QA/Browser Technologies/Services/Releases/BrowserID 03282012

Areas for QA Focus

• [QA] Suggested areas of focus for QA:
  • verify all resources served by browserid have good cache headers - HTML should have maxAge 0 with ETags, css/js/images should have far future maxAge with cache control public and a hash in the URL (i.e. /v/23422542/i/foo.png)
  • normal regression testing

Information

• Train 24: 03-28-2012

Links

• Bugs/Issues: https://github.com/mozilla/browserid/issues
• Test Plan: https://wiki.mozilla.org/QA/BrowserID/TestPlan
• Weekly Train Wiki: https://wiki.mozilla.org/QA/BrowserID/BrowserID_Weekly_Trains_Beta
• Release Wiki: https://wiki.mozilla.org/QA/Browser_Technologies/Services/Releases/BrowserID_03142012
• Test Plan spreadsheet: TBD
• Stage Server: https://diresworb.org
• Stage Client/RP1: http://beta.myfavoritebeer.org
• Stage Client/RP2: http://beta.myfavoritebooze.org
• Stage Client/RP3: http://beta.myfavoriteshow.org
• Stage Client/RP4: http://carrera.databits.net:9999 (requires VPN access)
• Primary 1: https://eyedee.me

• Dev Server: https://dev.diresworb.org
• Dev Client/RP1: http://dev.myfavoritebeer.org
• Dev Client/RP2: http://dev.myfavoritebooze.org
• Dev Client/RP3: http://dev.myfavoriteshow.org
• Primary 1: https://eyedee.me

Deployment Ticket

• bug 740272 - QA and deploy BrowserID train-2012.03.28 to production
• 048d435 document changes in 2012.03.28
• locale svn r103606

• bug 744813 - please deploy hotfix 0.2012.03.28.7 via stage to production
• e5b7eb0 document hotfix for issue #1429 in 0.2012.03.28.7
• locale svn r104128

OPs Ticket and ChangeWindow

• Services Maintenance/Change Window
  • https://intranet.mozilla.org/Services/Ops/ChangeWindow_20120411

Hot Fixes and Other Deployments

• HotFix 1 (Stage only)
  • 9d375a7 document hotfixes in 0.2012.03.28.2
  • locale svn r103606
    • 1353: Fix regression where 304 responses to requests for IFrame HTML would have X-Frame-Options: deny, preventing loading of iframes
    • 1364: ETag headers now vary by locale, fixes regression where switching between locales was broken

• HotFix 2 (Prod and Stage)
  • 1381: SCL2 account deletion returns a 503

• Hot Fix 3 (Stage)
  • 1412: The list of supported locales in train-2012.03.28
  • 1413: Patch 2
  • Various security fixes

• Hot Fix 4 (Stage): to fix broken Hot Fix 3

• Hot Fix 5 (Stage and Prod)
  • 1429: https://browserid.org/signup is broken
  • 1430: Hotfix1429

ChangeLog

• 03/28: ChangeLog including issues resolved:
  • https://github.com/mozilla/browserid/blob/train-2012.03.28/ChangeLog#L1-7

Versions

• Dev: https://dev.diresworb.org/ver.txt
  • 86b517c Merge pull request #1375 from mozilla/issue_1374_array_forEach
• Prod: https://browserid.org/ver.txt
  • dd01bef document hotfixes in train-2012.03.14, bump version
  • locale svn r103370
• Stage: https://diresworb.org/ver.txt
  • Orig
    • 048d435 document changes in 2012.03.28
    • locale svn r103606
  • After HotFix 1
    • dd01bef document hotfixes in train-2012.03.14, bump version
    • locale svn r103370
  • HotFix 2: n/a
  • HotFix 3: n/a
  • After HotFix 4
    • 1d4d06b update version to 2012.03.28.6 with fix to checking of site parameters to WSAPI
    • locale svn r104128
  • After HotFix 5
  • e5b7eb0 document hotfix for issue #1429 in 0.2012.03.28.7
  • locale svn r104128

