1.134.1 (2019-04-02)
- deps: Fix the audit warnings. (6014d75)
1.134.0 (2019-04-02)
- docker: Use node 10 to build the docker image (2b124c2)
- server: Extract and simplify record retreival/storage, user defined rules. (6f73c3c)
1.132.0 (2019-03-05)
1.130.0 (2019-02-06)
- logs: preserve homogeneity of more log properties (bb91ab5)
- package: update shrinkwrap (28ad6d5)
1.129.0 (2019-01-25)
- logs: preserve homogeneity of log properties (469ca49)
1.124.0 (2018-10-30)
1.123.0 (2018-10-16)
1.122.0 (2018-10-02)
1.121.0 (2018-09-18)
- code: add custom rate limits for token code (cd949ae)
- deps: Remove nsp support, add npm audit support in logging only mode. (#274) r=@vladik (884909e), closes #271
- deps: Update to the newest restify. (#264) (d50ec32)
- restify: set keepAliveTimeout correctly on api.server object (#267) (17a4715)
- restify: set server.keepAliveTimeout to 120s, similar to in node6 (#266) (c10d339)
- deps: update ip-reputation-js-client to 4.1.0 (#263) r=@vladikoff (3fd7639)
- ci: update to circle 2 (#260) r=@vbudhram (c346bb8)
- code: add
recoveryKeyExists
to account status actions (#259) r=@vladikoff (1d7ea3b)
- circle: docker run --rm -it fxa-customs-server:build npm ls --production fxa#302 (5037ee8)
- release: Merge mozilla/train-115 into master r=@shane-tomlinson (5112862)
- reputation: adds compose based integration test with iprepd (#253) r=@vladikoff (458f94d)
- actions: Add 'verifyRecoveryCode' as a code-checking action. (fd4a1a3)
- docker: base image node:8-alpine and upgrade to npm6 (60a9013)
- tests: fix test-local.sh bug introduced in d177360 (3590801)
- deps: Update ip rep client to v3 (#247), r=@vbudhram (c40684e)
- deps: update ip rep client to v4 (#249) r=@vladikoff (ab1fb6e)
- tests: remove bash builtin from test-local.sh (#250) r=@vladikoff (d177360)
- ci: Remove coveralls from travis config (#246) (3a988b6)
- node: update to node 8 (#239) r=@jrgm (e8e2e45)
- sms: Reduce sms rate-limit interval to half an hour. (#235); r=philbooth (0ca8c52)
- tests: fix dependent tests (#234), r=@rfk (2633c4c), closes [(#234](https://github.com/(/issues/234)
- docs: Add documentation on tagging private releases. (#237) r=@vladikoff (2a8c180)
- totp: add totp rate limits (#233), r=@rfk (970f01e)
- node: Use Node.js v6.14.0 (#232) r=@vladikoff (de0ddc7)
- deps: update ip-reputation-js-client (#231) r=@vladikoff (abac95c)
- log: fix log op s/checkAuthenticated/checkIpOnly/ (13e6af4)
- deps: update deps, fix nsp (#229) r=@philbooth (d420b3a), closes [(#229](https://github.com/(/issues/229)
- api: add /checkIpOnly (ed22ea9)
- blocklist: Fix use of setImmediate to work with node 8 (#220) r=@vladikoff (c33a018), closes [(#220](https://github.com/(/issues/220) #212
- node: use node 6.12.3 (#223) r=@vladikoff (1f4d997)
- logs: add Sentry error logs (#224) r=@vbudhram (4cbc544)
- token: Add rate limit for tokenCodes (#225), r=@rfk (0f94081)
- sms: Load
allowedPhoneNumbers
from memcached! (6cc0ceb)
- sms: Store allowed phone numbers in a Set (17a9459)
- sms: Add an allow list of non-rate limited phone numbers for testing. (7822603), closes #217
- sms: Added tests for
change allowedPhoneNumbers
config (35c37d5)
- isAllowed: Add
isAllowed
to allowedIPs. (7951772)
- grunt: Commit new file CHANGELOG.md, not the old file CHANGELOG (e21820c)
- newrelic: Dockerpush fix newrelic must be first (#215) r=@vladikoff (bf06c0e), closes [(#215](https://github.com/(/issues/215)
- newrelic: newrelic native requires python, gyp, c++; update node@6.12.0 (#216) r=@vladikof (19920cc)
- docker: Update to node v6.11.5 for security fix (290e678)
- docs: document the dependency on memcached (#211) r=vladikoff (32f9083)
- server: remove mozdef integration (#209) (a682ae4), closes #204
- nodejs: upgrade to 6.11.1 for security fixes (ef20449)
- node: upgrade to Node 6 (#208) (7b20330)
- actions: add consumeSigninCode as an ACCOUNT_ACCESS_ACTION (08fca60)
- docker: add custom feature branch (#202) r=jrgm (159d53b)
