diff options
Diffstat (limited to 'src/org')
-rw-r--r-- | src/org/traccar/api/SecurityRequestFilter.java | 1 | ||||
-rw-r--r-- | src/org/traccar/database/PermissionsManager.java | 16 |
2 files changed, 14 insertions, 3 deletions
diff --git a/src/org/traccar/api/SecurityRequestFilter.java b/src/org/traccar/api/SecurityRequestFilter.java index 598e4566d..be74a3607 100644 --- a/src/org/traccar/api/SecurityRequestFilter.java +++ b/src/org/traccar/api/SecurityRequestFilter.java @@ -80,6 +80,7 @@ public class SecurityRequestFilter implements ContainerRequestFilter { Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { + Context.getPermissionsManager().checkUser(userId); Context.getStatisticsManager().registerRequest(userId); securityContext = new UserSecurityContext(new UserPrincipal(userId)); } diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java index e620d5334..1c995a11d 100644 --- a/src/org/traccar/database/PermissionsManager.java +++ b/src/org/traccar/database/PermissionsManager.java @@ -146,7 +146,17 @@ public class PermissionsManager { public void checkReadonly(long userId) throws SecurityException { if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) { - throw new SecurityException("User is readonly"); + throw new SecurityException("Account is readonly"); + } + } + + public void checkUser(long userId) throws SecurityException { + User user = getUser(userId); + if (user.getDisabled()) { + throw new SecurityException("Account is disabled"); + } + if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) { + throw new SecurityException("Account has expired"); } } @@ -217,8 +227,8 @@ public class PermissionsManager { public User login(String email, String password) throws SQLException { User user = dataManager.login(email, password); - if (user != null && !user.getDisabled() && (user.getExpirationTime() == null - || user.getExpirationTime().getTime() > System.currentTimeMillis())) { + if (user != null) { + checkUser(user.getId()); return users.get(user.getId()); } return null; |