Heartbeat

• Dev: https://dev.diresworb.org/__heartbeat__
  • ok
• Prod: https://browserid.org/__heartbeat__
  • ok
• Stage: https://diresworb.org/__heartbeat__
  • ok

Processes

• webheads
  • /usr/bin/node bin/browserid
  • /usr/bin/node bin/verifier
  • /usr/bin/node /opt/browserid/lib/verifier/verifier-compute.js
  • /usr/bin/node /opt/browserid/lib/bcrypt-compute.js
• secure webheads
  • /usr/bin/node bin/dbwriter
  • /usr/bin/node /opt/browserid/lib/bcrypt-compute.js
• keysigners
  • /usr/bin/node bin/keysigner
  • /usr/bin/node /opt/browserid/lib/keysigner/keysigner-compute.js
• databases: various mysql processes
• zeus: various zeus processes

Logs

• webheads: /var/log/browserid/
  • browserid.log
  • browserid-metrics.json
  • verifier.log
  • verifier-metrics.json
  • verifier-compute.log
• secure webheads: /var/log/browserid/
  • dbwriter.log
• keysigners have /var/log/browserid/
  • keysigner.log
  • keysigner-compute.log
• databases: n/a
• zeus: various logs

Local Install - Unit Tests

• Front-End Unit Tests: PASS
• Back-End Unit Tests: PASS
• Headless Front-End Unit Tests: PASS
  • But see the following: https://github.com/mozilla/browserid/issues/1384

Local Install - Load Test

• Term1: CREATE_TEST_USERS=2000 BROWSERID_FAKE_VERIFICATION=1 NODE_ENV=test_mysql npm start
• Term2: bin/load_gen -u 1/60 -m 60000 -o -s http://127.0.0.1:10002

Stage: Load Tests

• Test 1: client8
  • load_gen -s https://stage-browserid.services.mozilla.com -o -m 500000 -u 1/500
• Test 2: same as above
• Test 3: client7, same as above

Sample Bug and Issue

• bug XXXXXX - Bug title
• [BrowserID issue 1300] : Issue title

New/Updated OPs Tickets and Issues

• bug 723775 - Create/Deploy l10n preview env for browserid

New/Updated Security Tickets and Issues

• bug 665057 - Design and implement crypto API for Mozilla ID

New/Updated APPs Tickets and Issues

• bug 730015 - BrowserID: No longer able to Sign In using FF 12 (Aurora) or FF 13 (Nightly)
• bug 742421 - VM for socialdemo

New/Updated Labs Tickets and Issues

• None

New/Updated Localization Tickets and Issues

• [BrowserID issue 1347] : No Bulgarian in Prod!?
• [BrowserID issue 1370] : BrowserID does not support internationalized emails RFC 6530
• [BrowserID issue 1371] : Spanish (es) not showing properly in production
• [BrowserID issue 1412] : The list of supported locales in train-2012.03.28
• [BrowserID issue 1413] : Patch 2
• [BrowserID issue 1424] : Broken accept terms text in Romansh
• [BrowserID issue 1425] : Posssible incomplete string
• [BrowserID issue 1427] : Update preview server

