yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #68814
[Bug 1727099] [NEW] Change password error history message count is wrong
Public bug reported:
During change_password api call, the error message "passwords that must
be unique is " "%(unique_count)s." shows a number that is greater than
the actual history that is kept. The unique_count comes from
unique_last_password_count from keystone.conf
According to keystone.conf unique_last_password_count feature starts
with a value greater than 1. This means the password history feature
starts with unique_last_password_count = 2.
So the error message should not display the unique_last_password_count
as the unique history.
I have observed:
unique_last_password_count = 2 you get exception if try to change password to same password.
unique_last_password_count = 3 you get exception if try to change password to current and one other password.
unique_last_password_count = 4 you get exception if try to change
password to current and two other passwords.
Not sure if the english sounds right. The actual error message count is either
(unique_count - 1) or (unique - 2) depending on if you consider the current password as part of the unique count???
class PasswordHistoryValidationError(PasswordValidationError):
message_format = _("The new password cannot be identical to a "
"previous password. The number of previous "
"passwords that must be unique is "
"%(unique_count)s.")
# This controls the number of previous user password iterations to keep in
# history, in order to enforce that newly created passwords are unique. Setting
# the value to one (the default) disables this feature. Thus, to enable this
# feature, values must be greater than 1. This feature depends on the `sql`
# backend for the `[identity] driver`. (integer value)
# Minimum value: 1
#unique_last_password_count = 1
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1727099
Title:
Change password error history message count is wrong
Status in OpenStack Identity (keystone):
New
Bug description:
During change_password api call, the error message "passwords that
must be unique is " "%(unique_count)s." shows a number that is greater
than the actual history that is kept. The unique_count comes from
unique_last_password_count from keystone.conf
According to keystone.conf unique_last_password_count feature starts
with a value greater than 1. This means the password history feature
starts with unique_last_password_count = 2.
So the error message should not display the unique_last_password_count
as the unique history.
I have observed:
unique_last_password_count = 2 you get exception if try to change password to same password.
unique_last_password_count = 3 you get exception if try to change password to current and one other password.
unique_last_password_count = 4 you get exception if try to change
password to current and two other passwords.
Not sure if the english sounds right. The actual error message count is either
(unique_count - 1) or (unique - 2) depending on if you consider the current password as part of the unique count???
class PasswordHistoryValidationError(PasswordValidationError):
message_format = _("The new password cannot be identical to a "
"previous password. The number of previous "
"passwords that must be unique is "
"%(unique_count)s.")
# This controls the number of previous user password iterations to keep in
# history, in order to enforce that newly created passwords are unique. Setting
# the value to one (the default) disables this feature. Thus, to enable this
# feature, values must be greater than 1. This feature depends on the `sql`
# backend for the `[identity] driver`. (integer value)
# Minimum value: 1
#unique_last_password_count = 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1727099/+subscriptions
Follow ups
