Merge pull request #15 from ericpeterson-l/master

horizon token delete on logout

openstack_auth/user.py

@@ -16,6 +16,10 @@ def set_session_from_user(request, user):
     if is_ans1_token(user.token.id):
         hashed_token = hashlib.md5(user.token.id).hexdigest()
         user.token._info['token']['id'] = hashed_token
+    if 'token_list' not in request.session:
+        request.session['token_list'] = []
+    token_tuple = (user.endpoint, user.token.id)
+    request.session['token_list'].append(token_tuple)
     request.session['token'] = user.token._info
     request.session['user_id'] = user.id
     request.session['region_endpoint'] = user.endpoint

openstack_auth/views.py

@@ -1,5 +1,7 @@
 import logging
 
+from threading import Thread
+
 from django import shortcuts
 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
@@ -64,10 +66,26 @@ def login(request):
 
 
 def logout(request):
+    if 'token_list' in request.session:
+        t = Thread(target=delete_all_tokens,
+                   args=(list(request.session['token_list']),))
+        t.start()
     """ Securely logs a user out. """
     return django_logout(request)
 
 
+def delete_all_tokens(token_list):
+    for token_tuple in token_list:
+        try:
+            endpoint = token_tuple[0]
+            token = token_tuple[1]
+            client = keystone_client.Client(endpoint=endpoint)
+            client.tokens.delete(token=token)
+        except keystone_exceptions.ClientException as e:
+            LOG.error('Could not delete token for user "%s" at the endpoint'
+                      ' "%s".' % (request.user.username, endpoint))
+
+
 @login_required
 def switch(request, tenant_id):
     """ Switches an authenticated user from one tenant to another. """