Identity/Firefox Accounts/Meeting Notes/2016 04 21 Web

2016-04-21: Thursday Web Coordination

Today's Theme: Blockers & areas that need attention/help.

WHO: javaun, jbuck, jrgm, stomlinson, rfeeley, vbudhram, vladikoff

Discuss:

• It's the Queen's 90th birthday!
• From last time:
  • Reverse merge - complete!
  • jrgm/jbuck cleanup - going well, almost back to normal!
• Train 60 - cut? Saw a deploy ticket about it.
• pin commits?
  • mentioned in IRC
• Fix busted build
  • shane to copy https://github.com/jbuck/node-uap/tree/build-unbusted to his branch
• re-confirm email
  • Major work is occurring in auth server, content server
  • auth-server:
    • https://github.com/mozilla/fxa-auth-server/pull/1232
    • How to handle verifying email account and tokens, discussion
      • these are the same size now in the db pr, so you can use the same code for both if you like👍
    • preverified account, tokens created verified, updates needed in fxa-mysql-db
      • will do this tomorrow a.m.
      • alternative would just be for the auth server to manually call /token/:id/verify straight after creation
    • stomlinson and vbudhram to chat after meeting.
  • content-server: UI is implemented, starting to add functional tests.
  • Email footer text: decided upon?
    • If you suspect that someone is trying to gain access to your account, please __take these precautions now__.
      • "take these precautions now" is a link to SUMO.
    • Email footer text idea: Should we have a way for the user to change their password and destroy a sessionToken/keyFetchToken from the email if their account is under attack?
      • Destroy sessionToken/keyFetchToken would also alert us.
• Functional test templates
  • https://github.com/mozilla/fxa-content-server/pull/3673
  • After more thought, don't like the API, want to think about it more. I feel something like this is necessary, updating all the functional tests for re-confirm email is painful!
  • maybe, if these cases are all testing the same re-used code deep down, we don't need all of the different functional test cases? or is that a dangerous assumption?
• Enable CSP: https://github.com/mozilla/fxa-content-server/pull/3627
  • Instead of hard coding CSP rules, does it make sense to make them all live in config?
    • -1
  • Functional tests would break on prod for a variety of reasons.
• Update button text on CWTS
  • https://github.com/mozilla/fxa-content-server/pull/3672
  • rfk wants rfeeley's feedback
  • r+ - shipit
• flow.begin
  • https://github.com/mozilla/fxa-content-server/pull/3619
    • stomlinson to review
• PW length warning
  • https://github.com/mozilla/fxa-content-server/pull/3635
  • Needs updated to handle screens w/ 2 password fields
• Force numeric input in age field
  • https://github.com/mozilla/fxa-content-server/pull/3642
  • close, stomlinson asked for a couple of updates
• Remove synchronization of unmasking
  • https://github.com/mozilla/fxa-content-server/pull/3661
  • Needs rebase
• discuss: Google docs for notes instead of etherpad (?)
  • Archive into GDocs or a Wiki...?
  • 2 votes for Wiki
    • +1
  • stomlinson is going to find a good place in wiki.mozilla.org (maybe https://wiki.mozilla.org/Firefox-Accounts )
• Sync drum circle-fest
• Was this meeting really long?
  • Yes