yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1432892] Re: When validating a trust scoped token, raise 404 instead of 403 if trustor is disabled

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Chivers <1432892@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Sep 2015 18:12:45 -0000
Reply-to: Bug 1432892 <1432892@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1435530 ***
    https://bugs.launchpad.net/bugs/1435530

** This bug is no longer a duplicate of bug 1434034
   Disabling users & groups may not invalidate previously-issued tokens
** This bug has been marked a duplicate of bug 1435530
   keystonemiddleware without TRL checking and default cache config can allow access after token revocation

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1432892

Title:
  When validating a trust scoped token, raise 404 instead of 403 if
  trustor is disabled

Status in Keystone:
  Triaged

Bug description:
  Any validation error that occurs when checking a token should be
  caught and re-raised as 404 NotFound (TokenNotFound), as we currently
  do for v2 tokens [1].

  For example, when validating a trust scoped token with disabled
  trustor, a 403 Forbidden exception with message 'Trustor is disabled.'
  is raised. This exception is appropriate when issuing tokens, but not
  when validating them.

  [1] 
  https://github.com/openstack/keystone/blob/25d742ada803d8501e7c004242a625efd07fcaf6/keystone/token/providers/common.py#L618-L620

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1432892/+subscriptions

References

[Bug 1432892] [NEW] Wrong exception when validating trust scoped tokens with disabled trustor
From: Samuel de Medeiros Queiroz, 2015-03-17