create a user use ignore_password_expiry but still has expires_at to db
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Low
|
Unassigned |
Bug Description
-----------------
Updated bug description:
The password_expires_at field for a user resource and the ignore_
[1] https:/
[2] https:/
-----------------
Original bug description:
when i create a user use ignore_
the code in create_user set password before resource_
is this a bug?
Changed in keystone: | |
assignee: | nobody → HanGuangyu (hanguangyu) |
Changed in keystone: | |
assignee: | HanGuangyu (hanguangyu) → nobody |
the same as ignore_ change_ password_ upon_first_ use,in code create_user, for_write( ) as session:
user_ ref = model.User. from_dict( user) password_ required( user_ref) :
user_ ref.password_ ref.expires_ at = datetime. datetime. utcnow( )
user_ ref.created_ at = datetime. datetime. utcnow( )
session. add(user_ ref)
resource_ options. resource_ options_ ref_to_ mapper(
user_ ref, model.UserOption) user(user_ ref.to_ dict())
def create_user(self, user_id, user):
with sql.session_
if self._change_
# Set resource options passed on creation
return base.filter_
def _change_ password_ required( self, user): compliance. change_ password_ upon_first_ use:
ignore_ option = user.get_ resource_ option(
options. IGNORE_ CHANGE_ PASSWORD_ OPT.option_ id) option. option_ value is True)
if not CONF.security_
return False
return not (ignore_option and ignore_
the IGNORE_ CHANGE_ PASSWORD_ OPT is used in _change_ password_ required before resource_ options_ ref_to_ mapper, so _change_ password_ required return wrong,expires_at is wrong either