mozilla
diff --git a/‎docs/API.md‎
Lines changed: 52 additions & 0 deletions b/‎docs/API.md‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎fxa-auth-db-server/index.js‎
Lines changed: 10 additions & 0 deletions b/‎fxa-auth-db-server/index.js‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎fxa-auth-db-server/test/backend/db_tests.js‎
Lines changed: 91 additions & 1 deletion b/‎fxa-auth-db-server/test/backend/db_tests.js‎
Lines changed: 91 additions & 1 deletion
diff --git a/‎fxa-auth-db-server/test/backend/remote.js‎
Lines changed: 61 additions & 0 deletions b/‎fxa-auth-db-server/test/backend/remote.js‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎lib/db/mem.js‎
Lines changed: 64 additions & 6 deletions b/‎lib/db/mem.js‎
Lines changed: 64 additions & 6 deletions
@@ -17,8 +17,10 @@ There are a number of methods that a DB storage backend should implement:
     * .resetTokens(uid)
 * Accounts (using `email`)
     * .emailRecord(emailBuffer)
+    * .accountRecord(emailBuffer)
     * .accountExists(emailBuffer)
     * .getSecondaryEmail(emailBuffer)
+    * .setPrimaryEmail(uid, emailBuffer)
 * Session Tokens
     * .createSessionToken(tokenId, sessionToken)
     * .updateSessionToken(tokenId, sessionToken)
@@ -296,6 +298,9 @@ Returns:
 
 ## .emailRecord(emailBuffer) ##
 
+Note: Using this method will emit a deprecation warning, please use `.accountRecord` instead.
+This method only reads from the account table whereas `.accountRecord` checks the emails table and returns correct account record.
+
 Gets the account record related to this (normalized) email address. The email is provided in a Buffer.
 
 Parameters:
@@ -321,6 +326,36 @@ Returns:
 * rejects: with one of:
     * `error.notFound()` if no account exists for this email address
     * any error from the underlying storage engine
+    
+## .accountRecord(emailBuffer) ##
+
+Gets the account record related to this (normalized) email address by checking for email on emails table. 
+The email is provided in a Buffer.
+
+Parameters:
+
+* emailBuffer: the email address will be a hex encoded string, which is converted back to a string, then
+  `.toLowerCase()`. In the MySql backend we use `LOWER(?)` which uses the current locale for case-folding.
+
+Returns:
+
+* resolves with:
+    * `account` - consisting of:
+        * uid - (Buffer16)
+        * email - (string)
+        * normalizedEmail - (string)
+        * emailVerified - 0|1
+        * emailCode - (Buffer16)
+        * kA - (Buffer32)
+        * wrapWrapKb - (Buffer32)
+        * verifierVersion - (number)
+        * verifyHash - (Buffer32)
+        * authSalt - (Buffer32)
+        * verifierSetAt - (number) an epoch
+        * primaryEmail - (string)
+* rejects: with one of:
+    * `error.notFound()` if no account exists for this email address
+    * any error from the underlying storage engine
 
 ## .accountExists(email) ##
 
@@ -363,6 +398,23 @@ Returns:
     * `error.notFound()` if no email address exists on emails table
     * any error from the underlying storage engine
 
+## .setPrimaryEmail(uid, emailBuffer) ##
+
+Sets the primary email address as `emailBuffer` for account with `uid`.
+
+Parameters:
+
+* uid: the uid of the account
+* email: the normalized email address that will be the new primary email
+
+Returns:
+
+* resolves with:
+    * an empty object `{}`
+* rejects: with one of:
+    * `error.notFound()` if no email address exists on emails table
+    * any error from the underlying storage engine
+    
 ## Tokens ##
 
 All tokens (sessionTokens, keyFetchTokens, passwordForgotTokens, passwordChangeTokens, accountResetTokens) have three
 
