yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #12229
[Bug 1294292] Re: is_revoked bails out on first unrelated branch
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1294292
Title:
is_revoked bails out on first unrelated branch
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
When verifying if token is revoked using revocation tree, is_revoked
immediately returns False if on another level we get first tree in a
bundle that has no branches related to the token.
This happens because new bundle is verified too early. This check
needs to be shifted to upper level.
Example:
* create a token for one user in some project;
* revoke some other user's tokens;
* revoke this user's tokens in the same project.
The token created in the first step will still be considered valid.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1294292/+subscriptions
References