1041859 – [RFE][keystone]: Update own password

Bug 1041859 - [RFE][keystone]: Update own password

Summary: [RFE][keystone]: Update own password

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-keystone
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Upstream M1
Target Release:	5.0 (RHEL 7)
Assignee:	RHOS Maint
QA Contact:	Udi Kalifon
Docs Contact:
URL:	https://blueprints.launchpad.net/keys...
Whiteboard:	upstream_milestone_icehouse-1 upstrea...
Depends On:
Blocks:	1082407
TreeView+	depends on / blocked

Reported:	2013-12-12 19:44 UTC by RHOS Integration
Modified:	2016-04-26 19:18 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	Previously, users could not update their own passwords using the V3 API, only administrators could update users' passwords using the V3 API. Now that the V3 API is the default, (no longer the V2 API), users can update their own passwords too.
Clone Of:
Clones:	1082407 (view as bug list)
Environment:
Last Closed:	2014-07-08 15:23:51 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2014:0854	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Enhancement - Identity	2014-07-08 19:22:33 UTC

Description RHOS Integration 2013-12-12 19:44:59 UTC

Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/v3-user-update-own-password.

Description:

Identity API v2.0 contains an explicit API resource that allows users to update their own password by simultaneously providing their current password as a confirmation.

The existing v3 user update method (PATCH /v3/users/{user_id}) is aimed at administrators and allows any attribute of a user to be immediately overridden. If a regular user is allowed access to this API and their token is compromised, the user account can be permanently compromised by simply overriding the existing password. To prevent this, v3 needs a new API targeted at end users which requires the existing password be provided along with the new password.

Specification URL (additional information):

https://review.openstack.org/52448

Comment 2 Stephen Gordon 2014-01-23 20:48:09 UTC

Moving to POST based on upstream status (Implemented).

Comment 3 Udi Kalifon 2014-04-27 12:12:09 UTC

Verified in: openstack-keystone-2014.1-2.el7.noarch

Comment 6 errata-xmlrpc 2014-07-08 15:23:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-0854.html

Note You need to log in before you can comment on or make changes to this bug.