New API token system

author: Anton Tananaev <anton@traccar.org> 2022-08-02 19:16:11 -0700
committer: Anton Tananaev <anton@traccar.org> 2022-08-02 19:16:11 -0700
commit: ab6970135850655313e257cf44fb68c67e9f1e80 (patch)
tree: 2327f3d05816fd7431b7a08aad4830041f2e3131 /src/main/java/org/traccar/api/security/LoginService.java
parent: 057262001dd933738fc070a57d51dc57518aa57b (diff)
download: trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.gz
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.bz2
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 104a6fac3..1e82a4cf2 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -15,6 +15,7 @@
  */
 package org.traccar.api.security;
 
+import org.traccar.api.signature.TokenManager;
 import org.traccar.config.Config;
 import org.traccar.config.Keys;
 import org.traccar.database.LdapProvider;
@@ -27,29 +28,35 @@ import org.traccar.storage.query.Request;
 
 import javax.annotation.Nullable;
 import javax.inject.Inject;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
 
 public class LoginService {
 
     private final Storage storage;
+    private final TokenManager tokenManager;
     private final LdapProvider ldapProvider;
 
     private final String serviceAccountToken;
     private final boolean forceLdap;
 
     @Inject
-    public LoginService(Config config, Storage storage, @Nullable LdapProvider ldapProvider) {
+    public LoginService(
+            Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) {
         this.storage = storage;
+        this.tokenManager = tokenManager;
         this.ldapProvider = ldapProvider;
         serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN);
         forceLdap = config.getBoolean(Keys.LDAP_FORCE);
     }
 
-    public User login(String token) throws StorageException {
+    public User login(String token) throws StorageException, GeneralSecurityException, IOException {
         if (serviceAccountToken != null && serviceAccountToken.equals(token)) {
             return new ServiceAccountUser();
         }
+        long userId = tokenManager.verifyToken(token);
         User user = storage.getObject(User.class, new Request(
-                new Columns.All(), new Condition.Equals("token", "token", token)));
+                new Columns.All(), new Condition.Equals("id", "id", userId)));
         if (user != null) {
             checkUserEnabled(user);
         }
author	Anton Tananaev <anton@traccar.org>	2022-08-02 19:16:11 -0700
committer	Anton Tananaev <anton@traccar.org>	2022-08-02 19:16:11 -0700
commit	ab6970135850655313e257cf44fb68c67e9f1e80 (patch)
tree	2327f3d05816fd7431b7a08aad4830041f2e3131 /src/main/java/org/traccar/api/security/LoginService.java
parent	057262001dd933738fc070a57d51dc57518aa57b (diff)
download	trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.gz trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.bz2 trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.zip