← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #43716

[Bug 1528967] [NEW] Horizon doesn't create new scoped token when user role is removed

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When a user logs into Horizon an unscoped token is created using which a
scoped token is obtained. I am logged into Horizon and remove myself
from a project which is not the current active project. This results in
all my scoped tokens getting invalidated. I have some API calls in the
middleware that require authorization which fail because the token is
invalid. Horizon will throw an Unauthorized error (see attachment) and
the only way to recover from this is to clear cookies, logout and log
back in again.

Horizon should immediately obtain a new scoped token if previous token
is invalidated. Alternatively, keystone should not invalidate all tokens
(for all projects) when user is removed from one project.

** Affects: horizon
     Importance: Undecided
         Status: New

** Attachment added: "Screen Shot 2015-12-16 at 6.41.53 PM.png"
   https://bugs.launchpad.net/bugs/1528967/+attachment/4539573/+files/Screen%20Shot%202015-12-16%20at%206.41.53%20PM.png

** Project changed: django-openstack-auth => horizon

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1528967

Title:
  Horizon doesn't create new scoped token when user role is removed

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  When a user logs into Horizon an unscoped token is created using which
  a scoped token is obtained. I am logged into Horizon and remove myself
  from a project which is not the current active project. This results
  in all my scoped tokens getting invalidated. I have some API calls in
  the middleware that require authorization which fail because the token
  is invalid. Horizon will throw an Unauthorized error (see attachment)
  and the only way to recover from this is to clear cookies, logout and
  log back in again.

  Horizon should immediately obtain a new scoped token if previous token
  is invalidated. Alternatively, keystone should not invalidate all
  tokens (for all projects) when user is removed from one project.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1528967/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next