yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1461095] Re: Token is not revoked when removing a user from project in Horizon

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1461095@xxxxxxxxxxxxxxxxxx>
Date: Fri, 05 Jun 2015 14:43:05 -0000
Reply-to: Bug 1461095 <1461095@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

token_cache_time is part of keystonemiddleware.auth_token's
configuration. It defaults to 5 minutes if you haven't set it in your
deployment:

https://github.com/openstack/keystonemiddleware/blob/57d389da8aaef3f955d7f0b086803d98b6531a2e/keystonemiddleware/auth_token/__init__.py#L278-L283

It sounds like this is working as intended, then.

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1461095

Title:
  Token is not revoked when removing a user from project in Horizon

Status in OpenStack Identity (Keystone):
  Invalid
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  Steps:
  1. Login to dashboard as admin
  2. Create project (as example - `project_1`)
  3. Create Member-user.
  4. add Member-user  to `project_1`
  5. In another browser login as Member-user
  6. go to `/project/instance` (the behavior is typical for another pages - `volumes`, `images`, `identity`)
  7. refresh (or go to page) - 3-5 times. Stay of this page.
  8. Then, as admin, remove Member-user from `project_1`
  9. as Member-user try go to `/project/instance` -- you don't get error

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1461095/+subscriptions

References

[Bug 1461095] [NEW] Token user's not revoked
From: Vlad Okhrimenko, 2015-06-02