2015-03-17 00:13:13 |
Samuel de Medeiros Queiroz |
bug |
|
|
added bug |
2015-03-17 11:16:27 |
Samuel de Medeiros Queiroz |
summary |
Wrong exception when validating trust scoped tokens with disabled trustor |
Wrong exceptions when validating v3 tokens |
|
2015-03-17 11:17:08 |
Samuel de Medeiros Queiroz |
description |
When validating a trust scoped token with disabled trustor, an exception of type Forbidden with message 'Trustor is disabled.' is raised.
However, the exception used when the user (owning the role assignment for the provided token) is disabled is Unauthorized.
This should be changed in order to make the API consistent. |
Any validation error that occurs when checking a token should be caught and re-raised as 404 NotFound (TokenNotFound), as we currently do for v2 tokens [1].
For example, when validating a trust scoped token with disabled trustor, a 403 Forbidden exception with message 'Trustor is disabled.' is raised. This exception is appropriate when issuing tokens, but not when validating them.
[1] https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L618-L620 |
|
2015-03-18 19:59:15 |
Dolph Mathews |
summary |
Wrong exceptions when validating v3 tokens |
403 Forbidden when validating trust scoped token |
|
2015-03-18 19:59:22 |
Dolph Mathews |
keystone: status |
New |
Triaged |
|
2015-03-18 19:59:30 |
Dolph Mathews |
keystone: importance |
Undecided |
Medium |
|
2015-03-18 21:23:57 |
Lance Bragstad |
description |
Any validation error that occurs when checking a token should be caught and re-raised as 404 NotFound (TokenNotFound), as we currently do for v2 tokens [1].
For example, when validating a trust scoped token with disabled trustor, a 403 Forbidden exception with message 'Trustor is disabled.' is raised. This exception is appropriate when issuing tokens, but not when validating them.
[1] https://github.com/openstack/keystone/blob/master/keystone/token/providers/common.py#L618-L620 |
Any validation error that occurs when checking a token should be caught and re-raised as 404 NotFound (TokenNotFound), as we currently do for v2 tokens [1].
For example, when validating a trust scoped token with disabled trustor, a 403 Forbidden exception with message 'Trustor is disabled.' is raised. This exception is appropriate when issuing tokens, but not when validating them.
[1]
https://github.com/openstack/keystone/blob/25d742ada803d8501e7c004242a625efd07fcaf6/keystone/token/providers/common.py#L618-L620 |
|
2015-03-18 21:24:28 |
Lance Bragstad |
keystone: milestone |
|
kilo-rc1 |
|
2015-03-25 19:08:57 |
Lin Hua Cheng |
keystone: assignee |
|
Lin Hua Cheng (lin-hua-cheng) |
|
2015-03-26 09:39:12 |
Lin Hua Cheng |
keystone: assignee |
Lin Hua Cheng (lin-hua-cheng) |
|
|
2015-03-30 04:07:29 |
Steve Martinelli |
summary |
403 Forbidden when validating trust scoped token |
When validating a trust scoped token, raise 404 instead of 403 |
|
2015-03-30 04:07:48 |
Steve Martinelli |
summary |
When validating a trust scoped token, raise 404 instead of 403 |
When validating a trust scoped token, raise 404 instead of 403 if trustor is disabled |
|
2015-04-04 00:17:57 |
Morgan Fainberg |
marked as duplicate |
|
1434034 |
|
2015-09-03 18:12:45 |
Doug Chivers |
changed duplicate marker |
1434034 |
1435530 |
|