@@ -96,6 +96,16 @@ function createServer(db) {
       return db.getSecondaryEmail(Buffer(req.params.email, 'hex'))
     })
   )
+  api.get('/email/:email/account',
+    op(function (req) {
+      return db.accountRecord(Buffer(req.params.email, 'hex'))
+    })
+  )
+  api.post('/email/:email/account/:id',
+    op(function (req) {
+      return db.setPrimaryEmail(req.params.id, Buffer(req.params.email, 'hex'))
+    })
+  )
 
   api.get('/sessionToken/:id', withIdAndBody(db.sessionToken))
   api.del('/sessionToken/:id', withIdAndBody(db.deleteSessionToken))
 
@@ -44,7 +44,7 @@ function createEmail(data) {
     email: ('' + Math.random()).substr(2) + '@bar.com',
     uid: data.uid,
     emailCode: data.emailCode || crypto.randomBytes(16),
-    isVerified: false,
+    isVerified: data.isVerified || false,
     isPrimary: false,
     createdAt: Date.now()
   }
@@ -120,6 +120,23 @@ const ACCOUNT_RESET_TOKEN = {
   createdAt: now + 5
 }
 
+function makeMockSessionToken(uid) {
+  var sessionToken = {
+    data : hex32(),
+    uid : uid,
+    createdAt : now + 1,
+    uaBrowser : 'mock browser',
+    uaBrowserVersion : 'mock browser version',
+    uaOS : 'mock OS',
+    uaOSVersion : 'mock OS version',
+    uaDeviceType : 'mock device type',
+    mustVerify: true,
+    tokenVerificationId : hex16()
+  }
+
+  return sessionToken
+}
+
 // To run these tests from a new backend, pass the config and an already created
 // DB API for them to be run against.
 module.exports = function(config, DB) {
@@ -2468,6 +2485,79 @@ module.exports = function(config, DB) {
       })
     })
 
+    describe('change email', () => {
+      let account, secondEmail
+
+      before(() => {
+        account = createAccount()
+        account.emailVerified = true
+        secondEmail = createEmail({
+          uid: account.uid,
+          isVerified: true
+        })
+        return db.createAccount(account.uid, account)
+          .then(function () {
+            return db.createEmail(account.uid, secondEmail)
+          })
+          .then(function (result) {
+            assert.deepEqual(result, {}, 'Returned an empty object on email creation')
+            return db.accountEmails(account.uid)
+          })
+          .then(function (res) {
+            assert.deepEqual(res.length, 2, 'Returns correct amount of emails')
+            assert.equal(res[0].email, account.email, 'primary email is the address that was used to create account')
+            assert.deepEqual(res[0].emailCode, account.emailCode, 'correct emailCode')
+            assert.equal(!! res[0].isVerified, true, 'correct verification set')
+            assert.equal(!! res[0].isPrimary, true, 'isPrimary is true')
+
+            assert.equal(res[1].email, secondEmail.email, 'primary email is the address that was used to create account')
+            assert.deepEqual(res[1].emailCode, secondEmail.emailCode, 'correct emailCode')
+            assert.equal(!! res[1].isVerified, true, 'correct verification set')
+            assert.equal(!! res[1].isPrimary, false, 'isPrimary is false')
+          })
+      })
+
+      it('should change a user\'s email', () => {
+        return db.setPrimaryEmail(account.uid, secondEmail.email)
+          .then(function (res) {
+            assert.deepEqual(res, {}, 'Returned an empty object on email change')
+            return db.accountEmails(account.uid)
+          })
+          .then(function (res) {
+            assert.deepEqual(res.length, 2, 'Returns correct amount of emails')
+
+            assert.equal(res[0].email, secondEmail.email, 'primary email is the secondary email address')
+            assert.deepEqual(res[0].emailCode, secondEmail.emailCode, 'correct emailCode')
+            assert.equal(!! res[0].isVerified, secondEmail.isVerified, 'correct verification set')
+            assert.equal(!! res[0].isPrimary, true, 'isPrimary is true')
+
+            assert.equal(res[1].email, account.email, 'should equal account email')
+            assert.deepEqual(res[1].emailCode, account.emailCode, 'correct emailCode')
+            assert.equal(!! res[1].isVerified, account.emailVerified, 'correct verification set')
+            assert.equal(!! res[1].isPrimary, false, 'isPrimary is false')
+
+            // Verify correct email set in session
+            const sessionToken = makeMockSessionToken(account.uid)
+            return db.createSessionToken(SESSION_TOKEN_ID, sessionToken)
+              .then(() => {
+                return P.all([db.sessionToken(SESSION_TOKEN_ID), db.sessionTokenWithVerificationStatus(SESSION_TOKEN_ID)])
+              })
+          })
+          .then((res) => {
+            res.forEach((session) => {
+              assert.equal(session.email, secondEmail.email, 'should equal new primary email')
+              assert.deepEqual(session.emailCode, secondEmail.emailCode, 'should equal new primary emailCode')
+              assert.deepEqual(session.uid, account.uid, 'should equal account uid')
+            })
+            return P.all([db.accountRecord(secondEmail.email), db.accountRecord(account.email)])
+          })
+          .then((res) => {
+            assert.deepEqual(res[0], res[1], 'should return the same account record regardless of email used')
+            assert.deepEqual(res[0].primaryEmail, secondEmail.email, 'primary email should be set to update email')
+          })
+      })
+    })
+
     after(() => db.close())
   })
 }
@@ -1467,6 +1467,67 @@ module.exports = function(cfg, makeServer) {
       }
     )
 
