From f8339b4ca0ca7440854f759b32b821afe19f458b Mon Sep 17 00:00:00 2001 From: Dan Date: Sat, 1 Apr 2023 22:07:42 +0100 Subject: Add user lookup method --- src/main/java/org/traccar/api/security/LoginService.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'src/main/java/org/traccar/api/security/LoginService.java') diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 88bafcfb5..3d4f42b20 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -89,6 +89,19 @@ public class LoginService { return null; } + public User lookup(String email) throws StorageException { + User user = storage.getObject(User.class, new Request( + new Columns.All(), + new Condition.Equals("email", email))); + + if (user != null) { + checkUserEnabled(user); + return user; + } + + return null; + } + private void checkUserEnabled(User user) throws SecurityException { if (user == null) { throw new SecurityException("Unknown account"); -- cgit v1.2.3 From faf5567add4cf343cc38b3c7dcb297c7cbed88bc Mon Sep 17 00:00:00 2001 From: Dan Date: Mon, 3 Apr 2023 12:12:38 +0100 Subject: First pass --- src/main/java/org/traccar/MainModule.java | 8 +- .../org/traccar/api/resource/ServerResource.java | 7 + .../org/traccar/api/resource/SessionResource.java | 26 +-- .../org/traccar/api/security/LoginService.java | 17 +- .../org/traccar/api/security/OpenIDProvider.java | 245 --------------------- src/main/java/org/traccar/config/Keys.java | 68 +++--- .../java/org/traccar/database/OpenIdProvider.java | 183 +++++++++++++++ src/main/java/org/traccar/model/Server.java | 28 ++- 8 files changed, 270 insertions(+), 312 deletions(-) delete mode 100644 src/main/java/org/traccar/api/security/OpenIDProvider.java create mode 100644 src/main/java/org/traccar/database/OpenIdProvider.java (limited to 'src/main/java/org/traccar/api/security/LoginService.java') diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java index 7def97657..7b06b4840 100644 --- a/src/main/java/org/traccar/MainModule.java +++ b/src/main/java/org/traccar/MainModule.java @@ -33,6 +33,7 @@ import org.traccar.broadcast.NullBroadcastService; import org.traccar.config.Config; import org.traccar.config.Keys; import org.traccar.database.LdapProvider; +import org.traccar.database.OpenIdProvider; import org.traccar.database.StatisticsManager; import org.traccar.forward.EventForwarder; import org.traccar.forward.EventForwarderJson; @@ -88,7 +89,6 @@ import org.traccar.storage.MemoryStorage; import org.traccar.storage.Storage; import org.traccar.web.WebServer; import org.traccar.api.security.LoginService; -import org.traccar.api.security.OpenIDProvider; import javax.annotation.Nullable; import javax.inject.Singleton; @@ -174,9 +174,9 @@ public class MainModule extends AbstractModule { @Singleton @Provides - public static OpenIDProvider provideOpenIDProvider(Config config, LoginService loginService, Storage storage) { - if (config.getBoolean(Keys.OIDC_ENABLE)) { - return new OpenIDProvider(config, loginService, storage); + public static OpenIdProvider provideOpenIDProvider(Config config, LoginService loginService) { + if (config.hasKey(Keys.OPENID_CLIENTID)) { + return new OpenIdProvider(config, loginService); } return null; } diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java index 4b7ee9189..9b4d82a66 100644 --- a/src/main/java/org/traccar/api/resource/ServerResource.java +++ b/src/main/java/org/traccar/api/resource/ServerResource.java @@ -16,6 +16,7 @@ package org.traccar.api.resource; import org.traccar.api.BaseResource; +import org.traccar.database.OpenIdProvider; import org.traccar.helper.model.UserUtil; import org.traccar.mail.MailManager; import org.traccar.geocoder.Geocoder; @@ -55,6 +56,10 @@ public class ServerResource extends BaseResource { @Inject private MailManager mailManager; + @Inject + @Nullable + private OpenIdProvider openIdProvider; + @Inject @Nullable private Geocoder geocoder; @@ -65,6 +70,8 @@ public class ServerResource extends BaseResource { Server server = storage.getObject(Server.class, new Request(new Columns.All())); server.setEmailEnabled(mailManager.getEmailEnabled()); server.setGeocoderEnabled(geocoder != null); + server.setOpenIdEnabled(openIdProvider != null); + server.setOpenIdForce(openIdProvider != null && openIdProvider.force); User user = permissionsService.getUser(getUserId()); if (user != null) { if (user.getAdministrator()) { diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 515d7374a..3de20b8c7 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -17,8 +17,8 @@ package org.traccar.api.resource; import org.traccar.api.BaseResource; import org.traccar.api.security.LoginService; -import org.traccar.api.security.OpenIDProvider; import org.traccar.api.signature.TokenManager; +import org.traccar.database.OpenIdProvider; import org.traccar.helper.DataConverter; import org.traccar.helper.LogAction; import org.traccar.helper.ServletHelper; @@ -28,6 +28,7 @@ import org.traccar.storage.query.Columns; import org.traccar.storage.query.Condition; import org.traccar.storage.query.Request; +import com.nimbusds.oauth2.sdk.ParseException; import javax.annotation.security.PermitAll; import javax.inject.Inject; import javax.servlet.http.Cookie; @@ -65,7 +66,7 @@ public class SessionResource extends BaseResource { private LoginService loginService; @Inject - private OpenIDProvider openIdProvider; + private OpenIdProvider openIdProvider; @Inject private TokenManager tokenManager; @@ -169,28 +170,17 @@ public class SessionResource extends BaseResource { @Path("openid/auth") @GET public Response openIdAuth() throws IOException { - if (openIdProvider == null) { - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); - } - - return Response.seeOther( - openIdProvider.createAuthRequest() - ).build(); + return Response.seeOther(openIdProvider.createAuthUri()).build(); } @PermitAll @Path("openid/callback") @GET - public Response requestToken() throws IOException, StorageException { - if (openIdProvider == null) { - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); - } - - // Get full request URI - StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString()); + public Response requestToken() throws IOException, StorageException, ParseException { + StringBuilder requestUrl = new StringBuilder(request.getRequestURL().toString()); String queryString = request.getQueryString(); - String requestURI = requestURL.append('?').append(queryString).toString(); + String requestUri = requestUrl.append('?').append(queryString).toString(); - return openIdProvider.handleCallback(URI.create(requestURI), request); + return openIdProvider.handleCallback(URI.create(requestUri), request); } } diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 3d4f42b20..7b51667c8 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -89,17 +89,24 @@ public class LoginService { return null; } - public User lookup(String email) throws StorageException { + public User login(String email, String