yahoo-eng-team team mailing list archive

[OpenStack Infra <1628692@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/379018
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4be9164e53403b863f8c717b58227c9fcbd13f7c
Submitter: Jenkins
Branch:    master

commit 4be9164e53403b863f8c717b58227c9fcbd13f7c
Author: Ronald De Rose <ronald.de.rose@xxxxxxxxx>
Date:   Wed Sep 28 21:57:23 2016 +0000

    Validate password history for self-service password changes
    
    This patch adds password history validation to the change_password
    (self-service) backend method.
    
    backport: newton
    Closes-Bug: #1628692
    Change-Id: I6a21eb355a60b96da0615e64f57fa64289c0221e


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1628692

Title:
  Password history constraints not enforced via
  /v3/users/<user_id>/password path

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Differently from the /v3/user/<user_id> route [1], the
  /v3/user/<user_id>/password is not enforcing the password history [2].

  At [3] we are able to change a password that breaks the password
  history constraints

  [1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L161
  [2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L189
  [3] http://paste.openstack.org/show/583366/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1628692/+subscriptions