Glance

Glance API returns 401 response when disabled user's token is provided

Bug #919240 reported by Unmesh Gurjar on 2012-01-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Won't Fix	Low	Unassigned

Bug Description

Glance API configured to use Keystone identity service, returns an Unauthorized(401) response when provided with a disabled user's token.

The API should return a Forbidden(403) instead.

Revision history for this message

Brian Waldon (bcwaldon) wrote on 2012-01-25:

I would agree that if it were an enabled user, we should return a 403. But in the case of a disabled user, we aren't actually checking any authorization rules. We can't get that far since they haven't authenticated as a valid user. So our response here is "Hey, go re-authenticate and try again". 403 means "yeah we know who you are, but we aren't going to let you do that".

Revision history for this message

Joe Savak (jsavak) wrote on 2012-02-02:

At RAX we are returning 403s for this kind of thing -

Revision history for this message

Jay Pipes (jaypipes) wrote on 2012-02-02:

I think that the prevailing opinion here is that the existing behaviour is both valid and a common solution, so I am going to close this one as Won't Fix.

Changed in glance:
status:	New → Won't Fix
importance:	Undecided → Low

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.