mozilla / fxa Goto Github PK

As a FF product group member I want to know how many members permanently stop using services after one day., one week, one month

We currently have a nice view of account creation rate broken down by service type, as the "account creates by service" graph on [1]. Various product folks would also like to see the same metrics broken down by platform (i.e. windows, osx, android).

[1] https://metrics.services.mozilla.com/accounts-dashboard/

Goals:

• compatible with existing stable Firefox
• allow users to choose sync key strength

In order to be compatible with stable desktop I propose we manage key preference from the server an leave the browser code as is. The new meaning of kB in browser code would essentially be "syncKey" with no notion of B-ness or A-ness. Unfortunately, we can't retroactively change the name. Currently, wrapKb is mixed with unwrapBKey to obtain kB, so if a user selected kA we need to make unwrapBKey ^ wrapKb == kA. Fortunately (to the best of my knowledge) on desktop, unwrapBKey is only supplied to the browser by content-server hosted code so we can deploy new code to set unwrapBKey based on preference. I don't yet know how Fennec acquires unwrapBKey...

If we have a user preference named syncKey, overriding unwrapBKey becomes:

if (syncKey === 'kA') {
  unwrapBKey = wrapKb ^ kA
}

The tricky part (though I haven't looked yet) may be in the timing of when unwrapBKey is set. This way requires us to have the keys available first whereas the traditional way doesn't require any key data, just the user's password.

As far as auth-server is concerned I think this only requires remembering the new preference and including it in the key bundle.

The content-server will need UI for the preference and to handle unwrapBKey.

I happened to stumble onto this, and now cannot unsee.

mozilla/fxa-content-server /server/lib/configuration.js:47 has:

  env: {
    doc: 'What environment are we running in?  Note: all hosted environments are \'production\'.',
    format: ['production', 'development'],
    default: 'production',
    env: 'NODE_ENV'
  },

mozilla/fxa-auth-server /config/index.js:17 and mozilla/fxa-oauth-server /lib/config.js:67 has:

  env: {
    doc: 'The current node.js environment',
    default: 'prod',
    format: [ 'dev', 'test', 'stage', 'prod' ],
    env: 'NODE_ENV'
  },

mozilla/fxa-profile-server /lib/config.js:28 has:

  env: {
    arg: 'node-env',
    doc: 'The current node.js environment',
    env: 'NODE_ENV',
    format: ['dev', 'test', 'stage', 'prod'],
    default: 'dev'
  },

So my NODE_ENV can be "production" or "prod", or "development" or "dev", and the default on some servers is "dev" in some cases and "prod" (or "production") in others.

• contributing.md
• where to file bugs / how to file a bug
• wiki page
• bugzilla??? ( link to bugzilla )
• development
• good first bug
• waffle board view.
• metrics
• architecture?
• list the people. link to team somehow... (timezones, region). irc.
• calendar, etherpads, notes ...
• stuff: relier client, etc.

other stuff:

• meta bugs ...
• where to file global metrics bugs?

I want to be able to choose, upoload, and adjust (move, rotate, zoom, etc) my Avatar for Firefox Accounts.

As a developer, I want to know whether my user is a user of FxA, so I can customize her experience in my Web application.

If the Web application knows the user is already an FxA user, then it might prioritize getting the user to log in because she already has an account.

This might eventually be able to provide a more SSO-like experience.

This has been making the rounds on The Internet, but it would probably be a good thing to explicitly add to this repo, and maybe add pointers to the global document from the project repos:

http://todogroup.org/blog/open-code-of-conduct/
http://todogroup.org/opencodeofconduct/

Not sure if we want to copy/pasta the code of conduct and host it in GitHub, or simply add pointers to the todogroup.org site's version (with our name/contact embedded)

http://todogroup.org/opencodeofconduct/#FirefoxAccounts/[email protected]

This is a tracking bug for all all Node 4.2.3+ migration details

fxa-local-dev build is tracking what is failing to install here: https://travis-ci.org/mozilla/fxa-local-dev/jobs/89681956

Looks like we need another scrypt-hash bump for 4.2.2 ( cc @dannycoates ))

cc @jrgm

As a FF user when using Firefox,

I want FF and my core browsing data to feel speedy and to the point both in general usage and when I am specifically interacting with synced data.