Resolved/Closed Bugs and Issues

• bug 725502 - window.open with dialog=yes argument in it causes weird issue
• bug 730015 - BrowserID: No longer able to Sign In using FF 12 (Aurora) or FF 13 (Nightly)
• [BrowserID issue 620] : need cache headers on all static resources
• [BrowserID issue 1124] : Locale: [any/all] The "The selected email is invalid or has been deleted" message is not localized
• [BrowserID issue 1168] : Locale: Provide localized strings for new "requires cookies" message
• [BrowserID issue 1171] : phantom js tests blow up after calling set_password
• [BrowserID issue 1172] : The "This field must be an email address." error message is displayed when trying to sign up with and email address longer than 74 chars
• [BrowserID issue 1176] : Mobile: No longer able to Sign In using FF 12 (Aurora) or FF 13 (Nightly)
• [BrowserID issue 1182] : Error UI instead of Login Screen with raiseAuthenticationFailure
• [BrowserID issue 1200] : BrowserID becomes unresponsive when trying to use it in Firefox with all the cookies disabled
• [BrowserID issue 1203] : The "We are very sorry, there has been an error!" message with an unresponsive "See more info" link is displayed in several cases when all the cookies are disabled in the browser
• [BrowserID issue 1243] : Minor fix for scripts/compress
• [BrowserID issue 1265] : Add actual RP-specific content to the TOS and Priv pages.
• [BrowserID issue 1284] : Attempting to log-in with primary i5y.org offers to 'verify e-mail' rather than re-route to log in with e-mail provider
• [BrowserID issue 1302] : The new "requires cookies" message needs improvement on iOS.
• [BrowserID issue 1331] : etag of sign_in does not correctly update in all circumstances
• [BrowserID issue 1335] : check_primary_support script is generating errors in Dev branch builds
• [BrowserID issue 1336] : Locale: Add "ko" to the list of languages to be localized
• [BrowserID issue 1339] : network.cookiesEnabled can call its onComplete callback twice
• [BrowserID issue 1353] : X-Frame-Options and etagify prevent iframes we serve from working
• [BrowserID issue 1364] : etag headers incorred in train-2012.03.28 - breaks l10n
• [BrowserID issue 1381] : SCL2 account deletion returns a 503
• [BrowserID issue 1388] : Account Manager allows password change using same password
• [BrowserID issue 1389] : Account Manager does not clear password fields between use
• [BrowserID issue 1397] : Fix the Developers link off the main site
• [BrowserID issue 1176] : Mobile: No longer able to Sign In using FF 12 (Aurora) or FF 13 (Nightly)
• [BrowserID issue 1183] : Error UI upon calling registerCertificate for Clortho primary
• [BrowserID issue 1193] : Fix Java Fennec not opening the BrowserID dialog.
• [BrowserID issue 1195] : sign-in screen has unclear button labeling [select email]
• [BrowserID issue 1208] : Duplicate strings in messages.po and client.po
• [BrowserID issue 1213] : Uppercase characters shown as lowercase characters on buttons of signin dialog
• [BrowserID issue 1214] : Authentication using smartcard
• [BrowserID issue 1215] : trivial quirk with FF10, multiple languages and cache behaviour
• [BrowserID issue 1220] : Add new locale: Ukranian (uk)
• [BrowserID issue 1223] : Locales ready for February 29, 2012 release
• [BrowserID issue 1224] : Apply as a mentoring Organization to GSoC
• [BrowserID issue 1225] : login to www.myfavoritebeer.org fails
• [BrowserID issue 1226] : Locale: [lt] [rm] and [uk] languages do not show up correctly in IE8
• [BrowserID issue 1230] : it-CH (debug) translation broken in dev env
• [BrowserID issue 1233] : Lock down locales and verify them 24 hours before prod release
• [BrowserID issue 1241] : [stage] The option to check 'Always keep me signed in' is missing in the simplified sign-in flow for a returning user
• [BrowserID issue 1244] : improve feedback from frontend tests running under phantom
• [BrowserID issue 1298] : Mobile: There is a lot of empty space between the form and the footer.
• [BrowserID issue 1306] : tosfix - New email/Add another email results in empty page shown
• [BrowserID issue 1309] : Mobile: "We just sent an email to that address!" tooltip partially cut off by site URL
• [BrowserID issue 1310] : "Cancel" button in wrong position when user must enter password post pick email.
• [BrowserID issue 1311] : iOS: disabled input boxes almost completely transparent
• [BrowserID issue 1313] : iOS: All editable input boxes have an inner text shadow.
• [BrowserID issue 1314] : If user is not authenticated, TOS/PP does not show for required email
• [BrowserID issue 1315] : If user must verify with primary for required email flow, no TOS/PP info shown.
• [BrowserID issue 1316] : No TOS/PP info shown when user is adding an email address.
• [BrowserID issue 1398] : The links corresponding to clients displayed on the "You must sign in..." dialog should always be opened in new tabs
• [BrowserID issue 1422] : Fix check_primary_support to give nicer failures for BID properties
• [BrowserID issue 1423] : better error reporting for bad email/origin in stage_user, stage_email

