QA/Browser Technologies/Services/Releases/BrowserID 04112012

Areas for QA Focus

• [QA] Suggested areas of focus for QA:
  • verify no regression on security issue 741814
  • all issues in changelog
  • extensive regression testing of all RPs (show/booze/beer).
  • coordinate with lloyd, and subsequent to that testing of the new API via 123done.org

• Also:
  • All 5 Hot Fixes from the previous train
  • All 5 current Hot Fixes for this train
  • All 4 Firefox channels
  • Android/mobile
  • Cookies (standard/third-party)

Information

• Train 25: 04-11-2012

Links

• Bugs/Issues: https://github.com/mozilla/browserid/issues
• Test Plan: https://wiki.mozilla.org/QA/BrowserID/TestPlan
• Weekly Train Wiki: https://wiki.mozilla.org/QA/BrowserID/BrowserID_Weekly_Trains_Beta
• Release Wiki: https://wiki.mozilla.org/QA/Browser_Technologies/Services/Releases/BrowserID_04112012
• Test Plan spreadsheet: https://docs.google.com/spreadsheet/ccc?key=0As8GUPwNNWMFdEhxa203Z3FMaE9ubjVRZFZWYUNUZHc#gid=0
• Stage Server: https://diresworb.org
• Stage Client/RP1: http://beta.myfavoritebeer.org
• Stage Client/RP2: http://beta.myfavoritebooze.org
• Stage Client/RP3: http://beta.myfavoriteshow.org
• Stage Client/RP4: http://carrera.databits.net:9999 (requires VPN access)
• Primary 1: https://eyedee.me

• Dev Server: https://dev.diresworb.org
• Dev Client/RP1: http://dev.myfavoritebeer.org
• Dev Client/RP2: http://dev.myfavoritebooze.org
• Dev Client/RP3: http://dev.myfavoriteshow.org
• Primary 1: https://eyedee.me

• Production Server: https://browserid.org
• Prod Client/RP1: http://myfavoritebeer.org
• Prod Client/RP2: http://myfavoritebooze.org
• Prod Client/RP3: http://myfavoriteshow.org
• Primary 1: https://eyedee.me

Deployment Ticket

• bug 744689 - QA and deploy BrowserID train-2012.04.11 to production

OPs Ticket and ChangeWindow

• Services Maintenance/Change Window
  • https://intranet.mozilla.org/Services/Ops/ChangeWindow_20120426

Hot Fixes and Other Deployments

• Hot Fix 1:
  • 1429: (hotfix 2012.04.12) return 400 rather than 500 for invalid params to stage_user or stage_email
  • 1430: (hotfix 2012.04.12) return 400 rather than 500 for invalid params to stage_user or stage_email
  • 1425: (hotfix 2012.04.12) fix broken string, "is this your computer" was broken into two fragments
• Hot Fix 2:
  • 1442: (hotfix 2012.04.16) fix API regression that would cause javascript error when .get() invoked without second arg
  • 1436: (hotfix 2012.04.16) update load_gen to new server apis that require an `ephemeral` argument
• Hot Fix 3:
  • 1440: (hotfix 2012.04.17) fix broken reset password flow - button was non-responsive in dialog
  • 1445: (hotfix 2012.04.17) mitigate errors seen when adding a secondary email to an acct with only primary emails
• Hot Fix 4:
  • 1449: (hotfix 2012.04.18) fix error where under certain conditions user could see an error immediately after authenticating
• Hot Fix 5:
  • 1464: [ie8/ie9] IE reporting a problem with test check_registration: user validation with mustAuth result
  • 1485: [IE8] error dialog shows up with solid black background (i.e., not just dimmed)
  • Various security fixes

ChangeLog

• https://github.com/mozilla/browserid/blob/train-2012.04.11/ChangeLog#L1-15
• https://github.com/mozilla/browserid/blob/train-2012.04.11/ChangeLog#L18-22

Versions

• Dev: https://dev.diresworb.org/ver.txt
  • b36af1f try re-configuring travis-ci so we get notifications in irc.mozilla.org #identity
• Prod: https://browserid.org/ver.txt
  • e5b7eb0 document hotfix for issue #1429 in 0.2012.03.28.7
  • locale svn r104128
• Stage: https://diresworb.org/ver.txt
  • Final
    • 57ea50a bump version number with inclusion of final shipping locales.
    • locale svn r104778
  • Hot Fix 5:
    • (0.2012.04.08)
    • 5fc0c75 bump rpm release number
    • locale svn r104128
  • Hot Fixes 1 - 4:
    • 1613144 0.2012.04.18.7 - fix issue #1449 - whereby user logs in and immediately sees an authentication error
    • locale svn r104263
  • Original:
    • 51c9909 0.2012.04.11.3 - fix broken string that would have caused 'is this your computer' to not make sense for non-en users
    • locale svn r104263

