← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1727099] [NEW] Change password error history message count is wrong

 

Public bug reported:

During change_password api call, the error message "passwords that must
be unique is " "%(unique_count)s." shows a number that is greater than
the actual history that is kept.  The unique_count comes from
unique_last_password_count from keystone.conf

According to keystone.conf unique_last_password_count feature starts
with a value greater than 1.  This means the password history feature
starts with unique_last_password_count = 2.

So the error message should not display the unique_last_password_count
as the unique history.


I have observed:
unique_last_password_count = 2  you get exception if try to change password to same password.
unique_last_password_count = 3  you get exception if try to change password to current and one other password.

unique_last_password_count = 4  you get exception if try to change
password to current and two other passwords.


Not sure if the english sounds right.  The actual error message count is either
(unique_count - 1) or (unique - 2) depending on if you consider the current password as part of the unique count???


class PasswordHistoryValidationError(PasswordValidationError):
    message_format = _("The new password cannot be identical to a "
                       "previous password. The number of previous "
                       "passwords that must be unique is "
                       "%(unique_count)s.")

# This controls the number of previous user password iterations to keep in
# history, in order to enforce that newly created passwords are unique. Setting
# the value to one (the default) disables this feature. Thus, to enable this
# feature, values must be greater than 1. This feature depends on the `sql`
# backend for the `[identity] driver`. (integer value)
# Minimum value: 1
#unique_last_password_count = 1

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1727099

Title:
  Change password error history message count is wrong

Status in OpenStack Identity (keystone):
  New

Bug description:
  During change_password api call, the error message "passwords that
  must be unique is " "%(unique_count)s." shows a number that is greater
  than the actual history that is kept.  The unique_count comes from
  unique_last_password_count from keystone.conf

  According to keystone.conf unique_last_password_count feature starts
  with a value greater than 1.  This means the password history feature
  starts with unique_last_password_count = 2.

  So the error message should not display the unique_last_password_count
  as the unique history.

  
  I have observed:
  unique_last_password_count = 2  you get exception if try to change password to same password.
  unique_last_password_count = 3  you get exception if try to change password to current and one other password.

  unique_last_password_count = 4  you get exception if try to change
  password to current and two other passwords.

  
  Not sure if the english sounds right.  The actual error message count is either
  (unique_count - 1) or (unique - 2) depending on if you consider the current password as part of the unique count???


  class PasswordHistoryValidationError(PasswordValidationError):
      message_format = _("The new password cannot be identical to a "
                         "previous password. The number of previous "
                         "passwords that must be unique is "
                         "%(unique_count)s.")

  # This controls the number of previous user password iterations to keep in
  # history, in order to enforce that newly created passwords are unique. Setting
  # the value to one (the default) disables this feature. Thus, to enable this
  # feature, values must be greater than 1. This feature depends on the `sql`
  # backend for the `[identity] driver`. (integer value)
  # Minimum value: 1
  #unique_last_password_count = 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1727099/+subscriptions


Follow ups