2013-04-09 08:50:41 |
Sam Stoelinga |
bug |
|
|
added bug |
2013-04-09 08:52:07 |
Sam Stoelinga |
description |
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to chrome and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
Sorry didn't want to file it as security bug, but in fact it may be, although guess not.
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to chrome and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
|
2013-04-10 14:03:12 |
Thierry Carrez |
affects |
horizon |
keystone |
|
2013-04-10 14:03:26 |
Thierry Carrez |
bug |
|
|
added subscriber Keystone Core Developers |
2013-04-10 14:04:07 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
2013-04-10 15:14:31 |
Thierry Carrez |
keystone: status |
New |
Incomplete |
|
2013-04-11 03:48:23 |
Sam Stoelinga |
description |
Sorry didn't want to file it as security bug, but in fact it may be, although guess not.
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to chrome and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
Sorry didn't want to file it as security bug, but in fact it may be, although guess not.
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to firefox and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
|
2013-04-11 13:25:18 |
Dolph Mathews |
keystone: status |
Incomplete |
New |
|
2013-04-12 14:06:14 |
Thierry Carrez |
keystone: importance |
Undecided |
High |
|
2013-04-12 14:06:14 |
Thierry Carrez |
keystone: status |
New |
Confirmed |
|
2013-04-15 01:44:51 |
Sam Stoelinga |
description |
Sorry didn't want to file it as security bug, but in fact it may be, although guess not.
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to firefox and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
Description:
A deleted user is still able to create instances and do other stuff if he's still logged in.
Steps to reproduce:
1. Login with admin user in Chrome
2. Login with demo user in Firefox
3. Use the admin user to delete the demo user
4. Go back to firefox and use the demo user to create an instance for example
Current result:
Demo user in firefox stays logged in and can create instances, but I guess he can do anything he want with his token
Expected result:
Demo user shouldn't be able to still create instances, or do other stuff. Instead he should be automatically logged out as soon as we notice that he's already deleted. |
|
2013-04-24 09:59:41 |
Thierry Carrez |
keystone: status |
Confirmed |
Incomplete |
|
2013-04-25 15:15:22 |
Dolph Mathews |
keystone: status |
Incomplete |
Confirmed |
|
2013-04-25 18:00:05 |
Adam Young |
attachment added |
|
Delete-tokens-upon-user-deletion.patch https://bugs.launchpad.net/keystone/+bug/1166670/+attachment/3653523/+files/Delete-tokens-upon-user-deletion.patch |
|
2013-04-25 18:59:42 |
Dolph Mathews |
attachment added |
|
bug-1166670-master-v1 https://bugs.launchpad.net/keystone/+bug/1166670/+attachment/3653571/+files/bug-1166670-master-v1 |
|
2013-05-01 11:55:23 |
Thierry Carrez |
nominated for series |
|
keystone/folsom |
|
2013-05-01 11:55:23 |
Thierry Carrez |
bug task added |
|
keystone/folsom |
|
2013-05-01 11:55:23 |
Thierry Carrez |
nominated for series |
|
keystone/grizzly |
|
2013-05-01 11:55:23 |
Thierry Carrez |
bug task added |
|
keystone/grizzly |
|
2013-05-01 17:07:22 |
Dolph Mathews |
attachment added |
|
bug-1166670-grizzly-v1 https://bugs.launchpad.net/keystone/+bug/1166670/+attachment/3661635/+files/bug-1166670-grizzly-v1 |
|
2013-05-01 17:08:33 |
Dolph Mathews |
attachment added |
|
bug-1166670-folsom-v1 https://bugs.launchpad.net/keystone/+bug/1166670/+attachment/3661636/+files/bug-1166670-folsom-v1 |
|
2013-05-03 12:51:13 |
Thierry Carrez |
keystone/folsom: status |
New |
Confirmed |
|
2013-05-03 12:51:16 |
Thierry Carrez |
keystone/folsom: importance |
Undecided |
High |
|
2013-05-03 12:51:19 |
Thierry Carrez |
keystone/grizzly: status |
New |
Confirmed |
|
2013-05-03 12:51:21 |
Thierry Carrez |
keystone/grizzly: importance |
Undecided |
High |
|
2013-05-03 12:51:36 |
Thierry Carrez |
keystone: assignee |
|
Dolph Mathews (dolph) |
|
2013-05-06 12:15:45 |
Thierry Carrez |
keystone: status |
Confirmed |
Triaged |
|
2013-05-06 12:15:48 |
Thierry Carrez |
keystone/folsom: status |
Confirmed |
Triaged |
|
2013-05-06 12:15:50 |
Thierry Carrez |
keystone/grizzly: status |
Confirmed |
Triaged |
