aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar/api/resource
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar/api/resource')
-rw-r--r--src/org/traccar/api/resource/SessionResource.java5
-rw-r--r--src/org/traccar/api/resource/UserResource.java3
2 files changed, 5 insertions, 3 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 6c5263123..db8a5c837 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -29,6 +29,7 @@ import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -48,7 +49,7 @@ public class SessionResource extends BaseResource {
@PermitAll
@GET
- public User get() throws SQLException {
+ public User get(@QueryParam("token") String token) throws SQLException {
Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY);
if (userId == null) {
Cookie[] cookies = request.getCookies();
@@ -69,7 +70,7 @@ public class SessionResource extends BaseResource {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
}
- } else if (request.getParameter("token") != null) {
+ } else if (token != null) {
User user = Context.getPermissionsManager().getUserByToken(request.getParameter("token"));
if (user != null) {
userId = user.getId();
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index 094de2812..2ff1639f6 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -67,7 +67,8 @@ public class UserResource extends BaseResource {
|| old.getReadonly() != entity.getReadonly()
|| old.getDisabled() != entity.getDisabled()
|| old.getDeviceLimit() != entity.getDeviceLimit()
- || !old.getToken().equals(entity.getToken())) {
+ || old.getToken() == null && entity.getToken() != null
+ || old.getToken() != null && !old.getToken().equals(entity.getToken())) {
Context.getPermissionsManager().checkAdmin(getUserId());
} else {
Context.getPermissionsManager().checkUser(getUserId(), entity.getId());