Delete the auth token when logging out.

Before this, authentication tokens were kept in the database, even when
someone logged out. This is unwanted behaviour, as logging in will create
yet another token anyway there is no reason to keep the token around.

pillar/auth/__init__.py

@@ -202,8 +202,6 @@ def config_login_manager(app):
 def login_user(oauth_token: str, *, load_from_db=False):
     """Log in the user identified by the given token."""
 
-    from flask import g
-
     if load_from_db:
         user = _load_user(oauth_token)
     else:
@@ -212,6 +210,20 @@ def login_user(oauth_token: str, *, load_from_db=False):
     g.current_user = user
 
 
+def logout_user():
+    """Forces a logout of the current user."""
+
+    from ..api.utils import authentication
+
+    token = get_blender_id_oauth_token()
+    if token:
+        authentication.remove_token(token)
+
+    session.clear()
+    flask_login.logout_user()
+    g.current_user = AnonymousUser()
+
+
 def get_blender_id_oauth_token() -> str:
     """Returns the Blender ID auth token, or an empty string if there is none."""
 
@@ -231,6 +243,9 @@ def get_blender_id_oauth_token() -> str:
     if request.authorization and request.authorization.username:
         return request.authorization.username
 
+    if current_user.is_authenticated and current_user.id:
+        return current_user.id
+
     return ''