From f910e56a45a4adc08287b6674d011bd25ea52b27 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Sun, 12 Dec 2021 10:54:18 -0800
Subject: Token to override current session

---
 .../org/traccar/api/resource/SessionResource.java  | 33 +++++++++++++---------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index e3c5d457f..60ce5490a 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2021 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -57,8 +57,19 @@ public class SessionResource extends BaseResource {
     @PermitAll
     @GET
     public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException {
+
+        if (token != null) {
+            User user = Context.getUsersManager().getUserByToken(token);
+            if (user != null) {
+                Context.getPermissionsManager().checkUserEnabled(user.getId());
+                request.getSession().setAttribute(USER_ID_KEY, user.getId());
+                return user;
+            }
+        }
+
         Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY);
         if (userId == null) {
+
             Cookie[] cookies = request.getCookies();
             String email = null, password = null;
             if (cookies != null) {
@@ -77,24 +88,20 @@ public class SessionResource extends BaseResource {
             if (email != null && password != null) {
                 User user = Context.getPermissionsManager().login(email, password);
                 if (user != null) {
-                    userId = user.getId();
-                    request.getSession().setAttribute(USER_ID_KEY, userId);
-                }
-            } else if (token != null) {
-                User user = Context.getUsersManager().getUserByToken(token);
-                if (user != null) {
-                    userId = user.getId();
-                    request.getSession().setAttribute(USER_ID_KEY, userId);
+                    Context.getPermissionsManager().checkUserEnabled(user.getId());
+                    request.getSession().setAttribute(USER_ID_KEY, user.getId());
+                    return user;
                 }
             }
-        }
 
-        if (userId != null) {
+        } else {
+
             Context.getPermissionsManager().checkUserEnabled(userId);
             return Context.getPermissionsManager().getUser(userId);
-        } else {
-            throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
+
         }
+
+        throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
     }
 
     @PermitAll
-- 
cgit v1.2.3