Heartbeat

• Dev: https://dev.diresworb.org/__heartbeat__
  • ok
• Prod: https://browserid.org/__heartbeat__
  • ok
• Stage: https://diresworb.org/__heartbeat__
  • ok

Processes

• webheads
  • /usr/bin/node bin/browserid
  • /usr/bin/node bin/verifier
  • /usr/bin/node /opt/browserid/lib/verifier/verifier-compute.js
  • /usr/bin/node /opt/browserid/lib/bcrypt-compute.js
• secure webheads
  • /usr/bin/node bin/dbwriter
  • /usr/bin/node /opt/browserid/lib/bcrypt-compute.js
• keysigners
  • /usr/bin/node bin/keysigner
  • /usr/bin/node /opt/browserid/lib/keysigner/keysigner-compute.js
• databases: various mysql processes
• zeus: various zeus processes

Logs

• webheads: /var/log/browserid/
  • browserid.log
  • browserid-metrics.json
  • verifier.log
  • verifier-metrics.json
  • verifier-compute.log
• secure webheads: /var/log/browserid/
  • dbwriter.log
• keysigners have /var/log/browserid/
  • keysigner.log
  • keysigner-compute.log
• databases: n/a
• zeus: various logs

Local Install - Unit Tests

• Front-End Unit Tests: PASS
• Back-End Unit Tests: n/a
• Headless Front-End Unit Tests: n/a
• Back-End/Headless Unit Tests: PASS

Local Install - Load Test

• None on this round
  • Example:
    • Term1: CREATE_TEST_USERS=2000 BROWSERID_FAKE_VERIFICATION=1 NODE_ENV=test_mysql npm start
    • Term2: bin/load_gen -u 1/60 -m 60000 -o -s http://127.0.0.1:10002
    • or similar

Stage: Load Tests

• client5:
  • bin/load_gen -s https://stage-browserid.services.mozilla.com -o -m 250000 -u 1/250

Sample Bug and Issue

• bug XXXXXX - Bug title
• [BrowserID issue 1400] : Issue title

New/Updated OPs Tickets and Issues

• bug 744892 - 500-level errors not always showing up the pencil graphs for browserid
• bug 716940 - increase ephemeral port range on BrowserID webheads and load generation machines
• bug 748655 - load balancer for stage-browserid2.s.m.c not accepting connection on port 80 for redirect
• bug 748665 - only permit http->https redirects for GET requests to bid:80/tcp

New/Updated Security Tickets and Issues

• n/a

New/Updated APPs Tickets and Issues

• None

New/Updated Labs Tickets and Issues

• None

New/Updated Localization Tickets and Issues

• bug 723775 - Create/Deploy l10n preview env for browserid
• [BrowserID issue 1498] : Locales ready for production.

Resolved/Closed Bugs and Issues

• [BrowserID issue 1884] : public computer challenges
• [BrowserID issue 1912] : add event-based RP API
• [BrowserID issue 1123] : When the user has 2 email addresses, he can cancel his BID account by removing the same address twice
• [BrowserID issue 1201] : The diresworb.org home page displayed both the Account Manager and "Connect with BrowserID..." sections when all the cookies are disabled
• [BrowserID issue 1290] : User Feedback needed after hitting next/verify email
• [BrowserID issue 1293] : change key length
• [BrowserID issue 1326] : Cleanup up output of headless frontend unit tests
• [BrowserID issue 1348] : dev: dialog cancelation is not conveyed properly to RPs
• [BrowserID issue 1349] : dev: prolong session when user confirms ownership of a computer
• [BrowserID issue 1354] : decide on and implement final API for deeper BrowserId involvment in session duration
• [BrowserID issue 1357] : New API does not work with IE8 - IE8 does not have document.createEvent('Event');
• [BrowserID issue 1362] : BrowserID verify should return the correct status codes
• [BrowserID issue 1367] : Update README to include instructions for hooking up Travis-CI to personal fork.
• [BrowserID issue 1374] : ie8 does not have Array.prototype.forEach
• [BrowserID issue 1388] : Account Manager allows password change using same password
• [BrowserID issue 1389] : Account Manager does not clear password fields between use
• [BrowserID issue 1395] : Internal APIs changed in dev (was: The assertion object is not serializable (on development))
• [BrowserID issue 1397] : Fix the Developers link off the main site
• [BrowserID issue 1399] : dev: .logout() function missing a callback argument
• [BrowserID issue 1400] : remove 'Logout from all websites' from management page
• [BrowserID issue 1401] : Spelling error in check_primary_support
• [BrowserID issue 1402] : Mobile: With Cookies disabled, I get a blank screen/tab for sign_in
• [BrowserID issue 1405] : dev: error shown in dialog after confirming your computer
• [BrowserID issue 1406] : dev: "Is this your computer" should not be asked during first sign-up
• [BrowserID issue 1408] : dev: remove deprecation warning
• [BrowserID issue 1425] : Posssible incomplete string
• [BrowserID issue 1440] : Forgot password flow fails to complete; dialog is stuck and won't process clicks
• [BrowserID issue 1464] : [ie8/ie9] IE reporting a problem with test check_registration: user validation with mustAuth result
• [BrowserID issue 1485] : [IE8] error dialog shows up with solid black background (i.e., not just dimmed)
• [BrowserID issue 1499] : Can not redirect http to https on browser with clean profile and cookies disabled

