1.112.0 (2018-05-16)
- deps: update to restify 7.1 and mysql 2.15 (#351), r=@rfk (4415850)
- restify: set a sane max param length value for restify (d84c827)
- restify: update param size (bb78be2)
- changelog: Add an "acknowledgements" section to some changelog entries. (#350) (5a27b0a)
1.111.0 (2018-05-02)
- npm: update shrinkwrap to npm 5.8 (#344) r=@jrgm (a841d06)
- tests: increase timeout on recovery code tests (#339), r=@jrgm (f202197)
- node: update to node 8 (#341) r=@jrgm (8bcc7dd)
- db: Fixes #340 Remove column createdAt on recoveryCode table (#342), r=@vbudhram (1b59224), closes #340 [(#342](https://github.com/(/issues/342)
1.110.0 (2018-04-18)
- codes: remove current recovery codes before applying migration (#337), r=@rfk (23cbc61)
- codes: update recovery code requirements (#333), r=@philbooth (2ca7d9f)
- devices: Rename pushbox capability to messages and add messages.sendtab capability (#335) (5a1535a)
1.109.0 (2018-04-04)
- codes: drop all codes when one is consumed (#326) r=@rfk (f6ab498)
- node: Use Node.js v6.14.0 (#332) (1400a26)
- unblock: update consume unblock code (#330) r=@vladikoff (9bdb47b)
- verify: update verifyWithMethod to update a session verification status (#329), r=@philb (9c433ba)
- mysql: Add config option for REQUIRED_SQL_MODES. (#334) r=@philbooth,@vladikoff (a229ddc)
- mysql: STRICT_ALL_TABLES and NO_ENGINE_SUBSTITUTION required in sql (#327) r=@vladikoff (c226b07)
Thanks to Yusuf Yazir y.yazir@rocketmail.com for suggesting a security improvement in the handling of unblock codes (Bug 1368827).
1.108.0 (2018-03-20)
- buffers: convert remaining Buffer to Buffer.from r=@vladikoff (5092779), closes #316
- db: remove database configuration option, hardcode 'fxa' (#314) r=@vladikoff (c2e21dd), closes #290
- email: Use email buffer for DEL ‘/email/:email’ route (#315), r=@vladikoff, @vbudhram (cc6e08b)
- test: correct promises error handling (#325) r=@eoger (7effcb3)
- api: remove bufferization from db layer (818edcf)
- devices: Devices capabilities (#320) r=@philbooth (4808a1c)
- node: update to node v6.13.1 r=@jbuck (7727d88)
- totp: initial recovery codes (#319), r=@philbooth (995d52b)
1.108.0 (2018-03-20)
- buffers: convert remaining Buffer to Buffer.from r=@vladikoff (5092779), closes #316
- db: remove database configuration option, hardcode 'fxa' (#314) r=@vladikoff (c2e21dd), closes #290
- email: Use email buffer for DEL ‘/email/:email’ route (#315), r=@vladikoff, @vbudhram (cc6e08b)
- test: correct promises error handling (#325) r=@eoger (7effcb3)
- api: remove bufferization from db layer (818edcf)
- devices: Devices capabilities (#320) r=@philbooth (4808a1c)
- node: update to node v6.13.1 r=@jbuck (7727d88)
- totp: initial recovery codes (#319), r=@philbooth (995d52b)
1.107.1 (2018-03-21)
- emails: Make all request paths containing an email use hex encoding. (#1); r=philbooth (6059aca)
1.107.0 (2018-03-07)
- tests: cleanup
sessionToken
endpoints and docs, r=@philbooth, @rfk (da2e9ef)
- totp: Add initial totp session verification logic (#309), r=@philbooth (ee19e1b)
- totp: vlad updates for totp (#313) r=@vladikoff (f6d603c)
1.106.0 (2018-02-21)
- token: Fix mem verifyTokenCode (#303), r=@rfk, @philbooth (6a4fb67), closes [(#303](https://github.com/(/issues/303)
- deps: update deps, fix nsp (#308) r=@philbooth (0d874f9), closes [(#308](https://github.com/(/issues/308)
- sessions: Add support for reauth on an existing session. (#305); r=philbooth (fdff3e9)
- totp: Add totp management api (#299), r=@philbooth (9b8efcb)
