mozilla / fxa Goto Github PK
View Code? Open in Web Editor NEWMonorepo for Mozilla Accounts (formerly Firefox Accounts)
Home Page: https://mozilla.github.io/ecosystem-platform/
License: Mozilla Public License 2.0
Monorepo for Mozilla Accounts (formerly Firefox Accounts)
Home Page: https://mozilla.github.io/ecosystem-platform/
License: Mozilla Public License 2.0
other stuff:
There's a lot of detail on this (pretty old) project wiki page that makes more sense integrated into our canonical dev docs:
https://wiki.mozilla.org/Identity/Firefox_Accounts
We should move it over here, clean it up, and delete it from the wiki.
The chatter in #fxa
is useful but it often makes it hard to maintain human-to-human-conversations. We should make a separate #fxa-bots
or #fxa-chatter
or something channel for them to talk into.
I happened to stumble onto this, and now cannot unsee.
mozilla/fxa-content-server /server/lib/configuration.js:47 has:
env: {
doc: 'What environment are we running in? Note: all hosted environments are \'production\'.',
format: ['production', 'development'],
default: 'production',
env: 'NODE_ENV'
},
mozilla/fxa-auth-server /config/index.js:17 and mozilla/fxa-oauth-server /lib/config.js:67 has:
env: {
doc: 'The current node.js environment',
default: 'prod',
format: [ 'dev', 'test', 'stage', 'prod' ],
env: 'NODE_ENV'
},
mozilla/fxa-profile-server /lib/config.js:28 has:
env: {
arg: 'node-env',
doc: 'The current node.js environment',
env: 'NODE_ENV',
format: ['dev', 'test', 'stage', 'prod'],
default: 'dev'
},
So my NODE_ENV
can be "production" or "prod", or "development" or "dev", and the default on some servers is "dev" in some cases and "prod" (or "production") in others.
We have many hints that our code loads slowly for lots of users, and that moving to a CDN for our static resources would go a long way towards helping with that. Let's figure out how to more precisely characterize the the wins we expect, and the technical approach we'll use to enable this.
Things we've talked about that need to be captured in the feature definition:
[1] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
As a FF user when using Firefox,
I want FF and my core browsing data to feel speedy and to the point both in general usage and when I am specifically interacting with synced data.
1b. When I log into a service with my FxA, I want to be able to see it in my FxA dashboard, complete with last time logged in.
We currently have a nice view of account creation rate broken down by service type, as the "account creates by service" graph on [1]. Various product folks would also like to see the same metrics broken down by platform (i.e. windows, osx, android).
[1] https://metrics.services.mozilla.com/accounts-dashboard/
Should we include this here somewhere?
https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Firefox_Accounts/UX_guidelines
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=1218465
edmoz test issue for aha integration
I want FF and my core browsing data to feel speedy and to the point both in general usage and when I am specifically interacting with synced data.
1a. When I am looking at another device's history, tabs, passwords, or other data types synced across my devices, I want FF to feel like it is propagating that information across my devices in a timely fashion.
As noted in #69 (comment)
When a device presents a device-id that we don't recognize, we can either return an error, or we can magic a new one into existence for it. Let's pick one and apply it consistently across all endpoints.
As a FF user when using Firefox,
I want to know the devices and services I am connected to via my Firefox Account, and important information about my the status of my services. 1b. For services, this includes when I am connected to those services via FF (a FF device) as well as through other other browsers (a non-FF device) 1
I want a place to go when I think that something might be wrong with Sync to be able to see when a sync last occurred.
Goals:
In order to be compatible with stable desktop I propose we manage key preference from the server an leave the browser code as is. The new meaning of kB in browser code would essentially be "syncKey" with no notion of B-ness or A-ness. Unfortunately, we can't retroactively change the name. Currently, wrapKb is mixed with unwrapBKey to obtain kB, so if a user selected kA we need to make unwrapBKey ^ wrapKb == kA. Fortunately (to the best of my knowledge) on desktop, unwrapBKey is only supplied to the browser by content-server hosted code so we can deploy new code to set unwrapBKey based on preference. I don't yet know how Fennec acquires unwrapBKey...
