← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1293312] [NEW] create user allows no password

 

Public bug reported:

We can create a user without password via the command as follow:
curl -i -H "Content-Type:application/json" -H "X-Auth-Token:admin" http://127.0.0.1:35357/v3/users -d '{"user":{"name":"test"}}'

It is prohibited in almost all systems. And allows to create a user
without password does not make sense because the user who has no
password can not get a token, see
https://github.com/openstack/keystone/blob/master/keystone/common/utils.py#L134

** Affects: keystone
     Importance: Undecided
     Assignee: wanghong (w-wanghong)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => wanghong (w-wanghong)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1293312

Title:
  create user allows no password

Status in OpenStack Identity (Keystone):
  New

Bug description:
  We can create a user without password via the command as follow:
  curl -i -H "Content-Type:application/json" -H "X-Auth-Token:admin" http://127.0.0.1:35357/v3/users -d '{"user":{"name":"test"}}'

  It is prohibited in almost all systems. And allows to create a user
  without password does not make sense because the user who has no
  password can not get a token, see
  https://github.com/openstack/keystone/blob/master/keystone/common/utils.py#L134

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1293312/+subscriptions


Follow ups

References