From a7c97fcd18ff9b74b271cb2a05e385e85506d9ec Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Tue, 8 Mar 2016 14:04:20 -0500
Subject: [PATCH] Clear the accessor index during revocation

---
 vault/token_store.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/vault/token_store.go b/vault/token_store.go
index 35d358762..b148b3189 100644
--- a/vault/token_store.go
+++ b/vault/token_store.go
@@ -313,11 +313,9 @@ func (ts *TokenStore) createAccessorID(entry *TokenEntry) error {
 	entry.AccessorID = accessorUUID
 
 	// Create salted token and accessor IDs
-	saltedTokenId := ts.SaltID(entry.ID)
-	saltedAccessorID := ts.SaltID(entry.AccessorID)
 
 	// Create index, mapping the Accessor ID to the Token ID
-	path := lookupPrefix + saltedTokenId + "/" + saltedAccessorID
+	path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
 	le := &logical.StorageEntry{Key: path, Value: []byte(entry.ID)}
 	if err := ts.view.Put(le); err != nil {
 		return fmt.Errorf("failed to persist accessor index entry: %v", err)
@@ -499,6 +497,14 @@ func (ts *TokenStore) revokeSalted(saltedId string) error {
 		}
 	}
 
+	// Clear the accessor ID index if any
+	if entry != nil && entry.AccessorID != "" {
+		path := lookupPrefix + ts.SaltID(entry.ID) + "/" + ts.SaltID(entry.AccessorID)
+		if ts.view.Delete(path); err != nil {
+			return fmt.Errorf("failed to delete entry: %v", err)
+		}
+	}
+
 	// Revoke all secrets under this token
 	if entry != nil {
 		if err := ts.expiration.RevokeByToken(entry.ID); err != nil {