Hi All,
This week we shipped FxA train-70 to production, with the following
highlights:
* User login events will now be tracked in a per-user 'security event
history', along with (a HAMC of) the originating IP address.
This first deployment is to gather metrics on whether and how
this information can be used to avoid sending a sign-in confirmation
email in some cases.
* We've re-enabled end-to-end testing of device push notifications,
using the production Mozilla push servers.
* Our new flow metrics now explicitly exclude 'account.signed' events
generated by our own code, to give a better picture of real user
activity and sign-in success.
* We've also added some new content-server-side flow events, such as
flow.engage, flow.attempt_signin, and flow.attempt_signup. These
will give us more detailed visibility into our login funnel.
* If an operation is blocked for rate-limiting or security reasons,
you will now see a description of how long you have to wait
before trying again.
* With the update to running node v4 in production, we've been able
to complete a number of long-standing dependency updates, and hence
remove several NSP warnings from our ignore list. This includes a
major update to Hapi, our web framework.
* When logging in with an unverified account, it's now the auth-server
that's responsible for re-sending the account verification email.
Previously this was the content-server's job, a responsibility split
that was making it difficult to iterate on our email-sending logic.
* Tablet devices are now detected and reported as such in the devices
view, and get a tablet-specific device icon.
* Our outgoing emails now include the name of the template as a custom
header, which will make it much easier for us to get metrics on
which emails are bouncing under what circumstances.
* Several front-end build process fixes for node v4 compatibility.
* The devices view now includes a modal "disconnect" dialog, through
which we can gather metrics on why users are disconnecting their
devices. It has also received several cleanups and we expect to
make it live for production users as part of this train.
* The "Open <Webmail_name>" button was not being run through the
translator. Now it is.
* In the choose-what-to-sync screen, "Tabs" is now "Open Tabs" to
give users a better udnerstanding of what it actually does.
* The content-server now embeds various config values directly in
the HTML rather then fetching them from a separate JSON endpoint,
which saves a round-trip on page load.
* And as usual, a broad bunch of smaller test and code-quality fixes.
As always, you can find more details in the changelogs for each repo:
https://github.com/mozilla/fxa-auth-server/blob/v1.70.0/CHANGELOG.md
https://github.com/mozilla/fxa-auth-mailer/blob/v1.70.0/CHANGELOG.md
https://github.com/mozilla/fxa-content-server/blob/v0.70.1/CHANGELOG.md
https://github.com/mozilla/fxa-oauth-server/blob/v0.70.0/CHANGELOG.md
https://github.com/mozilla/fxa-profile-server/blob/v0.70.0/CHANGELOG.md
I'm also experimenting with more detailed metrics about what PRs we
merged and why. The first draft is included below if you're interested,
and feedback most welcome!
Cheers,
Ryan
------------
This train we're shipping work on the following features:
* FxA-106: signin unblock: 1 PRs (now 4 / 14 = 29% complete)
* FxA-107: login event history: 2 PRs (now 5 / 5 = 100% complete)
* FxA-108: update deps: 3 PRs (now 3 / 4 = 75% complete)
* FxA-41: signin funnel metrics: 2 PRs (now 8 / 15 = 53% complete)
* FxA-83: signin confirmation: 2 PRs (now 56 / 59 = 95% complete)
* FxA-89: devices view: 3 PRs (now 26 / 31 = 84% complete)
As well as 26 general quality improvements.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
