← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #03219

[Bug 997194] Re: [OSSA 2012-010] Tokens remain valid after a user account is disabled

  Thread PreviousDate PreviousThread Next 
** Summary changed:

- Tokens remain valid after a user account is disabled
+ [OSSA 2012-010] Tokens remain valid after a user account is disabled

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Thierry Carrez (ttx)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/997194

Title:
  [OSSA 2012-010] Tokens remain valid after a user account is disabled

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone essex series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “keystone” package in Ubuntu:
  Fix Released
Status in “keystone” source package in Precise:
  Fix Released

Bug description:
  > ./tools/with_venv.sh python ./keystoneclient/shell.py token-get 
  No handlers could be found for logger "keystoneclient.v2_0.client"
  +-----------+----------------------------------+
  |  Property |              Value               |
  +-----------+----------------------------------+
  |  expires  |       2012-05-10T16:17:27Z       |
  |     id    | 71f47f87993f4d41804d694886232c79 |
  | tenant_id | b0b68a8de4d141d7afbde2683ae1a075 |
  |  user_id  | e20d930d58c44b1e89ea93593fc43413 |
  +-----------+----------------------------------+

  > ./tools/with_venv.sh python ./keystoneclient/shell.py  user-update
  --enabled false e20d930d58c44b1e89ea93593fc43413

  > ./tools/with_venv.sh python ./keystoneclient/shell.py token-get 
  No handlers could be found for logger "keystoneclient.client"
  Authorization Failed: User has been disabled (HTTP 403)

  > curl -X GET http://127.0.0.1:35357/v2.0/tokens/71f47f87993f4d41804d694886232c79 -H 'X_AUTH_TOKEN: ADMIN'  -H 'Content-Type: application/json'
  {"access": {"token": {"expires": "2012-05-10T16:17:27Z", "id": "71f47f87993f4d41804d694886232c79", "tenant": {"id": "b0b68a8de4d141d7afbde2683ae1a075", "enabled": true, "description": null, "name": "test"}}, "user": {"username": "test", "roles_links": [], "id": "e20d930d58c44b1e89ea93593fc43413", "roles": [{"id": "81b6624332054062bd2a379539ff70a6", "name": "user"}], "name": "test"}}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/997194/+subscriptions
  Thread PreviousDate PreviousThread Next