If we have a user preference named syncKey, overriding unwrapBKey becomes:
if (syncKey === 'kA') {
unwrapBKey = wrapKb ^ kA
}
The tricky part (though I haven't looked yet) may be in the timing of when unwrapBKey is set. This way requires us to have the keys available first whereas the traditional way doesn't require any key data, just the user's password.
As far as auth-server is concerned I think this only requires remembering the new preference and including it in the key bundle.
The content-server will need UI for the preference and to handle unwrapBKey.
This came up in a recent Monday meeting - we should formalize the set of node environments we want to support/test on, and ensure that they're configured the same in .travis.yml across all repos. I vaguely remember settling on the following config:
language: node_js
node_js:
- "0.10"
- "0.12"
- "4"
@jrgm @dannycoates any objections or counter-proposals?
As a FF user when using Firefox,
I want to know the devices and services I am connected to via my Firefox Account, and important information about my the status of my services. 1a. For devices, this includes last time synced, record counts of different data types, and optionally data storage size (perhaps an option for self-hosters or others?)
FXA_ENV=stage npm start
- this will use Stage config and start a fresh FirefoxSync should connect after verification
Full Firefox log against latest
here: https://gist.github.com/vladikoff/dd3a1ba2b9394d5b8c3d
Stage SHA:
{
"commit": "072e79a99c57466869b2342493701eb1c23290a3",
"version": "0.49.2",
"l10n": "5fcfa1c18f",
"tosPp": "b86f95ea39",
"source": "https://github.com/mozilla/fxa-content-server.git"
}
Stable SHA:
{
"commit": "35797ad396353545c46af139144d8a8a37a4b02b",
"version": "0.48.0",
"l10n": "d5315da685",
"tosPp": "262dbc7dab",
"source": "https://github.com/mozilla/fxa-content-server.git"
}
This is broken for me on:
This works for me in:
Notes:
Flow: https://www.lucidchart.com/documents/view/92d0ec74-a2af-40b8-b714-6db99149e39c
Tracking bug for https://bugzilla.mozilla.org/show_bug.cgi?id=1183917
(Opening for discussion w.r.t Fx42 goal planning; let's not rush off to start building just yet).
Let's build a minimal version of a "control dashboard" where you can at least see what's connected to your account, and if we get real adventurous maybe let you disconnect things. @edmoz if we decide to push ahead with this for Fx42, we can use this bug to capture the user-story and all the dependencies.
Main user story
I want to see when and where I've logged in to Sync, so that I understand what devices are connected via my Firefox Account and their status.
Supporting user stories
I want to see when I logged into a device, so that I know how old it is.
sessionToken
creation time.I want to see when each of my devices last connected, so that I can be informed about recent activity.
I want to be able to easily identify devices, so that I can distinguish between them.
device
ID after a user has logged into Sync (mozilla/fxa-auth-server#988)description
field when its sync device name changes (mozilla/fxa-auth-server#988)As an FxA user when I lose control of the email account that is my username in Firefox Accounts I want to be able to change that FxA email address so that I don't lose access to my data and other FxA-relying services.
See https://www.lucidchart.com/documents/view/9c9a4647-615f-4b7c-a4db-71ae10afcd04
As a developer of services running on Firefox Mobile I want to be able to use a web login flow for Firefox Accounts to manage the experience and integration with other services (ie Hello).
As a FF product group member I want to know how many FxA users are using multiple devices or profiles.
I want to know how many users are using 2 devices or profiles
I want to know how many users are using 3 or more devices
This is the first version of My Devices
As a FF product group member I want to know how many members permanently stop using services after one day., one week, one month
I'm revamping this oauth-server bug as a feature card: mozilla/fxa-oauth-server#125
As a developer of a trusted internal application, I want to be able to read the profile information associated with an FxA user id without having to have the user in the loop. Two concrete examples:
Work needed to accomplish this:
(Opening for discussion w.r.t Fx42 goal planning; let's not rush off to start building just yet).
