Services/User/Releases/0.2

From MozillaWiki
Jump to: navigation, search
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

RPMs to be deployed

  • server-core rpm-XXX
  • server-sreg rpm-XXX
  • server-reg rpm-XXX
  • account-portal rpm rpm-XXX

Changes

Replaces reg and sreg with the python versions. Updates LDAP to work with both the current system and new proposed structure. Miscellaneous fixes

Notable bugs

  • Bug 648079: Putting CEF signatures back into account portal
  • Bug 636514: New sreg API
  • Bug 636514: Better handling of password resets requested with no email
  • Bug 650055: Deleting a user now done through sreg
  • Bug 652169: Removing proxy calls from reg (they're now done through the auth library)
  • Bug 655281: add an admin_update_password for password updates done via an admin bind and a password reset key
  • Bug 655285: Reset password in the Account sign flow shows https://stage-account.services.mozilla.com/forgot/
  • Bug 655282: Delete your account fails on stage account portal


Notably not present in this release: changing your email address does not, at this time, change your username.

QA plan

Because this push changes a central feature of the core library, and completely replaces reg and sreg, all features of account-portal and the reg API will need to be exercised.

For account portal, this involves test most available functions, including login, forgot password flow, changing password and deleting an account (the sync settings are unchanged and do not need testing)

For the API the spec is at https://wiki.mozilla.org/Services/Sync/Server/API/User/1.0. The important things to test are creating a user and getting a node. It would be good if we can also test email changes, password changes and deleting an account through the API as well.

Security Documentation

The password update process has been changed according to the last security review. look at admin_update_password vs update_password in server-core, and how they are used now in server-reg and server-sreg


You can find an API description here: http://docs.services.mozilla.com/sreg/index.html

Retrieved from "https://wiki.mozilla.org/index.php?title=Services/User/Releases/0.2&oldid=306359"