Hi All,
This week we're shipping FxA train-81 to production, with the
following highlights:
* The auth-server now properly validates all query-string
parameters and will discard any that it does not recognize.
* All the pieces are now in place for users to SMS themselves
an install link for mobile Firefox after creating an account.
This feature will be deployed behind a hidden URL for now in
order to allow for live QA; if all goes well then we'll start
rolling it out to regular users in the next train.
* The ability to email yourself an "authorization code" when you
get blocked for security reasons, has graduated from "experimental
feature" to "regular part of the product".
* Connected devices will now only recive the "a new device started
syncing" notification when the new device is actually ready to sync;
previously it would occur if if the user did not confirm the sign-in
on the new device. Thanks to @eoger for contributing this fix!
* The "ip profiling" feature has been disabled in our dev environments,
where it was causing confusion by hiding the sign-in confirmation
experience for most devs most of the time.
* We now keep track of which emails have produced a hard bounce or
have flagged our messages as spam. This will be used to avoid
re-sending emails to known-bad destinations and will hopefully
help increase our overall sender reputation.
* Our flow-event metrics will now include an (anonymized) uid and
the user's locale. This will help us better judge the success
of upcoming experiments, by letting us measure their impact on
long-term behaviour like second-device connections and retention.
* When a user signs out, we now take extra care to remove any sensitive
data left over in localStorage.
* Hitting the `ESC` key in a settings view should now correctly escape
you from what you were doing.
* The oauth-server now enforces MySQL strict mode on each connection,
in case you forget to configure it on the DB by default.
* The customs-server can now choose between "blocking" and "log only"
modes for each individual list; previously all lists had to share the
same mode. With this change we're going to switch to blocking traffic
from some of the lists by default.
As always, you can find more details in the changelogs for each repo:
https://github.com/mozilla/fxa-auth-server/blob/v1.81.1/CHANGELOG.md
https://github.com/mozilla/fxa-auth-mailer/blob/v1.81.0/CHANGELOG.md
https://github.com/mozilla/fxa-content-server/blob/v1.81.0/CHANGELOG.md
https://github.com/mozilla/fxa-oauth-server/blob/v1.81.0/CHANGELOG.md
https://github.com/mozilla/fxa-customs-server/blob/v1.81.0/CHANGELOG.md
There are also detailed PR metrics included below if you're interested.
Cheers,
Ryan
------------
This train we had a total of 48 PRs and 58 reviews.
That includes work on the following features:
* FxA-105: ip blocklist: 1 PRs (now 7 / 7
= 100% complete)
* FxA-106: signin unblock: 1 PRs (now 44 / 44
= 100% complete)
* FxA-51: Mobile Push Pt1: post-verify page: 2 PRs (now 16 / 18
= 89% complete)
* FxA-53: Mobile Push Pt2: SMS install link: 9 PRs (now 26 / 33
= 79% complete)
* FxA-56: Email deliverability: 1 PRs (now 3 / 8
= 38% complete)
* FxA-57: verification reminder: 1 PRs (now 26 / 26
= 100% complete)
Along with 32 general quality improvements.
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
