4 files changed, 57 insertions, 7 deletions

diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java
index 4b7ee9189..6a3b8919e 100644
--- a/src/main/java/org/traccar/api/resource/ServerResource.java
+++ b/src/main/java/org/traccar/api/resource/ServerResource.java
@@ -16,6 +16,7 @@
 package org.traccar.api.resource;
 
 import org.traccar.api.BaseResource;
+import org.traccar.database.OpenIdProvider;
 import org.traccar.helper.model.UserUtil;
 import org.traccar.mail.MailManager;
 import org.traccar.geocoder.Geocoder;
@@ -57,6 +58,10 @@ public class ServerResource extends BaseResource {
 
     @Inject
     @Nullable
+    private OpenIdProvider openIdProvider;
+
+    @Inject
+    @Nullable
     private Geocoder geocoder;
 
     @PermitAll
@@ -65,6 +70,8 @@ public class ServerResource extends BaseResource {
         Server server = storage.getObject(Server.class, new Request(new Columns.All()));
         server.setEmailEnabled(mailManager.getEmailEnabled());
         server.setGeocoderEnabled(geocoder != null);
+        server.setOpenIdEnabled(openIdProvider != null);
+        server.setOpenIdForce(openIdProvider != null && openIdProvider.getForce());
         User user = permissionsService.getUser(getUserId());
         if (user != null) {
             if (user.getAdministrator()) {
diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index ff84c135f..ac39fa449 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -18,6 +18,7 @@ package org.traccar.api.resource;
 import org.traccar.api.BaseResource;
 import org.traccar.api.security.LoginService;
 import org.traccar.api.signature.TokenManager;
+import org.traccar.database.OpenIdProvider;
 import org.traccar.helper.DataConverter;
 import org.traccar.helper.LogAction;
 import org.traccar.helper.ServletHelper;
@@ -27,6 +28,8 @@ import org.traccar.storage.query.Columns;
 import org.traccar.storage.query.Condition;
 import org.traccar.storage.query.Request;
 
+import com.nimbusds.oauth2.sdk.ParseException;
+import javax.annotation.Nullable;
 import javax.annotation.security.PermitAll;
 import javax.inject.Inject;
 import javax.servlet.http.Cookie;
@@ -49,6 +52,7 @@ import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.util.Date;
+import java.net.URI;
 
 @Path("session")
 @Produces(MediaType.APPLICATION_JSON)
@@ -63,6 +67,10 @@ public class SessionResource extends BaseResource {
     private LoginService loginService;
 
     @Inject
+    @Nullable
+    private OpenIdProvider openIdProvider;
+
+    @Inject
     private TokenManager tokenManager;
 
     @Context
@@ -160,4 +168,21 @@ public class SessionResource extends BaseResource {
         return tokenManager.generateToken(getUserId(), expiration);
     }
 
+    @PermitAll
+    @Path("openid/auth")
+    @GET
+    public Response openIdAuth() throws IOException {
+        return Response.seeOther(openIdProvider.createAuthUri()).build();
+    }
+
+    @PermitAll
+    @Path("openid/callback")
+    @GET
+    public Response requestToken() throws IOException, StorageException, ParseException, GeneralSecurityException {
+        StringBuilder requestUrl = new StringBuilder(request.getRequestURL().toString());
+        String queryString = request.getQueryString();
+        String requestUri = requestUrl.append('?').append(queryString).toString();
+
+        return Response.seeOther(openIdProvider.handleCallback(URI.create(requestUri), request)).build();
+    }
 }
diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java
index e41ebbe61..19d88782f 100644
--- a/src/main/java/org/traccar/api/resource/UserResource.java
+++ b/src/main/java/org/traccar/api/resource/UserResource.java
@@ -17,7 +17,6 @@ package org.traccar.api.resource;
 
 import org.traccar.api.BaseObjectResource;
 import org.traccar.config.Config;
-import org.traccar.config.Keys;
 import org.traccar.helper.LogAction;
 import org.traccar.helper.model.UserUtil;
 import org.traccar.model.ManagedUser;
@@ -39,7 +38,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.Collection;
-import java.util.Date;
 
 @Path("users")
 @Produces(MediaType.APPLICATION_JSON)
@@ -91,11 +89,7 @@ public class UserResource extends BaseObjectResource<User> {
                 if (!permissionsService.getServer().getRegistration()) {
                     throw new SecurityException("Registration disabled");
                 }
-                entity.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT));
-                int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS);
-                if (expirationDays > 0) {
-                    entity.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L));
-                }
+                UserUtil.setUserDefaults(entity, config);
             }
         }
 
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 88bafcfb5..c7482a2e3 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -19,6 +19,7 @@ import org.traccar.api.signature.TokenManager;
 import org.traccar.config.Config;
 import org.traccar.config.Keys;
 import org.traccar.database.LdapProvider;
+import org.traccar.helper.model.UserUtil;
 import org.traccar.model.User;
 import org.traccar.storage.Storage;
 import org.traccar.storage.StorageException;
@@ -35,6 +36,7 @@ import java.security.GeneralSecurityException;
 @Singleton
 public class LoginService {
 
+    private final Config config;
     private final Storage storage;
     private final TokenManager tokenManager;
     private final LdapProvider ldapProvider;
@@ -46,6 +48,7 @@ public class LoginService {
     public LoginService(
             Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) {
         this.storage = storage;
+        this.config = config;
         this.tokenManager = tokenManager;
         this.ldapProvider = ldapProvider;
         serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN);
@@ -89,6 +92,27 @@ public class LoginService {
         return null;
     }
 
+    public User login(String email, String name, Boolean administrator) throws StorageException {
+        User user = storage.getObject(User.class, new Request(
+            new Columns.All(),
+            new Condition.Equals("email", email)));
+
+        if (user != null) {
+            checkUserEnabled(user);
+            return user;
+        } else {
+            user = new User();
+            UserUtil.setUserDefaults(user, config);
+            user.setName(name);
+            user.setEmail(email);
+            user.setFixedEmail(true);
+            user.setAdministrator(administrator);
+            user.setId(storage.addObject(user, new Request(new Columns.Exclude("id"))));
+            checkUserEnabled(user);
+            return user;
+        }
+    }
+
     private void checkUserEnabled(User user) throws SecurityException {
         if (user == null) {
             throw new SecurityException("Unknown account");