Services/User/Releases/0.2
RPMs to be deployed
- server-core rpm-XXX
- server-sreg rpm-XXX
- server-reg rpm-XXX
- account-portal rpm rpm-XXX
Changes
Replaces reg and sreg with the python versions. Updates LDAP to work with both the current system and new proposed structure. Miscellaneous fixes
Notable bugs
- Bug 648079: Putting CEF signatures back into account portal
- Bug 636514: New sreg API
- Bug 636514: Better handling of password resets requested with no email
- Bug 650055: Deleting a user now done through sreg
- Bug 652169: Removing proxy calls from reg (they're now done through the auth library)
- Bug 655281: add an admin_update_password for password updates done via an admin bind and a password reset key
- Bug 655285: Reset password in the Account sign flow shows https://stage-account.services.mozilla.com/forgot/
- Bug 655282: Delete your account fails on stage account portal
Notably not present in this release: changing your email address does not, at this time, change your username.
QA plan
Because this push changes a central feature of the core library, and completely replaces reg and sreg, all features of account-portal and the reg API will need to be exercised.
For account portal, this involves test most available functions, including login, forgot password flow, changing password and deleting an account (the sync settings are unchanged and do not need testing)
For the API the spec is at https://wiki.mozilla.org/Services/Sync/Server/API/User/1.0. The important things to test are creating a user and getting a node. It would be good if we can also test email changes, password changes and deleting an account through the API as well.
Security Documentation
The password update process has been changed according to the last security review. look at admin_update_password vs update_password in server-core, and how they are used now in server-reg and server-sreg
You can find an API description here: http://docs.services.mozilla.com/sreg/index.html