fxa-profile-server/CHANGELOG.md

1.123.0 (2018-10-16)

Features

• profile: invalidate cache when profileChangedAt is older than id token value (556a682)
• profile: invalidate cache when profileChangedAt is older than id token value (#343), r=@r (a26db23)

1.122.0 (2018-10-02)

1.121.0 (2018-09-18)

Bug Fixes

• ci: remove nsp (d671905), closes #338 #339

1.120.0 (2018-09-06)

1.119.0 (2018-08-21)

1.118.0 (2018-08-08)

Features

• scopes: Use shared code lib for checking OAuth scopes. (#329) r=@vladikoff (4602fc8)

1.117.0 (2018-07-24)

chore

• release: Merge mozilla/train-115 into master r=@shane-tomlinson (d30540f)

1.116.0 (2018-07-11)

chore

• release: Merge mozilla/train-115 into master r=@shane-tomlinson (d30540f)

1.115.0 (2018-06-27)

Bug Fixes

• docs: Include "displayName" in example profile response. (#326) r=@vladikoff,@eoger (b3b7e90), closes #325

Features

• ci: migrate to CircleCI 2 (#321) r=@jbuck (56e8d1e)

1.114.1 (2018-06-13)

Bug Fixes

• docker: base image node:8-alpine and upgrade to npm6 (9d2dc18)

1.114.0 (2018-06-13)

1.113.0 (2018-05-30)

1.112.0 (2018-05-16)

1.111.0 (2018-05-02)

Features

• node: update to node 8 (#319) r=@jrgm (5138b86)

1.110.0 (2018-04-18)

Bug Fixes

• mozlog: fix deprecation warning (#315) r=@vladikoff (5050602), closes [(#315](https://github.com/(/issues/315)
• npm: update to npm5 (#317) r=@shane-tomlinson (6b45955)
• traceback: add mock for summary logs in tests (#314) r=@vladikoff (39b4ab2), closes #203

Features

• cache: Clear cache when receiving a "profileDataChanged" event. (#318); r=vbudhram (23a7cbc)

1.109.1 (2018-04-13)

Bug Fixes

• cache: Ensure profile caching respects OAuth scopes. (#4); r=vladikoff,philbooth (68dc42b)

1.109.0 (2018-04-04)

Bug Fixes

• node: Use Node.js v6.14.0 (#312) r=@vladikoff (8e91e81)

chore

• tests: Use nyc for code coverage. (ecb4fec)

Features

• amr: Report authentication info in profile data. (afdbcf1)

1.108.0 (2018-03-21)

Bug Fixes

• buffer: Clean up 'Buffer' calls to deprecated API (#310) r=@vladikoff (ed50ba1), closes #309

1.107.0 (2018-03-07)

chore

• deps: Update hapi to v16.6.3 (#308) (7120d49)

Features

• avatars: enable default avatar (#304) r=@rfk (01b0e41)
• avatars: enable default avatar (#307) r=@rfk (9b33666)

Reverts

• avatars: enable default avatar (#304) (#305) r=@rfk (158eb63)

1.106.0 (2018-02-21)

chore

• deps: update deps, fix nsp (#301) r=@philbooth (168aca3), closes [(#301](https://github.com/(/issues/301)

1.104.0 (2018-01-24)

Bug Fixes

• config: mark config sentryDsn and mysql password sensitive (#298) r=@vladikoff (f7a3717)

1.103.0 (2018-01-09)

Bug Fixes

• node: use node 6.12.3 (#296) r=@vladikoff (777fde2)

1.100.0 (2017-11-15)

Bug Fixes

• logging: Don't log raw numbers as log msg. (#293) r=@jbuck,@vladikoff (e07e96b)
• node: use node 6.12.0 (#294) r=@vladikoff (e2573ae)
• travis: run tests with 6 and 8 (fa29eae)

1.98.0 (2017-10-26)

chore

• docker: Update docker node to 6.11.5 (#290), r=@jbuck (3d8e6b3)
• nsp: nsp updates (#289); r=philbooth (b36c437)

1.97.0 (2017-10-03)

chore

• ci: only test node 4, update nsp (#286) (0cdcc41)
• docs: cleanup docs for POST /v1/avatar (#283) (fafff0e)

Features

• sentry: add Sentry error reporting (#284) r=vbudhram (fed2da7)

1.96.0 (2017-09-19)

Features

• cache: Delete user cache on email change (#282), r=@rfk (5c63044)