+    describe(
+      'add account, add email, change email',
+      () => {
+        let user, secondEmailRecord
+
+        before(() => {
+          user = fake.newUserDataHex()
+          secondEmailRecord = user.email
+
+          // Create account
+          return client.putThen('/account/' + user.accountId, user.account)
+            .then(function (r) {
+              respOkEmpty(r)
+              // Create secondary email
+              return client.postThen('/account/' + user.accountId + '/emails', user.email)
+            })
+            .then(function (r) {
+              respOk(r)
+              const emailCodeHex = secondEmailRecord.emailCode.toString('hex')
+              // Verify secondary email
+              return client.postThen('/account/' + user.accountId + '/verifyEmail/' + emailCodeHex)
+            })
+            .then(function (r) {
+              respOkEmpty(r)
+              return client.getThen('/account/' + user.accountId + '/emails')
+            })
+            .then(function (r) {
+              respOk(r)
+              const result = r.obj
+              assert.equal(result[0].email, user.account.email, 'matches account email')
+              assert.equal(!! result[0].isPrimary, true, 'isPrimary is true on account email')
+              assert.equal(!! result[0].isVerified, !! user.account.emailVerified, 'matches account emailVerified')
+
+              assert.equal(result[1].email, secondEmailRecord.email, 'matches secondEmail email')
+              assert.equal(!! result[1].isPrimary, false, 'isPrimary is false on secondEmail email')
+              assert.equal(!! result[1].isVerified, true, 'matches secondEmail isVerified')
+            })
+        })
+
+        it('should change email', () => {
+          return client.postThen('/email/' + emailToHex(secondEmailRecord.email) + '/account/' + user.accountId)
+            .then((r) => {
+              respOkEmpty(r)
+              return client.getThen('/account/' + user.accountId + '/emails')
+            })
+            .then(function (r) {
+              respOk(r)
+              const result = r.obj
+
+              assert.equal(result[0].email, secondEmailRecord.email, 'matches secondEmail email')
+              assert.equal(!! result[0].isPrimary, true, 'isPrimary is true on secondEmail email')
+              assert.equal(!! result[0].isVerified, true, 'matches secondEmail isVerified')
+
+              assert.equal(result[1].email, user.account.email, 'matches account email')
+              assert.equal(!! result[1].isPrimary, false, 'isPrimary is false on account email')
+              assert.equal(!! result[1].isVerified, !! user.account.emailVerified, 'matches account emailVerified')
+            })
+        })
+      }
+    )
+
     after(() => server.close())
 
