| 2014-03-03 18:15:55 |
Alexei Kornienko |
bug |
|
|
added bug |
| 2014-03-04 16:41:41 |
Thierry Carrez |
bug task added |
|
ossa |
|
| 2014-03-04 16:41:47 |
Thierry Carrez |
ossa: status |
New |
Incomplete |
|
| 2014-03-04 17:19:05 |
Dolph Mathews |
affects |
keystone |
python-keystoneclient |
|
| 2014-03-04 17:21:40 |
Thierry Carrez |
bug |
|
|
added subscriber Dolph Mathews |
| 2014-03-06 09:21:59 |
Alexei Kornienko |
bug |
|
|
added subscriber Jamie Lennox |
| 2014-03-06 11:06:37 |
Alexei Kornienko |
information type |
Private Security |
Public Security |
|
| 2014-03-06 13:50:45 |
Dolph Mathews |
python-keystoneclient: milestone |
|
0.7.0 |
|
| 2014-03-06 13:50:49 |
Dolph Mathews |
python-keystoneclient: importance |
Undecided |
Critical |
|
| 2014-03-06 15:51:06 |
Dolph Mathews |
python-keystoneclient: importance |
Critical |
Medium |
|
| 2014-03-06 15:53:39 |
OpenStack Infra |
python-keystoneclient: status |
New |
In Progress |
|
| 2014-03-06 15:53:39 |
OpenStack Infra |
python-keystoneclient: assignee |
|
Alexei Kornienko (alexei-kornienko) |
|
| 2014-03-10 15:11:17 |
Jeremy Stanley |
tags |
keystoneclient |
keystoneclient security |
|
| 2014-03-10 15:11:24 |
Jeremy Stanley |
information type |
Public Security |
Public |
|
| 2014-03-10 15:11:30 |
Jeremy Stanley |
ossa: status |
Incomplete |
Invalid |
|
| 2014-03-12 15:58:09 |
Matthew Edmonds |
description |
If we'll enable caching for keystoneclient tokens we'll be able to use tokens that are already revoked if they are present in cache:
https://github.com/openstack/python-keystoneclient/blob/0.6.0/keystoneclient/middleware/auth_token.py#L831 |
If we'll enable caching for keystoneclient tokens we'll be able to use tokens that are already revoked if they are present in cache:
https://github.com/openstack/python-keystoneclient/blob/0.6.0/keystoneclient/middleware/auth_token.py#L831
steps to recreate:
1) get a token
2) use it to make a request via keystoneclient using default properties (thus it will be cached)
3) delete the token
4) use the token to make another request via keystoneclient
expected result: the token should not work (HTTP 401)
actual result: the token still works |
|
| 2014-03-13 12:30:41 |
Abu Shohel Ahmed |
attachment added |
|
Token_Access_scenario_CACHE Sheet1.pdf https://bugs.launchpad.net/bugs/1287301/+attachment/4022028/+files/Token_Access_scenario_CACHE%20Sheet1.pdf |
|
| 2014-03-17 15:25:22 |
OpenStack Infra |
python-keystoneclient: assignee |
Alexei Kornienko (alexei-kornienko) |
Adam Young (ayoung) |
|
| 2014-03-25 20:19:10 |
Dolph Mathews |
python-keystoneclient: milestone |
0.7.0 |
0.7.1 |
|
| 2014-03-27 13:12:04 |
Dolph Mathews |
python-keystoneclient: milestone |
0.7.1 |
|
|
| 2014-04-24 07:53:09 |
Openstack Gerrit |
python-keystoneclient: status |
In Progress |
Fix Committed |
|
| 2014-05-29 16:52:53 |
Dolph Mathews |
python-keystoneclient: milestone |
|
0.9.0 |
|
| 2014-05-29 17:04:19 |
Dolph Mathews |
python-keystoneclient: status |
Fix Committed |
Fix Released |
|
