aboutsummaryrefslogtreecommitdiff
path: root/src/org/traccar
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/traccar')
-rw-r--r--src/org/traccar/api/resource/SessionResource.java6
-rw-r--r--src/org/traccar/api/resource/UserResource.java3
-rw-r--r--src/org/traccar/database/PermissionsManager.java26
-rw-r--r--src/org/traccar/model/User.java25
4 files changed, 59 insertions, 1 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index a61738c7e..6c5263123 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -69,6 +69,12 @@ public class SessionResource extends BaseResource {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
}
+ } else if (request.getParameter("token") != null) {
+ User user = Context.getPermissionsManager().getUserByToken(request.getParameter("token"));
+ if (user != null) {
+ userId = user.getId();
+ request.getSession().setAttribute(USER_ID_KEY, userId);
+ }
}
}
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index c6e84c918..094de2812 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -66,7 +66,8 @@ public class UserResource extends BaseResource {
|| old.getAdmin() != entity.getAdmin()
|| old.getReadonly() != entity.getReadonly()
|| old.getDisabled() != entity.getDisabled()
- || old.getDeviceLimit() != entity.getDeviceLimit()) {
+ || old.getDeviceLimit() != entity.getDeviceLimit()
+ || !old.getToken().equals(entity.getToken())) {
Context.getPermissionsManager().checkAdmin(getUserId());
} else {
Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 1c995a11d..269dfc7bf 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -29,6 +29,7 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
@@ -39,6 +40,7 @@ public class PermissionsManager {
private volatile Server server;
private final Map<Long, User> users = new ConcurrentHashMap<>();
+ private final Map<Long, String> usersTokens = new HashMap<>();
private final Map<Long, Set<Long>> groupPermissions = new HashMap<>();
private final Map<Long, Set<Long>> devicePermissions = new HashMap<>();
@@ -81,10 +83,14 @@ public class PermissionsManager {
public final void refreshUsers() {
users.clear();
+ usersTokens.clear();
try {
server = dataManager.getServer();
for (User user : dataManager.getUsers()) {
users.put(user.getId(), user);
+ if (user.getToken() != null) {
+ usersTokens.put(user.getId(), user.getToken());
+ }
}
} catch (SQLException error) {
Log.warning(error);
@@ -210,18 +216,27 @@ public class PermissionsManager {
public void addUser(User user) throws SQLException {
dataManager.addUser(user);
users.put(user.getId(), user);
+ if (user.getToken() != null) {
+ usersTokens.put(user.getId(), user.getToken());
+ }
refreshPermissions();
}
public void updateUser(User user) throws SQLException {
dataManager.updateUser(user);
users.put(user.getId(), user);
+ if (user.getToken() != null) {
+ usersTokens.put(user.getId(), user.getToken());
+ } else if (usersTokens.containsKey(user.getId())) {
+ usersTokens.remove(user.getId());
+ }
refreshPermissions();
}
public void removeUser(long userId) throws SQLException {
dataManager.removeUser(userId);
users.remove(userId);
+ usersTokens.remove(userId);
refreshPermissions();
}
@@ -234,4 +249,15 @@ public class PermissionsManager {
return null;
}
+ public User getUserByToken(String token) {
+ if (usersTokens.containsValue(token)) {
+ for (Entry<Long, String> entry : usersTokens.entrySet()) {
+ if (entry.getValue().equals(token)) {
+ return users.get(entry.getKey());
+ }
+ }
+ }
+ return null;
+ }
+
}
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index a36fa0e31..816f49da9 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -180,6 +180,31 @@ public class User extends Extensible {
this.deviceLimit = deviceLimit;
}
+ private String token;
+
+ public String getToken() {
+ return token;
+ }
+
+ public void setToken(String token) {
+ if (token != null && !token.isEmpty()) {
+ if (validateToken(token)) {
+ this.token = token;
+ } else {
+ throw new IllegalArgumentException("Bad token");
+ }
+ } else {
+ this.token = null;
+ }
+ }
+
+ public static boolean validateToken(String token) {
+ if (token.length() < 16 || !token.matches("^[a-zA-Z0-9]+$")) {
+ return false;
+ }
+ return true;
+ }
+
public String getPassword() {
return null;
}