diff options
author | Anton Tananaev <anton.tananaev@gmail.com> | 2021-12-12 10:54:18 -0800 |
---|---|---|
committer | Anton Tananaev <anton.tananaev@gmail.com> | 2021-12-12 10:54:32 -0800 |
commit | f910e56a45a4adc08287b6674d011bd25ea52b27 (patch) | |
tree | 38138f7f4f9708ff93422d4351868d3c805fcd25 | |
parent | 65eb526466a30cf70be103671bc14e2b460cf689 (diff) | |
download | trackermap-server-f910e56a45a4adc08287b6674d011bd25ea52b27.tar.gz trackermap-server-f910e56a45a4adc08287b6674d011bd25ea52b27.tar.bz2 trackermap-server-f910e56a45a4adc08287b6674d011bd25ea52b27.zip |
Token to override current session
-rw-r--r-- | src/main/java/org/traccar/api/resource/SessionResource.java | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index e3c5d457f..60ce5490a 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -1,5 +1,5 @@ /* - * Copyright 2015 Anton Tananaev (anton@traccar.org) + * Copyright 2015 - 2021 Anton Tananaev (anton@traccar.org) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -57,8 +57,19 @@ public class SessionResource extends BaseResource { @PermitAll @GET public User get(@QueryParam("token") String token) throws SQLException, UnsupportedEncodingException { + + if (token != null) { + User user = Context.getUsersManager().getUserByToken(token); + if (user != null) { + Context.getPermissionsManager().checkUserEnabled(user.getId()); + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + return user; + } + } + Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); if (userId == null) { + Cookie[] cookies = request.getCookies(); String email = null, password = null; if (cookies != null) { @@ -77,24 +88,20 @@ public class SessionResource extends BaseResource { if (email != null && password != null) { User user = Context.getPermissionsManager().login(email, password); if (user != null) { - userId = user.getId(); - request.getSession().setAttribute(USER_ID_KEY, userId); - } - } else if (token != null) { - User user = Context.getUsersManager().getUserByToken(token); - if (user != null) { - userId = user.getId(); - request.getSession().setAttribute(USER_ID_KEY, userId); + Context.getPermissionsManager().checkUserEnabled(user.getId()); + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + return user; } } - } - if (userId != null) { + } else { + Context.getPermissionsManager().checkUserEnabled(userId); return Context.getPermissionsManager().getUser(userId); - } else { - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); + } + + throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); } @PermitAll |