yahoo-eng-team team mailing list archive

[Rene Ochoa Dorado <rene.o.dorado@xxxxxxxxx>]

Public bug reported:

While i was testing and playing around with the Identity v3 api i
managed to break the permissions to the User page in the horizon UI by
accidentally setting a newly created user's domain to '{}'.

Once the user is set with the incorrect domain any navigation to the
user list in horizon will log you out continuously unless you break the
cycle by removing the login redirect URL in the address bar.

During this time i didn't  loose by ability to administer users through
the Identity v3 api. Deleting the bugged user resulted in normal
operation. I imagine updating the user's domain  would have yielded the
same results as deleting the user.

sample json that caused the error while posting to /v3/users
{"user":
{"name":"TestUser","password":"thisismypassword","domain":{},"domain_id":"default"}}

when i query the user list through postman you can see that the domain is set incorrectly
{
"domain": {},
      "name": "TestUser",
      "links": {
        "self": "someurl"
      },
      "enabled": true,
      "id": "someid",
      "domain_id": "default"
}

** Affects: horizon
     Importance: Undecided
         Status: New


** Tags: list permissions user

** Description changed:

  While i was testing and playing around with the Identity v3 api i
  managed to break the permissions to the User page in the horizon UI by
  accidentally setting a newly created user's domain to '{}'.
  
  Once the user is set with the incorrect domain any navigation to the
  user list in horizon will log you out continuously unless you break the
  cycle by removing the login redirect URL in the address bar.
  
- During this time i didn't not loose by ability to administer users
- through the Identity api. Deleting the bugged user resulted in normal
+ During this time i didn't  loose by ability to administer users through
+ the Identity v3 api. Deleting the bugged user resulted in normal
  operation. I imagine updating the user's domain  would have yielded the
  same results as deleting the user.
  
  sample json that caused the error while posting to /v3/users
  {"user":
  {"name":"TestUser","password":"thisismypassword","domain":{},"domain_id":"default"}}
  
- 
- when i query the user list through postman you can see that the domain in set incorrectly
+ when i query the user list through postman you can see that the domain is set incorrectly
  {
  "domain": {},
-       "name": "TestUser",
-       "links": {
-         "self": "someurl"
-       },
-       "enabled": true,
-       "id": "someid",
-       "domain_id": "default"
+       "name": "TestUser",
+       "links": {
+         "self": "someurl"
+       },
+       "enabled": true,
+       "id": "someid",
+       "domain_id": "default"
  }

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1561107

Title:
  Horizon denies permissions when a user gets created with a non
  existant domain

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  While i was testing and playing around with the Identity v3 api i
  managed to break the permissions to the User page in the horizon UI by
  accidentally setting a newly created user's domain to '{}'.

  Once the user is set with the incorrect domain any navigation to the
  user list in horizon will log you out continuously unless you break
  the cycle by removing the login redirect URL in the address bar.

  During this time i didn't  loose by ability to administer users
  through the Identity v3 api. Deleting the bugged user resulted in
  normal operation. I imagine updating the user's domain  would have
  yielded the same results as deleting the user.

  sample json that caused the error while posting to /v3/users
  {"user":
  {"name":"TestUser","password":"thisismypassword","domain":{},"domain_id":"default"}}

  when i query the user list through postman you can see that the domain is set incorrectly
  {
  "domain": {},
        "name": "TestUser",
        "links": {
          "self": "someurl"
        },
        "enabled": true,
        "id": "someid",
        "domain_id": "default"
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1561107/+subscriptions