Merge pull request #2548 from tananaev/users

Add user expiration and device limit
author: Anton Tananaev <anton.tananaev@gmail.com> 2016-11-18 19:12:25 +1300
committer: GitHub <noreply@github.com> 2016-11-18 19:12:25 +1300
commit: 3eca9acd6e6a160df8f7b86150429c3d7c09b0c3 (patch)
tree: cb8bc7293a5c3fbac7f5e7557c73baded57109d8
parent: f04881e56938315867a97db2027d58f27f7a20fd (diff)
parent: f35da3ffdf6f960a877149b72b819a1979c9395a (diff)
download: trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.tar.gz
trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.tar.bz2
trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.zip
8 files changed, 110 insertions, 27 deletions
diff --git a/schema/changelog-3.8.xml b/schema/changelog-3.8.xml
index 780a2d029..ba591f192 100644
--- a/schema/changelog-3.8.xml
+++ b/schema/changelog-3.8.xml
@@ -107,5 +107,15 @@
       <column name="category" type="VARCHAR(128)" />
     </addColumn>
 
+    <addColumn tableName="users">
+      <column name="disabled" type="BOOLEAN" defaultValueBoolean="false" />
+    </addColumn>
+    <addColumn tableName="users">
+      <column name="expirationtime" type="TIMESTAMP" />
+    </addColumn>
+    <addColumn tableName="users">
+      <column name="devicelimit" type="INT" defaultValueNumeric="0" />
+    </addColumn>
+
   </changeSet>
 </databaseChangeLog>
diff --git a/setup/default.xml b/setup/default.xml
index f50f3904f..a9d7684d4 100644
--- a/setup/default.xml
+++ b/setup/default.xml
@@ -62,8 +62,8 @@
     </entry>
 
     <entry key='database.insertUser'>
-        INSERT INTO users (name, email, hashedPassword, salt, admin, map, distanceUnit, speedUnit, latitude, longitude, zoom, twelveHourFormat, attributes)
-        VALUES (:name, :email, :hashedPassword, :salt, :admin, :map, :distanceUnit, :speedUnit, :latitude, :longitude, :zoom, :twelveHourFormat, :attributes)
+        INSERT INTO users (name, email, hashedPassword, salt, admin, map, distanceUnit, speedUnit, latitude, longitude, zoom, twelveHourFormat, coordinateFormat, disabled, expirationTime, deviceLimit, attributes)
+        VALUES (:name, :email, :hashedPassword, :salt, :admin, :map, :distanceUnit, :speedUnit, :latitude, :longitude, :zoom, :twelveHourFormat, :coordinateFormat, :disabled, :expirationTime, :deviceLimit, :attributes)
     </entry>
 
     <entry key='database.updateUser'>
@@ -78,6 +78,10 @@
         longitude = :longitude,
         zoom = :zoom,
         twelveHourFormat = :twelveHourFormat,
+        coordinateFormat = :coordinateFormat,
+        disabled = :disabled,
+        expirationTime = :expirationTime,
+        deviceLimit = :deviceLimit,
         attributes = :attributes
         WHERE id = :id
     </entry>
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java
index fd4c77525..3f2390754 100644
--- a/src/org/traccar/api/SecurityRequestFilter.java
+++ b/src/org/traccar/api/SecurityRequestFilter.java
@@ -17,6 +17,7 @@ package org.traccar.api;
 
 import org.traccar.Context;
 import org.traccar.api.resource.SessionResource;
+import org.traccar.helper.Log;
 import org.traccar.model.User;
 
 import javax.annotation.security.PermitAll;
@@ -62,28 +63,35 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
 
         SecurityContext securityContext = null;
 
-        String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
-        if (authHeader != null) {
+        try {
 
-            try {
-                String[] auth = decodeBasicAuth(authHeader);
-                User user = Context.getDataManager().login(auth[0], auth[1]);
-                if (user != null) {
-                    Context.getStatisticsManager().registerRequest(user.getId());
-                    securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+            String authHeader = requestContext.getHeaderString(AUTHORIZATION_HEADER);
+            if (authHeader != null) {
+
+                try {
+                    String[] auth = decodeBasicAuth(authHeader);
+                    User user = Context.getPermissionsManager().login(auth[0], auth[1]);
+                    if (user != null) {
+                        Context.getStatisticsManager().registerRequest(user.getId());
+                        securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+                    }
+                } catch (SQLException e) {
+                    throw new WebApplicationException(e);
                 }
-            } catch (SQLException e) {
-                throw new WebApplicationException(e);
-            }
 
-        } else if (request.getSession() != null) {
+            } else if (request.getSession() != null) {
+
+                Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
+                if (userId != null) {
+                    Context.getPermissionsManager().checkUser(userId);
+                    Context.getStatisticsManager().registerRequest(userId);
+                    securityContext = new UserSecurityContext(new UserPrincipal(userId));
+                }
 
-            Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
-            if (userId != null) {
-                Context.getStatisticsManager().registerRequest(userId);
-                securityContext = new UserSecurityContext(new UserPrincipal(userId));
             }
 
