Hi All, Before I dive into the usual shipping-a-new-train celebration email, let me share something that went out in a patch to train-70, just in case you missed it on the blog:
https://blog.mozilla.org/services/2016/10/06/device-management-coming-to-your-firefox-account/ That's right, the first version of the long-awaited "devices view" has begun its staged rollout to users! Expect to hear more about that over the coming weeks. Hot on the heels of that bit of excitement, this week we'll be shipping FxA train-71 to production, and it will carry with it the following highlights: * First up, special thanks go to the following community contributors who have code shipping in this train: * Divya Biyani, who contribted a bunch of fixes including: * normalizing the way we handle 503 and 429 error respones. * adding ellipses to the buttons on the settings page. * adding rel==noopener noreferrer to all external links. * fixing the error message displayed when trying to use a sign-in confirmation token that has already been consumed. * Sai Prashanth Chandramouli, who helped finalize some UI changes with our insecure password warning prompt. * Several new language tags have been added to the list of officially-supported locales, thanks to the completeness and timeliness of their localizers: * Spanish (es-ES and es-MX) * Telugu (te) * Romanian (ro) * Norwegian Nynorsk (nn-NO) * Latvian (lv) * Georgian (ka) * Kabyle (kab) * Indonesian (id) * Several improvements to our new "flow metrics" feature have landed, including: * flowIds now have a TTL of 2 hours, rather than 30 minutes. * flowIds are now accepted in password reset requests. * flow.begin events now include the name of the starting view. * flow.begin events now get a correct flowTime property. * A new flow event of clicking "already have an account". * The auth-server has been downgraded to version 14 of the Hapi web framework; unfortunately version 15 has a memory usage issue that means we can't deploy it to production. * We now include the name of the email template when we log info about an email bounce. This will give us some raw metrics on precisely which emails are bouncing, which should fuel some interesting ideas for how to improve. * We now rate-limit attempts to call /recovery_email/verify_code and other similar code-verifying endpoints, as an extra layer of security against someone trying to brute-force these codes. * We cleaned up our config handling in the auth-server by adding native RegExp support to convict, our configuration parsing lib. * We will now send connected devices a push notification after a successful sign-in confirmation, which should reduce both network traffic and user-perceived latency for users signing in to an existing account. * Our emails now include state information as part of the location string, where available. We've also swappred the order of the "IP" and "location" fields to improve understandability. * More fixes for our build process to ensure unique filenames for unique content. * Support for sign-in unblock has landed in customs-server, with the auth-server and content-server pieces expected in the next train. * Support for third-party IP blocklists has landed in customs-server. Over the coming weeks we'll try it out in metrics-gathering mode to evaluate several candidate blocklists. * :jbuck continued his mission to Dockerize All The Things. As always, you can find more details in the changelogs for each repo: https://github.com/mozilla/fxa-auth-server/blob/v1.71.1/CHANGELOG.md https://github.com/mozilla/fxa-auth-mailer/blob/v1.71.0/CHANGELOG.md https://github.com/mozilla/fxa-content-server/blob/v0.71.1/CHANGELOG.md https://github.com/mozilla/fxa-oauth-server/blob/v0.71.0/CHANGELOG.md https://github.com/mozilla/fxa-customs-server/blob/v0.71.0/CHANGELOG.md https://github.com/mozilla/fxa-profile-server/blob/v0.71.0/CHANGELOG.md https://github.com/mozilla/fxa-basket-proxy/blob/v0.71.0/CHANGELOG.md There are also detailed PR metrics included below if you're interested. Cheers, Ryan ------------ This train we are shipping work on the following features: * FxA-105: ip blocklist: 1 PRs (now 3 / 4 = 75% complete) * FxA-106: signin unblock: 1 PRs (now 7 / 18 = 39% complete) * FxA-108: update deps: 4 PRs (now 10 / 10 = 100% complete) * FxA-15: connected apps: 1 PRs (now 6 / 8 = 75% complete) * FxA-41: signin funnel metrics: 7 PRs (now 18 / 29 = 62% complete) * FxA-83: signin confirmation: 2 PRs (now 57 / 58 = 98% complete) * FxA-89: devices view: 2 PRs (now 27 / 38 = 71% complete) * FxA-97: password blocklist: 1 PRs (now 7 / 7 = 100% complete) _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
