Reviewed: https://review.openstack.org/379018 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4be9164e53403b863f8c717b58227c9fcbd13f7c Submitter: Jenkins Branch: master
commit 4be9164e53403b863f8c717b58227c9fcbd13f7c Author: Ronald De Rose <[email protected]> Date: Wed Sep 28 21:57:23 2016 +0000 Validate password history for self-service password changes This patch adds password history validation to the change_password (self-service) backend method. backport: newton Closes-Bug: #1628692 Change-Id: I6a21eb355a60b96da0615e64f57fa64289c0221e ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1628692 Title: Password history constraints not enforced via /v3/users/<user_id>/password path Status in OpenStack Identity (keystone): Fix Released Bug description: Differently from the /v3/user/<user_id> route [1], the /v3/user/<user_id>/password is not enforcing the password history [2]. At [3] we are able to change a password that breaks the password history constraints [1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L161 [2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql.py#L189 [3] http://paste.openstack.org/show/583366/ To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1628692/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