- settings: pushOnMissing no longer updates on unexpected errors (a720749), closes #194
- sms: Add ability to rate-limit sms by email (#198), r=@rfk (e2f206c)
- deps: Update shrinkwrap (da6765a)
- security: escape json output (#193) r=vladikoff (720e7de)
- docker: Use official node image & update to Node.js v4.8.2 (#196) r=vladikoff (e7dd3c1)
- tests: Correctly rate limit sms by ip address (#191), r=@rfk (2a70689)
- docs: Add notes for sms (#184), r=@shane-tomlinson (1cd55b1)
- tests: Update config and testing for sms (#189) r=vladikoff (8fef3d1)
- shutdown: Fix deferred call of process.exit(code). (#183); r=jrgm (30be845), closes [(#183](https://github.com/(/issues/183)
- changelog: Update the changelog (c0434db)
- docs: add circle ci badge to README (63f30f6)
- package: Use ip-rep service client with keepalive enabled (#181) r=vladikoff (7c2b774)
- docker: add Docker support (#176) r=vladikoff,jbuck (b0cb1fa)
- config-set: Don't attempt to merge array-valued config items. (#171); r=jrgm (310fafb)
- reputation: add more (positive) logging to reputation service requests (#179), r=@vbudhram (a521224)
- blocklist: Add support to specify the block level for multiple blocklists (#167), r=@rfk (14e37c3)
- startup: Exit process on any startup error. (#169), r=@rfk (7a56e8b)
- tests: remove old code coverage tool (#173), r=@vbudhram (84d6ca4), closes #164
- timers: Unref all the update-polling timers. (#170); r=vbudhram (c5002be)
- sms: Add support for rate-limiting sms actions (#161), r=@philbooth, @rfk (dd30b0e)
- tests: Add ability to debug child processes (#162), r=@rfk (7a73ca4)
- retryAfter: Round blocking periods up instead of down. (#159), r=@vbudhram (a9f1932)
- test: increase rateLimitInterval for send_violation_tests (#157), r=@vbudhram (262c210)
- config: Merge with existing config when writing to memcache. (#151) r=vladikoff (a8f4d68)
- ipreputation: Use IP reputation service from /check (#152), r=@vbudhram (4f5d781)
- config: remove mockmyid rate limit, add second restmail (#156); r=rfk (d61ac26)
- docs: Add note about commit messages (#155); r=rfk (da057a2)
- ip_record: Correctly total bad logins by unique email address. (4f20fad)
- blocklist: Convert date to milliseconds for file comparison (#143); r=rfk (dfc173e)
- logging: Don't attempt to log a 'msg' field. (01d8e3d)
- unblock: Return
unblock
value for IPs on a blocklist (fa2c306)
- config: Don't set allow ALLOWED_IPS by default. (#138); r=jrgm (9545e7d)
- lint: Fix up some linty issues noticed in PR review. (623de15)
- blocklist: Add latest firehol sample list (#144); r=rfk (9f23903)
- requestChecks: Backport "requestChecks" framework from private repo. (5ddfcf1)
- dependencies: update restify to 4.1.1 (#135); r=rfk (9a7b93a)
- settings: Fix reloading of nested settings from mecmached (#133); r=vbudhram (101062c), closes [(#133](https://github.com/(/issues/133)
- blocklist: Add blocklist module (#117), r=@rfk, @seanmonstar (029111d)
- unblock: add unblock rate limits (#131); r=rfk (03c8c02)
- verify-code: Add rate-limiting of code verification attempts. (#132); r=vbudhram (1dc03ef)
- newrelic: add optional newrelic integration (bac4bbc)
- ip: Rate-limit all status-checking actions per IP. (9a4eaf5)
- release: Add changelog for v0.66.0 (ca57b82)
- server: Remove some left-over references to account lockout. (#124) r=vladikoff (383412c)
- block: ip record blocks trump all other conditions (112277f)
- server: Add uid_record and checkAuthenticated endpoint (#121) r=vladikoff,rfk (3a254c4)
- test: Modify test cases to use promises instead of callbacks (#123) r=vladikoff (6fadc52), closes #97
- server: Remove
badLoginLockout
config and EmailRecord.lf (loginFailure) related code. (28343cb) - server: Remove account lockout. (f409c6f), closes #120
- travis: drop node 0.12 (5bb758c)
- email: Add config option to avoid blocking certain email domains (e578c26)