name, Boolean administrator) throws StorageException { User user = storage.getObject(User.class, new Request( - new Columns.All(), - new Condition.Equals("email", email))); + new Columns.All(), + new Condition.Equals("email", email))); if (user != null) { checkUserEnabled(user); return user; + } else { + user = new User(); + user.setName(name); + user.setEmail(email); + user.setFixedEmail(true); + user.setAdministrator(administrator); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + checkUserEnabled(user); + return user; } - - return null; } private void checkUserEnabled(User user) throws SecurityException { diff --git a/src/main/java/org/traccar/api/security/OpenIDProvider.java b/src/main/java/org/traccar/api/security/OpenIDProvider.java deleted file mode 100644 index 1e18fde43..000000000 --- a/src/main/java/org/traccar/api/security/OpenIDProvider.java +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Copyright 2017 - 2023 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.security; - -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.api.resource.SessionResource; -import org.traccar.model.User; -import org.traccar.storage.Storage; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Request; -import org.traccar.storage.query.Columns; -import org.traccar.helper.LogAction; -import org.traccar.helper.ServletHelper; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.Date; -import java.util.List; -import java.io.IOException; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Response; -import com.google.inject.Inject; - -import com.nimbusds.oauth2.sdk.http.HTTPResponse; -import com.nimbusds.oauth2.sdk.AuthorizationCode; -import com.nimbusds.oauth2.sdk.ResponseType; -import com.nimbusds.oauth2.sdk.Scope; -import com.nimbusds.oauth2.sdk.AuthorizationGrant; -import com.nimbusds.oauth2.sdk.TokenRequest; -import com.nimbusds.oauth2.sdk.TokenResponse; -import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; -import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse; -import com.nimbusds.oauth2.sdk.ParseException; -import com.nimbusds.oauth2.sdk.AuthorizationResponse; -import com.nimbusds.oauth2.sdk.auth.Secret; -import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; -import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; -import com.nimbusds.oauth2.sdk.token.BearerAccessToken; -import com.nimbusds.oauth2.sdk.id.State; -import com.nimbusds.oauth2.sdk.id.ClientID; -import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; -import com.nimbusds.openid.connect.sdk.Nonce; -import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; -import com.nimbusds.openid.connect.sdk.UserInfoResponse; -import com.nimbusds.openid.connect.sdk.UserInfoRequest; -import com.nimbusds.openid.connect.sdk.AuthenticationRequest; - -import com.nimbusds.openid.connect.sdk.claims.UserInfo; - -public class OpenIDProvider { - public final Boolean force; - private final ClientID clientId; - private final Secret clientSecret; - private URI callbackUrl; - private URI authUrl; - private URI tokenUrl; - private URI userInfoUrl; - private URI baseUrl; - private final String adminGroup; - - private Config config; - private LoginService loginService; - private Storage storage; - - @Inject - public OpenIDProvider(Config config, LoginService loginService, Storage storage) { - force = config.getBoolean(Keys.OIDC_FORCE); - clientId = new ClientID(config.getString(Keys.OIDC_CLIENTID)); - clientSecret = new Secret(config.getString(Keys.OIDC_CLIENTSECRET)); - - this.config = config; - this.storage = storage; - this.loginService = loginService; - - try { - callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); - authUrl = new URI(config.getString(Keys.OIDC_AUTHURL, "")); - tokenUrl = new URI(config.getString(Keys.OIDC_TOKENURL, "")); - userInfoUrl = new URI(config.getString(Keys.OIDC_USERINFOURL, "")); - baseUrl = new URI(config.getString(Keys.WEB_URL, "")); - } catch (URISyntaxException e) { - } - - adminGroup = config.getString(Keys.OIDC_ADMINGROUP); - } - - public URI createAuthRequest() { - AuthenticationRequest request = new AuthenticationRequest.Builder( - new ResponseType("code"), - new Scope("openid", "profile", "email", "groups"), - this.clientId, - this.callbackUrl) - .endpointURI(this.authUrl) - .state(new State()) - .nonce(new Nonce()) - .build(); - - return request.toURI(); - } - - private OIDCTokenResponse getToken(AuthorizationCode code) { - // Credentials to authenticate us to the token endpoint - ClientAuthentication clientAuth = new ClientSecretBasic(this.clientId, this.clientSecret); - AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, this.callbackUrl); - - TokenRequest request = new TokenRequest(this.tokenUrl, clientAuth, codeGrant); - TokenResponse tokenResponse; - - try { - HTTPResponse tokenReq = request.toHTTPRequest().send(); - tokenResponse = OIDCTokenResponseParser.parse(tokenReq); - if (!tokenResponse.indicatesSuccess()) { - return null; - } - - return (OIDCTokenResponse) tokenResponse.toSuccessResponse(); - } catch (IOException e) { - return null; - } catch (ParseException e) { - return null; - } - } - - private AuthorizationCode parseCallback(URI requri) throws WebApplicationException { - AuthorizationResponse response; - - try { - response = AuthorizationResponse.parse(requri); - } catch (ParseException e) { - return null; - } - - if (!response.indicatesSuccess()) { - AuthorizationErrorResponse error = response.toErrorResponse(); - throw new WebApplicationException(Response.status(403).entity(error.getErrorObject().getDescription()).build()); - } - - return response.toSuccessResponse().getAuthorizationCode(); - } - - private UserInfo getUserInfo(BearerAccessToken token) { - UserInfoResponse userInfoResponse; - - try { - HTTPResponse httpResponse = new UserInfoRequest(this.userInfoUrl, token) - .toHTTPRequest() - .send(); - - userInfoResponse = UserInfoResponse.parse(httpResponse); - } catch (IOException e) { - return null; - } catch (ParseException e) { - return null; - } - - if (!userInfoResponse.indicatesSuccess()) { - // User info request failed - usually from expiring - return null; - } - - return userInfoResponse.toSuccessResponse().getUserInfo(); - } - - private User createUser(String name, String email, Boolean administrator) throws StorageException { - User user = new User(); - - user.setName(name); - user.setEmail(email); - user.setFixedEmail(true); - user.setDeviceLimit(this.config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT)); - - int expirationDays = this.config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS); - - if (expirationDays > 0) { - user.