train-22 * basket API #818 train-21 * added 'preVerifyToken' optional parameter to /account/create #784 * reset customs state on password reset #798 * added 'resume' optional parameter to email sending endpoints #793 train-20 * limit the number of pending scrypt hashes #783 train-19 * belated major version 1 bump but maintain minor version count * fixed uid logging issue #755 * nonceFunc logging is now trace instead of info level * updated many dependencies * removed awsbox train-18 * fixed internal server error on /certificate/sign #771 * removed mysql and heap DB implementations #769 * fixed log uid encoding issue #765 * updated documentation train-17 * added locale to account #751 * better db related error messages for httpdb #754 * updated customs-server #756 train-16 * updated hapi to 6.0.2 train-15 * allow routes to use a base path for hosting in a subdirectory * updated dependencies * use poolee module for HTTP requests * code reorganization train-14 * moved email sending into fxa-auth-mailer #730 * updated hapi-auth-hawk to mitigate bug (#700) #731 * added `use_https` config option #728 * always return an error on `__heartbeat__` failure #726 * updated documentation train-13 * added contributing file #719 * added MPL license file * fix for certificate sign requests when the provided key is invalid #717 * fixed hawk payload verification bug #713 * updated base email templates #709 train-12 * verify an account if its unverified when forgot password verification succeeds #694 * added 'accountRecreated' flag to the request summary log line #695 * deprecate smtp.verificationUrl and passwordResetUrl in favor of contentServer.url #696 * Update the URL for the customs server #702 * add http datastore api #684 train-11 * moved customs-server (fraud/abuse) to its own repo #685 * improved the email based rate-limiting behavior train-10 * added email_bouncer.js for processing SES email bounces #678 * fixed an email validation bug #681 train-09 * noop train-08 * added /account/status #656 * added basic email rate limiting #664 train-07 * improve concurrent duplicate request handling #626 * improved test coverage #628 * added SNS account delete notifier #629 * added fxa-verifiedEmail to the signed certificate #630 * removed dependency on redis #634 * added db_patcher for db migrations #643 * improved redirectTo domain validation * updated readme design doc link #616 * added /password/forgot/status endpoint #636 * added /session/status endpoint #637 * exit key_server when stdout is piped and the other process exits * improved mysql connection error handling train-06 * stop logging OPTIONS requests #619 * fixed /verify_email uid parameter validation * default config.env to prod #614 train-05 * fixed some i18n issues #611 * use npm shrinkwrap #603 * don't send verify emails to verified accounts #609 train-04 * added `lockdown` for stable dependencies #19 * refactored mysql.js #588 * allow repeat signup against unverified emails #593 * added cache-control to /.well-known/browserid #597 * collect loggable data before authentication #601 train-03 * upgrade hapi to 2.4.0 * fixed password reset account lockout bug #575 * upgrade mysql to 2.1.0 * added mysql stat log lines * default mysql pools to 10 connections instead of 100 * improved mysql connection error handling #581 * check and cache ts+nonce pairs, not just plain nonces #584 * disable HAWK timestamp checking in authentication #585 train-02 * added `fxa-lastAuthAt` to signed certificates #547 * load test enhancements * fixed redirectTo bug in /recovery_email/resend_code #563 * updated mysql module from 2.0.0 to 2.0.1 * improved mysql error handling #566 * implemented new request logging convention #565 * fixed remote test timing issue #512 * more comprehensive email address validation #573 * added CHANGELOG :) train-01 * all the things