1b. When I log into a service with my FxA, I want to be able to see it in my FxA dashboard, complete with last time logged in.

As a FF user when using Firefox,

I want to know the devices and services I am connected to via my Firefox Account, and important information about my the status of my services. 1b. For services, this includes when I am connected to those services via FF (a FF device) as well as through other other browsers (a non-FF device) 1

I want FF and my core browsing data to feel speedy and to the point both in general usage and when I am specifically interacting with synced data.
1a. When I am looking at another device's history, tabs, passwords, or other data types synced across my devices, I want FF to feel like it is propagating that information across my devices in a timely fashion.

In the discussion over in #66, we determined that zapping a device's session token via password reset doesn't disconnect it from the account, so it should still show up in the list of devices. Client-side, the device will enter the "needs reauth" state when it discovers that its session token has become invalid. Should we show some affordance for such devices in the devices view? (e.g. grayed out, a little warning icon overlay, whatever)

One wrinkle could be that the server will know the device needs to re-auth before the device itself discovers this, because of client-side caching issues like [1]. So you might see the warning in the devices view, dig out your other device, go to re-auth on there and it tells you that everything's fine.

Alternately, we can just could on such devices failing up update their "last connected" timestamp, and when the users sees "last connected 12 days ago" they'll think "oh, I need to go reconnect that device".

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1206325

As a FF product group member I want to know how many FxA users on a single device stop using Sync and other services over time, versus multidevice users

As a developer of services running on Firefox Mobile I want to be able to use a web login flow for Firefox Accounts to manage the experience and integration with other services (ie Hello).

As a FF user when using Firefox,

I want to know the devices and services I am connected to via my Firefox Account, and important information about my the status of my services. 1a. For devices, this includes last time synced, record counts of different data types, and optionally data storage size (perhaps an option for self-hosters or others?)

edmoz test issue for aha integration

So, I finally wrote a quick and dirty scanner for all the fxa-* repos' .travis.yml files:

var Wreck = require('wreck')

var repos = [
  'mozilla/fxa-auth-db-mem',
  'mozilla/fxa-auth-db-mysql',
  'mozilla/fxa-auth-db-server',
  'mozilla/fxa-auth-mailer',
  'mozilla/fxa-auth-server',
  'mozilla/fxa-basket-proxy',
  'mozilla/fxa-content-experiments',
  'mozilla/fxa-content-server',
  'mozilla/fxa-content-server-l10n',
  'mozilla/fxa-deployment',
  'mozilla/fxa-dev',
  'mozilla/fxa-easter-egg',
  'mozilla/fxa-js-client',
  'mozilla/fxa-jwtool',
  'mozilla/fxa-local-dev',
  'mozilla/fxa-notification-server',
  'mozilla/fxa-oauth-console',
  'mozilla/fxa-oauth-server',
  'mozilla/fxa-password-strength-checker',
  'mozilla/fxa-profile-server',
  'mozilla/fxa-relier-client',
  'mozilla/fxa-scrypt-helper',
  'mozilla/hapi-fxa-oauth'
]

repos.forEach(function (repo) {
  Wreck.get(getTravisYaml(repo), function (err, res, payload) {
    console.log('# %s\n%s\n\n', repo, payload)
  })
})

function getTravisYaml(repo) {
  return 'https://raw.githubusercontent.com/' + repo + '/master/.travis.yml'
}

And here's a [somewhat heavily] edited version of the output for each of the repos:

1. mozilla/fxa-auth-mailer

   language: node_js
   
   node_js:
   - "0.10"

2. mozilla/fxa-auth-db-mem

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   - "iojs-v1"
   - "iojs-v2"
   
   before_install:
   - npm config set spin false

3. mozilla/fxa-auth-db-mysql

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   - "iojs-v1"
   - "iojs-v2"
   
   before_install:
   - npm install -g npm@2

4. mozilla/fxa-auth-db-server

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   - "iojs-v1"
   - "iojs-v2"

