aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/org/traccar/api/resource/SessionResource.java5
-rw-r--r--src/org/traccar/api/resource/UserResource.java3
-rw-r--r--src/org/traccar/database/PermissionsManager.java26
-rw-r--r--src/org/traccar/model/User.java14
4 files changed, 18 insertions, 30 deletions
diff --git a/src/org/traccar/api/resource/SessionResource.java b/src/org/traccar/api/resource/SessionResource.java
index 6c5263123..db8a5c837 100644
--- a/src/org/traccar/api/resource/SessionResource.java
+++ b/src/org/traccar/api/resource/SessionResource.java
@@ -29,6 +29,7 @@ import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@@ -48,7 +49,7 @@ public class SessionResource extends BaseResource {
@PermitAll
@GET
- public User get() throws SQLException {
+ public User get(@QueryParam("token") String token) throws SQLException {
Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY);
if (userId == null) {
Cookie[] cookies = request.getCookies();
@@ -69,7 +70,7 @@ public class SessionResource extends BaseResource {
userId = user.getId();
request.getSession().setAttribute(USER_ID_KEY, userId);
}
- } else if (request.getParameter("token") != null) {
+ } else if (token != null) {
User user = Context.getPermissionsManager().getUserByToken(request.getParameter("token"));
if (user != null) {
userId = user.getId();
diff --git a/src/org/traccar/api/resource/UserResource.java b/src/org/traccar/api/resource/UserResource.java
index 094de2812..2ff1639f6 100644
--- a/src/org/traccar/api/resource/UserResource.java
+++ b/src/org/traccar/api/resource/UserResource.java
@@ -67,7 +67,8 @@ public class UserResource extends BaseResource {
|| old.getReadonly() != entity.getReadonly()
|| old.getDisabled() != entity.getDisabled()
|| old.getDeviceLimit() != entity.getDeviceLimit()
- || !old.getToken().equals(entity.getToken())) {
+ || old.getToken() == null && entity.getToken() != null
+ || old.getToken() != null && !old.getToken().equals(entity.getToken())) {
Context.getPermissionsManager().checkAdmin(getUserId());
} else {
Context.getPermissionsManager().checkUser(getUserId(), entity.getId());
diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index 269dfc7bf..71633f6ef 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -29,7 +29,6 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
@@ -40,7 +39,7 @@ public class PermissionsManager {
private volatile Server server;
private final Map<Long, User> users = new ConcurrentHashMap<>();
- private final Map<Long, String> usersTokens = new HashMap<>();
+ private final Map<String, Long> usersTokens = new HashMap<>();
private final Map<Long, Set<Long>> groupPermissions = new HashMap<>();
private final Map<Long, Set<Long>> devicePermissions = new HashMap<>();
@@ -89,7 +88,7 @@ public class PermissionsManager {
for (User user : dataManager.getUsers()) {
users.put(user.getId(), user);
if (user.getToken() != null) {
- usersTokens.put(user.getId(), user.getToken());
+ usersTokens.put(user.getToken(), user.getId());
}
}
} catch (SQLException error) {
@@ -217,26 +216,28 @@ public class PermissionsManager {
dataManager.addUser(user);
users.put(user.getId(), user);
if (user.getToken() != null) {
- usersTokens.put(user.getId(), user.getToken());
+ usersTokens.put(user.getToken(), user.getId());
}
refreshPermissions();
}
public void updateUser(User user) throws SQLException {
dataManager.updateUser(user);
+ User old = users.get(user.getId());
users.put(user.getId(), user);
if (user.getToken() != null) {
- usersTokens.put(user.getId(), user.getToken());
- } else if (usersTokens.containsKey(user.getId())) {
- usersTokens.remove(user.getId());
+ usersTokens.put(user.getToken(), user.getId());
+ }
+ if (old.getToken() != null && !old.getToken().equals(user.getToken())) {
+ usersTokens.remove(old.getToken());
}
refreshPermissions();
}
public void removeUser(long userId) throws SQLException {
dataManager.removeUser(userId);
+ usersTokens.remove(users.get(userId).getToken());
users.remove(userId);
- usersTokens.remove(userId);
refreshPermissions();
}
@@ -250,14 +251,7 @@ public class PermissionsManager {
}
public User getUserByToken(String token) {
- if (usersTokens.containsValue(token)) {
- for (Entry<Long, String> entry : usersTokens.entrySet()) {
- if (entry.getValue().equals(token)) {
- return users.get(entry.getKey());
- }
- }
- }
- return null;
+ return users.get(usersTokens.get(token));
}
}
diff --git a/src/org/traccar/model/User.java b/src/org/traccar/model/User.java
index 816f49da9..e6b9d663f 100644
--- a/src/org/traccar/model/User.java
+++ b/src/org/traccar/model/User.java
@@ -188,23 +188,15 @@ public class User extends Extensible {
public void setToken(String token) {
if (token != null && !token.isEmpty()) {
- if (validateToken(token)) {
- this.token = token;
- } else {
- throw new IllegalArgumentException("Bad token");
+ if (!token.matches("^[a-zA-Z0-9]{16,}$")) {
+ throw new IllegalArgumentException("Illegal token");
}
+ this.token = token;
} else {
this.token = null;
}
}
- public static boolean validateToken(String token) {
- if (token.length() < 16 || !token.matches("^[a-zA-Z0-9]+$")) {
- return false;
- }
- return true;
- }
-
public String getPassword() {
return null;
}