1.105.0 (2018-02-06)
- tests: make tests more independent (#293), r=@philbooth, @rfk (c7d3638)
1.104.0 (2018-01-23)
- pruning: Avoid accidental full-table scans when pruning session tokens. (#295); r=philboo (5c6622c)
- scripts: add SET NAMES to reverse migration boilerplate (#296), r=@vbudhram (0790b89)
- devices: return session token id from deleteDevice (a2dd244)
1.103.0 (2018-01-09)
- node: use node 6.12.3 (#291) r=@vladikoff (6080c0c)
1.101.0 (2017-11-29)
- codes: add support for verifying token short code (#287) r=@vladikoff,@rfk (ac0b814)
- dbserver: clean up the db server package (#289) r=@rfk (c3d8e6e)
1.100.0 (2017-11-15)
- newrelic: futureproofing comment and up to newrelic@2.3.2 with npm run shrink (#285) r=@vl (bfc1963)
- newrelic: newrelic native requires make, python, gyp, c++; update node 6.12.0 (#286) r=@vl (4b7e696)
- travis: run tests with 6 and current stable (failure not allowed anymore) (c4e0e98)
1.98.0 (2017-10-26)
- docker: Update to node v6.11.5 for security fix (7cc3251)
1.97.0 (2017-10-04)
- db: prune session tokens (again) (67bd8fb)
1.96.1 (2017-09-20)
- db: call latest version of the prune stored procedure (#281) r=vladikoff (2c34f2e)
1.96.0 (2017-09-19)
- tokens: revert session-token pruning (ecde71b)
1.95.1 (2017-09-12)
- mysql: update all device procedures to use utf8mb4 (#276) r=jbuck,rfk (7d22ad8)
- tokens: prune old session tokens that have no device record (8fad575)
1.95.0 (2017-09-06)
- docs: update node version in docs to 6 (63fbdf2)
- schema: add a pushEndpointExpired column to devices (d8e93c4)
1.94.1 (2017-08-23)
- db: add utf8mb4 support (#267) r=rfk (549d39f)
1.94.0 (2017-08-21)
- ci: remove node4 test targets from travis-ci (#270) r=vladikoff (9523d02)
- email: Remove emailRecord depreciation (#269), r=@philbooth (0a7c2c6)
- schema: add a uaFormFactor column to sessionTokens (#271) r=vladikoff (774b6c1)
1.93.0 (2017-08-09)
- docker: update to node 6 (#266) r=jbuck (7b13cea)
1.92.0 (2017-07-26)
- scripts: add a script to generate migration boilerplate (#261) r=vladikoff (45949c5)
- tests: don't make eslint a prerequisite for the tests (#258), r=@vbudhram (ddae438)
1.91.2 (2017-07-17)
- schema: drop the uaFormFactor column from sessionTokens (#262), r=@vbudhram (f23098a)
1.91.1 (2017-07-12)
- nodejs: upgrade to 4.8.4 for security fixes (450e931)
1.91.0 (2017-07-12)
- email: Add change email (#254), r=@philbooth (7253d09)
- email: correctly return
createdAt
when using accountRecord (#256), r=@philbooth (70a1a39) - schema: add a uaFormFactor column to sessionTokens (e99bc19)
1.90.0 (2017-06-28)
- eslint: update to latest eslint (#252) r=vbudhram (1157bb2)
- train: uplift train 89 (#253), r=@philbooth (06944e8)
- db: store flowIds with signinCodes (3fac7d7)
- email: Update procedures to use email table (#245), r=@philbooth, @rfk (b896063)
- tokens: Add ability to reset accounts tokens (#249), r=@philbooth (92199bc)
1.89.3 (2017-06-21)
- email: Don't use subquery on email verify update (#251), r=@jbuck (102dea4)
1.89.2 (2017-06-21)
- email: Remove temporary table from
accountEmails
query (#250), r=@rfk, @jbuck (e9d0335)
1.89.1 (2017-06-14)
- email: Add email table migration script (#247), r=@rfk, @jbuck (9ef8cbf)
1.89.0 (2017-06-13)
- db: enable signinCode expiry (2b53553)
- email: Keep account email and emails table in sync (#241), r=@rfk, @philbooth (78d5559)
- test: refactor our tests to use Mocha instead of TAP (0441ea9)
1.87.0 (2017-05-17)
- docs: update authors and node.js version in README (5610b92)
