Identity/Firefox Accounts/Account lockout: Difference between revisions

Revision as of 04:22, 9 October 2014

Here is an implementation plan for the account lockout feature of Firefox Accounts.

fxa-customs-server
- keep track of failed attempts against an account (regardless of the IP address)
- add a new flag to the `failedLoginAttempt` API endpoint
- https://github.com/mozilla/fxa-customs-server/pull/60
fxa-auth-db-server
- add new flag in DB
- https://github.com/mozilla/fxa-auth-db-server/issues/89
fxa-auth-mailer
- add new "unlock" email (copy and l10n needed)
- https://github.com/mozilla/fxa-auth-mailer/issues/16
fxa-auth-server
- add new errno=104 return code to /account/{destroy,login} and /password/change/start
- implement and document new API endpoints: /account/unlock/{verify_code,resend_code}
- clear the locked flag on successful password resets
- add locked property to the data returned by /account/status
- https://github.com/mozilla/fxa-auth-server/issues/801
fxa-content-server
- check for errno=104 on /account/{destroy,login} and /password/change/start
- new error message for locked accounts (copy and l10n needed)
- https://github.com/mozilla/fxa-content-server/issues/1760
fennec (in the 36 cycle)
- check for errno=104 on /account/login (fennec doesn't expose account destruction or password change)
- new error page for locked accounts (using the copy from the content server)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1080242

@@ Line 13: / Line 13: @@
 ** add new flag in DB
 ** https://github.com/mozilla/fxa-auth-db-server/issues/89
+* fxa-auth-mailer
+** add new "unlock" email (copy and l10n needed)
+** https://github.com/mozilla/fxa-auth-mailer/issues/16
 * fxa-auth-server
-** add new "unlock" email (copy and l10n needed)
 ** add new errno=104 return code to /account/{destroy,login} and /password/change/start
 ** implement and document new API endpoints: /account/unlock/{verify_code,resend_code}