[Yahoo-eng-team] [Bug 997194] Re: [OSSA 2012-010] Tokens remain valid after a user account is disabled

Fri, 07 Jun 2013 08:56:59 -0700 

** Summary changed:

- Tokens remain valid after a user account is disabled
+ [OSSA 2012-010] Tokens remain valid after a user account is disabled

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Thierry Carrez (ttx)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/997194

Title:
  [OSSA 2012-010] Tokens remain valid after a user account is disabled

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone essex series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “keystone” package in Ubuntu:
  Fix Released
Status in “keystone” source package in Precise:
  Fix Released

Bug description:
  > ./tools/with_venv.sh python ./keystoneclient/shell.py token-get 
  No handlers could be found for logger "keystoneclient.v2_0.client"
  +-----------+----------------------------------+
  |  Property |              Value               |
  +-----------+----------------------------------+
  |  expires  |       2012-05-10T16:17:27Z       |
  |     id    | 71f47f87993f4d41804d694886232c79 |
  | tenant_id | b0b68a8de4d141d7afbde2683ae1a075 |
  |  user_id  | e20d930d58c44b1e89ea93593fc43413 |
  +-----------+----------------------------------+

  > ./tools/with_venv.sh python ./keystoneclient/shell.py  user-update
  --enabled false e20d930d58c44b1e89ea93593fc43413

  > ./tools/with_venv.sh python ./keystoneclient/shell.py token-get 
  No handlers could be found for logger "keystoneclient.client"
  Authorization Failed: User has been disabled (HTTP 403)

  > curl -X GET 
http://127.0.0.1:35357/v2.0/tokens/71f47f87993f4d41804d694886232c79 -H 
'X_AUTH_TOKEN: ADMIN'  -H 'Content-Type: application/json'
  {"access": {"token": {"expires": "2012-05-10T16:17:27Z", "id": 
"71f47f87993f4d41804d694886232c79", "tenant": {"id": 
"b0b68a8de4d141d7afbde2683ae1a075", "enabled": true, "description": null, 
"name": "test"}}, "user": {"username": "test", "roles_links": [], "id": 
"e20d930d58c44b1e89ea93593fc43413", "roles": [{"id": 
"81b6624332054062bd2a379539ff70a6", "name": "user"}], "name": "test"}}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/997194/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to