Comment 24 for bug 1688137

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to keystone (master)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/759940
Committed: https://opendev.org/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
Submitter: "Zuul (22348)"
Branch: master

commit ac2631ae33445877094cdae796fbcdce8833a626
Author: Gage Hugo <email address hidden>
Date: Tue Oct 27 15:22:04 2020 -0500

    Hide AccountLocked exception from end users

    This change hides the AccountLocked exception from being returned
    to the end user to hide sensitive information that a potential
    malicious person could gain insight from.

    The notification handler catches the AccountLocked exception as
    before, but after sending the audit notification, it instead
    bubbles up Unauthorized rather than AccountLocked.

    Co-Authored-By: Samuel de Medeiros Queiroz <email address hidden>

    Change-Id: Id51241989b22c52810391f3e8e1cadbf8613d873
    Related-Bug: #1688137