1.95.1 (2017-09-13)

chore

• deps: Update hapi to latest version. (#281) r=vladikoff (08ba257)

1.95.0 (2017-09-06)

Bug Fixes

• deps: shrinkwrap (95190ce)

Features

• deps: add git to docker build (147c32d)

Refactor

• lint: remove jscs, update eslint rules (cbe383a)
• routes: remove the deprecated avatar list route (8cf798b)

1.94.0 (2017-08-22)

Bug Fixes

• newrelic: update to v2.1.0 (0b32bbb)

1.93.0 (2017-08-09)

Bug Fixes

• displayName: length validation in post (#275) r=vladikoff (21ca175)

1.92.0 (2017-07-26)

Bug Fixes

• timeout: bump generateTimeout to 11 seconds (#274) r=vladikoff (7b5ed1b)

chore

• config: update cache emails to support yahoo (#272) r=vladikoff (b01ab7a)

1.91.0 (2017-07-12)

Bug Fixes

• cache: fix cache config (ce13b92)
• cache: register server method on server creation (29ce561)
• nodejs: upgrade to 6.11.1 for security fixes (1cc9ca6)
• startup: exit if server.start() returns an error (b46d879)

Features

• avatar: allow deleting the default avatar by not sending an id (#267) r=vladikoff (41c4e78)
• config: fix generateTimeout default setting in profile caching (#260) r=jbuck (f46888c), closes [(#260](https://github.com/(/issues/260)
• node: upgrade to Node 6 (d4c8ec3)

1.90.2 (2017-07-10)

Bug Fixes

• cache: fix cache config (ce13b92)
• cache: register server method on server creation (29ce561)
• startup: exit if server.start() returns an error (b46d879)

Features

• config: fix generateTimeout default setting in profile caching (#260) r=jbuck (f46888c), closes [(#260](https://github.com/(/issues/260)
• node: upgrade to Node 6 (d4c8ec3)

1.90.1 (2017-06-29)

Bug Fixes

• cache: fix cache config (e786768)

1.90.0 (2017-06-28)

chore

• logs: add logging for caching profile (#256) r=vladikoff (28d55b7)
• npm: update newrelic to 1.40.0 (#257) r=vladikoff (6b34c03)

Features

• cache: request caching for profile (#253) r=vladikoff (814dd7f), closes #242

1.89.0 (2017-06-14)

Features

• db: support emoji in display name (#248) r=rfk,jrgm (90da3fa)

1.88.0 (2017-05-31)

Bug Fixes

• docker: push to circle branch tag instead of latest (#249) r=vladikoff (811d89d)

chore

• docker: remove old docker file (#245) (b433360)

Features

• docker: allow feature branches (#246) r=jrgm (8f5821f)

Refactor

• avatar: remove POST avatar (8fde69e), closes #244

1.86.0 (2017-05-03)

chore

• deps: Update shrinkwrap (49302fe)

1.85.0 (2017-04-19)

chore

• docker: Use official node image & update to Node.js v4.8.2 (#243) r=vladikoff (c67c9f1)

1.84.0 (2017-04-04)

Features

• push: notify the auth-server when profile updated (8f89dad)

1.83.0 (2017-03-21)

Bug Fixes

• config: only force this settting if it's the default value (54fcef1)
• version: use cwd and env var to get version (bcf9666)

1.82.1 (2017-03-09)

Bug Fixes

• docker: Pin graphicsmagick to Alpine Linux v3.5 repo (ae07870)

1.82.0 (2017-03-09)

Bug Fixes

• logs: add client_id to summary logs (#235) r=seanmonstar (e4769b3), closes #234

chore

• docker: Update to node v4.8.0 (#237) r=vladikoff (9dd59e9)

0.79.0 (2017-01-25)

Bug Fixes

• config: load proper development configuration (dd7aee0)
• docker: Use shrinkwrap when installing (#232) r=vladikoff (e797475)
• headers: add cache-control headers to api endpoints (edc7d5e)

Refactor

• headers: re-use same header checks for all tests (14e798c)

0.78.0 (2017-01-10)

Bug Fixes

• config: make NODE_ENV consistent across servers (#227) (a7a822e)
• security: enable x-content-type-options nosniff (fb5a05d)
• security: enable X-XSS-Protection with 1; mode=block (219fe99)
• security: set x-frame-options deny (b033f93)

Features

• mysql: Ensure db connections always run in strict mode. (#221); r=seanmonstar (b10b88c)

0.76.1 (2016-12-19)

