yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1337768] Re: keystone v2 api change_password authz require also update_user authz

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1337768@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Jul 2014 16:37:45 -0000
Reply-to: Bug 1337768 <1337768@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is by design in v2 - that password update call is intended for
administrators. In v3, we support a self-service password change that
requires the user's existing password:

  https://github.com/openstack/identity-api/blob/master/v3/src/markdown
/identity-api-v3.md#change-user-password-post-usersuser_idpassword

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1337768

Title:
  keystone v2 api change_password authz require also update_user authz

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  In v2 the set_user_password controller method call update_user, which
  mean that setting only 'identity:change_password' to 'rule:owner' will
  not works unless 'identity:update_user' is also changed to
  'rule:owner' or similar.

  https://github.com/openstack/keystone/blob/stable/icehouse/keystone/identity/controllers.py#L237-239

  NOTE: Stating the obvious, I picked up 'rule:owner' as an example,
  which is what make sense in our case, but the problem is not specific
  to this rule

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1337768/+subscriptions

References

[Bug 1337768] [NEW] keystone v2 api change_password authz require also update_user authz
From: mouadino, 2014-07-04