1.55.1 (2016-01-31)
- sessiontokens: effectively disable sessionToken updates (8c9597d)
1.55.0 (2016-01-28)
- tokens: extend token freshness threshold to 6 hours (cffc099)
- docker: Add Dockerfile for self-hosting (c96cec1)
- metrics: Added additional user info on statsd messages (fff4624)
- push: add account verification push updates (b4d5822), closes #1141
- deps: update changelog template to 1.1.0 (4f9af41), closes #1152
- docs: add activity events log (6c6c307), closes #312
- e2e-email: ko is now translated for some email strings (4aaf43f)
- shrinkwrap: update shrinkwrap, notably for auth-mailer and content-server-l10n (789cb8d)
- contributing: Mention git commit guidelines (d7bf16f)
1.53.0 (2016-01-12)
- events: emit an event for account reset so sync can update the generation (7a8a0ad
- e2e-email: update localQuirks for new translations (cy) (fb08283)
- log: add mozlog fmt properly (35d8291), closes #1138
1.51.1 (2015-12-15)
- e2e-email: update localQuirks for new translations (f9f31d6)
1.51.0 (2015-12-14)
- server: add missing lastAccessTime field to devices response (e28a4fa)
- server: require device name to be set explicitly (417f494)
- travis: install/use g++-4.8 for node 4.x build of scrypt-hash (f129b7b)
1.50.1 (2015-11-23)
- auth-db-mysql: update to latest fxa-auth-db-mysql @ 939f04e (34f2ffb)
- server: permit null values in devices response (3407f4e)
- server: return isCurrentDevice from /account/devices (c75a8a3)
- tests: ignore error on listen (when auth-db-mysql is already bound) (0bab602)
- tests: repair travis-ci mysql testing to ensure auth-db-mysql is used (6eb3639)
- tests: unskip tests now that they are translated (GH-995) (ebb60b6)
- travis-ci: check that auth-db-mysql reports "MySql" as constructor class name (cd0e28e)
- metrics: send email-bounce-related metrics to statsd. (203c054)
1.50.0 (2015-11-18)
- docs: fix docs typo (d238fa4)
- locale: reenable pt-PT locale (e6617f9)
- mail: update email support url (f051b21)
- oauth: look for the correct 'scope' param in oauth response, not 'scopes' (7fc5030)
- server: eliminate device validation discrepancies (6722204)
- server: refactor account promise chains to named functions (05e50aa)
- oauth: pass email=false when verifying oauth tokens (f1306c9), closes #1109
- server: implement device registration api (d7e976b)
1.49.0 (2015-11-04)
- e2e-email: update for sr localization of subject (40068d6)
- tests: Eliminate race condition in teardown of concurrent_tests (bc85618)
- tests: wait for email delivery in concurrent_tests (fe279ff)
- profile: Add oauth-authenticated /account/profile endpoint. (9ebec1a)
1.48.3 (2015-10-29)
1.48.2 (2015-10-23)
1.48.1 (2015-10-21)
- deps: shrinkwrap excludes fxa-jwtool->pem-jwk dep if pem-jwk is a devDep (ffe145e)
- deps: shrinkwrap excludes fxa-jwtool->pem-jwk dep if pem-jwk is a devDep (08f0dca)
1.48.0 (2015-10-21)
- email: stop sending new sync device emails (b7dcef4)
- server: optionally enforce a strict CORS origin (664d73e)
1.47.1 (2015-10-13)
1.47.0 (2015-10-08)
- i18n: Enable Romainian
rosupport. (c0f419b), closes mozilla/fxa-content-server#3125 - metrics: send account verification time to statsd (65870d3)
1.46.0 (2015-09-23)
- logging: use service query parameter in activityEvent (243879a)
- tests: changes for "Firefox Account Verified" in train-46 (e630ed6)
- tests: run mysql tests on travis (f90a8c1), closes #1032
- basket: send sync login events to basket (28842c7)
- db: add function to return user's sessions array (bfaddc5)
- logging: add createdAt to account.signed activity event (ab4d815)
1.45.0 (2015-09-14)
- db: decrease session token update frequency (6924fba)
- db: properly encapsulate session token update logic (92c94c1)
- loadtest: adjust url for /.well-known/browserid (85ddb43)
- metrics: properly report account.uid for account.created (da29324)
- tests: changes to allow setting accept-language for some requests (bdc9c36)
- tests: improved script to checking email of all supported locales (67ffcd1)