Bug Fixes

• avatars: only delete avatars if avatars set (adf16cf)

0.76.0 (2016-12-13)

chore

• deps: Update requests depdendency (#225) r=vladikoff (39fe21a)
• nodejs: Upgrade to Node.js v4.7.0 (39adfb8)

0.75.0 (2016-11-30)

Bug Fixes

• docs: remove old docs (b4194f0)
• tests: add 410 gone tests (3848d8b)

chore

• shrinkwrap: add npm script for shrinkwrap (#224) r=vladikoff (4546e4e), closes #223

Features

• hpkp: Add hpkp headers to all requests (#207) r=vladikoff (9bbdf88)
• newrelic: add optional newrelic integration (#222) r=vladikoff (d78c64c)

Refactor

• avatars: remove avatar list and some selected avatar logic (2bac088)

0.74.0 (2016-11-15)

Bug Fixes

• docker: Shrink docker image size (#220) r=vladikoff (37f7402)

chore

• nodejs: Upgrade to Node.js v4.6.2 (a428830)

0.73.1 (2016-11-08)

chore

• nodejs: Upgrade to Node.js v4.6.1 (20a7f7b)

0.73.0 (2016-11-02)

Bug Fixes

• config: log config at info level at startup (57adbe5)
• travis: build on node 4 and 6 (ff81c7c)

chore

• config: remove obsolete awsbox config file (#215) (80b2709)

0.71.0 (2016-10-05)

Bug Fixes

• config: Add env key to required config variables (232480f)
• config: Add env key to required config variables (#211) r=vladikoff (3ad6ae6)
• deps: downgrade to hapi 14 (#213) r=vladikoff (2df72b6)
• deps: update to latest hapi, joi and boom. requires node 4+ (d975d21)

0.70.0 (2016-09-21)

Bug Fixes

• log: add remoteAddressChain to summary (#208) r=jrgm (05ae545)

0.68.0 (2016-08-24)

Features

• customs: turn off customs until server support, update tests (#206) (629fb31)
• server: rate limit avatar uploads (#201) r=vladikoff (954c1a1), closes #132

0.67.1 (2016-08-10)

Bug Fixes

• tests: fix docker racing tests (d50aa7f)

chore

• docs: add circleci badge (ba1ecb4)

0.67.0 (2016-08-10)

Bug Fixes

• config: Add production as allowed environment (ceec964)
• config: Add production as allowed environment in code (c8c1c22)
• config: only allow https gravatars (#204) (08b44fa)
• config: Quoting syntax (2eb7235)
• deps: update dev dependencies (37e73bc)
• deps: updating prod dependencies (0138ffa)
• dev: stop all child servers if one crashes (0922c16)
• docker: Output version.json in RPMflow and Dockerflow compatible locations (2648593)

chore

• config: Remove unused git key from config (548937a)
• deps: Update Dockerfile to node@0.10.46 (1ce332c)
• release: bump version with 'grunt version' (#200) r=jrgm,vbudhram (1fe5765), closes #73

Features

• docker: Add npm scripts for starting web server & worker (98e3374)
• docker: Switch to exec so signals get passed through correctly (34ba601)

0.63.0 (2016-06-02)

Bug Fixes

• docker:
  • Back to the original login config (a9a0ab4c)
  • Docker login still requires email (65b8dd12)
  • Login to Docker Hub (90df64a0)
  • Quote environment variables (5632c3d0)
  • Replace "commit" with "hash" (058edccf)
  • Display version.json in CircleCI output (b39e7658)
  • Re-order directory creation (660d61b2)
  • Copy pre-install script before running install (b7139363)

Features

• docker:
  • Add CloudOps Dockerfile & CircleCI build instructions (b18c78f7)
  • Add /lbheartbeat endpoint for Dockerflow compatibility (d4f3863d)

0.61.0 (2016-05-04)

Bug Fixes

• avatars: protect graphicsmagick from CVE-2016-3714 (51d35cd5)

0.59.0 (2016-03-30)

0.57.0 (2016-03-05)

Bug Fixes

• display_name: Disallow astral characters in display_name. (b2c9e1d6)

Features

• docker: Additional Dockerfile for self-hosting (f493869b)

0.53.1 (2016-01-13)

Bug Fixes

• server: profile scope is more selectively inserted into routes (30f20073)

0.53.0 (2016-01-04)

Bug Fixes

• travis: build and test on 0.10, 0.12 and 4.x (41acdda1)

Features

• openid: make /v1/profile act as the OIDC UserInfo endpoint (a86d0d4d, closes #175)

