967507 – Changing password causes user to remain logged in but unable to use system

Bug 967507 - Changing password causes user to remain logged in but unable to use system

Summary: Changing password causes user to remain logged in but unable to use system

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-django-horizon
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	4.0
Assignee:	Matthias Runge
QA Contact:	Nir Magnezi
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	968264 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-05-27 10:25 UTC by Daniel Paikov
Modified:	2019-09-10 14:07 UTC (History)
CC List:	8 users (show)
Fixed In Version:	python-django-horizon-2013.2-6.el6ost
Doc Type:	Bug Fix
Doc Text:	When users change their passwords in Horizon, the Identity service invalidates their tokens. As such, those users need to request new tokens using their new credentials. However, in previous releases, Horizon did not automatically log users out after they changed passwords. Horizon then displayed authorization errors to these users, prompting them to log out and re-login. With this release, Horizon will now automatically log users out if they change passwords. This forces users to request valid tokens from the Identity service immediately.
Clone Of:
Environment:
Last Closed:	2013-12-20 00:03:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1226829	0	None	None	None	Never
Red Hat Product Errata	RHEA-2013:1859	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory	2013-12-21 00:01:48 UTC

Description Daniel Paikov 2013-05-27 10:25:19 UTC

* Login as admin.
* Change admin password.
* User remains logged in, but errors such as "Error: Unauthorized: Unable to retrieve user list" or "Error: Unauthorized: Unable to retrieve image list" appear in the GUI.
* Logging out and logging back in (with the new password) causes the errors to stop appearing.

Comment 2 Julie Pichon 2013-05-27 12:18:51 UTC

Note that this only applies when using Keystone v2.0, as it revokes all tokens when a password changes. When using Keystone v3 (the default in 4.0) there is no need to log out after updating the current user's password.

Comment 3 Alan Pevec 2013-05-27 14:53:06 UTC

(In reply to Julie Pichon from comment #2)
> Note that this only applies when using Keystone v2.0, as it revokes all
> tokens when a password changes. When using Keystone v3 (the default in 4.0)
> there is no need to log out after updating the current user's password.

Adam: isn't that v3 bug?

Comment 4 Matthias Runge 2013-06-04 10:21:20 UTC

IMHO for Folsom and for Grizzly, Horizon is using keystone v2.

Comment 5 Adam Young 2013-06-07 03:30:07 UTC

Changing the password should invalidate the token.  So Horizon should be requesting a new token.  So my guess is that the difference is Horizon, not Keystone.

Comment 7 Matthias Runge 2013-11-19 08:43:55 UTC

*** Bug 968264 has been marked as a duplicate of this bug. ***

Comment 8 Matthias Runge 2013-11-27 10:26:42 UTC

cherry-pick from upstream
https://review.openstack.org/#/c/58716/

Comment 13 Nir Magnezi 2013-12-16 08:45:13 UTC

Verified NVR: python-django-horizon-2013.2-8.el6ost.noarch

Followed the steps in Comment #0

Result:
1. forced logout.
2. got the message: Password changed. Please log in again to continue.

Comment 15 errata-xmlrpc 2013-12-20 00:03:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.