- tests: update loadtest build script to work with latest PyFxA. (08f4d2d)
- version: use explicit path with git-config (986b5b8)
1.44.0 (2015-08-28)
- config: update convict .root() to .getProperties() calls (4b6cab9)
- notifier: calling undefined log.level method throws (e413713)
- server: check errno on database errors (28627ee)
- server: improve identification of mobile user agents (cf947d2)
- tests: make smtp.redirectDomain configurable in remote tests (6adc10f)
- tests: unset user-agent fields are null (a2a7b10)
- db: store user agent and last-access time in sessionTokens (f0d80ff)
- l10n: add en-GB as a supported locale. (980236a)
- l10n: add fa as a supported locale. (c4b3bd2)
- metrics: add DataDog to activity events, email verified activity events (63842b0), closes #922
1.42.0 (2015-07-24)
- api: accept service as a query parameter (3d49b51), closes #961
- errors: convert missing parameter errors correctly (2bbdc7e)
- tests: add an EventEmitter to test/mailbox (4d0f95a)
- tests: skip 3 pt-BR specific tests due to no translation yet (4659017)
- tests: verifyHash should no longer be returned (7db5996)
1.41.0 (2015-07-07)
1.40.0 (2015-06-30)
- db: Test for 400 from checkPassword, which shows incorrect password (45c1ea3)
- password: Revert changes induced by #954 pull request (d3e3462)
- Add account notification emails. (34ae5d0)
1.39.0 (2015-06-11)
- docs: Fix Markdown link in api.md (b65a5a6)
- docs: update documentation for example verification code, from 64 to 32 chars (5c3bf0b), closes #937
- password: revert part of GH-943; currently in broken state (4a82735)
- test: add missing .bind's to deferred handlers (0eaf5b4)
- log: Add logging of various account event (8b22c23)
1.38.0 (2015-05-27)
- env: set RESEND_BLACKOUT_PERIOD to zero in development (068820c)
- env: updated development TRUSTED_JKUS to bring back support for the untrusted relier (1472e74)
- test: use a version of node-ass with updated node-temp (3b31c52)
- server: Log the
serviceandreasonparameters for/account/login. (fa7d1bd)
1.37.0 (2015-05-15)
- logging: configuration changes per @whd (f65106d)
- pool: Stop retrying requests to db-server (179e1b5), closes #921
1.36.0 (2015-04-28)
- l10n: pass config.i18n.defaultLanguage to fxa-auth-mailer (eddc014)
- mailer: add a soft check that we are using the same locales as content-server (0aa3da7)
- mailer: add some tests of various supported, unsupported and non-existent locales (341a512)
- mailer: split out the list of supported locales, for easier maintenance (0251cb8)
- tests: a config update now makes uk,hsb,dsb available (a18ceae)
- tests: update for some locales that have now translated fxa-auth-mailer strings (92a444b)
1.35.0 (2015-04-14)
- httpdb: Set verifierSetAt for resetAccount() (791ab91)
- options: -L, --locale <en[,zh-TW,de,...]>; Test only this csv list of locales (e0a79ae)
- travis: set --force flag on validate-shrinkwrap (327e4c3)
1.33.0 (2015-03-17)
- logging: log emailRecord.uid as a hex string, not a byte array (b9a1f67)
- server: Fix the "Cannot call method 'tooManyRequests' of undefined error. (03aae55), closes #665
train-32
- Add ability to put an account in "lockout" state after many auth failures - #867
train-32
- Add ability to put an account in "lockout" state after many auth failures - #867
train-31
- Don't forward restmail.net email addresses to basket API - #870
train-30
- Add more fine-grained logging on basket API errors - #839, #856
- Increase passwordForgotToken lifetime to 60mins - #862, #845
- Tell basket that locale="en-US" when the user doesn't provide one explicitly - #863
- Use shiny new PyFxA library for the python loadtests - #844
train-29
- increased basket logging #857
- deleted unused code #847
train-28
- updated hapi to 7.5.3
train-27
- updated fxa-auth-mailer for mail template changes
- added locale to basket api response logging
train-26
- no changes
train-25
- no changes
train-24
- added uid to /session/status #830
- updated dependencies