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L)); - } - - if (administrator) { - user.setAdministrator(true); - } - - user.setId(this.storage.addObject(user, new Request(new Columns.Exclude("id")))); - - return user; - } - - public Response handleCallback(URI requri, HttpServletRequest request) throws StorageException, WebApplicationException { - // Parse callback - AuthorizationCode authCode = this.parseCallback(requri); - - if (authCode == null) { - return Response.status(403).entity( "Invalid OpenID Connect callback.").build(); - } - - // Get token from IDP - OIDCTokenResponse tokens = this.getToken(authCode); - - if (tokens == null) { - return Response.status(403).entity("Unable to authenticate with the OpenID Connect provider. Please try again.").build(); - } - - BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); - - // Get user info from IDP - UserInfo idpUser = this.getUserInfo(bearerToken); - - if (idpUser == null) { - return Response.status(500).entity("Failed to access OpenID Connect user info endpoint. Please contact your administrator.").build(); - } - - String email = idpUser.getEmailAddress(); - String name = idpUser.getName(); - - // Check if user exists - User user = this.loginService.lookup(email); - - // If user does not exist, create one - if (user == null) { - List groups = idpUser.getStringListClaim("groups"); - Boolean administrator = groups.contains(this.adminGroup); - user = this.createUser(name, email, administrator); - } - - // Set user session and redirect to homepage - request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - return Response.seeOther( - baseUrl).build(); - } -} diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index ace4c36af..a666667d4 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -610,61 +610,67 @@ public final class Keys { "ldap.adminGroup", List.of(KeyType.CONFIG)); - /** - * OIDC enable. + * Force OpenID Connect authentication. When enabled, the Traccar login page will be skipped + * and users are redirected to the OpenID Connect provider. */ - public static final ConfigKey OIDC_ENABLE = new BooleanConfigKey( - "oidc.enable", + public static final ConfigKey OPENID_FORCE = new BooleanConfigKey( + "openid.force", List.of(KeyType.CONFIG)); /** - * Force OIDC authentication. + * OpenID Connect Client ID. + * This is a unique ID assigned to each application you register with your identity provider. + * Required to enable SSO. */ - public static final ConfigKey OIDC_FORCE = new BooleanConfigKey( - "oidc.force", + public static final ConfigKey OPENID_CLIENTID = new StringConfigKey( + "openid.clientId", List.of(KeyType.CONFIG)); /** - * OIDC Client ID. + * OpenID Connect Client Secret. + * This is a secret assigned to each application you register with your identity provider. + * Required to enable SSO. */ - public static final ConfigKey OIDC_CLIENTID = new StringConfigKey( - "oidc.clientId", + public static final ConfigKey OPENID_CLIENTSECRET = new StringConfigKey( + "openid.clientSecret", List.of(KeyType.CONFIG)); /** - * OIDC Client Secret. + * OpenID Connect Authorization URL. + * This can usually be found in the documentation of your identity provider or by using the well-known + * configuration endpoint, eg. https://auth.example.com//.well-known/openid-configuration + * Required to enable SSO. */ - public static final ConfigKey OIDC_CLIENTSECRET = new StringConfigKey( - "oidc.clientSecret", + public static final ConfigKey OPENID_AUTHURL = new StringConfigKey( + "openid.authUrl", List.of(KeyType.CONFIG)); - /** - * OIDC Authorization URL. + * OpenID Connect Token URL. + * This can be found in the same ways at openid.authUrl. + * Required to enable SSO. */ - public static final ConfigKey OIDC_AUTHURL = new StringConfigKey( - "oidc.authUrl", - List.of(KeyType.CONFIG)); - /** - * OIDC Token URL. - */ - public static final ConfigKey OIDC_TOKENURL = new StringConfigKey( - "oidc.tokenUrl", + public static final ConfigKey OPENID_TOKENURL = new StringConfigKey( + "openid.tokenUrl", List.of(KeyType.CONFIG)); /** - * OIDC User Info URL. + * OpenID Connect User Info URL. + * This can be found in the same ways at openid.authUrl. + * Required to enable SSO. */ - public static final ConfigKey OIDC_USERINFOURL = new StringConfigKey( - "oidc.userInfoUrl", + public static final ConfigKey OPENID_USERINFOURL = new StringConfigKey( + "openid.userInfoUrl", List.of(KeyType.CONFIG)); /** - * OIDC group to grant admin access. + * OpenID Connect group to grant admin access. + * Defaults to admins. */ - public static final ConfigKey OIDC_ADMINGROUP = new StringConfigKey( - "oidc.adminGroup", - List.of(KeyType.CONFIG)); + public static final ConfigKey OPENID_ADMINGROUP = new StringConfigKey( + "openid.adminGroup", + List.of(KeyType.CONFIG), + "admins"); /** * If no data is reported by a device for the given amount of time, status changes from online to unknown. Value is @@ -1629,7 +1635,7 @@ public final class Keys { List.of(KeyType.CONFIG)); /** - * Public URL for the web app. Used for notification and report link. + * Public URL for the web app. Used for notification, report link and OpenID Connect. * If not provided, Traccar will attempt to get a URL from the server IP address, but it might be a local address. */ public static final ConfigKey WEB_URL = new StringConfigKey( diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java new file mode 100644 index 000000000..fc1409d14 --- /dev/null +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -0,0 +1,183 @@ +/* + * Copyright 2023 Daniel Raper (me@danr.uk) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.database; + +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.api.resource.SessionResource; +import org.traccar.api.security.LoginService; +import org.traccar.model.User; +import org.traccar.storage.StorageException; +import org.traccar.helper.LogAction; +import org.traccar.helper.ServletHelper; + +import java.net.URI; +import java.net.URISyntaxException; +import java.io.IOException; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; +import com.google.inject.Inject; + +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.AuthorizationCode; +import com.nimbusds.oauth2.sdk.ResponseType; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; +import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.AuthorizationResponse; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.oauth2.sdk.id.State; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.Nonce; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; +import com.nimbusds.openid.connect.sdk.UserInfoResponse; +import com.nimbusds.openid.connect.sdk.UserInfoRequest; +import com.nimbusds.openid.connect.sdk.AuthenticationRequest; + +import com.nimbusds.openid.connect.sdk.claims.UserInfo; + +public class OpenIdProvider { + public final Boolean force; + private final ClientID clientId; + private final Secret clientSecret; + private URI callbackUrl; + private URI authUrl; + private URI tokenUrl; + private URI userInfoUrl; + private URI baseUrl; + private final String adminGroup; + + private LoginService loginService; + + @Inject + public OpenIdProvider(Config config, LoginService loginService) { + force = config.getBoolean(Keys.OPENID_FORCE); + clientId = new ClientID(config.getString(Keys.OPENID_CLIENTID)); + clientSecret = new Secret(config.getString(Keys.OPENID_CLIENTSECRET)); + + this.loginService = loginService; + + try { + callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); + authUrl = new URI(config.getString(Keys.OPENID_AUTHURL, "")); + tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, "")); + userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, "")); + baseUrl = new URI(config.getString(Keys.WEB_URL, "")); + } catch (URISyntaxException e) { + } + + adminGroup = config.getString(Keys.OPENID_ADMINGROUP); + } + + public URI createAuthUri() { + AuthenticationRequest request = new AuthenticationRequest.Builder( + new ResponseType("code"), + new Scope("openid", "profile", "email", "groups"), + clientId, + callbackUrl) + .endpointURI(authUrl) + .state(new State()) + .nonce(new Nonce()) + .build(); + + return request.toURI(); + } + + private OIDCTokenResponse getToken(AuthorizationCode code) { + // Credentials to authenticate us to the token endpoint + ClientAuthentication clientAuth = new ClientSecretBasic(clientId, clientSecret); + AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); + + TokenRequest request = new TokenRequest(tokenUrl, clientAuth, codeGrant); + TokenResponse tokenResponse; + + try { + HTTPResponse tokenReq = request.toHTTPRequest().send(); + tokenResponse = OIDCTokenResponseParser.parse(tokenReq); + if (!tokenResponse.indicatesSuccess()) { + return null; + } + + return (OIDCTokenResponse) tokenResponse.toSuccessResponse(); + } catch (IOException e) { + return null; + } catch (ParseException e) { + return null; + } + } + + private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException { + UserInfoResponse userInfoResponse; + + HTTPResponse httpResponse = new UserInfoRequest(userInfoUrl, token) + .toHTTPRequest() + .send(); + + userInfoResponse = UserInfoResponse.parse(httpResponse); + + if (!userInfoResponse.indicatesSuccess()) { + // User info request failed - usually from expiring + return null; + } + + return userInfoResponse.toSuccessResponse().getUserInfo(); + } + + public Response handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, WebApplicationException { + AuthorizationResponse response = AuthorizationResponse.parse(requestUri); + + if (!response.indicatesSuccess()) { + AuthorizationErrorResponse error = response.toErrorResponse(); + throw new WebApplicationException(Response.status(403).entity(error.getErrorObject().getDescription()).build()); + } + + AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); + + if (authCode == null) { + return Response.status(403).entity( "Invalid OpenID Connect callback.").build(); + } + + OIDCTokenResponse tokens = getToken(authCode); + + if (tokens == null) { + return Response.status(403).entity("Unable to authenticate with the OpenID Connect provider. Please try again.").build(); + } + + BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); + + UserInfo userInfo = getUserInfo(bearerToken); + + if (userInfo == null) { + return Response.status(500).entity("Failed to access OpenID Connect user info endpoint. Please contact your administrator.").build(); + } + + User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup)); + + request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return Response.seeOther( + baseUrl).build(); + } +} diff --git a/src/main/java/org/traccar/model/Server.java b/src/main/java/org/traccar/model/Server.java index 4c6e10b5e..b790ca472 100644 --- a/src/main/java/org/traccar/model/Server.java +++ b/src/main/java/org/traccar/model/Server.java @@ -17,15 +17,13 @@ package org.traccar.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import org.traccar.Main; -import org.traccar.api.security.OpenIDProvider; import org.traccar.storage.QueryIgnore; import org.traccar.storage.StorageName; @StorageName("tc_servers") @JsonIgnoreProperties(ignoreUnknown = true) public class Server extends ExtendedModel implements UserRestrictions { - + private boolean registration; public boolean getRegistration() { @@ -264,15 +262,27 @@ public class Server extends ExtendedModel implements UserRestrictions { this.newServer = newServer; } + private boolean openIdEnabled; + + @QueryIgnore + public boolean getOpenIdEnabled() { + return openIdEnabled; + } + + @QueryIgnore + public void setOpenIdEnabled(boolean openIdEnabled) { + this.openIdEnabled = openIdEnabled; + } + + private boolean openIdForce; + @QueryIgnore - public boolean getOidcEnabled() { - OpenIDProvider oidc = Main.getInjector().getInstance(OpenIDProvider.class); - return oidc != null; + public boolean getOpenIdForce() { + return openIdForce; } @QueryIgnore - public boolean getOidcForce() { - OpenIDProvider oidc = Main.getInjector().getInstance(OpenIDProvider.class); - return oidc != null && oidc.force; + public void setOpenIdForce(boolean openIdForce) { + this.openIdForce = openIdForce; } } -- cgit v1.2.3 From 256492e692ee881842782d5dc0932a4b742c75a8 Mon Sep 17 00:00:00 2001 From: Dan Date: Mon, 3 Apr 2023 17:31:34 +0100 Subject: Create user defaults method --- .../org/traccar/api/resource/UserResource.java | 235 ++++++++++---------- .../org/traccar/api/security/LoginService.java | 242 +++++++++++---------- .../java/org/traccar/helper/model/UserUtil.java | 146 +++++++------ traccar-web | 2 +- 4 files changed, 317 insertions(+), 308 deletions(-) (limited to 'src/main/java/org/traccar/api/security/LoginService.java') diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index e41ebbe61..57df3481e 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -1,120 +1,115 @@ -/* - * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.resource; - -import org.traccar.api.BaseObjectResource; -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.helper.LogAction; -import org.traccar.helper.model.UserUtil; -import org.traccar.model.ManagedUser; -import org.traccar.model.Permission; -import org.traccar.model.User; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Condition; -import org.traccar.storage.query.Request; - -import javax.annotation.security.PermitAll; -import javax.inject.Inject; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import java.util.Collection; -import java.util.Date; - -@Path("users") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -public class UserResource extends BaseObjectResource { - - @Inject - private Config config; - - public UserResource() { - super(User.class); - } - - @GET - public Collection get(@QueryParam("userId") long userId) throws StorageException { - if (userId > 0) { - permissionsService.checkUser(getUserId(), userId); - return storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, userId, ManagedUser.class).excludeGroups())); - } else if (permissionsService.notAdmin(getUserId())) { - return storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())); - } else { - return storage.getObjects(baseClass, new Request(new Columns.All())); - } - } - - @Override - @PermitAll - @POST - public Response add(User entity) throws StorageException { - User currentUser = getUserId() > 0 ? permissionsService.getUser(getUserId()) : null; - if (currentUser == null || !currentUser.getAdministrator()) { - permissionsService.checkUserUpdate(getUserId(), new User(), entity); - if (currentUser != null && currentUser.getUserLimit() != 0) { - int userLimit = currentUser.getUserLimit(); - if (userLimit > 0) { - int userCount = storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())) - .size(); - if (userCount >= userLimit) { - throw new SecurityException("Manager user limit reached"); - } - } - } else { - if (!permissionsService.getServer().getRegistration()) { - throw new SecurityException("Registration disabled"); - } - entity.