Let's build a way for users to get a simple status overview of what's going on in their sync cluster. A nice minimal set of data would be: a list of devices and the time they last synced, a count of the number of items stored of each type, and the total size of your stored data.
Problem: it's not possible to access any of this information without knowing the user's encryption key kB
(or at least some derivatives of it).
To make this work well in web content, I think we'd need the following components:
sessionToken
and kB
from sync state in the browser (mozilla/fxa-content-server#2662)sessionToken
and kB
when askedIt could also be that fxa-content-server is not the right place to build this sort of sync-specific dashboard, but we do have a lot of sync-specific logic in there already.
To test #3324, I added a 5 second delay to the response of the avatar fetch. I was surprised to see the settings screen is blank while the avatar loads. The code makes it seem like the avatar fetch occurs in afterVisible, so I'm a bit confused why this is happening.
I want views that make use of device names such as Tabs from My Other Devices to carry the same device naming and last synced information as the device/service dashboard
@philbooth asked for a system overview diagram, and @shane-tomlinson said he had one - let's get it linked into the docs here in whatever form it's in, and we can iterate as necessary from there.
In the discussion over in #66, we determined that zapping a device's session token via password reset doesn't disconnect it from the account, so it should still show up in the list of devices. Client-side, the device will enter the "needs reauth" state when it discovers that its session token has become invalid. Should we show some affordance for such devices in the devices view? (e.g. grayed out, a little warning icon overlay, whatever)
One wrinkle could be that the server will know the device needs to re-auth before the device itself discovers this, because of client-side caching issues like [1]. So you might see the warning in the devices view, dig out your other device, go to re-auth on there and it tells you that everything's fine.
Alternately, we can just could on such devices failing up update their "last connected" timestamp, and when the users sees "last connected 12 days ago" they'll think "oh, I need to go reconnect that device".
I want my FF devices to be logically named so I recognize them and also have the ability to rename them.
I want to be able to choose, upoload, and adjust (move, rotate, zoom, etc) my Avatar for Firefox Accounts.
As a Firefox product group member I want to know how many FxA users are using a mobile device, and how many are mobile only.
We need to track additional high-level metrics to judge whether we're hitting our goals for the second half of the year, which means we need more graphs on https://metrics.services.mozilla.com/accounts-dashboard/ or a linked dashboard.
Our priority themes are "user control" and "connected experience" and we'll measure their success by:
We're not collecting a lot of this data currently, so this will probably depend on some backend data-model adjustments. /cc @philbooth w.r.t short-term priorities for backend work.
As a FF product group member I want to know how many FxA users on a single device stop using Sync and other services over time, versus multidevice users
As a FF product group member I want to know the number of new multiple device connections to FxA made per day, per week, per month.
This has been making the rounds on The Internet, but it would probably be a good thing to explicitly add to this repo, and maybe add pointers to the global document from the project repos:
http://todogroup.org/blog/open-code-of-conduct/
http://todogroup.org/opencodeofconduct/
Not sure if we want to copy/pasta the code of conduct and host it in GitHub, or simply add pointers to the todogroup.org site's version (with our name/contact embedded)
http://todogroup.org/opencodeofconduct/#FirefoxAccounts/[email protected]
This is a tracking bug for all all Node 4.2.3+ migration details
fxa-local-dev build is tracking what is failing to install here: https://travis-ci.org/mozilla/fxa-local-dev/jobs/89681956
Looks like we need another scrypt-hash bump for 4.2.2 ( cc @dannycoates ))
cc @jrgm
As a developer, I want to know whether my user is a user of FxA, so I can customize her experience in my Web application.
If the Web application knows the user is already an FxA user, then it might prioritize getting the user to log in because she already has an account.
This might eventually be able to provide a more SSO-like experience.
As a FF user when using Firefox,
When users are in Sync preferences and click Manage, they will be taken to their account online. We are adding a Devices section that (ideally) lists all of the devices that are connected to Sync.
