Update the help message for unique_last_password_count

The help message for unique_last_password_count doesn't tell the count logic to users, so that the users may misunderstand it. This patch updated the message to make it more clear. Change-Id: I8ab1db5c07b199a3a0ef86a79e9895be48c0a1db Closes-bug: #1727099
2017-11-22 14:42:47 +08:00 · 2017-11-22 14:42:47 +08:00 · 49d75d668c
commit 49d75d668c
parent 70fe4ec09b
3 changed files with 16 additions and 6 deletions
--- a/keystone/conf/security_compliance.py
+++ b/keystone/conf/security_compliance.py
@ -70,10 +70,11 @@ unique_last_password_count = cfg.IntOpt(
    min=1,
    help=utils.fmt("""
 This controls the number of previous user password iterations to keep in
-history, in order to enforce that newly created passwords are unique. Setting
-the value to one (the default) disables this feature. Thus, to enable this
-feature, values must be greater than 1. This feature depends on the `sql`
-backend for the `[identity] driver`.
+history, in order to enforce that newly created passwords are unique. The total
+number which includes the new password should not be greater or equal to this
+value. Setting the value to one (the default) disables this feature. Thus, to
+enable this feature, values must be greater than 1. This feature depends on
+the `sql` backend for the `[identity] driver`.
 """))

 minimum_password_age = cfg.IntOpt(
--- a/keystone/exception.py
+++ b/keystone/exception.py
@ -105,8 +105,8 @@ class PasswordRequirementsValidationError(PasswordValidationError):

 class PasswordHistoryValidationError(PasswordValidationError):
    message_format = _("The new password cannot be identical to a "
-                       "previous password. The number of previous "
-                       "passwords that must be unique is "
+                       "previous password. The total number which"
+                       "includes the new password must be unique is "
                       "%(unique_count)s.")


--- a/releasenotes/notes/bug-1727099-1af277b35db34372.yaml
+++ b/releasenotes/notes/bug-1727099-1af277b35db34372.yaml
@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    [`bug 1727099 <https://bugs.launchpad.net/keystone/+bug/1727099>`_]
+    When users try to changes their password, the total number which
+    includes the new password should not be greater or equal to the
+    ``unique_last_password_count`` config options. But the help and error
+    messages for this scenario are not described clearly. Now the messges
+    are updated to be more clear.