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT)); - int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS); - if (expirationDays > 0) { - entity.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L)); - } - } - } - - if (UserUtil.isEmpty(storage)) { - entity.setAdministrator(true); - } - - entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id")))); - storage.updateObject(entity, new Request( - new Columns.Include("hashedPassword", "salt"), - new Condition.Equals("id", entity.getId()))); - - LogAction.create(getUserId(), entity); - - if (currentUser != null && currentUser.getUserLimit() != 0) { - storage.addPermission(new Permission(User.class, getUserId(), ManagedUser.class, entity.getId())); - LogAction.link(getUserId(), User.class, getUserId(), ManagedUser.class, entity.getId()); - } - return Response.ok(entity).build(); - } - -} +/* + * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import org.traccar.api.BaseObjectResource; +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.helper.LogAction; +import org.traccar.helper.model.UserUtil; +import org.traccar.model.ManagedUser; +import org.traccar.model.Permission; +import org.traccar.model.User; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; + +import javax.annotation.security.PermitAll; +import javax.inject.Inject; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.Collection; + +@Path("users") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class UserResource extends BaseObjectResource { + + @Inject + private Config config; + + public UserResource() { + super(User.class); + } + + @GET + public Collection get(@QueryParam("userId") long userId) throws StorageException { + if (userId > 0) { + permissionsService.checkUser(getUserId(), userId); + return storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, userId, ManagedUser.class).excludeGroups())); + } else if (permissionsService.notAdmin(getUserId())) { + return storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())); + } else { + return storage.getObjects(baseClass, new Request(new Columns.All())); + } + } + + @Override + @PermitAll + @POST + public Response add(User entity) throws StorageException { + User currentUser = getUserId() > 0 ? permissionsService.getUser(getUserId()) : null; + if (currentUser == null || !currentUser.getAdministrator()) { + permissionsService.checkUserUpdate(getUserId(), new User(), entity); + if (currentUser != null && currentUser.getUserLimit() != 0) { + int userLimit = currentUser.getUserLimit(); + if (userLimit > 0) { + int userCount = storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())) + .size(); + if (userCount >= userLimit) { + throw new SecurityException("Manager user limit reached"); + } + } + } else { + if (!permissionsService.getServer().getRegistration()) { + throw new SecurityException("Registration disabled"); + } + UserUtil.setUserDefaults(entity, config); + } + } + + if (UserUtil.isEmpty(storage)) { + entity.setAdministrator(true); + } + + entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id")))); + storage.updateObject(entity, new Request( + new Columns.Include("hashedPassword", "salt"), + new Condition.Equals("id", entity.getId()))); + + LogAction.create(getUserId(), entity); + + if (currentUser != null && currentUser.getUserLimit() != 0) { + storage.addPermission(new Permission(User.class, getUserId(), ManagedUser.class, entity.getId())); + LogAction.link(getUserId(), User.class, getUserId(), ManagedUser.class, entity.getId()); + } + return Response.ok(entity).build(); + } + +} diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 7b51667c8..99539e50d 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -1,119 +1,123 @@ -/* - * Copyright 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.security; - -import org.traccar.api.signature.TokenManager; -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.database.LdapProvider; -import org.traccar.model.User; -import org.traccar.storage.Storage; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Condition; -import org.traccar.storage.query.Request; - -import javax.annotation.Nullable; -import javax.inject.Inject; -import javax.inject.Singleton; -import java.io.IOException; -import java.security.GeneralSecurityException; - -@Singleton -public class LoginService { - - private final Storage storage; - private final TokenManager tokenManager; - private final LdapProvider ldapProvider; - - private final String serviceAccountToken; - private final boolean forceLdap; - - @Inject - public LoginService( - Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) { - this.storage = storage; - this.tokenManager = tokenManager; - this.ldapProvider = ldapProvider; - serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN); - forceLdap = config.getBoolean(Keys.LDAP_FORCE); - } - - public User login(String token) throws StorageException, GeneralSecurityException, IOException { - if (serviceAccountToken != null && serviceAccountToken.equals(token)) { - return new ServiceAccountUser(); - } - long userId = tokenManager.verifyToken(token); - User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", userId))); - if (user != null) { - checkUserEnabled(user); - } - return user; - } - - public User login(String email, String password) throws StorageException { - email = email.trim(); - User user = storage.getObject(User.class, new Request( - new Columns.All(), - new Condition.Or( - new Condition.Equals("email", email), - new Condition.Equals("login", email)))); - if (user != null) { - if (ldapProvider != null && user.getLogin() != null && ldapProvider.login(user.getLogin(), password) - || !forceLdap && user.isPasswordValid(password)) { - checkUserEnabled(user); - return user; - } - } else { - if (ldapProvider != null && ldapProvider.login(email, password)) { - user = ldapProvider.getUser(email); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); - checkUserEnabled(user); - return user; - } - } - return null; - } - - public User login(String email, String name, Boolean administrator) throws StorageException { - User user = storage.getObject(User.class, new Request( - new Columns.All(), - new