Glance API returns 401 response when disabled user's token is provided
Bug #919240 reported by
Unmesh Gurjar
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Glance API configured to use Keystone identity service, returns an Unauthorized(401) response when provided with a disabled user's token.
The API should return a Forbidden(403) instead.
To post a comment you must log in.
I would agree that if it were an enabled user, we should return a 403. But in the case of a disabled user, we aren't actually checking any authorization rules. We can't get that far since they haven't authenticated as a valid user. So our response here is "Hey, go re-authenticate and try again". 403 means "yeah we know who you are, but we aren't going to let you do that".