Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
The Firefox Accounts authentication server.
JavaScript Shell Python Other
branch: master

Merge pull request #903 from chilts/set-verifier-set-at

fix(httpdb): Set verifierSetAt for resetAccount()
latest commit 1e2d080cd8
@dannycoates dannycoates authored
Failed to load latest commit information.
bin allow the sns notifier to be disabled in config
config allow the sns notifier to be disabled in config
crypto Refactor stat reporting to use opaque methods on each service.
db fix(httpdb): Set verifierSetAt for resetAccount()
docs Locked account updates.
grunttasks chore(release): add tasks "grunt version" and "grunt version:patch" t…
routes fix(logging): log emailRecord.uid as a hex string, not a byte array
scripts test(email): script to check delivery and content for all production …
server updated hapi to 8.2.0
test updated hapi to 8.2.0
tokens Remove unused data from the PasswordChangeToken class.
.gitignore reorganize test related files and removed unuse code
.jshintrc fixed jshint complaints
.travis.yml workaround for obsolete temp module 0.6
AUTHORS Use Hapi's builtin config for the Strict-Transport-Security header
CHANGELOG Release v1.33.0
CONTRIBUTING.md Update CONTRIBUTING.md
Gruntfile.js chore(release): add tasks "grunt version" and "grunt version:patch" t…
LICENSE Add a proper copy of the MPL
README.md Update README.md to show how to adjust log level
Vagrantfile changed vagrant synced_folder to rsync
bounces.js basket api notifier
customs.js Locked account updates.
error.js Locked account updates.
jwks.js Update from old jwcrypto to latest browserid-crypto.
log.js added a default uid to request.summary lines. fixes #755
mailer.js Initial account lockout work
npm-shrinkwrap.json Release v1.33.0
package.json Release v1.33.0
pool.js use err.message for pool errors when there's no body. closes #789
preverifier.js Update from old jwcrypto to latest browserid-crypto.
promise.js created promise.js for easy lib switching.
sqs.js basket api notifier

README.md

Firefox Accounts Server

Build Status

This project implements the core server-side API for Firefox Accounts. It provides account, device and encryption-key management for the Mozilla Cloud Services ecosystem.

Overview

Detailed design document

Detailed API spec

Guidelines for Contributing

Prerequisites

  • node 0.10.x or higher
  • npm
  • pgrep
    • Usually available by default on Mac OS X 10.8+ and Linux.
    • On older versions of Mac OS X, get it via: brew install proctools.
  • libgmp
    • On Linux: install libgmp and libgmp-dev packages
    • On Mac OS X: brew install gmp

Install

You'll need node 0.10.x or higher and npm to run the server. On some systems running the server as root will cause working directory permissions issues with node. It is recommended that you create a seperate, standard user to ensure a clean and more secure installation.

Clone the git repository and install dependencies:

git clone git://github.com/mozilla/fxa-auth-server.git
cd fxa-auth-server
npm install

To start the server in dev mode (ie. NODE_ENV=dev), run:

npm start

This runs a script scripts/start-local.sh as defined in package.json. This will start up 4 services, three of which listen on the following ports (by default):

  • bin/key_server.js on port 9000
  • test/mail_helper.js on port 9001
  • ./node_modules/fxa-customs-server/bin/customs_server.js on port 7000
  • bin/notifier.js (no port)

When you Ctrl-c your server, all 4 processes will be stopped.

Testing

Run tests with:

npm test
  • Note: stop the auth-server before running tests. Otherwise, they will fail with obscure errors.

Reference Client

https://github.com/mozilla/fxa-js-client

Dev Deployment

There is a development server running the moz-svc-dev AWS environment, at the following address:

https://api-accounts.dev.lcip.org/

It is managed using awsbox. You can force-push a particular version of the code by doing:

$> git remote add api-dev-lcip-org app@api-accounts.dev.lcip.org:git
$> git push api-dev-lcip-org HEAD:master

The dev deployment is configured to send emails via Amazon SES. If you need to re-create, or want to stand up a similar server, you will need to:

  1. Obtain the SES SMTP credentials; ping @rfk or @zaach for details.
  2. Deploy the new machine using awsbox.
  3. Configure postfix to use the SES credentials:
    1. Edit /etc/postfix/sasl_passwd to insert the SES credentials.
    2. Run /usr/sbin/postmap /etc/postfix/sasl_passwd to compile them.
    3. Edit /etc/postfix/main.cf to change 'relayhost' to the SES SMTP host (typically "email-smtp.us-east-1.amazonaws.com:587").
    4. Run service postfix restart to restart postfix.

There is also a "bleeding edge" development server that is configured to auto-update itself from the latest github master. It may be useful for testing out new protocol changes, but should be considered unstable for general development use:

https://api-accounts-latest.dev.lcip.org/

Configuration

To set the url of the content server, edit config.json on your deployed instance and add:

"contentServer": {
  "url": "http://your.content.server.org"
}

Troubleshooting

Firefox Accounts authorization is a complicated flow. You can get verbose logging by adjusting the log level in the config.json on your deployed instance. Add a stanza like:

"log": {
  "level": "trace"
}

Valid level values (from least to most verbose logging) include: "fatal", "error", "warn", "info", "trace", "debug".

MySQL setup

Install MySQL

Mac

Installation is easy with homebrew. I use mariadb which is a fork of mysql but either should work.

brew install mariadb

Follow the homebrew instructions for starting the server. I usually just do

mysql.server start

Linux

Install MySQL and start it.

Database Patches

Previously the database patches were contained in this repo and were run when the server started up (in development mode). However, there is a new backend service that this project will use as we go forward. Whilst the database connection and API code is still contained and used in this repo you should take a look at the fxa-auth-db-server repo for the SQL that you should run once you have your database set up, specifically the instructions on Creating the Database. Note where the schema patches live, in case you need them.

As we switch over to the httpdb backend, the instructions here and in the fxa-auth-db-server repo will be updated to clarify this. We know this isn't optimal for now but it is temporary during this transition.

Execution

Our test suite assumes mysql uses it's default configuration. See config/config.js for the override ENV variables if you have different root user password or other user. Now you should be able to run the test suite from the project root directory.

DB_BACKEND=mysql npm test

Or run the local server

DB_BACKEND=mysql npm start

Cleanup

You may want to clear the data from the database periodically. I just drop the database:

mysql -uroot -e"DROP DATABASE fxa"

The server will automatically re-create it on next use.

Using with FxOS

By default, FxOS uses the production Firefox Accounts server (api.accounts.firefox.com/v1). If you want to use a different account server on a device, you need to update a preference value identity.fxaccounts.auth.uri.

user_pref("identity.fxaccounts.auth.uri", "https://api-accounts.stage.mozaws.net/v1");
  • ./modPref.sh push prefs.js

License

MPL 2.0

Something went wrong with that request. Please try again.