yahoo-eng-team team mailing list archive

[Rodrigo Duarte <rodrigodsousa@xxxxxxxxx>]

Public bug reported:

Differently from the /v3/user/<user_id> route [1], the
/v3/user/<user_id>/password is not enforcing the password history [2].

At [3] we are able to change a password that breaks the password history
constraints

[1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L161
[2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L189
[3] http://paste.openstack.org/show/583366/

** Affects: keystone
     Importance: Undecided
     Assignee: Ron De Rose (ronald-de-rose)
         Status: New

** Summary changed:

- Password constraints not enforced via /v3/users/<user_id>/password path
+ Password history constraints not enforced via /v3/users/<user_id>/password path

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1628692

Title:
  Password history constraints not enforced via
  /v3/users/<user_id>/password path

Status in OpenStack Identity (keystone):
  New

Bug description:
  Differently from the /v3/user/<user_id> route [1], the
  /v3/user/<user_id>/password is not enforcing the password history [2].

  At [3] we are able to change a password that breaks the password
  history constraints

  [1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L161
  [2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L189
  [3] http://paste.openstack.org/show/583366/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1628692/+subscriptions