- email: Use correct delete account procedure (#231) (4a16bf3)
- docker: Use official node image & update to Node.js v4.8.2 (#225) r=vladikoff (2298e38)
- docker: add custom feature branch (#237) r=jrgm (d21a8df)
- email: Add get email endpoint (#227), r=@vladikoff, @rfk (8f5653c)
- signinCodes: migration and endpoints for signinCodes table (#235), r=@vbudhram (b740793)
- tokens: prune tokens older than 3 months (#224) r=vladikoff (fdc19c1), closes #219
1.86.0 (2017-05-01)
- docs: update authors and node.js version in README (6d89d30)
- docker: Use official node image & update to Node.js v4.8.2 (#225) r=vladikoff (2298e38)
- email: Add get email endpoint (#227), r=@vladikoff, @rfk (8f5653c)
- tokens: prune tokens older than 3 months (#224) r=vladikoff (fdc19c1), closes #219
1.85.0 (2017-04-18)
- install: add formatter to main package.json (#222) (f4cb995)
- security: escape json output (#220) r=vladikoff (13b9f70)
- dependencies: update all our production dependencies (#217) r=vladikoff (e008849)
0.83.0 (2017-03-21)
- config: Add environment variable for ipHmacKey (65f6d78)
- emailBounces: receive the email parameter in the url as hex (e1c078b)
- security-events: Correctly handle tokenless security events in mem backend (#215) r=vladikoff,sea (0f816cb)
- email: Add support for adding additional emails (#211), r=@seanmonstar, @rfk (1c436c9)
0.82.0 (2017-03-06)
- docker: add docker via Circle CI (#212) r=jbuck,seanmonstar (8f913be), closes #208
- sessions: update the sessions query to include device information (#203) r=vbudhram (70dcc5b)
0.81.0 (2017-02-23)
- email: Return
createdAt
when calling db.emailRecord (#209), r=@rfk (1a226cc) - reminders: adjust mysql procedures (#200) r=rfk (4b6a92d)
- style: replace tab char with a space (#207) r=rfk (44470ad)
- db: add emailBounces table (4fe29fa)
- tokens: add prune token maxAge and update pruning (#206); r=rfk (699c352)
- tokens: get the device associated with a tokenVerificationId (#204) r=vladikoff (7f45075)
0.76.0 (2016-12-13)
- schema: Complete final phase of several previous migrations (7eddbc9)
0.75.0 (2016-11-30)
- bufferize: Only bufferize params we explicitly want as buffers. (#182); r=philbooth (a461769)
- bufferize: Only bufferize params we explicitly want as buffers. (#187) r=vladikoff (aad12bb)
- bufferize: revert the extra bufferize logic (e913a66)
0.74.0 (2016-11-15)
- lint: Include ./bin/*.js in eslint coverage (6c8eeba)
- securityEvents: Stop writing to the
securityEvents.tokenId
column. (1e3763d)
- eventLog: Remove the unused "eventLog" feature. (a138e76)
0.72.0 (2016-10-19)
- securityEvents: Tweak securityEvents db queries based on @jrgm feedback (ffa5561)
0.71.0 (2016-10-05)
- travis: drop node 0.10 test config (c1b1841)
- travis: add node 6 explicitly to travis (#175) r=vladikoff (c1556ab)
- unblock: add unblockCode support (12fb9df)
0.70.0 (2016-09-24)
0.69.0 (2016-09-09)
- db: don't return zombie devices from accountDevices (6e5c2db)
- db: Fix the typo (7bfdf91)
- db: Update resetAccount to not delete from accountUnlockCodes (616602a)
- shrinkwrap: refresh shrinkwrap (83d94d4)
- newrelic: add optional newrelic integration (fca7e2e)
- db: Remove account unlock related code. (340e299)
0.68.0 (2016-08-24)
- db: ensure that devices get deleted with session tokens (840dda6)
- db: use an index when deleting device records by sessionToken id. (f5bbb60)
- scripts: add process.exit to populate script (7820fdc)
- scripts: ensure changelog is updated sanely (24376cc)