Condition.Equals("email", email))); - - if (user != null) { - checkUserEnabled(user); - return user; - } else { - user = new User(); - user.setName(name); - user.setEmail(email); - user.setFixedEmail(true); - user.setAdministrator(administrator); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); - checkUserEnabled(user); - return user; - } - } - - private void checkUserEnabled(User user) throws SecurityException { - if (user == null) { - throw new SecurityException("Unknown account"); - } - user.checkDisabled(); - } - -} +/* + * Copyright 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.security; + +import org.traccar.api.signature.TokenManager; +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.database.LdapProvider; +import org.traccar.helper.model.UserUtil; +import org.traccar.model.User; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; + +import javax.annotation.Nullable; +import javax.inject.Inject; +import javax.inject.Singleton; +import java.io.IOException; +import java.security.GeneralSecurityException; + +@Singleton +public class LoginService { + + private final Config config; + private final Storage storage; + private final TokenManager tokenManager; + private final LdapProvider ldapProvider; + + private final String serviceAccountToken; + private final boolean forceLdap; + + @Inject + public LoginService( + Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) { + this.storage = storage; + this.config = config; + this.tokenManager = tokenManager; + this.ldapProvider = ldapProvider; + serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN); + forceLdap = config.getBoolean(Keys.LDAP_FORCE); + } + + public User login(String token) throws StorageException, GeneralSecurityException, IOException { + if (serviceAccountToken != null && serviceAccountToken.equals(token)) { + return new ServiceAccountUser(); + } + long userId = tokenManager.verifyToken(token); + User user = storage.getObject(User.class, new Request( + new Columns.All(), new Condition.Equals("id", userId))); + if (user != null) { + checkUserEnabled(user); + } + return user; + } + + public User login(String email, String password) throws StorageException { + email = email.trim(); + User user = storage.getObject(User.class, new Request( + new Columns.All(), + new Condition.Or( + new Condition.Equals("email", email), + new Condition.Equals("login", email)))); + if (user != null) { + if (ldapProvider != null && user.getLogin() != null && ldapProvider.login(user.getLogin(), password) + || !forceLdap && user.isPasswordValid(password)) { + checkUserEnabled(user); + return user; + } + } else { + if (ldapProvider != null && ldapProvider.login(email, password)) { + user = ldapProvider.getUser(email); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + checkUserEnabled(user); + return user; + } + } + return null; + } + + public User login(String email, String name, Boolean administrator) throws StorageException { + User user = storage.getObject(User.class, new Request( + new Columns.All(), + new Condition.Equals("email", email))); + + if (user != null) { + checkUserEnabled(user); + return user; + } else { + user = new User(); + UserUtil.setUserDefaults(user, config); + user.setName(name); + user.setEmail(email); + user.setFixedEmail(true); + user.setAdministrator(administrator); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + checkUserEnabled(user); + return user; + } + } + + private void checkUserEnabled(User user) throws SecurityException { + if (user == null) { + throw new SecurityException("Unknown account"); + } + user.checkDisabled(); + } + +} diff --git a/src/main/java/org/traccar/helper/model/UserUtil.java b/src/main/java/org/traccar/helper/model/UserUtil.java index 9f93afeae..0dc355114 100644 --- a/src/main/java/org/traccar/helper/model/UserUtil.java +++ b/src/main/java/org/traccar/helper/model/UserUtil.java @@ -1,68 +1,78 @@ -/* - * Copyright 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.helper.model; - -import org.traccar.model.Server; -import org.traccar.model.User; -import org.traccar.storage.Storage; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Order; -import org.traccar.storage.query.Request; - -import java.util.TimeZone; - -public final class UserUtil { - - private UserUtil() { - } - - public static boolean isEmpty(Storage storage) throws StorageException { - return storage.getObjects(User.class, new Request( - new Columns.Include("id"), - new Order("id", false, 1))).isEmpty(); - } - - public static String getDistanceUnit(Server server, User user) { - return lookupStringAttribute(server, user, "distanceUnit", "km"); - } - - public static String getSpeedUnit(Server server, User user) { - return lookupStringAttribute(server, user, "speedUnit", "kn"); - } - - public static String getVolumeUnit(Server server, User user) { - return lookupStringAttribute(server, user, "volumeUnit", "ltr"); - } - - public static TimeZone getTimezone(Server server, User user) { - String timezone = lookupStringAttribute(server, user, "timezone", null); - return timezone != null ? TimeZone.getTimeZone(timezone) : TimeZone.getDefault(); - } - - private static String lookupStringAttribute(Server server, User user, String key, String defaultValue) { - String preference; - String serverPreference = server.getString(key); - String userPreference = user.getString(key); - if (server.getForceSettings()) { - preference = serverPreference != null ? serverPreference : userPreference; - } else { - preference = userPreference != null ? userPreference : serverPreference; - } - return preference != null ? preference : defaultValue; - } - -} +/* + * Copyright 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.helper.model; + +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.model.Server; +import org.traccar.model.User; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Order; +import org.traccar.storage.query.Request; + +import java.util.Date; +import java.util.TimeZone; + +public final class UserUtil { + + private UserUtil() { + } + + public static boolean isEmpty(Storage storage) throws StorageException { + return storage.getObjects(User.class, new Request( + new Columns.Include("id"), + new Order("id", false, 1))).isEmpty(); + } + + public static String getDistanceUnit(Server server, User user) { + return lookupStringAttribute(server, user, "distanceUnit", "km"); + } + + public static String getSpeedUnit(Server server, User user) { + return lookupStringAttribute(server, user, "speedUnit", "kn"); + } + + public static String getVolumeUnit(Server server, User user) { + return lookupStringAttribute(server, user, "volumeUnit", "ltr"); + } + + public static TimeZone getTimezone(Server server, User user) { + String timezone = lookupStringAttribute(server, user, "timezone", null); + return timezone != null ? TimeZone.getTimeZone(timezone) : TimeZone.getDefault(); + } + + private static String lookupStringAttribute(Server server, User user, String key, String defaultValue) { + String preference; + String serverPreference = server.getString(key); + String userPreference = user.getString(key); + if (server.getForceSettings()) { + preference = serverPreference != null ? serverPreference : userPreference; + } else { + preference = userPreference != null ? userPreference : serverPreference; + } + return preference != null ? preference : defaultValue; + } + + public static void setUserDefaults(User user, Config config) { + user.