Reopened or Updated : Server

• [BrowserID issue 759] : email reset / password recovery is not good
• [BrowserID issue 1240] : mismatch of PP/TOS text and button text ('next' vs. 'sign in')
• [BrowserID issue 1305] : wordpress plugin so that URL can be a primary
• [BrowserID issue 1327] : add :response-time to format 'default_bid' in lib/custom-logger.js
• [BrowserID issue 1351] : optimize RP page load time with new APIs
• [BrowserID issue 1390] : IE6 and IE7 errors in communication frame
• [BrowserID issue 1391] : Communication frame does not check for min browser requirements
• [BrowserID issue 1418] : signup/signin/forgot pages from main site should check for cookies

Reopened or Updated : Client

• None

Opened Bugs/Issues For This Week: Server

• [BrowserID issue 1437] : Local install: Need better error messaging when email has no domain
• [BrowserID issue 1438] : Local install RP: TOS and Privacy links do not show up unless both are checked.
• [BrowserID issue 1439] : Local install RP: the "logout" button does not appear to do anything
• [BrowserID issue 1499] : Can not redirect http to https on browser with clean profile and cookies disabled
• [BrowserID issue 1469] : Confusing behavior displayed when cancelling an email addition and retrying to add the same email
• [BrowserID issue 1474] : The user can set his current password as his new password when starting this process from the client
• [BrowserID issue 1476] : The items under the list on the emails list dialog should not be scrollable
• [BrowserID issue 1435] : Clear the email field when adding a different email address
• [BrowserID issue 1436] : load_gen no longer works against stage due to new 'ephemeral' post argumen
• [BrowserID issue 1440] : Forgot password flow fails to complete; dialog is stuck and won't process clicks
• [BrowserID issue 1441] : [Safari/Win32] frontend unit tests flaky on second or later run
• [BrowserID issue 1445] : 400 Bad Request: requires authentication response for POST /wsapi/cert_key
• [BrowserID issue 1449] : 400 requires authentication received for /wsapi/list_emails
• [BrowserID issue 1463] : Follow on from GH-1123: gracefully deal with no-op remove of already deleted account
• [BrowserID issue 1464] : [ie8/ie9] IE reporting a problem with test check_registration: user validation with mustAuth result
• [BrowserID issue 1472] : What should /sign_in dialog do if /wsapi/list_emails returns and empty list
• [BrowserID issue 1478] : [chrome/win7] tiny cosmetic pixel gap in arrow in /sign_in dialog
• [BrowserID issue 1479] : should 24-hour expiry on 'denied' state trigger 'is this your question' immediately or just set to 'seen'?
• [BrowserID issue 1484] : exceptions thrown on /signup page when cookies disabled
• [BrowserID issue 1485] : [IE8] error dialog shows up with solid black background (i.e., not just dimmed)