- scripts: add device records to the populate script (c235696)
- fix(deps): update dev dependencies #143
- fix(deps): update prod dependencies #144
- chore(readme): update travis status badge url
- fix(tests): switch coverage tool, add coveralls #145
- chore(deps): update to latest request and sinon #148
- feat(db): Remove account lockout #147
- fix(db): remove createAccountResetToken stored procedure and endpoint #154
- refactor(db): remove openId #153
- feat(db): Record whether we must verify each unverified token #155
- feat(db): implement verification state for key fetch tokens #138
- chore(travis): drop node 0.12 support #139
- feat(reminders): add verification reminders #127
- chore(mozlog): update from mozlog@2.0.3 to 2.0.5 #140
- chore(scripts): sort scripts alphabetically #140
- chore(shrinkwrap): add "npm run shrinkwrap" script #140
- feat(mx-stats): Add a script to print stats on popular mail providers #134
- feat(db): store push keys according to the current implementation #133
- feat(db): implement new token verification logic #132
- fix(logging): log connection config and charset info at startup #131
- fix(tests): adjust notifier tests monkeypatching to accept mozlog signature #130
- fix(logging): adjust logging method calls to use mozlog signature #130
- fix(tests): enforce mozlog rules in test logger #130
- fix(db): expunge devices in resetAccount sproc #128
- feat(devices): added sessionWithDevice endpoint
- chore(dependencies): upgrade mozlog to 2.0.3
- feat(docker): Additional Dockerfile for self-hosting #121
- docs(contributing): Mention git commit guidelines #122
- chore(deps): Update mysql package dependency to latest version #112
- fix(tests): Upgrade test runner and fix some test declarations #112
- fix(travis): build and test on 0.10, 0.12 and 4.x, and allow failure on >= 5.x
- chore(shrinkwrap): update npm-shrinkwrap.json
- fix(db): fix memory-store initialisation of device fields to null #117
- fix(version): print out constructor class name; adds /version alias #118
- chore(nsp): re-added shrinkwrap validation to travis
- fix(server): fix bad route parameter name
- feat(db): update devices to match new requirements
- reverted some dependencies to previous versions due to #113
- feat(db): add device registration and management endpoints #110
- feat(db): add endpoint to return a user's sessions #102
- feat(db): return accountCreatedAt from sessionToken stored procedure #105
- chore(metadata): Update package metadata for stand-alone server lib. #106
- fix(metrics): measure request count and time in perf tests - #97
- fix(metrics): append delimiter to metrics output - #94
- chore(version): generate legacy-format output for ./config/version.json - #101
- chore(metrics): add script for creating dummy session tokens - #100
- chore(metrics): report latency in performance tests - #99
- chore(eslint): change complexity rule - #96
- chore(metrics): add scripts for perf-testing metrics queries - #88
- There are no longer separate fxa-auth-db-mysql and fxa-auth-db-server repositories - assemble all db repos - #56
- preliminary support for authenticating with OpenID - #78
- feat(db): add script for reporting metrics #80
- feat(db): store user agent and last-access time in sessionTokens - #65
- refactor(config): Use human-readable duration values in config - #62
- fix(tests): used a randomized openid url - #92
- fix(db): default user-agent fields to null in memory backend - #90
- fix(server): prevent insane bufferization of non-hex parameters - #89
