diff options
Diffstat (limited to 'src/org/traccar/api/resource')
-rw-r--r-- | src/org/traccar/api/resource/SessionResource.java | 5 | ||||
-rw-r--r-- | src/org/traccar/api/resource/UserResource.java | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java index 6c5263123..db8a5c837 100644 --- a/src/org/traccar/api/resource/SessionResource.java +++ b/src/org/traccar/api/resource/SessionResource.java @@ -29,6 +29,7 @@ import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -48,7 +49,7 @@ public class SessionResource extends BaseResource { @PermitAll @GET - public User get() throws SQLException { + public User get(@QueryParam("token") String token) throws SQLException { Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); if (userId == null) { Cookie[] cookies = request.getCookies(); @@ -69,7 +70,7 @@ public class SessionResource extends BaseResource { userId = user.getId(); request.getSession().setAttribute(USER_ID_KEY, userId); } - } else if (request.getParameter("token") != null) { + } else if (token != null) { User user = Context.getPermissionsManager().getUserByToken(request.getParameter("token")); if (user != null) { userId = user.getId(); diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java index 094de2812..2ff1639f6 100644 --- a/src/org/traccar/api/resource/UserResource.java +++ b/src/org/traccar/api/resource/UserResource.java @@ -67,7 +67,8 @@ public class UserResource extends BaseResource { || old.getReadonly() != entity.getReadonly() || old.getDisabled() != entity.getDisabled() || old.getDeviceLimit() != entity.getDeviceLimit() - || !old.getToken().equals(entity.getToken())) { + || old.getToken() == null && entity.getToken() != null + || old.getToken() != null && !old.getToken().equals(entity.getToken())) { Context.getPermissionsManager().checkAdmin(getUserId()); } else { Context.getPermissionsManager().checkUser(getUserId(), entity.getId()); |