OpenStack Dashboard (Horizon)

self-service password change UI is confusing for end users

Bug #1788384 reported by Tobias Urdin
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
High
Akihiro Motoki
OpenStack Dashboard (Horizon) stein-2

Bug Description

When a end user wants to use the self-service feature to changing their own password it's very common that they go under Identity -> Users and press the "Change password" button for their own user which does not work unless they are admin because it calls update_user keystone API.

Instead users should go into [top right dropdown] -> Settings then move their eyes to the left in the appearing settings menu, click Change password and perform the password change there which calls the change_password keystone API.

The "Change password" button should not be shown if the user does not have access to perform the action, another fix is also changing the link for the "Change password" button to the change_password API call if the logged in user is the one the password will be changed for.

Akihiro Motoki (amotoki)
Changed in horizon:
status: New → Confirmed
importance: Undecided → High
milestone: none → stein-1
tags: added: rocky-backport-potential
Revision history for this message
Colleen Murphy (krinkle) wrote :

Is this perhaps an issue with horizon's default keystone policy config? Non-admin users shouldn't be shown the update_user action since they are not allowed to perform it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/619030

Changed in horizon:
assignee: nobody → Tobias Urdin (tobias-urdin)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on horizon (master)

Change abandoned by Tobias Urdin (<email address hidden>) on branch: master
Review: https://review.openstack.org/619030

Revision history for this message
Tobias Urdin (tobias-urdin) wrote :

Partially resolved by https://review.openstack.org/#/c/596890/

OpenStack Infra (hudson-openstack)
Changed in horizon:
assignee: Tobias Urdin (tobias-urdin) → Akihiro Motoki (amotoki)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/596890
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=0630be639bdcab9e5ecf6ca0814dae9eb79a88e7
Submitter: Zuul
Branch: master

commit 0630be639bdcab9e5ecf6ca0814dae9eb79a88e7
Author: Mohammed Naser <email address hidden>
Date: Mon Aug 27 16:40:21 2018 -0400

    Remove "Change Password" from users table for non-admin users

    If you're a user without administrative permissions, you will
    not be able to edit a password using the table inside the identity
    section due to the fact that it uses a different edit API which
    is not meant to be used for the user-side of things.

    This patch adds a policy change in order to hide the change password
    link for normal users, while keeping the functionality inside
    the Settings panel still intact.

    This change was first broken by I76eb9f95c7112bcbad75ee151f363f892298d081

    Partial-Bug: 1788384
    Change-Id: I7a64257ac274c9dac5705ba72a85833f8e7a1591

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/620564

Revision history for this message
Akihiro Motoki (amotoki) wrote :

I believe this can be closed. One of the proposed approach in the bug description has been fixed.
If we would like to have "Update Password" button in the Identity User table, let's do it as an enhancement.

Changed in horizon:
status: In Progress → Fix Released
milestone: stein-1 → stein-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (stable/rocky)

Reviewed: https://review.openstack.org/620564
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=d1042fdaf94af9ed2e9ba950761523799f8c4a39
Submitter: Zuul
Branch: stable/rocky

commit d1042fdaf94af9ed2e9ba950761523799f8c4a39
Author: Mohammed Naser <email address hidden>
Date: Mon Aug 27 16:40:21 2018 -0400

    Remove "Change Password" from users table for non-admin users

    If you're a user without administrative permissions, you will
    not be able to edit a password using the table inside the identity
    section due to the fact that it uses a different edit API which
    is not meant to be used for the user-side of things.

    This patch adds a policy change in order to hide the change password
    link for normal users, while keeping the functionality inside
    the Settings panel still intact.

    This change was first broken by I76eb9f95c7112bcbad75ee151f363f892298d081

    Partial-Bug: 1788384
    Change-Id: I7a64257ac274c9dac5705ba72a85833f8e7a1591
    (cherry picked from commit 0630be639bdcab9e5ecf6ca0814dae9eb79a88e7)

tags: added: in-stable-rocky
Akihiro Motoki (amotoki)
tags: removed: rocky-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.