yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1130236] Re: Domains are not validated on authentication

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Mar 2013 15:18:28 -0000
Reply-to: Bug 1130236 <1130236@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1130236

Title:
  Domains are not validated on authentication

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  There two separate problems:

  In v2 authentication, currently domains are removed from user &
  project refs prior to validation.

  https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L81

  Their validation was also made conditional because the validation was
  merged prior to domain_id's being available on users & projects:

    https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97
    https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L97

  The validation needs to become unconditional and validated prior to
  being removed.

  In v3, the domain is checked when authenticating by username, but not
  by user_id - the later successfully authenticates even if the domain
  is disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1130236/+subscriptions