yahoo-eng-team team mailing list archive

Thread
Date

[Bug 999084] Re: Validation of paramaters during Create User

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Hellmann <doug@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Jun 2015 18:08:40 -0000
Reply-to: Bug 999084 <999084@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => liberty-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/999084

Title:
  Validation of paramaters during Create User

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Affected version 2012.1 (essex/stable)

  In addition to the fixes made by https://bugs.launchpad.net/keystone/+bug/987121, for Folsom, 
  the following validations should also be made while user creation. Currently there are no checks or 
  error responses returned for the following scenarios.

  1. User with an empty name should not be created.
  2. User with an empty password should not be created
  3. Email format should be validated while creating a user  (currently email addresses such as '12345' are accepted by the API)
  4. User having password exceeding max length should not be created  - There needs to be a password length limit defined.
  The password belongs to a TEXT type field and can be injected with huge number of characters (atleast 64K).
  I could create a user with a password of 256 characters.

  The fixes made to https://bugs.launchpad.net/keystone/+bug/987121
  should also get backported to stable/essex

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/999084/+subscriptions