yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1294292] Re: is_revoked bails out on first unrelated branch

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 26 Mar 2014 20:26:30 -0000
Reply-to: Bug 1294292 <1294292@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1294292

Title:
  is_revoked bails out on first unrelated branch

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  When verifying if token is revoked using revocation tree, is_revoked
  immediately returns False if on another level we get first tree in a
  bundle that has no branches related to the token.

  This happens because new bundle is verified too early. This check
  needs to be shifted to upper level.

  Example:

  * create a token for one user in some project;
  * revoke some other user's tokens;
  * revoke this user's tokens in the same project.

  The token created in the first step will still be considered valid.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1294292/+subscriptions

References

[Bug 1294292] [NEW] is_revoked bails out on first unrelated branch
From: Yuriy Taraday, 2014-03-18