Set expiration from token

author: Anton Tananaev <anton@traccar.org> 2023-11-26 08:07:52 -0800
committer: Anton Tananaev <anton@traccar.org> 2023-11-26 08:07:52 -0800
commit: acdc451e3e2ab94f548f078c4bd49985b3c2f01d (patch)
tree: 0f396d7b809e7a52adb32e1ee268cbff31235c18
parent: 08cb38a2126e91ccde44e9f91d2ad1f149c7e6b5 (diff)
download: trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.tar.gz
trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.tar.bz2
trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.zip
4 files changed, 23 insertions, 11 deletions
diff --git a/src/main/java/org/traccar/api/resource/PasswordResource.java b/src/main/java/org/traccar/api/resource/PasswordResource.java
index 029e63a0c..22b3f0cd3 100644
--- a/src/main/java/org/traccar/api/resource/PasswordResource.java
+++ b/src/main/java/org/traccar/api/resource/PasswordResource.java
@@ -75,7 +75,7 @@ public class PasswordResource extends BaseResource {
             @FormParam("token") String token, @FormParam("password") String password)
             throws StorageException, GeneralSecurityException, IOException {
 
-        long userId = tokenManager.verifyToken(token);
+        long userId = tokenManager.verifyToken(token).getUserId();
         User user = storage.getObject(User.class, new Request(
                 new Columns.All(), new Condition.Equals("id", userId)));
         if (user != null) {
diff --git a/src/main/java/org/traccar/api/security/LoginResult.java b/src/main/java/org/traccar/api/security/LoginResult.java
index 66c35bbed..1fccc36d1 100644
--- a/src/main/java/org/traccar/api/security/LoginResult.java
+++ b/src/main/java/org/traccar/api/security/LoginResult.java
@@ -10,8 +10,12 @@ public class LoginResult {
     private final Date expiration;
 
     public LoginResult(User user) {
+        this(user, null);
+    }
+
+    public LoginResult(User user, Date expiration) {
         this.user = user;
-        expiration = null;
+        this.expiration = expiration;
     }
 
     public User getUser() {
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 6246d2494..930c4fa46 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -62,13 +62,13 @@ public class LoginService {
         if (serviceAccountToken != null && serviceAccountToken.equals(token)) {
             return new LoginResult(new ServiceAccountUser());
         }
-        long userId = tokenManager.verifyToken(token);
+        TokenManager.TokenData tokenData = tokenManager.verifyToken(token);
         User user = storage.getObject(User.class, new Request(
-                new Columns.All(), new Condition.Equals("id", userId)));
+                new Columns.All(), new Condition.Equals("id", tokenData.getUserId())));
         if (user != null) {
             checkUserEnabled(user);
         }
-        return new LoginResult(user);
+        return new LoginResult(user, tokenData.getExpiration());
     }
 
     public LoginResult login(String email, String password, Integer code) throws StorageException {
diff --git a/src/main/java/org/traccar/api/signature/TokenManager.java b/src/main/java/org/traccar/api/signature/TokenManager.java
index 3019e12b9..824433b08 100644
--- a/src/main/java/org/traccar/api/signature/TokenManager.java
+++ b/src/main/java/org/traccar/api/signature/TokenManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,11 +35,19 @@ public class TokenManager {
     private final ObjectMapper objectMapper;
     private final CryptoManager cryptoManager;
 
-    public static class Data {
+    public static class TokenData {
         @JsonProperty("u")
         private long userId;
         @JsonProperty("e")
         private Date expiration;
+
+        public long getUserId() {
+            return userId;
+        }
+
+        public Date getExpiration() {
+            return expiration;
+        }
     }
 
     @Inject
@@ -54,7 +62,7 @@ public class TokenManager {
 
     public String generateToken(
             long userId, Date expiration) throws IOException, GeneralSecurityException, StorageException {
-        Data data = new Data();
+        TokenData data = new TokenData();
         data.userId = userId;
         if (expiration != null) {
             data.expiration = expiration;
@@ -65,13 +73,13 @@ public class TokenManager {
         return Base64.encodeBase64URLSafeString(cryptoManager.sign(encoded));
     }
 
-    public long verifyToken(String token) throws IOException, GeneralSecurityException, StorageException {
+    public TokenData verifyToken(String token) throws IOException, GeneralSecurityException, StorageException {
         byte[] encoded = cryptoManager.verify(Base64.decodeBase64(token));
-        Data data = objectMapper.readValue(encoded, Data.class);
+        TokenData data = objectMapper.readValue(encoded, TokenData.class);
         if (data.expiration.before(new Date())) {
             throw new SecurityException("Token has expired");
         }
-        return data.userId;
+        return data;
     }
 
 }
author	Anton Tananaev <anton@traccar.org>	2023-11-26 08:07:52 -0800
committer	Anton Tananaev <anton@traccar.org>	2023-11-26 08:07:52 -0800
commit	acdc451e3e2ab94f548f078c4bd49985b3c2f01d (patch)
tree	0f396d7b809e7a52adb32e1ee268cbff31235c18
parent	08cb38a2126e91ccde44e9f91d2ad1f149c7e6b5 (diff)
download	trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.tar.gz trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.tar.bz2 trackermap-server-acdc451e3e2ab94f548f078c4bd49985b3c2f01d.zip