   })
 
@@ -9,6 +9,7 @@ const extend = require('util')._extend
 const ip = require('ip')
 const dbUtil = require('./util')
 const config = require('../../config')
+const nodeUtil = require('util')
 
 // our data stores
 var accounts = {}
@@ -536,13 +537,13 @@ module.exports = function (log, error) {
   // Returns:
   //   - the account if found
   //   - throws 'notFound' if not found
-  Memory.prototype.emailRecord = function (email) {
+  Memory.prototype.emailRecord = nodeUtil.deprecate(function (email) {
     email = email.toString('utf8').toLowerCase()
     return getAccountByUid(uidByNormalizedEmail[email])
       .then(function (account) {
         return filterAccount(account)
       })
-  }
+  }, 'DeprecationWarning for mem.emailRecord: Use mem.accountRecord')
 
   Memory.prototype.sessions = function (uid) {
     return this.accountDevices(uid).then(function (devices) {
@@ -613,14 +614,27 @@ module.exports = function (log, error) {
 
     var accountId = sessionTokens[id].uid.toString('hex')
     var account = accounts[accountId]
-    item.emailVerified = account.emailVerified
-    item.email = account.email
-    item.emailCode = account.emailCode
+
     item.verifierSetAt = account.verifierSetAt
     item.locale = account.locale
     item.accountCreatedAt = account.createdAt
 
-    return P.resolve(item)
+    return this.accountEmails(accountId)
+      .then((emails) => {
+
+        // Set the primary email on the sessionToken, which
+        // could be different from the email on the account object
+        emails.some((email) => {
+          if (email.isPrimary) {
+            item.emailVerified = email.isVerified
+            item.email = email.email
+            item.emailCode = email.emailCode
+            return true
+          }
+        })
+
+        return item
+      })
   }
 
   Memory.prototype.sessionTokenWithVerificationStatus = function (tokenId) {
@@ -1042,6 +1056,28 @@ module.exports = function (log, error) {
     }
   }
 
+  Memory.prototype.accountRecord = function (emailBuffer) {
+    const normalizedEmail = emailBuffer.toString('utf8').toLowerCase()
+
+    if (! emails[normalizedEmail]) {
+      return P.reject(error.notFound())
+    }
+
+    const uid = emails[normalizedEmail].uid
+    return P.all([this.accountEmails(uid), this.account(uid)])
+      .spread((emails, account) => {
+
+        Object.keys(emails).some((key) => {
+          var emailRecord = emails[key]
+          if (emailRecord.uid.toString('hex') === uid.toString('hex') && emailRecord.isPrimary) {
+            account.primaryEmail = emailRecord.normalizedEmail
+          }
+        })
+
+        return account
+      })
+  }
+
   Memory.prototype.accountEmails = function (uid) {
     const userEmails = []
 
@@ -1052,9 +1088,31 @@ module.exports = function (log, error) {
       }
     })
 
+    // Sort emails so that primary email is first
+    userEmails.sort((a, b) => {
+      return b.isPrimary - a.isPrimary
+    })
+
     return P.resolve(userEmails)
   }
 
+  Memory.prototype.setPrimaryEmail = function (uid, email) {
+    if (! emails[email]) {
+      return P.reject(error.notFound())
+    }
+
+    Object.keys(emails).forEach(function (key) {
+      var emailRecord = emails[key]
+      if (emailRecord.uid.toString('hex') === uid.toString('hex') && emailRecord.isPrimary) {
+        emailRecord.isPrimary = false
+      }
+    })
+
+    emails[email].isPrimary = true
+
+    return P.resolve({})
+  }
+
   Memory.prototype.deleteEmail = function (uid, email) {
     var emailRecord = emails[email]