aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api
diff options
context:
space:
mode:
authorAnton Tananaev <anton.tananaev@gmail.com>2023-04-03 10:12:19 -0700
committerGitHub <noreply@github.com>2023-04-03 10:12:19 -0700
commit2d92fa2473b2317f01b904a8f1afd83e7884d7c8 (patch)
tree3ed8307268122fc23838f4c4ab97fb954c1c1370 /src/main/java/org/traccar/api
parent836fb2221dedae55c3f8457f35294b3753f095c8 (diff)
parentd05049c4fcad15b014d4d7178f3b88de7c0c7a28 (diff)
downloadtrackermap-server-2d92fa2473b2317f01b904a8f1afd83e7884d7c8.tar.gz
trackermap-server-2d92fa2473b2317f01b904a8f1afd83e7884d7c8.tar.bz2
trackermap-server-2d92fa2473b2317f01b904a8f1afd83e7884d7c8.zip
Merge pull request #5057 from dan-r/implement-oidc
Implement SSO with OpenID Connect
Diffstat (limited to 'src/main/java/org/traccar/api')
-rw-r--r--src/main/java/org/traccar/api/resource/ServerResource.java7
-rw-r--r--src/main/java/org/traccar/api/resource/SessionResource.java25
-rw-r--r--src/main/java/org/traccar/api/resource/UserResource.java8
-rw-r--r--src/main/java/org/traccar/api/security/LoginService.java24
4 files changed, 57 insertions, 7 deletions
diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java
index 4b7ee9189..6a3b8919e 100644
--- a/src/main/java/org/traccar/api/resource/ServerResource.java
+++ b/src/main/java/org/traccar/api/resource/ServerResource.java
@@ -16,6 +16,7 @@
package org.traccar.api.resource;
import org.traccar.api.BaseResource;
+import org.traccar.database.OpenIdProvider;
import org.traccar.helper.model.UserUtil;
import org.traccar.mail.MailManager;
import org.traccar.geocoder.Geocoder;
@@ -57,6 +58,10 @@ public class ServerResource extends BaseResource {
@Inject
@Nullable
+ private OpenIdProvider openIdProvider;
+
+ @Inject
+ @Nullable
private Geocoder geocoder;
@PermitAll
@@ -65,6 +70,8 @@ public class ServerResource extends BaseResource {
Server server = storage.getObject(Server.class, new Request(new Columns.All()));
server.setEmailEnabled(mailManager.getEmailEnabled());
server.setGeocoderEnabled(geocoder != null);
+ server.setOpenIdEnabled(openIdProvider != null);
+ server.setOpenIdForce(openIdProvider != null && openIdProvider.getForce());
User user = permissionsService.getUser(getUserId());
if (user != null) {
if (user.getAdministrator()) {
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index ff84c135f..ac39fa449 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -18,6 +18,7 @@ package org.traccar.api.resource;
import org.traccar.api.BaseResource;
import org.traccar.api.security.LoginService;
import org.traccar.api.signature.TokenManager;
+import org.traccar.database.OpenIdProvider;
import org.traccar.helper.DataConverter;
import org.traccar.helper.LogAction;
import org.traccar.helper.ServletHelper;
@@ -27,6 +28,8 @@ import org.traccar.storage.query.Columns;
import org.traccar.storage.query.Condition;
import org.traccar.storage.query.Request;
+import com.nimbusds.oauth2.sdk.ParseException;
+import javax.annotation.Nullable;
import javax.annotation.security.PermitAll;
import javax.inject.Inject;
import javax.servlet.http.Cookie;
@@ -49,6 +52,7 @@ import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Date;
+import java.net.URI;
@Path("session")
@Produces(MediaType.APPLICATION_JSON)
@@ -63,6 +67,10 @@ public class SessionResource extends BaseResource {
private LoginService loginService;
@Inject
+ @Nullable
+ private OpenIdProvider openIdProvider;
+
+ @Inject
private TokenManager tokenManager;
@Context
@@ -160,4 +168,21 @@ public class SessionResource extends BaseResource {
return tokenManager.generateToken(getUserId(), expiration);
}
+ @PermitAll
+ @Path("openid/auth")
+ @GET
+ public Response openIdAuth() throws IOException {
+ return Response.seeOther(openIdProvider.createAuthUri()).build();
+ }
+
+ @PermitAll
+ @Path("openid/callback")
+ @GET
+ public Response requestToken() throws IOException, StorageException, ParseException, GeneralSecurityException {
+ StringBuilder requestUrl = new StringBuilder(request.getRequestURL().toString());
+ String queryString = request.getQueryString();
+ String requestUri = requestUrl.append('?').append(queryString).toString();
+
+ return Response.seeOther(openIdProvider.handleCallback(URI.create(requestUri), request)).build();
+ }
}
diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java
index e41ebbe61..19d88782f 100644
--- a/src/main/java/org/traccar/api/resource/UserResource.java
+++ b/src/main/java/org/traccar/api/resource/UserResource.java
@@ -17,7 +17,6 @@ package org.traccar.api.resource;
import org.traccar.api.BaseObjectResource;
import org.traccar.config.Config;
-import org.traccar.config.Keys;
import org.traccar.helper.LogAction;
import org.traccar.helper.model.UserUtil;
import org.traccar.model.ManagedUser;
@@ -39,7 +38,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.Collection;
-import java.util.Date;
@Path("users")
@Produces(MediaType.APPLICATION_JSON)
@@ -91,11 +89,7 @@ public class UserResource extends BaseObjectResource<User> {
if (!permissionsService.getServer().getRegistration()) {
throw new SecurityException("Registration disabled");
}
- entity.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT));
- int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS);
- if (expirationDays > 0) {
- entity.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L));
- }
+ UserUtil.setUserDefaults(entity, config);
}
}
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 88bafcfb5..c7482a2e3 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -19,6 +19,7 @@ import org.traccar.api.signature.TokenManager;
import org.traccar.config.Config;
import org.traccar.config.Keys;
import org.traccar.database.LdapProvider;
+import org.traccar.helper.model.UserUtil;
import org.traccar.model.User;
import org.traccar.storage.Storage;
import org.traccar.storage.StorageException;
@@ -35,6 +36,7 @@ import java.security.GeneralSecurityException;
@Singleton
public class LoginService {
+ private final Config config;
private final Storage storage;
private final TokenManager tokenManager;
private final LdapProvider ldapProvider;
@@ -46,6 +48,7 @@ public class LoginService {
public LoginService(
Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) {
this.storage = storage;
+ this.config = config;
this.tokenManager = tokenManager;
this.ldapProvider = ldapProvider;
serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN);
@@ -89,6 +92,27 @@ public class LoginService {
return null;
}
+ public User login(String email, String name, Boolean administrator) throws StorageException {
+ User user = storage.getObject(User.class, new Request(
+ new Columns.All(),
+ new Condition.Equals("email", email)));
+
+ if (user != null) {
+ checkUserEnabled(user);
+ return user;
+ } else {
+ user = new User();
+ UserUtil.setUserDefaults(user, config);
+ user.setName(name);
+ user.setEmail(email);
+ user.setFixedEmail(true);
+ user.setAdministrator(administrator);
+ user.setId(storage.addObject(user, new Request(new Columns.Exclude("id"))));
+ checkUserEnabled(user);
+ return user;
+ }
+ }
+
private void checkUserEnabled(User user) throws SecurityException {
if (user == null) {
throw new SecurityException("Unknown account");