v1.84.0 * fix(tests): Correctly rate limit sms by ip address (#191), r=@rfk v1.83.0 * fix(tests): Update config and testing for sms (#189) r=vladikoff * fix(docs): Add notes for sms (#184), r=@shane-tomlinson v1.82.0 * feat(docker): add Docker support (#176) r=vladikoff,jbuck * chore(package): Use ip-rep service client with keepalive enabled (#181) r=vladikoff * fix(shutdown): Fix deferred call of process.exit(code). (#183); r=jrgm v1.81.0 * fix(reputation): add more (positive) logging to reputation service requests (#179), r=@vbudhram * feat(blocklist): Add support to specify the block level for multiple blocklists (#167), r=@rfk * fix(config-set): Don't attempt to merge array-valued config items. (#171); r=jrgm v0.80.0 * Fix rep service config (#172), r=@vbudhram, @jrgm * fix(tests): remove old code coverage tool (#173), r=@vbudhram * feat(sms): Add support for rate-limiting sms actions (#161), r=@philbooth, @rfk * fix(startup): Exit process on any startup error. (#169), r=@rfk * fix(timers): Unref all the update-polling timers. (#170); r=vbudhram * refactor(tests): Add ability to debug child processes (#162), r=@rfk v0.79.0 * fix(retryAfter): Round blocking periods up instead of down. (#159), r=@vbudhram * feat(config): Merge with existing config when writing to memcache. (#151) r=vladikoff * feat(ipreputation): Use IP reputation service from /check (#152), r=@vbudhram * fix(test): increase rateLimitInterval for send_violation_tests (#157), r=@vbudhram v0.78.0 * fix(config): remove mockmyid rate limit, add second restmail (#156); r=rfk * fix(docs): Add note about commit messages (#155); r=rfk * chore(shrinkwrap): add npm script for shrinkwrap (#150) r=vladikoff * Send violations to ip service (#148), r=@vbudhram v0.72.1 * fix(ip_record): Correctly total bad logins by unique email address. v0.72.0 * fix(blocklist): Convert date to milliseconds for file comparison (#143); r=rfk * feat(blocklist): Add latest firehol sample list (#144); r=rfk * fix(logging): Don't attempt to log a 'msg' field. * chore(config): Don't set allow ALLOWED_IPS by default. (#138); r=jrgm * chore(lint): Fix up some linty issues noticed in PR review. * feat(requestChecks): Backport "requestChecks" framework from private repo. * fix(unblock): Return `unblock` value for IPs on a blocklist v0.71.0 * feat(unblock): add unblock rate limits (#131) * fix(dependencies): update restify to 4.1.1 (#135) * feat(verify-code): Add rate-limiting of code verification attempts. (#132) * fix(settings): Fix reloading of nested settings from mecmached (#133) * feat(blocklist): Add IP blocklist module (#117) v0.68.0 * feature(newrelic): add optional newrelic integration v0.66.0 * feat(server): Remove account lockout * feat(server): Remove `badLoginLockout` config and EmailRecord.lf (loginFailure) related code. * fix(tests): add coveralls and enforce coverage v0.64.0 * chore(travis): drop node 0.12 v0.61.0 * feat(email): Add config option to avoid blocking certain email domains * feat(scripts): added admin scripts: block-ip and customs-info v0.60.1 * feat(ip): Count IP rate limits based on unique emails only. v0.60.0 * some *sharp* tools for updating the configs in memcache * feat(config): Allow config to be udpated via memcached * chore(deps): updated deps * fix(ip): Pass updated config params to ip_record in the ban-handling script. * fix(ip): Be less aggressive about extending IP rate-limit duration. * feat(login): Allow different bad-login errnos to have different weights. * fix(ip): Don't rate-limit email sending based on IP address alone. * fix(ips): Add ALLOWED_IPS environment variable for config. * feat(ip): Add config option for list of allowed ips. * feat(iprecord): record errno and ratelimit when errno is 102 * fix(blocking): Send block for all requests if memcache is down * fix(lifetime): ensure memcache lifetime is set in more places * fix(lifetime): Ensure records are written with sufficient ttls in memcache. * fix(logins): combine limiting for bad logins and rate * feat(logins): Count rate-limited login attempts as failed logins. * fix(check): Include more action names in various checks. * fix(config): add more config to ip rate limits * fix(lock): add ip lock test * block bad logins per ip * fix(style): Fix some typos 0.57.0 * feat(api): Add check account status # 99 * fix(config): restore top-level "config" dir for $(NODE_ENV).json files. #100 * refactor(lib): Put all the code inside a "lib" subdirectory. #98 0.55.0 * chore(docs): remove misleading reference to awsbox #95 * fix(travis): build and test on 0.10, 0.12 and 4.x #94 * fix(build): add grunt-nsp #93 * fix(travis): remove broken validate-shrinkwrap #92 0.45.0 * chore(version): generate legacy-format output for ./config/version.json - #90 * chore(travis): Tell Travis to use #fxa-bots - #88 * chore(build): Replace JSHint with ESLint - #87 0.39.0 * chore(config): Update convict and switch on strict validation - #85 * chore(license): Update license to be SPDX compliant - #82 * chore(shrinkwrap): update ass to what other modules use; update shrinkwrap - #86 0.36.0 * chore(travis): build/test on 0.10, 0.12, and iojs * chore(travis): quiet validate-shrinkwrap failure on security warning on module - #81 0.34.0 * fix(release): add tasks "grunt version" and "grunt version:patch" to create release tags * fix(tests): files were not being linted; so now, make jshint happy * chore(shrinkwrap): update shrinkwrap 0.33.0 * Add separate timer and config for badLoginLockoutInterval - #75 * Various code-structure and documentation cleanups - #71, #74, #78 0.6.0 * Add more logging when handling sqs ban events - #73 0.5.0 * Block all actions for emails that are explicitly banned - #70 0.4.0 * Validation errors should return 400 errors, not 500 - #68 * Document the current blocking and rate-limiting policies - #63 0.3.0 * Add support for account lockout on excessive login attempts - #58, #60 * normalize email addresses (compare the lower case values) - #59, #62 0.2.0 * update request and restify for new qs module * update ass version * use npm shrinkwrap 0.1.1 * Remove redundant memcache.host and memcache.port settings * expose all configuration settings to the environment; add option memcache.address to work with previous puppet settings * removing npm spinner from travis logs 0.1.0 * init