5. mozilla/fxa-auth-server

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   - "iojs-v1"
   - "iojs-v2"
   
   sudo: false

6. mozilla/fxa-content-experiments

   language: node_js
   
   sudo: false
   
   node_js:
   - "0.10"

7. mozilla/fxa-content-server

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   
   sudo: false
   
   cache:
   directories:
     - node_modules
     - app/bower_components
     - fxa-auth-server/node_modules
   
   before_install:
   - npm install -g npm@2

8. mozilla/fxa-js-client

   language: node_js
   
   sudo: false
   
   node_js:
   - "0.10"

9. mozilla/fxa-easter-egg

   language: node_js
   
   node_js:
   - "0.10"
   - "0.12"
   
   sudo: false
   
   cache:
   directories:
     - node_modules
     - bower_components

10. mozilla/fxa-local-dev

    language: node_js
    node_js:
    - "0.10"
    - "0.12"
    - "iojs"
    
    before_install:
    - npm install -g [email protected]

11. mozilla/fxa-notification-server

    language: node_js
    node_js:
    - '0.10'
    - '0.12'
    - 'iojs'
    
    sudo: false

12. mozilla/fxa-oauth-console

    language: node_js
    
    node_js:
    - '0.10'

13. mozilla/fxa-oauth-server

    language: node_js
    
    node_js:
    - '0.10'
    - '0.12'
    - 'iojs'
    
    sudo: false
    
    before_install:
    - npm install -g npm@2

14. mozilla/fxa-password-strength-checker

    language: node_js
    
    sudo: false
    
    cache:
    directories:
      - node_modules
      - bower_components
    
    before_install:
    - npm install -g npm@2

15. mozilla/fxa-profile-server

    language: node_js
    
    node_js:
    - '0.10'
    - '0.12'
    - iojs
    
    before_install:
    - npm install -g npm@2

16. mozilla/fxa-relier-client

    language: node_js
    
    sudo: false
    
    node_js:
    - "0.10"

The following repos didn't have a /.travis.yml file in the repo:

• mozilla/fxa-basket-proxy
• mozilla/fxa-content-server-l10n
• mozilla/fxa-deployment
• mozilla/fxa-dev
• mozilla/fxa-jwtool
• mozilla/fxa-scrypt-helper
• mozilla/hapi-fxa-oauth

The chatter in #fxa is useful but it often makes it hard to maintain human-to-human-conversations. We should make a separate #fxa-bots or #fxa-chatter or something channel for them to talk into.

As noted in #69 (comment)

When a device presents a device-id that we don't recognize, we can either return an error, or we can magic a new one into existence for it. Let's pick one and apply it consistently across all endpoints.

I want views that make use of device names such as Tabs from My Other Devices to carry the same device naming and last synced information as the device/service dashboard

As a FF user when using Firefox,

1. I want to manage the devices and services attached to my FxA from one place.
   1a. For Mozilla-branded services like Sync and Hello, I want to be able to revoke the service and turn off data types synced between devices. This can include Sync data types as well as other Mozilla information services like Hello. My expectations about how those data types coexist on my FF devices should be consistent.

I'm revamping this oauth-server bug as a feature card: mozilla/fxa-oauth-server#125

As a developer of a trusted internal application, I want to be able to read the profile information associated with an FxA user id without having to have the user in the loop. Two concrete examples:

• The payments app, when sending confirmations or receipts, would like to know the most recent email address and locale preference for the user.
• The basket service would like to look up the user's current email address, and the types of devices they have connected to their account.

Work needed to accomplish this:

• Registering Service Clients mozilla/fxa-oauth-server#327
• Accept JWTs for authorization tokens mozilla/fxa-oauth-server#328
• Document Service Clients mozilla/fxa-oauth-server#329

There's a lot of detail on this (pretty old) project wiki page that makes more sense integrated into our canonical dev docs:

https://wiki.mozilla.org/Identity/Firefox_Accounts

We should move it over here, clean it up, and delete it from the wiki.