- scripts: added admin scripts: block-ip and customs-info (5405ac5)
- blocking: Merge and now blocks all request on server-side error (484ff0c)
- blocking: Send block for all requests if memcache is down (721dffe)
- blocking: Send block for all requests if memcache is down (6955b6a)
- check: Include more action names in various checks. (a8f5892)
- config: add more config to ip rate limits (f52d913)
- config: update name values for ip ban (92a0008)
- handler: add new config values to handler.js (5ca3052)
- ip: Be less aggressive about extending IP rate-limit duration. (b8469d4)
- ip: Don't rate-limit email sending based on IP address alone. (6c2f892)
- ip: Pass updated config params to ip_record in the ban-handling script. (09dd129)
- iprecord: Fix calls to IpRecord.addBadLogin (13c339a)
- ips: Add ALLOWED_IPS environment variable for config. (4456e35)
- lifetime: ensure memcache lifetime is set in more places (3c3c722)
- lifetime: Ensure records are written with sufficient ttls in memcache. (5aff49c)
- lock: add ip lock test (30f8a5d)
- logins: add docs and simplify test (ed6790f)
- logins: add test and adjust rate limit (8d94c1c)
- logins: combine limiting for bad logins and rate (2f0aa17)
- style: Fix some typos (cafe245)
- tests: adjust config values for status check (746e9d5)
- tests: adjust login tests (7c4de25)
- deps: updated deps (9ad5ac9)
- config: Allow config to be udpated via memcached (8fa354a)
- ip: Add config option for list of allowed ips. (2632ae7)
- ip: Count IP rate limits based on unique emails only. (2773c40)
- iprecord: record errno and ratelimit when errno is 102 (37b4a1a)
- login: Allow different bad-login errnos to have different weights. (50c84e5)
- logins: Count rate-limited login attempts as failed logins. (4761653)
- config: restore top-level "config" dir for $(NODE_ENV).json files. (b853875)
- api: Add check account status (4df20b8)
- lib: Put all the code inside a "lib" subdirectory. (493984a)
- build: add grunt-nsp (816ae95)
- travis: build and test on 0.10, 0.12 and 4.x (4922a10)
- travis: remove broken validate-shrinkwrap (f01517b)
- docs: remove misleading reference to awsbox (8f9c06f)
- build: Replace JSHint with ESLint (dad97a5)
- shrinkwrap: update npm-shrinkwrap (cc6444b)
- travis: Tell Travis to use #fxa-bots (f835276)
- version: generate legacy-format output for ./config/version.json (129d885)
- config: Update convict and switch on strict validation. (d2168f9)
- license: Update license to be SPDX compliant (237f745)
- shrinkwrap: update ass to what other modules use; update shrinkwrap (06920e5)
- travis: build/test on 0.10, 0.12, and iojs (2818e43)
- travis: quiet validate-shrinkwrap failure on security warning on module (4b93b2b)
- changelog: changelog for train-34 (9f299cc)
- release: add tasks "grunt version" and "grunt version:patch" to create release tags (532f8c2)
- tests: files were not being linted; so now, make jshint happy (152b7f8)
- shrinkwrap: update shrinkwrap (e9c5d91)
- config: fix units typo in default config (6befc10)
- config: Add a badLoginLockoutIntervalSeconds configuration option. (429eec1), closes #75
- docs: Include a snipped about the memcached requirement. (2446f1a), closes #77
0.6.0
- Add more logging when handling sqs ban events - #73
0.5.0
- Block all actions for emails that are explicitly banned - #70
0.4.0
- Validation errors should return 400 errors, not 500 - #68
- Document the current blocking and rate-limiting policies - #63
0.3.0
- Add support for account lockout on excessive login attempts - #58, #60
- normalize email addresses (compare the lower case values) - #59, #62
0.2.0
- update request and restify for new qs module
- update ass version
- use npm shrinkwrap
0.1.1
- Remove redundant memcache.host and memcache.port settings
- expose all configuration settings to the environment; add option memcache.address to work with previous puppet settings
- removing npm spinner from travis logs
0.1.0
- init