QA/Browser Technologies/Services/Releases/BrowserID 09222011

Information

• Train 6: 09-22-2011

Links

• Bugs/Issues: https://github.com/mozilla/browserid/issues
• Test Plan: https://wiki.mozilla.org/QA/BrowserID/TestPlan
• Test Wiki: https://wiki.mozilla.org/QA/BrowserID/BrowserID_Weekly_Trains_Beta
• Beta Server: https://diresworb.org
• Beta Client: http://beta.myfavoritebeer.org

Deployment Ticket

• bug 688572 - QA and deploy BrowserID train-2011.09.22 to production

Resolved/Closed Issues

• [BrowserID issue 261] : initial support for running locally under virtualbox via vagrant
• migrate to browserid signed certificates rather than keypairs where browserid hosts the public key: https://github.com/mozilla/browserid/issues?milestone=6
• IE9 support
• partial IE8 support (not yet usable, several small remaining bugs, and abysmal performance)
• development harness (./run.js) now respects an IP_ADDRESS env var to bind to a specific address (other than 127.0.0.1)
• improved first-time development experience: `git clone && cd browserid && npm install && npm run`

Verified As Still Open

• [BrowserID issue 252] : Removing last secondary verified email closes account - on accounts with primary verified email
• [BrowserID issue 272] : "emails from browserid.org come from hostname that doesn't match reverse DNS"
• [BrowserID issue 119] : log rotation (Beta)
• bug 681228 - New dedicated "stats" VM for identity group (re BrowserID)

Opened Bugs/Issues For This Week

• [BrowserID issue 227] : link colors on browserid.org are consistent
• [BrowserID issue 279] : The "source for the reference validator" link needs to be corrected.
• [BrowserID issue 280] : The Privacy page in Beta and Prod is missing a link to a PDF
• [BrowserID issue 281] : On diresworb.org, the BrowserID button in IE9 is not drawn well
• [BrowserID issue 282] : The BrowserID button on beta.myfavoritebeer.org in IE9 is not drawn well.
• [BrowserID issue 283] : In IE9 I am seeing the "Communicating with server" message in Sign In
• [BrowserID issue 284] : UI is a bit compressed in Sign In pop-up with many emails
• [BrowserID issue 285] : UI flow for backing out of adding a new email address is broken in IE9
• [BrowserID issue 286] : Cancelling Sign In and trying to Sign In again results in blank pop-up etc
• [BrowserID issue 287] : Blocker: Getting permission denied errors trying to sign in to Beta beer site.
• [BrowserID issue 288] : Syntax error from csrf when removing email from account
• [BrowserID issue 299] : diresworb.org never syncs with beta.myfavoritebeer.org to get the my account button
• [BrowserID issue 300] : The "This is not me" link is not selectable on stock browser for Android tablet
• [BrowserID issue 301] : "Never used BrowserID?" should be changed into a more appropriate message
• [BrowserID issue 302] : If logged in with another BrowserID email on a different browser, the user is logged out
• [BrowserID issue 303] : The user is allowed to overwrite his BrowserID account
• [BrowserID issue 304] : "<email> in use, If this email is yours you can sign in with it?" should be changed by a more appropriate message
• [BrowserID issue 305] : Add a Delete button on the "What email address would you like to use ...?" page
• [BrowserID issue 306] : The Confirm Your Email dialog is opened when trying to add an invalid email address to BrowserID
• [BrowserID issue 307] : When confirming an email from a second browser, the server page is opened with no account information
• [BrowserID issue 308] : Logging into same account on different browsers does not show beer info.
• [BrowserID issue 314] : Saved passwords are not automatically filled in when logging in with BrowserID on Firefox6
• [BrowserID issue 315] : The "Password too long" message should mention the maximum number of allowed characters.
• [BrowserID issue 316] : The "Signing into beta.myfavoritebeer.org" tab is automatically closed after 1 minute form the moment it started loading if not used
• [BrowserID issue 317] : After restarting an Android phone, the BrowserID Signing in tab is opened with the saved password prefilled in the corresponding textbox but with no email address
• [BrowserID issue 318] : The user cannot log in using BrowserID on Android phone's native browser
• [BrowserID issue 319] : BrowserID pages are opened as new tabs instead of pop-up dialogs on Android tablets and phones when using Firefox
• [BrowserID issue 320] : If the user saves the password used on the "Never used BrowserID?" page, he is no longer given the possibility to save it for the "Signing in to..." page
• [BrowserID issue 321] : The whole BrowerID UI needs to be refitted when displayed on mobile devices

Other Open Bugs

• [BrowserID issue 250] : Error says `tenical problem` if there is a server technical problem logging in.
• [BrowserID issue 251] : Communication to popup window should occur through relay frame
• [BrowserID issue 252] : Removing last secondary verified email closes account - on accounts with primary verified email
• [BrowserID issue 253] : New cert code and BrowserID Addon are incompatible with each other.
• [BrowserID issue 254] : Cert code is causing IE to error
• [BrowserID issue 255] : IE10/Win8 does not correctly show BrowserID dialog.
• [BrowserID issue 257] : A cert can be dropped to the browser without being authenticated with BrowserID.
• [BrowserID issue 258] : Need the ability to sync emails backed by certs across browsers.
• [BrowserID issue 259] : check timestamps in cert chains
• [BrowserID issue 260] : turn up crypto parameters for certs
• [BrowserID issue 262] : Optional separate popups for login and signup
• [BrowserID issue 263] : no client validation error when creating address without .suffix
• [BrowserID issue 265] : When RP tab is closed, BrowserID dialog remains
• [BrowserID issue 267] : Security Errors on IE9
• [BrowserID issue 270] : "syncIdentities with identities preloaded and one to remove" qunit test is failing
• [BrowserID issue 271] : clean up the email storage code.
• [BrowserID issue 272] : "emails from browserid.org come from hostname that doesn't match reverse DNS"
• [BrowserID issue 273] : A message should be displayed for unsupported browsers
• [BrowserID issue 274] : browserid.org's SSL certificates not trusted by Android 2.2 default browser
• [BrowserID issue 275] : For front end js, have one namespace, browserid.
• [BrowserID issue 276] : network request callbacks should be called asynchronously
• [BrowserID issue 277] : Use pushState so users can use browser history to navigate dialog
• [BrowserID issue 278] : on-demand cert generation
• [BrowserID issue 289] : add system nonce to password hashing, as per Mozilla Security Guidelines
• [BrowserID issue 290] : confirmation link should check proper auth
• [BrowserID issue 291] : Need to be able to create account without password, set password later.
• [BrowserID issue 292] : need to be able to have two verification pages - one for new users, one for additional emails
• [BrowserID issue 293] : Hash attribute of sign_in dialog is ugly
• [BrowserID issue 294] : all /wsapi/ returns should be Cache-Control: no-cache
• [BrowserID issue 295] : using hash to convey relay frame id to window is broken
• [BrowserID issue 296] : IE9 cookie behavior breaks dev.diresworb.org
• [BrowserID issue 297] : Fix broken URL for the reference validator
• [BrowserID issue 298] : entropy on all devices, in particular touch
• [BrowserID issue 309] : sessions are lasting longer than intended
• [BrowserID issue 310] : cookie expiration dates are broken
• [BrowserID issue 311] : allow site to request preferred email or domain
• [BrowserID issue 312] : allow site to manage session length via BrowserID
• [BrowserID issue 313] : transitive identity from site to site/pre-auth
• [BrowserID issue 322] : set password api call needed.

Notes