From 08e96550a31b98b7ee3278b3b6a73e93e79ac343 Mon Sep 17 00:00:00 2001
From: eric <eric.peterson1@twcable.com>
Date: Thu, 27 Oct 2016 06:57:13 -0600
Subject: Removing token revoke / delete calls

Keysonte is changing the nature of tokens, timeouts, and long
running tasks.  In addition, horizon can also cause issues where
a user starts a long running tasks, logs out, and then the token
fails authenticaion.   Just removing this problematic logic.

https://blueprints.launchpad.net/keystone/+spec/session-extendable-tokens

Closes-Bug: #1637460
Change-Id: I5eda08e95d8df72ba601181f02a72de37c5393fd
(cherry picked from commit 5810f9c6d92f8e1febbb25f5486778dbf416991c)
---
 openstack_auth/tests/tests.py | 15 ---------------
 openstack_auth/utils.py       |  1 +
 openstack_auth/views.py       | 35 +----------------------------------
 3 files changed, 2 insertions(+), 49 deletions(-)

diff --git a/openstack_auth/tests/tests.py b/openstack_auth/tests/tests.py
index 8f40da7..2802fcb 100644
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@@ -130,20 +130,6 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
         client = self._mock_unscoped_client(user)
         self._mock_unscoped_list_tenants(client, tenants)
 
-    def _mock_client_delete_token(self, user, token, url=None):
-        if not url:
-            url = settings.OPENSTACK_KEYSTONE_URL
-
-        plugin = token_endpoint.Token(
-            endpoint=url,
-            token=self.data.unscoped_access_info.auth_token)
-
-        client = self.ks_client_module.Client(session=mox.IsA(session.Session),
-                                              auth=plugin)
-        client.tokens = self.mox.CreateMockAnything()
-        client.tokens.delete(token=token)
-        return client
-
     def _create_password_auth(self, username=None, password=None, url=None):
         if not username:
             username = self.data.user.name
@@ -340,7 +326,6 @@ class OpenStackAuthTestsV2(OpenStackAuthTestsMixin, test.TestCase):
 
         self._mock_unscoped_client_list_tenants(user, tenants)
         self._mock_scoped_client_for_tenant(unscoped, self.data.tenant_one.id)
-        self._mock_client_delete_token(user, unscoped.auth_token, endpoint)
         self._mock_scoped_client_for_tenant(scoped, tenant.id, url=endpoint,
                                             client=False)
 
diff --git a/openstack_auth/utils.py b/openstack_auth/utils.py
index 44b3931..32a39c5 100644
--- a/openstack_auth/utils.py
+++ b/openstack_auth/utils.py
@@ -144,6 +144,7 @@ def get_keystone_client():
 
 
 def is_token_deletion_disabled():
+    LOG.warning("Deprecated TOKEN_DELETION_DISABLED setting is no longer used")
     return getattr(settings, 'TOKEN_DELETION_DISABLED', False)
 
 
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index 0440384..919cc37 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -27,7 +27,6 @@ from django.views.decorators.csrf import csrf_exempt  # noqa
 from django.views.decorators.csrf import csrf_protect  # noqa
 from django.views.decorators.debug import sensitive_post_parameters  # noqa
 from keystoneauth1 import exceptions as keystone_exceptions
-from keystoneauth1 import token_endpoint
 import six
 
 from openstack_auth import exceptions
@@ -159,17 +158,6 @@ def logout(request, login_url=None, **kwargs):
     msg = 'Logging out user "%(username)s".' % \
         {'username': request.user.username}
     LOG.info(msg)
-    endpoint = request.session.get('region_endpoint')
-
-    # delete the project scoped token
-    token = request.session.get('token')
-    if token and endpoint:
-        delete_token(endpoint=endpoint, token_id=token.id)
-
-    # delete the domain scoped token if set
-    domain_token = request.session.get('domain_token')
-    if domain_token and endpoint:
-        delete_token(endpoint=endpoint, token_id=domain_token.auth_token)
 
     """ Securely logs a user out. """
     return django_auth_views.logout_then_login(request, login_url=login_url,
@@ -178,24 +166,7 @@ def logout(request, login_url=None, **kwargs):
 
 def delete_token(endpoint, token_id):
     """Delete a token."""
-    if utils.is_token_deletion_disabled():
-        return
-    try:
-        endpoint, __ = utils.fix_auth_url_version_prefix(endpoint)
-
-        session = utils.get_session()
-        auth_plugin = token_endpoint.Token(endpoint=endpoint,
-                                           token=token_id)
-        client = utils.get_keystone_client().Client(session=session,
-                                                    auth=auth_plugin)
-        if utils.get_keystone_version() >= 3:
-            client.tokens.revoke_token(token=token_id)
-        else:
-            client.tokens.delete(token=token_id)
-
-        LOG.info('Deleted token %s' % token_id)
-    except keystone_exceptions.ClientException:
-        LOG.info('Could not delete token')
+    LOG.warn("The delete_token method is deprecated and now does nothing")
 
 
 @login_required
@@ -234,10 +205,6 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
         redirect_to = settings.LOGIN_REDIRECT_URL
 
     if auth_ref:
-        old_endpoint = request.session.get('region_endpoint')
-        old_token = request.session.get('token')
-        if old_token and old_endpoint and old_token.id != auth_ref.auth_token:
-            delete_token(endpoint=old_endpoint, token_id=old_token.id)
         user = auth_user.create_user_from_token(
             request,
             auth_user.Token(auth_ref, unscoped_token=unscoped_token),
-- 
cgit v1.2.1