From 4ab47ad224c422dcd96aa256740945d1e6a8a208 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Thu, 5 Jul 2012 22:15:48 +0100 Subject: Adding user password setting api call Fixes bug 996922 This commit adds a user_crud module that can be used in the public wsgi pipeline, currently the only operation included allows a user to update their own password. In order to change their password a user should make a HTTP PATCH to /v2.0/OS-KSCRUD/users/ with the json data fomated like this {"user": {"password": "DCBA", "original_password": "ABCD"}} in addition to changing the users password, all current tokens will be cleared (for token backends that support listing) and a new token id will be returned. Change-Id: I0cbdafbb29a5b6531ad192f240efb9379f0efd2d --- doc/source/configuration.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'doc/source') diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 415ee539..fbeab5e1 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -235,6 +235,30 @@ certificates:: * ``ca_certs``: Path to CA trust chain. * ``cert_required``: Requires client certificate. Defaults to False. +User CRUD +--------- + +Keystone provides a user CRUD filter that can be added to the public_api +pipeline. This user crud filter allows users to use a HTTP PATCH to change +their own password. To enable this extension you should define a +user_crud_extension filter, insert it after the ``*_body`` middleware +and before the ``public_service`` app in the public_api WSGI pipeline in +keystone.conf e.g.:: + + [filter:user_crud_extension] + paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory + + [pipeline:public_api] + pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body json_body debug ec2_extension user_crud_extension public_service + +Each user can then change their own password with a HTTP PATCH :: + + > curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/ -H "Content-type: application/json" \ + -H "X_Auth_Token: " -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}' + +In addition to changing their password all of the users current tokens will be +deleted (if the backend used is kvs or sql) + Sample Configuration Files -------------------------- -- cgit