As a FF user when using Firefox,

1. I want to manage the devices and services attached to my FxA from one place.
   1b. For third party FxA-relaying services, I want to be able to disconnect them from FxA.

We have many hints that our code loads slowly for lots of users, and that moving to a CDN for our static resources would go a long way towards helping with that. Let's figure out how to more precisely characterize the the wins we expect, and the technical approach we'll use to enable this.

Things we've talked about that need to be captured in the feature definition:

• Metrics - what will we measure right now to determine how slow things are, and what graphs will we watch to determine how things improve?
• Infrastructure details - will we use AWS cloudfront, what will this look like from our code's POV, what assets will or will not live in the CDN?
• Subresource integrity - can and will we use [1] to maintain the security of our application while putting our code outside our directly control?

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

To test #3324, I added a 5 second delay to the response of the avatar fetch. I was surprised to see the settings screen is blank while the avatar loads. The code makes it seem like the avatar fetch occurs in afterVisible, so I'm a bit confused why this is happening.

Should we include this here somewhere?

https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Firefox_Accounts/UX_guidelines

See also: https://bugzilla.mozilla.org/show_bug.cgi?id=1218465

We need to track additional high-level metrics to judge whether we're hitting our goals for the second half of the year, which means we need more graphs on https://metrics.services.mozilla.com/accounts-dashboard/ or a linked dashboard.

Our priority themes are "user control" and "connected experience" and we'll measure their success by:

• Percentage of accounts that have a mobile device connected
• Percentage of accounts that have multiple devices connected
• Number of new multi-device connections made per day
• Churn, i.e. how many users stop using the service after 1 day, 1 week, 1 month, etc
• Churn for multi-device users
• Percentage of accounts that have customized profile data (name, avatar, etc)

We're not collecting a lot of this data currently, so this will probably depend on some backend data-model adjustments. /cc @philbooth w.r.t short-term priorities for backend work.

Tracking bug for https://bugzilla.mozilla.org/show_bug.cgi?id=1183917

Not sure the best place/file for it.
I like CONTRIBUTING.md since I think GitHub adds a nice yellow banner on the page when you submit a PR saying to read the contribution guidelines.

Re: "Document commit-message format in CONTRIBUTING.md",

@rfk: "Let's put this in the top-level fxa repo, and link to it from CONTRIBUTING.md"
— via mozilla/fxa-oauth-server#272

Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=1182255

As a FF product group member I want to know how many FxA users are using multiple devices or profiles.

I want to know how many users are using 2 devices or profiles

I want to know how many users are using 3 or more devices

I want a place to go when I think that something might be wrong with Sync to be able to see when a sync last occurred.

This came up in a recent Monday meeting - we should formalize the set of node environments we want to support/test on, and ensure that they're configured the same in .travis.yml across all repos. I vaguely remember settling on the following config:

language: node_js

node_js:
  - "0.10"
  - "0.12"
  - "4"

@jrgm @dannycoates any objections or counter-proposals?

As an FxA user when I lose control of the email account that is my username in Firefox Accounts I want to be able to change that FxA email address so that I don't lose access to my data and other FxA-relying services.

See https://www.lucidchart.com/documents/view/9c9a4647-615f-4b7c-a4db-71ae10afcd04

I want my FF devices to be logically named so I recognize them and also have the ability to rename them.

(Opening for discussion w.r.t Fx42 goal planning; let's not rush off to start building just yet).

Let's build a minimal version of a "control dashboard" where you can at least see what's connected to your account, and if we get real adventurous maybe let you disconnect things. @edmoz if we decide to push ahead with this for Fx42, we can use this bug to capture the user-story and all the dependencies.

Main user story

I want to see when and where I've logged in to Sync, so that I understand what devices are connected via my Firefox Account and their status.

