yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #02531
[Bug 1166670] Re: [OSSA 2013-011] Deleted user can still create instances
** Changed in: keystone
Status: Fix Committed => Fix Released
** Changed in: keystone
Milestone: None => havana-1
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1166670
Title:
[OSSA 2013-011] Deleted user can still create instances
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone folsom series:
Fix Committed
Status in Keystone grizzly series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to firefox and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1166670/+subscriptions