forked from mozilla/persona
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog
132 lines (122 loc) · 8.74 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
train-2011.10.20:
* android < 3.0 now supported: #461
* properly set assertion expiration time to when they expire, not when they're issued: #433, #457, #458
* update privacy policy language to jive with new UI: #381
* add redirects for old URLs that no longer exist with the new UI: #376
* inside the minified include.js, link to uncompressed version for developer convenience and discovery: #432
* language tweaks: #437, #444
* improve button UI appearance on opera and IE: #435
* improve visual feedback for links: #440
* UI fixes for > 2 email addresses on iOS: #417
* smooth out screen transitions in dialog: #369
* improved "check your email" screen on mobile: #462
* no auto-caps nor auto-correct for iOS in add email field: #464
* improve event listening on input fields: #406
* remember email when moving user from signup to sign-in for known email address: #108
* don't call sync_emails more than necessary: #434
* assertions now include full origin (scheme+host+port). verifier accepts only host+port OR full origin, and returns whatever RP sends for back compat: #82
train-2011.10.13:
* fix verification of email in different browser than where verification is initiated: #336
* Android < 3.0 (browsers that can't handle JSON.parse("null")) now blocked explicitly (until we complete support)
* textual fixes to about page: #350
* 'cancel account' link added to manage page: #405
* warn user that removing last email address effectively cancels account: #394, #404, #137
* fixed signing dialog hang when you delete an email on manage page while dialog is open (now that's not obscure :P): #401
* Optimize UI in case where user has only 1 email address: #412
* smooth out transition from pick email to add new email pages: #410
* reposition remove buttons on manage page: #409
* identity and labs links open in new tabs: #380
* fix innocuous (but ugly) error in firefox error console: #390
* implement dynamic bcrypt work factor update: #204
* default work factor is now at 12 (NOTE: [re]authentication now takes 6x longer - ~600ms on our current hardware): #212
* many test fixes, and code refactoring, cleanup, and reorganization
* accept SMTP parameters from the environment: #214 (not yet closed)
* WSAPI CHANGES (https://github.com/mozilla/browserid/commit/511b56): all server responses are now objects: #217, #325
train-2011.10.06:
* full site & dialog redesign: (many, many closed issues are related to this, including #269, #343, #342, #347, #354, #356, #357, #350, #349, #364, #346, #336)
* improved debugging, all network callbacks are invoked asynchronously: #276
* MYSQL SCHEMA CHANGE: passwd field no longer in staged table (password is now set after verify link clickthrough)
* MYSQL SCHEMA CHANGE: add index to emails table: #209
* WSAPI CHANGES (to support new UI): https://github.com/mozilla/browserid/commit/b6ee51
* WSAPI CHANGES: a mis-set client clock no longer causes invalid assertions to be issued (wsapi changed to minimize network requests): #329
* disallow re-registration of existing account: #333
* (non-visible) namespacing in dialog code: #275
* API BREAKING CHANGE: verifier no longer supports GET requests: #98
* significant performance / UX improvement - keys are generated and certified when needed, not all upfront at sign-in: #278
* remove 'download printable format' language from privacy policy: #280
* faster keygen via crypto optimizations: https://github.com/mozilla/browserid/commit/778433
* improvements to mobile layout & usability (specific to the new UI)
* more user visible error messages to improve community sourced problem reports: #335
* IE8 improvements (still not fully supported): #246, #361, #346
* cookie fixes revisited, now on upstream version of connect-cookie-session: #310
* (merged 2011.10.07) fix unstyled flash at first dialog display: #365
train-2011.09.29:
* shortly after dialog is spawned, we remove the four random chars in the fragment (aesthetic)
* fix bug where session duration had an upper bound of 7 days - the time the server was running: #310
* fix bug where a user could go longer than 1 week without re-authenticating: #309
* fix link on /developers page to verifier source: #326
train-2011.09.22:
* migrate to browserid signed certificates rather than keypairs where browserid hosts the public key: https://github.com/mozilla/browserid/issues?milestone=6
* IE9 support
* partial IE8 support (not yet usable, several small remaining bugs, and abysmal performance)
* development harness (./run.js) now respects an IP_ADDRESS env var to bind to a specific address (other than 127.0.0.1)
* improved first-time development experience: `git clone && cd browserid && npm install && npm run`
* initial support for running locally under virtualbox via vagrant: issue #261 (thanks ozten!)