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT)); + int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS); + if (expirationDays > 0) { + user.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L)); + } + } +} diff --git a/traccar-web b/traccar-web index 506dd66b7..87e9c7dd5 160000 --- a/traccar-web +++ b/traccar-web @@ -1 +1 @@ -Subproject commit 506dd66b793803a24a2872e242482f263087df52 +Subproject commit 87e9c7dd5159c1d08368bfafa30fed9ae811933c -- cgit v1.2.3 From c6de74b4bb0f116b0fcbbb65b20296970597b652 Mon Sep 17 00:00:00 2001 From: Dan Date: Mon, 3 Apr 2023 17:39:06 +0100 Subject: Fixing my line endings, thanks Windows --- .../org/traccar/api/resource/SessionResource.java | 376 +- .../org/traccar/api/resource/UserResource.java | 230 +- .../org/traccar/api/security/LoginService.java | 246 +- .../java/org/traccar/database/OpenIdProvider.java | 326 +- .../java/org/traccar/helper/model/UserUtil.java | 156 +- swagger.json | 7052 ++++++++++---------- 6 files changed, 4193 insertions(+), 4193 deletions(-) (limited to 'src/main/java/org/traccar/api/security/LoginService.java') diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 8240a8a6f..94a6a4595 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -1,188 +1,188 @@ -/* - * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.resource; - -import org.traccar.api.BaseResource; -import org.traccar.api.security.LoginService; -import org.traccar.api.signature.TokenManager; -import org.traccar.database.OpenIdProvider; -import org.traccar.helper.DataConverter; -import org.traccar.helper.LogAction; -import org.traccar.helper.ServletHelper; -import org.traccar.model.User; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Condition; -import org.traccar.storage.query.Request; - -import com.nimbusds.oauth2.sdk.ParseException; -import javax.annotation.Nullable; -import javax.annotation.security.PermitAll; -import javax.inject.Inject; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.FormParam; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import java.io.IOException; -import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; -import java.security.GeneralSecurityException; -import java.util.Date; -import java.net.URI; - -@Path("session") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_FORM_URLENCODED) -public class SessionResource extends BaseResource { - - public static final String USER_ID_KEY = "userId"; - public static final String USER_COOKIE_KEY = "user"; - public static final String PASS_COOKIE_KEY = "password"; - - @Inject - private LoginService loginService; - - @Inject - @Nullable - private OpenIdProvider openIdProvider; - - @Inject - private TokenManager tokenManager; - - @Context - private HttpServletRequest request; - - @PermitAll - @GET - public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException { - - if (token != null) { - User user = loginService.login(token); - if (user != null) { - request.getSession().setAttribute(USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - return user; - } - } - - Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); - if (userId == null) { - - Cookie[] cookies = request.getCookies(); - String email = null, password = null; - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(USER_COOKIE_KEY)) { - byte[] emailBytes = DataConverter.parseBase64( - URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII)); - email = new String(emailBytes, StandardCharsets.UTF_8); - } else if (cookie.getName().equals(PASS_COOKIE_KEY)) { - byte[] passwordBytes = DataConverter.parseBase64( - URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII)); - password = new String(passwordBytes, StandardCharsets.UTF_8); - } - } - } - if (email != null && password != null) { - User user = loginService.login(email, password); - if (user != null) { - request.getSession().setAttribute(USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - return user; - } - } - - } else { - - User user = permissionsService.getUser(userId); - if (user != null) { - return user; - } - - } - - throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); - } - - @Path("{id}") - @GET - public User get(@PathParam("id") long userId) throws StorageException { - permissionsService.checkUser(getUserId(), userId); - User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", userId))); - request.getSession().setAttribute(USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - return user; - } - - @PermitAll - @POST - public User add( - @FormParam("email") String email, @FormParam("password") String password) throws StorageException { - User user = loginService.login(email, password); - if (user != null) { - request.getSession().setAttribute(USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - return user; - } else { - LogAction.failedLogin(ServletHelper.retrieveRemoteAddress(request)); - throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build()); - } - } - - @DELETE - public Response remove() { - LogAction.logout(getUserId(), ServletHelper.retrieveRemoteAddress(request)); - request.getSession().removeAttribute(USER_ID_KEY); - return Response.noContent().build(); - } - - @Path("token") - @POST - public String requestToken( - @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException { - return tokenManager.generateToken(getUserId(), expiration); - } - - @PermitAll - @Path("openid/auth") - @GET - public Response openIdAuth() throws IOException { - return Response.seeOther(openIdProvider.createAuthUri()).build(); - } - - @PermitAll - @Path("openid/callback") - @GET - public Response requestToken() throws IOException, StorageException, ParseException, GeneralSecurityException { - StringBuilder requestUrl = new StringBuilder(request.getRequestURL().toString()); - String queryString = request.getQueryString(); - String requestUri = requestUrl.append('?').append(queryString).toString(); - - return Response.seeOther(openIdProvider.handleCallback(URI.create(requestUri), request)).build(); - } -} +/* + * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import org.traccar.api.BaseResource; +import org.traccar.api.security.LoginService; +import org.traccar.api.signature.TokenManager; +import org.traccar.database.OpenIdProvider; +import org.traccar.helper.DataConverter; +import org.traccar.helper.LogAction; +import org.traccar.helper.ServletHelper; +import org.traccar.model.User; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; + +import