Reopened or Updated : Server

• [BrowserID issue 567] : The "login failure [object Object]" pop-up is sometimes displayed when selecting an email and signing in with no internet connection
• [BrowserID issue 730] : Verification email text is incorrect for forgotton passwords.
• [BrowserID issue 760] : make "logout" work better
• [BrowserID issue 927] : broken: Sign in to browserid.org with two different browsers
• [BrowserID issue 976] : iOS: insanely long delay signing in with new email
• [BrowserID issue 1167] : The new "requires cookies" message needs improvement.
• [BrowserID issue 1240] : mismatch of PP/TOS text and button text ('next' vs. 'sign in')
• [BrowserID issue 1305] : wordpress plugin so that URL can be a primary
• [BrowserID issue 1333] : The "Add another email" string is not localized
• [BrowserID issue 1342] : Locale: "hu" is not showing as localized in Stage or Dev
• [BrowserID issue 1379] : Logging in on iOS is slow

Reopened or Updated : Client

• None

Opened Bugs/Issues For This Week: Server

• [BrowserID issue 1377] : Create an automated method to verify strings/changes for all locales
• [BrowserID issue 1384] : Dev: (Backend) unit tests failing on PhantomJS portion
• [BrowserID issue 1397] : Fix the Developers link off the main site
• [BrowserID issue 1401] : Spelling error in check_primary_support
• [BrowserID issue 1402] : Mobile: With Cookies disabled, I get a blank screen/tab for sign_in
• [BrowserID issue 1381] : SCL2 account deletion returns a 503
• [BrowserID issue 1382] : Redirect /sign_in to /signin (or homepage)
• [BrowserID issue 1398] : The links corresponding to clients displayed on the "You must sign in..." dialog should always be opened in new tabs
• [BrowserID issue 1404] : The "You must sign in with your email provider..." dialog hangs when loosing the internet connection