|
2013-05-07 07:32:29 |
Thierry Carrez |
bug |
|
|
added subscriber Thomas Goirand |
2013-05-07 07:32:40 |
Thierry Carrez |
bug |
|
|
added subscriber Canonical Security Team |
2013-05-07 07:55:55 |
Thierry Carrez |
cve linked |
|
2013-2059 |
|
2013-05-07 19:41:47 |
Jamie Strandboge |
attachment added |
|
essex patch for Ubuntu https://bugs.launchpad.net/keystone/+bug/1166670/+attachment/3669119/+files/essex_for_ubuntu-2012.1%2Bstable%7E20120824-a16a0ab9-0ubuntu2.5.patch |
|
2013-05-08 11:58:55 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Stable Branch Maintainers |
2013-05-09 15:04:13 |
Thierry Carrez |
information type |
Private Security |
Public Security |
|
2013-05-09 15:05:39 |
OpenStack Infra |
keystone: status |
Triaged |
In Progress |
|
2013-05-09 15:06:31 |
OpenStack Infra |
keystone/grizzly: status |
Triaged |
In Progress |
|
2013-05-09 15:06:31 |
OpenStack Infra |
keystone/grizzly: assignee |
|
Dolph Mathews (dolph) |
|
2013-05-09 15:07:23 |
OpenStack Infra |
keystone/folsom: status |
Triaged |
In Progress |
|
2013-05-09 15:07:23 |
OpenStack Infra |
keystone/folsom: assignee |
|
Dolph Mathews (dolph) |
|
2013-05-09 15:54:04 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
2013-05-09 15:54:11 |
OpenStack Infra |
keystone/grizzly: status |
In Progress |
Fix Committed |
|
2013-05-09 18:55:54 |
Alan Pevec |
keystone/grizzly: milestone |
|
2013.1.1 |
|
2013-05-10 00:11:40 |
Alan Pevec |
keystone/grizzly: status |
Fix Committed |
Fix Released |
|
2013-05-10 15:39:51 |
OpenStack Infra |
keystone/folsom: status |
In Progress |
Fix Committed |
|
2013-05-10 15:49:06 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2013-05-10 15:49:10 |
Thierry Carrez |
bug |
|
|
added subscriber Thierry Carrez |
2013-05-16 23:10:11 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/keystone |
|
2013-05-16 23:10:13 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-security/keystone |
|
2013-05-16 23:10:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/raring-security/keystone |
|
2013-05-16 23:34:50 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-updates/keystone |
|
2013-05-21 10:08:42 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-proposed/keystone |
|
2013-05-24 12:47:40 |
Thierry Carrez |
summary |
Deleted user can still create instances |
[OSSA 2013-011] Deleted user can still create instances |
|
2013-05-24 12:48:01 |
Thierry Carrez |
bug task added |
|
ossa |
|
2013-05-24 12:48:12 |
Thierry Carrez |
ossa: status |
New |
Fix Released |
|
2013-05-24 12:48:12 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
2013-05-29 08:46:37 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
2013-05-29 08:46:37 |
Thierry Carrez |
keystone: milestone |
|
havana-1 |
|
2013-05-29 21:03:32 |
Adam Conrad |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-05-29 21:03:35 |
Adam Conrad |
bug |
|
|
added subscriber SRU Verification |
2013-05-29 21:03:37 |
Adam Conrad |
tags |
|
verification-needed |
|
2013-06-04 17:51:06 |
Adam Gandelman |
bug task added |
|
ubuntu |
|
2013-06-04 17:51:18 |
Adam Gandelman |
nominated for series |
|
Ubuntu Quantal |
|
2013-06-04 17:51:18 |
Adam Gandelman |
nominated for series |
|
Ubuntu Raring |
|
2013-06-04 17:51:29 |
Adam Gandelman |
ubuntu: status |
New |
Invalid |
|
2013-06-04 17:51:48 |
Adam Gandelman |
bug task deleted |
ubuntu |
|
|
2013-06-04 17:51:59 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu) |
|
2013-06-04 17:52:08 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu Quantal) |
|
2013-06-04 17:52:17 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu Raring) |
|
2013-06-04 17:52:26 |
Adam Gandelman |
keystone (Ubuntu): status |
New |
Invalid |
|
2013-06-04 17:52:33 |
Adam Gandelman |
keystone (Ubuntu Quantal): status |
New |
Fix Released |
|
2013-06-04 17:52:38 |
Adam Gandelman |
keystone (Ubuntu Raring): status |
New |
Fix Released |
|
2013-06-04 19:29:49 |
Adam Gandelman |
tags |
verification-needed |
verification-done |
|
2013-06-06 04:15:16 |
Adam Conrad |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-10-17 12:34:55 |
Thierry Carrez |
keystone: milestone |
havana-1 |
2013.2 |
|
2013-12-16 14:09:07 |
Curtis Hovey |
removed subscriber Registry Administrators |
|
|
|
2014-06-04 23:26:18 |
Morgan Fainberg |
keystone/folsom: status |
Fix Committed |
Fix Released |
|