train-23
- improved operational affordances for scrypt max-pending limit #819
- Fixed JWT related bugs for preVerifyToken #824 #825
train-22
- basket API #818
train-21
- added 'preVerifyToken' optional parameter to /account/create #784
- reset customs state on password reset #798
- added 'resume' optional parameter to email sending endpoints #793
train-20
- limit the number of pending scrypt hashes #783
train-19
- belated major version 1 bump but maintain minor version count
- fixed uid logging issue #755
- nonceFunc logging is now trace instead of info level
- updated many dependencies
- removed awsbox
train-18
- fixed internal server error on /certificate/sign #771
- removed mysql and heap DB implementations #769
- fixed log uid encoding issue #765
- updated documentation
train-17
- added locale to account #751
- better db related error messages for httpdb #754
- updated customs-server #756
train-16
- updated hapi to 6.0.2
train-15
- allow routes to use a base path for hosting in a subdirectory
- updated dependencies
- use poolee module for HTTP requests
- code reorganization
train-14
- moved email sending into fxa-auth-mailer #730
- updated hapi-auth-hawk to mitigate bug (#700) #731
- added
use_httpsconfig option #728 - always return an error on
__heartbeat__failure #726 - updated documentation
train-13
- added contributing file #719
- added MPL license file
- fix for certificate sign requests when the provided key is invalid #717
- fixed hawk payload verification bug #713
- updated base email templates #709
train-12
- verify an account if its unverified when forgot password verification succeeds #694
- added 'accountRecreated' flag to the request summary log line #695
- deprecate smtp.verificationUrl and passwordResetUrl in favor of contentServer.url #696
- Update the URL for the customs server #702
- add http datastore api #684
train-11
- moved customs-server (fraud/abuse) to its own repo #685
- improved the email based rate-limiting behavior
train-10
- added email_bouncer.js for processing SES email bounces #678
- fixed an email validation bug #681
train-09
- noop
train-08
- added /account/status #656
- added basic email rate limiting #664
train-07
- improve concurrent duplicate request handling #626
- improved test coverage #628
- added SNS account delete notifier #629
- added fxa-verifiedEmail to the signed certificate #630
- removed dependency on redis #634
- added db_patcher for db migrations #643
- improved redirectTo domain validation
- updated readme design doc link #616
- added /password/forgot/status endpoint #636
- added /session/status endpoint #637
- exit key_server when stdout is piped and the other process exits
- improved mysql connection error handling
train-06
- stop logging OPTIONS requests #619
- fixed /verify_email uid parameter validation
- default config.env to prod #614
train-05
- fixed some i18n issues #611
- use npm shrinkwrap #603
- don't send verify emails to verified accounts #609
train-04
- added
lockdownfor stable dependencies #19 - refactored mysql.js #588
- allow repeat signup against unverified emails #593
- added cache-control to /.well-known/browserid #597
- collect loggable data before authentication #601
train-03
- upgrade hapi to 2.4.0
- fixed password reset account lockout bug #575
- upgrade mysql to 2.1.0
- added mysql stat log lines
- default mysql pools to 10 connections instead of 100
- improved mysql connection error handling #581
- check and cache ts+nonce pairs, not just plain nonces #584
- disable HAWK timestamp checking in authentication #585
train-02
- added
fxa-lastAuthAtto signed certificates #547 - load test enhancements
- fixed redirectTo bug in /recovery_email/resend_code #563
- updated mysql module from 2.0.0 to 2.0.1
- improved mysql error handling #566
- implemented new request logging convention #565
- fixed remote test timing issue #512
- more comprehensive email address validation #573
- added CHANGELOG :)
train-01
- all the things