Most users will only have one device, and this is a shame because this means they are not really syncing, but only using a not-very-reliable backup. And beyond that it likely that they aren't aware that Firefox exists on other platforms.
We would like a call to action that best lets users know how (and why) to add other devices.
Here is an attempt that I know you can take to the next level:
Not sure the best place/file for it.
I like CONTRIBUTING.md since I think GitHub adds a nice yellow banner on the page when you submit a PR saying to read the contribution guidelines.
Re: "Document commit-message format in CONTRIBUTING.md",
@rfk: "Let's put this in the top-level fxa repo, and link to it from CONTRIBUTING.md"
โ via mozilla/fxa-oauth-server#272
So, I finally wrote a quick and dirty scanner for all the fxa-* repos' .travis.yml files:
var Wreck = require('wreck')
var repos = [
'mozilla/fxa-auth-db-mem',
'mozilla/fxa-auth-db-mysql',
'mozilla/fxa-auth-db-server',
'mozilla/fxa-auth-mailer',
'mozilla/fxa-auth-server',
'mozilla/fxa-basket-proxy',
'mozilla/fxa-content-experiments',
'mozilla/fxa-content-server',
'mozilla/fxa-content-server-l10n',
'mozilla/fxa-deployment',
'mozilla/fxa-dev',
'mozilla/fxa-easter-egg',
'mozilla/fxa-js-client',
'mozilla/fxa-jwtool',
'mozilla/fxa-local-dev',
'mozilla/fxa-notification-server',
'mozilla/fxa-oauth-console',
'mozilla/fxa-oauth-server',
'mozilla/fxa-password-strength-checker',
'mozilla/fxa-profile-server',
'mozilla/fxa-relier-client',
'mozilla/fxa-scrypt-helper',
'mozilla/hapi-fxa-oauth'
]
repos.forEach(function (repo) {
Wreck.get(getTravisYaml(repo), function (err, res, payload) {
console.log('# %s\n%s\n\n', repo, payload)
})
})
function getTravisYaml(repo) {
return 'https://raw.githubusercontent.com/' + repo + '/master/.travis.yml'
}
And here's a [somewhat heavily] edited version of the output for each of the repos:
language: node_js
node_js:
- "0.10"
language: node_js
node_js:
- "0.10"
- "0.12"
- "iojs-v1"
- "iojs-v2"
before_install:
- npm config set spin false
language: node_js
node_js:
- "0.10"
- "0.12"
- "iojs-v1"
- "iojs-v2"
before_install:
- npm install -g npm@2
language: node_js
node_js:
- "0.10"
- "0.12"
- "iojs-v1"
- "iojs-v2"
language: node_js
node_js:
- "0.10"
- "0.12"
- "iojs-v1"
- "iojs-v2"
sudo: false
language: node_js
sudo: false
node_js:
- "0.10"
language: node_js
node_js:
- "0.10"
- "0.12"
sudo: false
cache:
directories:
- node_modules
- app/bower_components
- fxa-auth-server/node_modules
before_install:
- npm install -g npm@2
language: node_js
sudo: false
node_js:
- "0.10"
language: node_js
node_js:
- "0.10"
- "0.12"
sudo: false
cache:
directories:
- node_modules
- bower_components
language: node_js
node_js:
- "0.10"
- "0.12"
- "iojs"
before_install:
- npm install -g [email protected]
language: node_js
node_js:
- '0.10'
- '0.12'
- 'iojs'
sudo: false
language: node_js
node_js:
- '0.10'
language: node_js
node_js:
- '0.10'
- '0.12'
- 'iojs'
sudo: false
before_install:
- npm install -g npm@2
language: node_js
sudo: false
cache:
directories:
- node_modules
- bower_components
before_install:
- npm install -g npm@2
language: node_js
node_js:
- '0.10'
- '0.12'
- iojs
before_install:
- npm install -g npm@2
language: node_js
sudo: false
node_js:
- "0.10"
As a FF user when using Firefox,
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.