Update KeystoneMiddleware to the stable/liberty version.

Change-Id: I225ed685dad129dc7c1d5d6a00e54c0facde0c07

1 files changed, 22 insertions, 0 deletions

diff --git a/keystonemiddleware-moon/keystonemiddleware/auth_token/_revocations.py b/keystonemiddleware-moon/keystonemiddleware/auth_token/_revocations.py
index 8cc449ad..a68356a8 100644
--- a/keystonemiddleware-moon/keystonemiddleware/auth_token/_revocations.py
+++ b/keystonemiddleware-moon/keystonemiddleware/auth_token/_revocations.py
@@ -104,3 +104,25 @@ class Revocations(object):
         if self._any_revoked(token_ids):
             self._log.debug('Token is marked as having been revoked')
             raise exc.InvalidToken(_('Token has been revoked'))
+
+    def check_by_audit_id(self, audit_ids):
+        """Check whether the audit_id appears in the revocation list.
+
+        :raises keystonemiddleware.auth_token._exceptions.InvalidToken:
+            if the audit ID(s) appear in the revocation list.
+
+        """
+        revoked_tokens = self._list.get('revoked', None)
+        if not revoked_tokens:
+            # There's no revoked tokens, so nothing to do.
+            return
+
+        # The audit_id may not be present in the revocation events because
+        # earlier versions of the identity server didn't provide them.
+        revoked_ids = set(
+            x['audit_id'] for x in revoked_tokens if 'audit_id' in x)
+        for audit_id in audit_ids:
+            if audit_id in revoked_ids:
+                self._log.debug(
+                    'Token is marked as having been revoked by audit id')
+                raise exc.InvalidToken(_('Token has been revoked'))