Limit token expiration extension

author: Anton Tananaev <anton@traccar.org> 2023-11-26 08:21:33 -0800
committer: Anton Tananaev <anton@traccar.org> 2023-11-26 08:21:33 -0800
commit: b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d (patch)
tree: 3b5a2804decbef533f563203699810b9ba0c56ff
parent: fc8678b22929026e6c62284add8ff1cbca247f20 (diff)
download: trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.tar.gz
trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.tar.bz2
trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index 0435f4f92..02c9837f0 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -181,6 +181,10 @@ public class SessionResource extends BaseResource {
     @POST
     public String requestToken(
             @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException {
+        Date currentExpiration = (Date) request.getSession().getAttribute(EXPIRATION_KEY);
+        if (currentExpiration != null && currentExpiration.before(expiration)) {
+            expiration = currentExpiration;
+        }
         return tokenManager.generateToken(getUserId(), expiration);
     }
author	Anton Tananaev <anton@traccar.org>	2023-11-26 08:21:33 -0800
committer	Anton Tananaev <anton@traccar.org>	2023-11-26 08:21:33 -0800
commit	b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d (patch)
tree	3b5a2804decbef533f563203699810b9ba0c56ff
parent	fc8678b22929026e6c62284add8ff1cbca247f20 (diff)
download	trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.tar.gz trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.tar.bz2 trackermap-server-b73c8246c2023feae9eb5332a69f0ab8a1cd4e3d.zip