Identity/Firefox Accounts/Account lockout: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(→‎Deployment timeline: customs server is deployed)
(→‎Task breakdown: move to the DB field to the fxa-auth-db-server repo)
Line 10: Line 10:
** add a new flag to the `failedLoginAttempt` API endpoint
** add a new flag to the `failedLoginAttempt` API endpoint
** https://github.com/mozilla/fxa-customs-server/pull/60
** https://github.com/mozilla/fxa-customs-server/pull/60
* fxa-auth-db-server
** add new flag in DB
** https://github.com/mozilla/fxa-auth-db-server/issues/89
* fxa-auth-server
* fxa-auth-server
** add new flag in DB
** add new flag in DB

Revision as of 23:08, 7 October 2014

Here is an implementation plan for the account lockout feature of Firefox Accounts.

Task breakdown

  • fxa-customs-server
  • fxa-auth-db-server
  • fxa-auth-server
    • add new flag in DB
    • add new "unlock" email (copy and l10n needed)
    • add new errno=104 return code to /account/{destroy,login} and /password/change/start
    • implement and document new API endpoints: /account/unlock/{verify_code,resend_code}
    • clear the locked flag on successful password resets
    • add locked property to the data returned by /account/status
    • https://github.com/mozilla/fxa-auth-server/issues/801
  • fxa-content-server
    • check for errno=104 on /account/{destroy,login} and /password/change/start
    • new error message for locked accounts (copy and l10n needed)
  • fennec
    • check for errno=104 on /account/{destroy,login} and /password/change/start
    • new error page for locked accounts (copy and l10n needed)

Deployment timeline

  1. deploy the new customs server with support for account lockout
  2. update auth server DB schema on production
  3. deploy content server with support for the new error code
  4. deploy auth server which honours locked accounts
Retrieved from "https://wiki.mozilla.org/index.php?title=Identity/Firefox_Accounts/Account_lockout&oldid=1023263"