Opened Bugs/Issues For This Week: Client

• None

Other Open Bugs

1300 BrowserID issue 1400]] : Issue title

• bug 728382 - Vinz Clortho the BrowserID IdP Server for Mozilla.com Project
• bug 745829 - Uncaught TypeError: Cannot set property 'onclose' of undefined
• bug 746231 - KPI Dashboard first Key Performance Indicator
• bug 746233 - KPI Dashboard all Key Performance Indicators for 1.0 launch
• bug 745987 - wiki.mozilla.org Maintenance - April 19th 10PM - 1AM Pacific
• [BrowserID issue 1431] : dev: repeatedly asked "Is this your computer?"
• [BrowserID issue 1432] : Place the entire "If you're at a public computer such as a library or internet cafe, we'll ask you..." on a single line.
• [BrowserID issue 1433] : 'Add new email address' screen should show user notification while getting 'email_info' being called
• [BrowserID issue 1434] : suggest implementation of BrowserID in verification email
• [BrowserID issue 1442] : API regression in dev and beta - options are *required*
• [BrowserID issue 1443] : fix case where test_db_connectivity would fail when browserid database doesn't exist. issue #1246
• [BrowserID issue 1444] : fix regression where an undefined second argument to .get() would cause a javascript error - issue #1442
• [BrowserID issue 1446] : "is this your computer" can show when adding a new email address
• [BrowserID issue 1447] : implement updated observer API
• [BrowserID issue 1448] : Hotfix1440
• [BrowserID issue 1450] : Issue 1000 in dialog password
• [BrowserID issue 1451] : Sometimes you must re-enter your password after email verification
• [BrowserID issue 1452] : Hotfix1445
• [BrowserID issue 1453] : cancel link in verification screen for required email does not look like a link
• [BrowserID issue 1454] : Deploying awsbox browserid with _ in domain name breaks login
• [BrowserID issue 1455] : Pr 1447 cancel state
• [BrowserID issue 1456] : Allowing underscore in domain and origin, fixes Issue#1454
• [BrowserID issue 1457] : Fix the link color of the cancel button in the required email check email screen.
• [BrowserID issue 1458] : dev.* Exception - 'onlogout' is a required argument to navigator.id.watch()
• [BrowserID issue 1459] : dev RP with dev IdP: User returned to authentication page if cancels authentication with IdP
• [BrowserID issue 1460] : Assertion should be generated AFTER "is this your computer" screen.
• [BrowserID issue 1461] : remove placeholder text from management screen
• [BrowserID issue 1462] : move the cancel account feature to be inside the email section
• [BrowserID issue 1465] : Change the order of assertion generation to be after the user is asked "is this your computer?"
• [BrowserID issue 146] : Fix primary email being set as most recently used if the user cancels redirect to authenticate with 6primary.
• [BrowserID issue 1467] : Fix a user being asked "is this your computer" if they just verified an email.
• [BrowserID issue 1468] : Remove the placeholder text from the change password input boxes.
• [BrowserID issue 1470] : reduce "normal" certificate duration to 6 hours
• [BrowserID issue 1471] : clicking the sign-in button in dialog doesn't always work
• [BrowserID issue 1473] : Scroll bar shows in dialog in FF for Windows
• [BrowserID issue 1475] : Error message flashes before flow starts
• [BrowserID issue 1477] : optimize all browserid images
• [BrowserID issue 1480] : IE6/IE7: myfavoritebeer.org errors when loading up page
• [BrowserID issue 1481] : IE6/IE7: myfavoritebooze.org errors on page load
• [BrowserID issue 1482] : Hotfix 1390 fix ie6 ie7
• [BrowserID issue 1483] : Error message is never displayed if tosURL or privacyURL are relative URLs
• [BrowserID issue 1486] : Hotfix1485 ie8 black background for IE8 when it shows an error message.
• [BrowserID issue 1487] : Hotfix 1484 chrome exception signup
• [BrowserID issue 1488] : dev rp throws exception if there is no requiredEmail
• [BrowserID issue 1489] : Add a cookie check to most main site pages.
• [BrowserID issue 1490] : Issue 1464 ie exception check registration
• [BrowserID issue 1491] : Start the delay screen and disable form modules for the main site.
• [BrowserID issue 1492] : error screen on mobile is too narrow and pushed too far down.
• [BrowserID issue 1493] : regression: NS_ERROR_DOM_SECURITY_ERR in https://browserid.org/v/e87270a373/production/en_US/browserid.js
• [BrowserID issue 1494] : Hotfix 1390 min browser reqs
• [BrowserID issue 1495] : If no verification token is given, /verify_email_address does not show an error
• [BrowserID issue 1496] : IE6/IE7: unsupported dialogs show unecessary scroll bars.
• [BrowserID issue 1497] : invalid verification link error message is does not match other error messages
• [BrowserID issue 1500] : Previously selected email address not remembered if user's session expires.
• [BrowserID issue 1501] : A more secure verifier?
• [BrowserID issue 1502] : API leakage for window.location.href email return_url and other state
• [BrowserID issue 1503] : Welsh not picked up for train-2012.04.11 release

Notes

• (from Lloyd)
  • Next up, we branched train-2012.04.11, which includes some important features:
    • A shiny new experimental javascript API (with full backwards compatibility)
    • Initial support for public terminals / shared computers
    • optimized javascript resources for faster load times
    • And moar: https://github.com/mozilla/browserid/blob/train-2012.04.11/ChangeLog#L1-15
  • train-2012.04.11 will roll into production on the 25th of this month pending no blockers from QA or the community (uh, you guys).