From b319ac78c81a2b0ad66fa998adf9347c4eec7ec0 Mon Sep 17 00:00:00 2001
From: ericpeterson-l <ericpeterson@hp.com>
Date: Tue, 11 Dec 2012 15:16:48 -0700
Subject: [PATCH] horizon bug 1079832 Logout does not revoke the tokens
 created, correcting to keep tuple of endpoints and clients

---
 openstack_auth/user.py  |  4 ++++
 openstack_auth/views.py | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/openstack_auth/user.py b/openstack_auth/user.py
index 41bb187..04622eb 100644
--- a/openstack_auth/user.py
+++ b/openstack_auth/user.py
@@ -16,6 +16,10 @@ def set_session_from_user(request, user):
     if is_ans1_token(user.token.id):
         hashed_token = hashlib.md5(user.token.id).hexdigest()
         user.token._info['token']['id'] = hashed_token
+    if 'token_list' not in request.session:
+        request.session['token_list'] = []
+    token_tuple = (user.endpoint, user.token.id)
+    request.session['token_list'].append(token_tuple)
     request.session['token'] = user.token._info
     request.session['user_id'] = user.id
     request.session['region_endpoint'] = user.endpoint
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 8a20a5e..c95b2b5 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -1,5 +1,7 @@
 import logging
 
+from threading import Thread
+
 from django import shortcuts
 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
@@ -64,10 +66,26 @@ def login(request):
 
 
 def logout(request):
+    if 'token_list' in request.session:
+        t = Thread(target=delete_all_tokens,
+                   args=(list(request.session['token_list']),))
+        t.start()
     """ Securely logs a user out. """
     return django_logout(request)
 
 
+def delete_all_tokens(token_list):
+    for token_tuple in token_list:
+        try:
+            endpoint = token_tuple[0]
+            token = token_tuple[1]
+            client = keystone_client.Client(endpoint=endpoint)
+            client.tokens.delete(token=token)
+        except keystone_exceptions.ClientException as e:
+            LOG.error('Could not delete token for user "%s" at the endpoint'
+                      ' "%s".' % (request.user.username, endpoint))
+
+
 @login_required
 def switch(request, tenant_id):
     """ Switches an authenticated user from one tenant to another. """