Identity/Firefox Accounts/Account lockout: Difference between revisions
< Identity | Firefox Accounts
Jump to navigation
Jump to search
(→Task breakdown: remove duplicate entry) |
(fill in fennec and content server details) |
||
| Line 23: | Line 23: | ||
** check for errno=104 on /account/{destroy,login} and /password/change/start | ** check for errno=104 on /account/{destroy,login} and /password/change/start | ||
** new error message for locked accounts (copy and l10n needed) | ** new error message for locked accounts (copy and l10n needed) | ||
* fennec | ** https://github.com/mozilla/fxa-content-server/issues/1760 | ||
** check for errno=104 on /account/ | * fennec (in the 36 cycle) | ||
** new error page for locked accounts (copy | ** check for errno=104 on /account/login (fennec doesn't expose account destruction or password change) | ||
** new error page for locked accounts (using the copy from the content server) | |||
** https://bugzilla.mozilla.org/show_bug.cgi?id=1080242 | |||
== Deployment timeline == | == Deployment timeline == | ||
Revision as of 00:57, 9 October 2014
Here is an implementation plan for the account lockout feature of Firefox Accounts.
Task breakdown
- fxa-customs-server
- keep track of failed attempts against an account (regardless of the IP address)
- add a new flag to the `failedLoginAttempt` API endpoint
- https://github.com/mozilla/fxa-customs-server/pull/60
- fxa-auth-db-server
- add new flag in DB
- https://github.com/mozilla/fxa-auth-db-server/issues/89
- fxa-auth-server
- add new "unlock" email (copy and l10n needed)
- add new errno=104 return code to /account/{destroy,login} and /password/change/start
- implement and document new API endpoints: /account/unlock/{verify_code,resend_code}
- clear the locked flag on successful password resets
- add locked property to the data returned by /account/status
- https://github.com/mozilla/fxa-auth-server/issues/801
- fxa-content-server
- check for errno=104 on /account/{destroy,login} and /password/change/start
- new error message for locked accounts (copy and l10n needed)
- https://github.com/mozilla/fxa-content-server/issues/1760
- fennec (in the 36 cycle)
- check for errno=104 on /account/login (fennec doesn't expose account destruction or password change)
- new error page for locked accounts (using the copy from the content server)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1080242
Deployment timeline
deploy the new customs server with support for account lockout- update auth server DB schema on production
- deploy content server with support for the new error code
- deploy auth server which honours locked accounts