2013-12-04 14:12:30 -08:00
6efbc680ab
adding copyright, removing dead code
2013-12-03 16:43:47 -08:00
11006027de
Refactor test helpers into a promisified 'test' function.
2013-12-03 17:47:54 +11:00
3540bd9511
Experiment with some "test+promise helpers" to avoid uncaught errors.
2013-12-03 16:50:33 +11:00
82d3978601
Merge pull request #362 from mozilla/rfk/timestamp-header
...
Add 'Timestamp' header to all successful requests.
2013-12-02 14:49:56 -08:00
3b1d8543d2
Add 'Timestamp' header to all successful requests.
2013-11-28 14:37:47 +11:00
93c2975f91
tokenid and tokendata are now Buffers internally
2013-11-26 17:46:19 -07:00
6d42b2ae54
kA and wrapKb are now Buffers internally
2013-11-26 13:23:14 -07:00
38df743201
uid is now a Buffer internally
2013-11-26 12:17:48 -07:00
Andrew Chilton
Danny Coates
Ryan Kelly
Peter deHaan
Lloyd Hilaiel
Zachary Carter