Comment 4 for bug 1776678

The problem is this code in the keystoneclient:

    @property
    def user_id(self):
        """Best effort to retrieve the user_id from the plugin.

        Some managers rely on being able to get the currently authenticated
        user id. This is a problem when we are trying to abstract away the
        details of an auth plugin.

        For example changing a user's password can require access to the
        currently authenticated user_id.

        Perform a best attempt to fetch this data. It will work in the legacy
        case and with identity plugins and be None otherwise which is the same
        as the historical behavior.
        """
        # the identity plugin case
        try:
            return self.session.auth.get_access(self.session).user_id
        except AttributeError: # nosec(cjschaef): attempt legacy retrival, or
            # return None
            pass

        # there is a case that we explicitly allow (tested by our unit tests)
        # that says you should be able to set the user_id on a legacy client
        # and it should overwrite the one retrieved via authentication. If it's
        # a legacy then self.session.auth is a client and we retrieve user_id.
        try:
            return self.session.auth.user_id
        except AttributeError: # nosec(cjschaef): retrivals failed, return
            # None
            pass

        return None

and this code in Horizon:

def user_update_own_password(request, origpassword, password):
    client = keystoneclient(request, admin=False)
    client.user_id = request.user.id
    if VERSIONS.active < 3:
        return client.users.update_own_password(origpassword, password)
    else:
        return client.users.update_password(origpassword, password)

From the description above, this will only work with the legacy client.