When validating a trust scoped token, raise 404 instead of 403 if trustor is disabled
Bug #1432892 reported by
Samuel de Medeiros Queiroz
This bug report is a duplicate of:
Bug #1435530: keystonemiddleware without TRL checking and default cache config can allow access after token revocation.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Any validation error that occurs when checking a token should be caught and re-raised as 404 NotFound (TokenNotFound), as we currently do for v2 tokens [1].
For example, when validating a trust scoped token with disabled trustor, a 403 Forbidden exception with message 'Trustor is disabled.' is raised. This exception is appropriate when issuing tokens, but not when validating them.
summary: |
- Wrong exception when validating trust scoped tokens with disabled - trustor + Wrong exceptions when validating v3 tokens |
description: | updated |
description: | updated |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
assignee: | nobody → Lin Hua Cheng (lin-hua-cheng) |
Changed in keystone: | |
assignee: | Lin Hua Cheng (lin-hua-cheng) → nobody |
summary: |
- 403 Forbidden when validating trust scoped token + When validating a trust scoped token, raise 404 instead of 403 |
summary: |
- When validating a trust scoped token, raise 404 instead of 403 + When validating a trust scoped token, raise 404 instead of 403 if + trustor is disabled |
To post a comment you must log in.
Won't this be changing API behaviour?