Identity/Firefox Accounts/Account lockout

From MozillaWiki
< Identity‎ | Firefox Accounts
Revision as of 23:08, 7 October 2014 by Fmarier (talk | contribs) (→‎Task breakdown: move to the DB field to the fxa-auth-db-server repo)
Jump to navigation Jump to search

Here is an implementation plan for the account lockout feature of Firefox Accounts.

Task breakdown

  • fxa-customs-server
  • fxa-auth-db-server
  • fxa-auth-server
    • add new flag in DB
    • add new "unlock" email (copy and l10n needed)
    • add new errno=104 return code to /account/{destroy,login} and /password/change/start
    • implement and document new API endpoints: /account/unlock/{verify_code,resend_code}
    • clear the locked flag on successful password resets
    • add locked property to the data returned by /account/status
    • https://github.com/mozilla/fxa-auth-server/issues/801
  • fxa-content-server
    • check for errno=104 on /account/{destroy,login} and /password/change/start
    • new error message for locked accounts (copy and l10n needed)
  • fennec
    • check for errno=104 on /account/{destroy,login} and /password/change/start
    • new error page for locked accounts (copy and l10n needed)

Deployment timeline

  1. deploy the new customs server with support for account lockout
  2. update auth server DB schema on production
  3. deploy content server with support for the new error code
  4. deploy auth server which honours locked accounts
Retrieved from "https://wiki.mozilla.org/index.php?title=Identity/Firefox_Accounts/Account_lockout&oldid=1023263"