keystone v2 api change_password authz require also update_user authz
Bug #1337768 reported by
mouadino
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In v2 the set_user_password controller method call update_user, which mean that setting only 'identity:
https:/
NOTE: Stating the obvious, I picked up 'rule:owner' as an example, which is what make sense in our case, but the problem is not specific to this rule
This is by design in v2 - that password update call is intended for administrators. In v3, we support a self-service password change that requires the user's existing password:
https:/ /github. com/openstack/ identity- api/blob/ master/ v3/src/ markdown/ identity- api-v3. md#change- user-password- post-usersuser_ idpassword