* (fix 2011.09.23) fix race condition between relay iframe and window introduced with IE9 support. issue #287
* (fix 2011.09.23) fix blank popup on second signin invocation in same session in FFX: issue #286
* (fix 2011.09.23) explicitly disable caching for /wsapi calls, prevents unwanted caching of CSRF and friends. issue #294
train-2011.09.01:
* /ws_api/set_key always returns returns value instead of HTTP 204 response: #219
* update javascript mvc to 3.1.0.
* major interframe/window communication change using a hidden relay iframe to facilitate IE: #97(still open)
* link colors on browserid.org are consistent: #227
train-2011.08.25:
* created command line load generation tool and performance analysis work: #125
* beginning unit/functional tests for front end: #183
* front end refactor to facilitate unit/functional tests and UX iteration: #183
* error messages are shown on front end: #184
* users must now verify account ownership before attempting a key sync.
* manage page date format: #191
* manage page button only displayed if user is currently authenticated: #195
* manage page emails are synced on page open: #181
* wsapi_client created for clients needing programatic access to wsapi.
* harden set_key against duplicate keys.
* fix new email addresses added not being synced on client: #199
* upgrade to bcrypt 0.2.4.
* minify include.js by default: #206
* more than one email address can be added per dialog lifespan: #215
* verifyier no longer verifies assertions issued by another server.
* (2011.08.31) no error message displayed if you try to authenticate with an invalid u/p: #222
train-2011.08.18:
* upon clickthrough of the email link, don't have the browser window close itself: #162
* passwords must be between 8 and 80 chars: #155
* improved handling of emailing & verification urls during local development & testing: #88
* language changes in dialog: #150
* many improvements to unit tests: #171
* forgotten password flow was broken with port to mysql, fixed: #170
* improved metrics reporting abstraction: #168
* moved all server logging into a single file: #169
* all files created at execution time are now in one location: #172
* developer ergonomics - improved colorized logging with terse webserver output to console
* always require a user to authenticate if they don't have an active session: #74
* improved CSRF protection to fix race conditions in previous train: #173
train-2011.08.12:
* massive zero-user-visibile refactoring of dialog javascript.
* fix cancel button in "waiting for verification state" (issue #147)
* all browserid source is now tri-licensed (MPL1.1/GPL/LGPL). (issue #141)
* fixes for mobile firefox (fennec). (issue #140)
* mysql support implemented for browserid (default persistence production) (issue #71)
* json persistence support added - a standalone dead simple persistence layer which is the default for local development and requires no external software.
* email secrets are now persisted in the database, so upon server restart outstanding verification links are no longer invalidated (issue #91)
* (website) styling changes - like fix issues where links on dev page were being displayed white on white.
train-2011.08.04:
* when user closes dialog without clicking "cancel", properly return 'null' to the webpage (via getVerifiedEmail callback) - issue #107
* improve checks to warn developer that prerequisite software is missing. issue #110
* parameterize software to support multiple deployment environments (dev/beta/prod) issues #102 & #52
* documentation updates.
* improved logging (using the winston logging framework for node.js)
* [website] fixed inclusion of youtube video (now over https to keep browsers from getting scared about mixed mode resource inclusion)
train-1:
* beginning of time, everything is new.
* (2011.08.03) include youtube video embedding over https (issue #112)
* (2011.08.04) fix mozillalabs.com link in dialog (issue #116)