From acdc451e3e2ab94f548f078c4bd49985b3c2f01d Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Sun, 26 Nov 2023 08:07:52 -0800
Subject: Set expiration from token

---
 .../org/traccar/api/resource/PasswordResource.java   |  2 +-
 .../java/org/traccar/api/security/LoginResult.java   |  6 +++++-
 .../java/org/traccar/api/security/LoginService.java  |  6 +++---
 .../java/org/traccar/api/signature/TokenManager.java | 20 ++++++++++++++------
 4 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/traccar/api/resource/PasswordResource.java b/src/main/java/org/traccar/api/resource/PasswordResource.java
index 029e63a0c..22b3f0cd3 100644
--- a/src/main/java/org/traccar/api/resource/PasswordResource.java
+++ b/src/main/java/org/traccar/api/resource/PasswordResource.java
@@ -75,7 +75,7 @@ public class PasswordResource extends BaseResource {
             @FormParam("token") String token, @FormParam("password") String password)
             throws StorageException, GeneralSecurityException, IOException {
 
-        long userId = tokenManager.verifyToken(token);
+        long userId = tokenManager.verifyToken(token).getUserId();
         User user = storage.getObject(User.class, new Request(
                 new Columns.All(), new Condition.Equals("id", userId)));
         if (user != null) {
diff --git a/src/main/java/org/traccar/api/security/LoginResult.java b/src/main/java/org/traccar/api/security/LoginResult.java
index 66c35bbed..1fccc36d1 100644
--- a/src/main/java/org/traccar/api/security/LoginResult.java
+++ b/src/main/java/org/traccar/api/security/LoginResult.java
@@ -10,8 +10,12 @@ public class LoginResult {
     private final Date expiration;
 
     public LoginResult(User user) {
+        this(user, null);
+    }
+
+    public LoginResult(User user, Date expiration) {
         this.user = user;
-        expiration = null;
+        this.expiration = expiration;
     }
 
     public User getUser() {
diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java
index 6246d2494..930c4fa46 100644
--- a/src/main/java/org/traccar/api/security/LoginService.java
+++ b/src/main/java/org/traccar/api/security/LoginService.java
@@ -62,13 +62,13 @@ public class LoginService {
         if (serviceAccountToken != null && serviceAccountToken.equals(token)) {
             return new LoginResult(new ServiceAccountUser());
         }
-        long userId = tokenManager.verifyToken(token);
+        TokenManager.TokenData tokenData = tokenManager.verifyToken(token);
         User user = storage.getObject(User.class, new Request(
-                new Columns.All(), new Condition.Equals("id", userId)));
+                new Columns.All(), new Condition.Equals("id", tokenData.getUserId())));
         if (user != null) {
             checkUserEnabled(user);
         }
-        return new LoginResult(user);
+        return new LoginResult(user, tokenData.getExpiration());
     }
 
     public LoginResult login(String email, String password, Integer code) throws StorageException {
diff --git a/src/main/java/org/traccar/api/signature/TokenManager.java b/src/main/java/org/traccar/api/signature/TokenManager.java
index 3019e12b9..824433b08 100644
--- a/src/main/java/org/traccar/api/signature/TokenManager.java
+++ b/src/main/java/org/traccar/api/signature/TokenManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ * Copyright 2022 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,11 +35,19 @@ public class TokenManager {
     private final ObjectMapper objectMapper;
     private final CryptoManager cryptoManager;
 
-    public static class Data {
+    public static class TokenData {
         @JsonProperty("u")
         private long userId;
         @JsonProperty("e")
         private Date expiration;
+
+        public long getUserId() {
+            return userId;
+        }
+
+        public Date getExpiration() {
+            return expiration;
+        }
     }
 
     @Inject
@@ -54,7 +62,7 @@ public class TokenManager {
 
     public String generateToken(
             long userId, Date expiration) throws IOException, GeneralSecurityException, StorageException {
-        Data data = new Data();
+        TokenData data = new TokenData();
         data.userId = userId;
         if (expiration != null) {
             data.expiration = expiration;
@@ -65,13 +73,13 @@ public class TokenManager {
         return Base64.encodeBase64URLSafeString(cryptoManager.sign(encoded));
     }
 
-    public long verifyToken(String token) throws IOException, GeneralSecurityException, StorageException {
+    public TokenData verifyToken(String token) throws IOException, GeneralSecurityException, StorageException {
         byte[] encoded = cryptoManager.verify(Base64.decodeBase64(token));
-        Data data = objectMapper.readValue(encoded, Data.class);
+        TokenData data = objectMapper.readValue(encoded, TokenData.class);
         if (data.expiration.before(new Date())) {
             throw new SecurityException("Token has expired");
         }
-        return data.userId;
+        return data;
     }
 
 }
-- 
cgit v1.2.3