0.50.1 (2015-12-01)

Bug Fixes

• email: improve handling of 4XX errors from auth server. (835f7244)

0.50.0 (2015-11-18)

Bug Fixes

• build:
  • add grunt-nsp (6a62bdfe, closes #161)
  • remove shrinkwrap validate (db93e4e0)
• config: adjust lib gm limits for aws (daff6c6f, closes #167)
• mysql: fix patcher version check to enforce patch >= n (8db250f7, closes #131)
• server: set nodejs/request maxSockets to Infinity (65efc72c, closes #102)
• upload: add gm image identification (55b0744e, closes #96)
• worker: disable gzip encoding on requests to local worker (40dfefd5, closes #98)

Features

• email:
  • fetch email from auth-server /account/profile (aa3a140b, closes #165)
  • fetch email from auth-server /account/profile (cc706457, closes #165)

0.49.0 (2015-11-03)

Bug Fixes

• avatars: graphicsmagick processing limits (93edc141, closes #57)

0.48.0 (2015-10-20)

Bug Fixes

• avatars: add configuration to adjust avatar upload size (bc86f168, closes #158)
• server: prevent null exception when oauth server is down (cf1dc35d, closes #151)

0.47.0 (2015-10-07)

Features

• display_name: return 204 if user does not have a display name (544e3323, closes #144)

0.46.0 (2015-09-23)

Features

• logging: add avatar.get activity event (18cc9b93, closes #146)

0.45.0 (2015-09-11)

Bug Fixes

• run_dev: add rimraf dependency back (29c076d6, closes #138)
• version: use explicit path with git-config (aa6535f2)

0.44.0 (2015-08-26)

Bug Fixes

• config: add options events.region and events.queueUrl (4c3c4135)
• display_name: Don't allow control characters in the display_name field. (5b9e20d2, closes #126)
• server: return errno 104 if oauth server is drunk (3bd6b14d, closes #121)

Features

• events: add events to delete user data when account is deleted (79d98a3d, closes #127)

0.42.0 (2015-07-22)

Bug Fixes

• display_name: allow a blank display name (e27223dd)

<a name"0.39.0">

0.39.0 (2015-06-10)

Features

• avatar: Add etag to the profile avatar API endpoint (07569c5d)
• profile: add etag to profile API endpoint (dcf1bb64)

0.36.0 (2015-04-30)

Bug Fixes

• db: race condition when asking for db multiple times at startup (1bc2cae5)

Features

• profile: return all /profile pieces that scopes allow (35a4875f, closes #108)

<a name"0.35.0">

0.35.0 (2015-04-13)

Bug Fixes

• changelog: set package.json repository correctly so conventional-changelog creates valid UR (17100542)
• test:
  • set maxSockets to Infinity for real (d2795966)
  • expect new default size of 200x200 (18f130f9)

Features

• displayName: add a profile table with a displayName field (ad6488eb)
• mysql: use mysql patcher to allow incremental schema updates (2fbfbbda)

0.33.0 (2015-03-16)

Bug Fixes

• docs: note "avatar" field in /v1/profile response (0698d434)

Features

• avatar: add support for multiple image sizes (187b0766, closes #68, #89)
• test:
  • in load test, make image deletion optional (b388fb62)
  • in load test, add delete after download (4a433260)

0.31.0 (2015-02-17)

Features

• docker: Dockerfile and README update for basic docker development workflow (d424fb66)
• images: delete images from s3 when asked to (ec25152b)

0.26.1 (2014-11-17)

Bug Fixes

• avatars:
  • properly detect and report image upload errors (902d0e68, closes #79)
  • return the profile image id after a post or upload (85ffefc9)
• config: use ip addresses instead of localhost (58defb67)
• logging:
  • remove spaces from logging op name (41fad890)
  • remove spaces from logging op name in the worker (290c9ed7, closes #77)

Features

• logging: use mozlog with heka format (b27b48bf, closes #71)
• server: enable HSTS maxAge six months (248e2e48)

Breaking Changes

• Both the config and the output for logging has changed. Config can be removed, as the defaults are what should be used in production. (b27b48bf)

0.26.0 (2014-11-12)

Features

• logging: use mozlog with heka format (b27b48bf, closes #71)

Breaking Changes

• Both the config and the output for logging has changed. Config can be removed, as the defaults are what should be used in production. (b27b48bf)

0.24.0 (2014-10-20)

Features

• server: enable HSTS maxAge six months (248e2e48)