Remove the password element from the generated dict in update_user

This prevents a log warning when a hashed password is too long for the configured password_hashing_algorithm, as the currently hashed password is passed into the from_dict method, which will try to 'set' the password using the hashed value. Also, handling of a password update is done later in this method, so the warning message would also be misleading anyone interpreting the log lines, as the password is not updated using this logic. Closes-Bug: #2060441 Change-Id: I53d66fe87179aac7b3e211c84fd9858b1157b352
2024-04-08 11:13:45 +02:00
parent 8ca73f758b
commit 6d97d94be8
1 changed files with 1 additions and 0 deletions
--- a/keystone/identity/backends/sql.py
+++ b/keystone/identity/backends/sql.py
@@ -220,6 +220,7 @@ class Identity(base.IdentityDriverBase):
        with sql.session_for_write() as session:
            user_ref = self._get_user(session, user_id)
            old_user_dict = user_ref.to_dict()
+            old_user_dict.pop('password', None)
            for k in user:
                old_user_dict[k] = user[k]
            new_user = model.User.from_dict(old_user_dict)