• Provide an API on the auth server for listing active login sessions and their metadata
• Add a view on the content server that surfaces this data when the user is logged into her account

Supporting user stories

I want to see when I logged into a device, so that I know how old it is.

• This might already be possible via sessionToken creation time.

I want to see when each of my devices last connected, so that I can be informed about recent activity.

• Add last access time to login sessions (mozilla/fxa-auth-server#983)

I want to be able to easily identify devices, so that I can distinguish between them.

• Add user agent information to login sessions (mozilla/fxa-auth-server#983)
• Have Firefox pass the sync client GUID as its device ID after a user has logged into Sync (mozilla/fxa-auth-server#988)
• Have Firefox update the description field when its sync device name changes (mozilla/fxa-auth-server#988)

cc @jrgm @rfk

STR

1. Setup fxa-local-dev
2. Run FXA_ENV=stage npm start - this will use Stage config and start a fresh Firefox
3. Create a new account and verify it in the same browser

Expected

Sync should connect after verification

Actual

Sync asks to reconnect

Info

Full Firefox log against latest here: https://gist.github.com/vladikoff/dd3a1ba2b9394d5b8c3d

Stage SHA:

{
  "commit": "072e79a99c57466869b2342493701eb1c23290a3",
  "version": "0.49.2",
  "l10n": "5fcfa1c18f",
  "tosPp": "b86f95ea39",
  "source": "https://github.com/mozilla/fxa-content-server.git"
}

Stable SHA:

{
  "commit": "35797ad396353545c46af139144d8a8a37a4b02b",
  "version": "0.48.0",
  "l10n": "d5315da685",
  "tosPp": "262dbc7dab",
  "source": "https://github.com/mozilla/fxa-content-server.git"
}

This is broken for me on:

• local servers
• stage
• latest

This works for me in:

• production
• stable

FF41 Screenshot:

@philbooth asked for a system overview diagram, and @shane-tomlinson said he had one - let's get it linked into the docs here in whatever form it's in, and we can iterate as necessary from there.

As a FF product group member I want to know the number of new multiple device connections to FxA made per day, per week, per month.

This is the first version of My Devices

When users are in Sync preferences and click Manage, they will be taken to their account online. We are adding a Devices section that (ideally) lists all of the devices that are connected to Sync.

Most users will only have one device, and this is a shame because this means they are not really syncing, but only using a not-very-reliable backup. And beyond that it likely that they aren't aware that Firefox exists on other platforms.

We would like a call to action that best lets users know how (and why) to add other devices.

Here is an attempt that I know you can take to the next level:

@MozMatej

As a Firefox product group member I want to know how many FxA users are using a mobile device, and how many are mobile only.

(Opening for discussion w.r.t Fx42 goal planning; let's not rush off to start building just yet).

Let's build a way for users to get a simple status overview of what's going on in their sync cluster. A nice minimal set of data would be: a list of devices and the time they last synced, a count of the number of items stored of each type, and the total size of your stored data.

Problem: it's not possible to access any of this information without knowing the user's encryption key kB (or at least some derivatives of it).

To make this work well in web content, I think we'd need the following components:

• A way for content-server to ask for sessionToken and kB from sync state in the browser (mozilla/fxa-content-server#2662)
• Corresponding support in Firefox for passing back sessionToken and kB when asked
• UI in content-server for interacting with sync and displaying the status data

It could also be that fxa-content-server is not the right place to build this sort of sync-specific dashboard, but we do have a lot of sync-specific logic in there already.

Notes:

• Desktop Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1183917
• Figure out support in clients (Desktop, Android, iOS): Desktop only for now
• Events:
  • choose-what-to-sync started, cancelled choose-what-to-sync
• Tell Firefox iOS team to use it instead of spending time on the native view iOS is shipping without the signup options
• Content Server pull request: mozilla/fxa-content-server#2757
• Content server bug: mozilla/fxa-content-server#2303
• Experiments PR: https://github.com/mozilla/fxa-content-experiments/pull/22/files

Flow: https://www.lucidchart.com/documents/view/92d0ec74-a2af-40b8-b714-6db99149e39c