Opened Bugs/Issues For This Week: Client

• None

Other Open Bugs

• [BrowserID issue 1345] : /signin should not be accessible for authenticated users
• [BrowserID issue 1346] : case study with RPs
• [BrowserID issue 1348] : dev: dialog cancelation is not conveyed properly to RPs
• [BrowserID issue 1349] : dev: prolong session when user confirms ownership of a computer
• [BrowserID issue 1350] : BrowserID.org should preserve case in emails.
• [BrowserID issue 1351] : optimize RP page load time with new APIs
• [BrowserID issue 1352] : dev: ensure new APIs "fail" gracefully when third party cookies are disabled
• [BrowserID issue 1353] : X-Frame-Options and etagify prevent iframes we serve from working
• [BrowserID issue 1354] : decide on and implement final API for deeper BrowserId involvment in session duration
• [BrowserID issue 1355] : dev: improve back compat of new API with 'persistent sign in'
• [BrowserID issue 1356] : Add a message informing the user that their email address is being checked.
• [BrowserID issue 1357] : New API does not work with IE8 - IE8 does not have document.createEvent('Event');
• [BrowserID issue 1358] : For the communication iframe, removing jQuery and adding micrajax.
• [BrowserID issue 1359] : Hook up the "prolong_session" wsapi call.
• [BrowserID issue 1360] : Only print failing frontend tests
• [BrowserID issue 1361] : Fixed wording on browserid verifier description
• [BrowserID issue 1362] : BrowserID verify should return the correct status codes
• [BrowserID issue 1363] : Use status codes to represent failures in Verify, Closes 1362
• [BrowserID issue 1364] : etag headers incorred in train-2012.03.28 - breaks l10n
• [BrowserID issue 1365] : Extracting header removal logic to run before etagify middleware
• [BrowserID issue 1366] : Remove all DOM calls from user.js, network.js and storage.js
• [BrowserID issue 1367] : Update README to include instructions for hooking up Travis-CI to personal fork
• [BrowserID issue 1368] : Updating README.md with directions on how to set up Travis-ci
• [BrowserID issue 1369] : bump to etagify 0.0.2 which respects Vary headers. issue #1364
• [BrowserID issue 1372] : General documentation/examples proofreading
• [BrowserID issue 1373] : Create state machine diagram for documentation.
• [BrowserID issue 1374] : ie8 does not have Array.prototype.forEach
• [BrowserID issue 1375] : Replacing the use of Array.prototype.forEach with _.each, which we are guaranteed to have.
• [BrowserID issue 1376] : Form does not submit when hitting "enter" in password field in IE8
• [BrowserID issue 1378] : Account selection is skipped
• [BrowserID issue 1379] : Logging in on iOS is slow
• [BrowserID issue 1380] : Install MPL 2.0 license into LICENSE, prefix MPL 2.0 header on remainder of docs/*.md
• [BrowserID issue 1383] : log timestamp missing year
• [BrowserID issue 1385] : use VALUES(col) instead of passing the col value twice, per 5.0+ syntax
• [BrowserID issue 1386] : Signature of internal API changed?
• [BrowserID issue 1387] : implement navigator.id.experimental.watch(). closes #1354. closes #1348. closes #1357
• [BrowserID issue 1390] : IE6 and IE7 errors in communication frame
• [BrowserID issue 1391] : Communication frame does not check for min browser requirements
• [BrowserID issue 1392] : Make the design more responsive to all screen sizes - mobile, desktop and tablet.
• [BrowserID issue 1393] : Change Password fixes.
• [BrowserID issue 1394] : ephemeral deployments are bad at email
• [BrowserID issue 1395] : The assertion object is not serializable (on development)
• [BrowserID issue 1396] : delay screen needed on main site.
• [BrowserID issue 1399] : dev: .logout() function missing a callback argument
• [BrowserID issue 1400] : remove 'Logout from all websites' from management page
• [BrowserID issue 1403] : BrowserID does not recognize primary after being used as secondary
• [BrowserID issue 1405] : dev: error shown in dialog after confirming your computer
• [BrowserID issue 1406] : dev: "Is this your computer" should not be asked during first sign-up
• [BrowserID issue 1407] : If "dom.storage.enabled = false" BrowserId claims browser not being Firefox
• [BrowserID issue 1408] : dev: remove deprecation warning
• [BrowserID issue 1409] : repair internal.get API - it should return a bare assertion represented as a string, not an object - issue #1395
• [BrowserID issue 1410] : upon first time signup, don't ask the user if this is their computer - issue #1406 - issue #1405
• [BrowserID issue 1411] : improve failure on unsupported browsers - catch exceptions and allow the dialog to pop up with the 'unsupported browser' messaging. issue #1390 and issue #1391
• [BrowserID issue 1414] : Fx, dev RP: security exception thrown if cookies disabled.
• [BrowserID issue 1415] : Fixes the wait, delay, and error screens not showing on mobile devices.
• [BrowserID issue 1416] : internal API needs updated for new API.
• [BrowserID issue 1417] : Fix Fx throwing an exception when accessing localStorage if cookies are disabled.
• [BrowserID issue 1418] : signup/signin pages from main site should check for cookies
• [BrowserID issue 1419] : If the user has cookies disabled, automatically show the content for non-authenticated users.
• [BrowserID issue 1420] : Change the developers link to point to MDN
• [BrowserID issue 1421] : consider never revealing userid
• [BrowserID issue 1426] : With Javascript disabled, the main site index page shows the manage content above the splash content.
• [BrowserID issue 1428] : Visual updates to make secondary action links be more consistent, clean up CSS.
• [BrowserID issue 1429] : https://browserid.org/signup is broken
• [BrowserID issue 1430] : Hotfix1429

Notes

• (from Lloyd)
  • Finally, changes in train-2012.03.28 - scheduled to roll into production in two weeks include:
    • work towards better user messaging for when cookies are disabled: #1167, #1302
    • improved cache headers: #1331, #620
    • error handling fix in frontend code: #1339
    • new API: /wsapi/ping - used for server monitoring: #1324
    • support email providers (with BrowserID support) with digits in their hostnames: #1284
    • tools/build/dev env fixes: #1284
  • This next train is tiny, given that most contributors to the project were in an onsite meeting in mountain view for a week this past dev cycle.