- chore(configs): eliminate sub-directory dotfiles - #69
- chore(package): expose scripts for running and testing db-mem - #71
- chore(project): merge db-server project admin/config stuff to top level - #74
- chore(docs): update readme and api docs for merged repos - #76
- reshuffle package.json (use file paths, not file: url) - #77
- chore(coverage): exclude fxa-auth-db-server/node_modules from coverage checks - #82
- fix(tests): pass server object to backend tests - #63
- refactor(db): remove verifyHash from responses - #48
- chore(shrinkwrap): update shrinkwrap for verifyHash removal - #61
- chore(shrinkwrap): update shrinkwrap, principally to head of fxa-auth-db-server - #63
- feat(api): Return the account email address on passwordChangeToken - #59
- chore(travis): Tell Travis to use #fxa-bots - #60
- fix(notifications): always return a promise from db.processUnpublishedEvents, fixes #49 - #52
- fix(npm): Update npm-shrinkwrap to include the last version of fxa-auth-db-server - #50
- chore(cleanup): Fixed some syntax errors reported by ESLint - #55
- fix(db): Return 400 on incorrect password - #53
- refactor(db): Remove old stored procedures that are no longer used - #57
- fix(npm): Update npm-shrinkwrap to include the last version of fxa-auth-db-server - #50
- Added checkPassword_1 stored procedure - #45
- Use array for Mysql read() bound parameters - #45
- chore(license): Update license to be SPDX compliant - #46
- refactor(lib): move most things into lib/
- build(travis): Test on both io.js v1 and v2
- chore(shrinkwrap): update shrinkwrap picking up lib changes in fxa-auth-db-server
- refactor(db): Change table access in stored procedures to be consistent - #36
- fix(db): Fix reverse patches 8->7 and 9->8 - #38
- fix(package): Remove uuid completely since no longer needed - #37
- chore(package): Update to mysql-patcher@0.7.0 - #39
- chore(copyright): Update to grunt-copyright v0.2.0 - #40
- chore(test): Test on node.js v0.10, v0.12 and the latest io.js - #41
- there was no train-35 for fxa-auth-db-mysql
- feat(events): Publish account events to notification server in a background loop - #25
- Note: this feature is disabled by default (see 'config.notifications.publishUrl'), and will not be enabled in train-34
- fix(notifier): allow us to use the json secret key from the auth-server directly for the notifier - #29
- fix(db): do not set createdAt, verifierSetAt or normalizedEmail here - #31
- fix(logging): load the logger from the new location - #32
- fix(release): add tasks "grunt version" and "grunt version:patch" to - #34
- chore(tests): Remove console logging during test run - #25
- chore(tests): Don't assume log.info message order during tests - #25
- chore(tests): Remove some apparently-unused files in 'test' directory - #25
- chore(package.json): add extra fields related to the repo - #30
- chore(shrinkwrap): update shrinkwrap - #33
- Log account activity events for later publishing to notification service - #20
- Fix tests to do more reliable error-message detection - #20
- Correctly pass pool name when getting a connection - #23
- Use mozlog for logging - #21
- Log memory-usage stats emitted by fxa-auth-db-server - #24
- Some documentation and packaging tweaks - #17, #18
- Add ability to mark an account as "locked" for security reasons - #7
- Add support for docker-based development workflow - #13
- Only fail with a DB patch level less than the one expected
- (hotfix) regenerated npm-shrinkwrap.json that uses the correct version of fxa-auth-db-server - #15