yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1727099] Re: Change password error history message count is wrong

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1727099@xxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Nov 2017 17:00:38 -0000
Reply-to: Bug 1727099 <1727099@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/522136
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=49d75d668cdfd757f9e064b22d0acf1213f4b574
Submitter: Zuul
Branch:    master

commit 49d75d668cdfd757f9e064b22d0acf1213f4b574
Author: wangxiyuan <wangxiyuan@xxxxxxxxxx>
Date:   Wed Nov 22 14:42:47 2017 +0800

    Update the help message for unique_last_password_count
    
    The help message for unique_last_password_count doesn't tell the
    count logic to users, so that the users may misunderstand it.
    
    This patch updated the message to make it more clear.
    
    Change-Id: I8ab1db5c07b199a3a0ef86a79e9895be48c0a1db
    Closes-bug: #1727099


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1727099

Title:
  Change password error history message count is wrong

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  During change_password api call, the error message "passwords that
  must be unique is " "%(unique_count)s." shows a number that is greater
  than the actual history that is kept.  The unique_count comes from
  unique_last_password_count from keystone.conf

  According to keystone.conf unique_last_password_count feature starts
  with a value greater than 1.  This means the password history feature
  starts with unique_last_password_count = 2.

  So the error message should not display the unique_last_password_count
  as the unique history.

  
  I have observed:
  unique_last_password_count = 2  you get exception if try to change password to same password.
  unique_last_password_count = 3  you get exception if try to change password to current and one other password.

  unique_last_password_count = 4  you get exception if try to change
  password to current and two other passwords.

  
  Not sure if the english sounds right.  The actual error message count is either
  (unique_count - 1) or (unique - 2) depending on if you consider the current password as part of the unique count???


  class PasswordHistoryValidationError(PasswordValidationError):
      message_format = _("The new password cannot be identical to a "
                         "previous password. The number of previous "
                         "passwords that must be unique is "
                         "%(unique_count)s.")

  # This controls the number of previous user password iterations to keep in
  # history, in order to enforce that newly created passwords are unique. Setting
  # the value to one (the default) disables this feature. Thus, to enable this
  # feature, values must be greater than 1. This feature depends on the `sql`
  # backend for the `[identity] driver`. (integer value)
  # Minimum value: 1
  #unique_last_password_count = 1

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1727099/+subscriptions

References

[Bug 1727099] [NEW] Change password error history message count is wrong
From: Stanley Quan, 2017-10-24