yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1304049] [NEW] able to create two users with the same name in the same domain

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Guang Yee <1304049@xxxxxxxxxxxxxxxxxx>
Date: Mon, 07 Apr 2014 21:28:43 -0000
Reply-to: Bug 1304049 <1304049@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Looks like we can create two different users with the same name in the
same domain. That should not be allowed.

gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"domain": {"name": "test-domain"}}' -XPOST http://localhost:35357/v3/domains | python -mjson.tool
{
    "domain": {
        "enabled": true,
        "id": "ebf7d50dbba54e13a1fe881e39ad4409",
        "links": {
            "self": "http://localhost:35357/v3/domains/ebf7d50dbba54e13a1fe881e39ad4409";
        },
        "name": "test-domain"
    }
}
gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"user": {"name": "jacksquat", "password": "jacksquat", "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409"}}' -XPOST http://localhost:35357/v3/users | python -mjson.tool
{
    "user": {
        "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409",
        "enabled": true,
        "id": "375ac107d3624752a5a53dc561ba578c",
        "links": {
            "self": "http://localhost:35357/v3/users/375ac107d3624752a5a53dc561ba578c";
        },
        "name": "jacksquat"
    }
}
gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"user": {"name": "jacksquat", "password": "jacksquat-fake", "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409"}}' -XPOST http://localhost:35357/v3/users | python -mjson.tool
{
    "user": {
        "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409",
        "enabled": true,
        "id": "c3bd426062d243d68d5ada2bb5984751",
        "links": {
            "self": "http://localhost:35357/v3/users/c3bd426062d243d68d5ada2bb5984751";
        },
        "name": "jacksquat"
    }
}


Now try to authenticate the user and obviously it will fail.
 
gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'Content-Type: application/json' -d '{"auth": {"identity": {"methods": ["password"], "password": {"user": {"name": "jacksquat", "password": "jacksquat", "domain": {"id": "ebf7d50dbba54e13a1fe881e39ad4409"}}}}}}' -XPOST http://localhost:35357/v3/auth/tokens | python -mjson.tool
{
    "error": {
        "code": 500,
        "message": "An unexpected error prevented the server from fulfilling your request.",
        "title": "Internal Server Error"
    }
}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1304049

Title:
  able to create two users with the same name in the same domain

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Looks like we can create two different users with the same name in the
  same domain. That should not be allowed.

  gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"domain": {"name": "test-domain"}}' -XPOST http://localhost:35357/v3/domains | python -mjson.tool
  {
      "domain": {
          "enabled": true,
          "id": "ebf7d50dbba54e13a1fe881e39ad4409",
          "links": {
              "self": "http://localhost:35357/v3/domains/ebf7d50dbba54e13a1fe881e39ad4409";
          },
          "name": "test-domain"
      }
  }
  gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"user": {"name": "jacksquat", "password": "jacksquat", "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409"}}' -XPOST http://localhost:35357/v3/users | python -mjson.tool
  {
      "user": {
          "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409",
          "enabled": true,
          "id": "375ac107d3624752a5a53dc561ba578c",
          "links": {
              "self": "http://localhost:35357/v3/users/375ac107d3624752a5a53dc561ba578c";
          },
          "name": "jacksquat"
      }
  }
  gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'X-Auth-Token: ADMIN' -H 'Content-Type: application/json' -d '{"user": {"name": "jacksquat", "password": "jacksquat-fake", "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409"}}' -XPOST http://localhost:35357/v3/users | python -mjson.tool
  {
      "user": {
          "domain_id": "ebf7d50dbba54e13a1fe881e39ad4409",
          "enabled": true,
          "id": "c3bd426062d243d68d5ada2bb5984751",
          "links": {
              "self": "http://localhost:35357/v3/users/c3bd426062d243d68d5ada2bb5984751";
          },
          "name": "jacksquat"
      }
  }

  
  Now try to authenticate the user and obviously it will fail.
   
  gyee@gyee-VirtualBox:~/projects/openstack/keystone$ curl -s -H 'Content-Type: application/json' -d '{"auth": {"identity": {"methods": ["password"], "password": {"user": {"name": "jacksquat", "password": "jacksquat", "domain": {"id": "ebf7d50dbba54e13a1fe881e39ad4409"}}}}}}' -XPOST http://localhost:35357/v3/auth/tokens | python -mjson.tool
  {
      "error": {
          "code": 500,
          "message": "An unexpected error prevented the server from fulfilling your request.",
          "title": "Internal Server Error"
      }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1304049/+subscriptions

Follow ups

[Bug 1304049] Re: able to create two users with the same name in the same domain with sqlite
From: Morgan Fainberg, 2016-03-02
[Bug 1304049] [NEW] able to create two users with the same name in the same domain
From: Guang Yee, 2014-04-07

References

[Bug 1304049] [NEW] able to create two users with the same name in the same domain
From: Guang Yee, 2014-04-07