self-service password change UI is confusing for end users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
High
|
Akihiro Motoki |
Bug Description
When a end user wants to use the self-service feature to changing their own password it's very common that they go under Identity -> Users and press the "Change password" button for their own user which does not work unless they are admin because it calls update_user keystone API.
Instead users should go into [top right dropdown] -> Settings then move their eyes to the left in the appearing settings menu, click Change password and perform the password change there which calls the change_password keystone API.
The "Change password" button should not be shown if the user does not have access to perform the action, another fix is also changing the link for the "Change password" button to the change_password API call if the logged in user is the one the password will be changed for.
Changed in horizon: | |
status: | New → Confirmed |
importance: | Undecided → High |
milestone: | none → stein-1 |
tags: | added: rocky-backport-potential |
Changed in horizon: | |
assignee: | Tobias Urdin (tobias-urdin) → Akihiro Motoki (amotoki) |
tags: | removed: rocky-backport-potential |
Is this perhaps an issue with horizon's default keystone policy config? Non-admin users shouldn't be shown the update_user action since they are not allowed to perform it.