+        } catch (SecurityException e) {
+            Log.warning(e);
         }
 
         if (securityContext != null) {
diff --git a/src/org/traccar/api/resource/DeviceResource.java b/src/org/traccar/api/resource/DeviceResource.java
index f20ed86ad..0b389ede1 100644
--- a/src/org/traccar/api/resource/DeviceResource.java
+++ b/src/org/traccar/api/resource/DeviceResource.java
@@ -58,6 +58,13 @@ public class DeviceResource extends BaseResource {
     @POST
     public Response add(Device entity) throws SQLException {
         Context.getPermissionsManager().checkReadonly(getUserId());
+        int deviceLimit = Context.getPermissionsManager().getUser(getUserId()).getDeviceLimit();
+        if (deviceLimit != 0) {
+            int deviceCount = Context.getPermissionsManager().getDevicePermissions(getUserId()).size();
+            if (deviceCount >= deviceLimit) {
+                throw new SecurityException("User device limit reached");
+            }
+        }
         Context.getDeviceManager().addDevice(entity);
         Context.getDataManager().linkDevice(getUserId(), entity.getId());
         Context.getPermissionsManager().refreshPermissions();
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 2847e41c1..a61738c7e 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -64,7 +64,7 @@ public class SessionResource extends BaseResource {
                 }
             }
             if (email != null && password != null) {
-                User user = Context.getDataManager().login(email, password);
+                User user = Context.getPermissionsManager().login(email, password);
                 if (user != null) {
                     userId = user.getId();
                     request.getSession().setAttribute(USER_ID_KEY, userId);
@@ -73,6 +73,7 @@ public class SessionResource extends BaseResource {
         }
 
         if (userId != null) {
+            Context.getPermissionsManager().checkUser(userId);
             return Context.getPermissionsManager().getUser(userId);
         } else {
             throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build());
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index f0a8597cc..c6e84c918 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -60,13 +60,16 @@ public class UserResource extends BaseResource {
     @Path("{id}")
     @PUT
     public Response update(@PathParam("id") long id, User entity) throws SQLException {
-        if (entity.getAdmin()) {
+        User old = Context.getPermissionsManager().getUser(entity.getId());
+        if (old.getExpirationTime() == null && entity.getExpirationTime() != null
+                || old.getExpirationTime() != null && !old.getExpirationTime().equals(entity.getExpirationTime())
+                || old.getAdmin() != entity.getAdmin()
+                || old.getReadonly() != entity.getReadonly()
+                || old.getDisabled() != entity.getDisabled()
+                || old.getDeviceLimit() != entity.getDeviceLimit()) {
             Context.getPermissionsManager().checkAdmin(getUserId());
         } else {
             Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
-            if (!entity.getReadonly()) {
-                Context.getPermissionsManager().checkReadonly(entity.getId());
-            }
         }
         Context.getPermissionsManager().updateUser(entity);
         if (Context.getNotificationManager() != null) {
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index b0ae504d0..1c995a11d 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -146,7 +146,17 @@ public class PermissionsManager {
 
     public void checkReadonly(long userId) throws SecurityException {
         if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) {
-            throw new SecurityException("User is readonly");
+            throw new SecurityException("Account is readonly");
+        }
+    }
+
+    public void checkUser(long userId) throws SecurityException {
+        User user = getUser(userId);
+        if (user.getDisabled()) {
+            throw new SecurityException("Account is disabled");
+        }
+        if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
+            throw new SecurityException("Account has expired");
         }
     }
 
@@ -217,11 +227,11 @@ public class PermissionsManager {
 
     public User login(String email, String password) throws SQLException {
         User user = dataManager.login(email, password);
-        if (user != null && users.get(user.getId()) != null) {
+        if (user != null) {
+            checkUser(user.getId());
             return users.get(user.getId());
-        } else {
-            return null;
         }
+        return null;
     }
 
 }
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index aa0b33713..a36fa0e31 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -18,6 +18,8 @@ package org.traccar.model;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.traccar.helper.Hashing;
 
+import java.util.Date;
+
 public class User extends Extensible {
 
     private String name;
@@ -140,6 +142,44 @@ public class User extends Extensible {
         this.coordinateFormat = coordinateFormat;
     }
 
+    private boolean disabled;
+
+    public boolean getDisabled() {
+        return disabled;
+    }
+
+    public void setDisabled(boolean disabled) {
+        this.disabled = disabled;
+    }
+
+    private Date expirationTime;
+
+    public Date getExpirationTime() {
+        if (expirationTime != null) {
+            return new Date(expirationTime.getTime());
+        } else {
+            return null;
+        }
+    }
+
+    public void setExpirationTime(Date expirationTime) {
+        if (expirationTime != null) {
+            this.expirationTime = new Date(expirationTime.getTime());
+        } else {
+            this.expirationTime = null;
+        }
+    }
+
+    private int deviceLimit;
+
+    public int getDeviceLimit() {
+        return deviceLimit;
+    }
+
+    public void setDeviceLimit(int deviceLimit) {
+        this.deviceLimit = deviceLimit;
+    }
+
     public String getPassword() {
         return null;
     }
author	Anton Tananaev <anton.tananaev@gmail.com>	2016-11-18 19:12:25 +1300
committer	GitHub <noreply@github.com>	2016-11-18 19:12:25 +1300
commit	3eca9acd6e6a160df8f7b86150429c3d7c09b0c3 (patch)
tree	cb8bc7293a5c3fbac7f5e7557c73baded57109d8
parent	f04881e56938315867a97db2027d58f27f7a20fd (diff)
parent	f35da3ffdf6f960a877149b72b819a1979c9395a (diff)
download	trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.tar.gz trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.tar.bz2 trackermap-server-3eca9acd6e6a160df8f7b86150429c3d7c09b0c3.zip