com.nimbusds.oauth2.sdk.ParseException; +import javax.annotation.Nullable; +import javax.annotation.security.PermitAll; +import javax.inject.Inject; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.FormParam; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.io.IOException; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.util.Date; +import java.net.URI; + +@Path("session") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_FORM_URLENCODED) +public class SessionResource extends BaseResource { + + public static final String USER_ID_KEY = "userId"; + public static final String USER_COOKIE_KEY = "user"; + public static final String PASS_COOKIE_KEY = "password"; + + @Inject + private LoginService loginService; + + @Inject + @Nullable + private OpenIdProvider openIdProvider; + + @Inject + private TokenManager tokenManager; + + @Context + private HttpServletRequest request; + + @PermitAll + @GET + public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException { + + if (token != null) { + User user = loginService.login(token); + if (user != null) { + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return user; + } + } + + Long userId = (Long) request.getSession().getAttribute(USER_ID_KEY); + if (userId == null) { + + Cookie[] cookies = request.getCookies(); + String email = null, password = null; + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(USER_COOKIE_KEY)) { + byte[] emailBytes = DataConverter.parseBase64( + URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII)); + email = new String(emailBytes, StandardCharsets.UTF_8); + } else if (cookie.getName().equals(PASS_COOKIE_KEY)) { + byte[] passwordBytes = DataConverter.parseBase64( + URLDecoder.decode(cookie.getValue(), StandardCharsets.US_ASCII)); + password = new String(passwordBytes, StandardCharsets.UTF_8); + } + } + } + if (email != null && password != null) { + User user = loginService.login(email, password); + if (user != null) { + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return user; + } + } + + } else { + + User user = permissionsService.getUser(userId); + if (user != null) { + return user; + } + + } + + throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).build()); + } + + @Path("{id}") + @GET + public User get(@PathParam("id") long userId) throws StorageException { + permissionsService.checkUser(getUserId(), userId); + User user = storage.getObject(User.class, new Request( + new Columns.All(), new Condition.Equals("id", userId))); + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return user; + } + + @PermitAll + @POST + public User add( + @FormParam("email") String email, @FormParam("password") String password) throws StorageException { + User user = loginService.login(email, password); + if (user != null) { + request.getSession().setAttribute(USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return user; + } else { + LogAction.failedLogin(ServletHelper.retrieveRemoteAddress(request)); + throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).build()); + } + } + + @DELETE + public Response remove() { + LogAction.logout(getUserId(), ServletHelper.retrieveRemoteAddress(request)); + request.getSession().removeAttribute(USER_ID_KEY); + return Response.noContent().build(); + } + + @Path("token") + @POST + public String requestToken( + @FormParam("expiration") Date expiration) throws StorageException, GeneralSecurityException, IOException { + return tokenManager.generateToken(getUserId(), expiration); + } + + @PermitAll + @Path("openid/auth") + @GET + public Response openIdAuth() throws IOException { + return Response.seeOther(openIdProvider.createAuthUri()).build(); + } + + @PermitAll + @Path("openid/callback") + @GET + public Response requestToken() throws IOException, StorageException, ParseException, GeneralSecurityException { + StringBuilder requestUrl = new StringBuilder(request.getRequestURL().toString()); + String queryString = request.getQueryString(); + String requestUri = requestUrl.append('?').append(queryString).toString(); + + return Response.seeOther(openIdProvider.handleCallback(URI.create(requestUri), request)).build(); + } +} diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index 57df3481e..1c58cec3c 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -1,115 +1,115 @@ -/* - * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.resource; - -import org.traccar.api.BaseObjectResource; -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.helper.LogAction; -import org.traccar.helper.model.UserUtil; -import org.traccar.model.ManagedUser; -import org.traccar.model.Permission; -import org.traccar.model.User; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Condition; -import org.traccar.storage.query.Request; - -import javax.annotation.security.PermitAll; -import javax.inject.Inject; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import java.util.Collection; - -@Path("users") -@Produces(MediaType.APPLICATION_JSON) -@Consumes(MediaType.APPLICATION_JSON) -public class UserResource extends BaseObjectResource { - - @Inject - private Config config; - - public UserResource() { - super(User.class); - } - - @GET - public Collection get(@QueryParam("userId") long userId) throws StorageException { - if (userId > 0) { - permissionsService.checkUser(getUserId(), userId); - return storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, userId, ManagedUser.class).excludeGroups())); - } else if (permissionsService.notAdmin(getUserId())) { - return storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())); - } else { - return storage.getObjects(baseClass, new Request(new Columns.All())); - } - } - - @Override - @PermitAll - @POST - public Response add(User entity) throws StorageException { - User currentUser = getUserId() > 0 ? permissionsService.getUser(getUserId()) : null; - if (currentUser == null || !currentUser.getAdministrator()) { - permissionsService.checkUserUpdate(getUserId(), new User(), entity); - if (currentUser != null && currentUser.getUserLimit() != 0) { - int userLimit = currentUser.getUserLimit(); - if (userLimit > 0) { - int userCount = storage.getObjects(baseClass, new Request( - new Columns.All(), - new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())) - .size(); - if (userCount >= userLimit) { - throw new SecurityException("Manager user limit reached"); - } - } - } else { - if (!permissionsService.getServer().getRegistration()) { - throw new SecurityException("Registration disabled"); - } - UserUtil.setUserDefaults(entity, config); - } - } - - if (UserUtil.isEmpty(storage)) { - entity.setAdministrator(true); - } - - entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id")))); - storage.updateObject(entity, new Request( - new Columns.Include("hashedPassword", "salt"), - new Condition.Equals("id", entity.getId()))); - - LogAction.create(getUserId(), entity); - - if (currentUser != null && currentUser.getUserLimit() != 0) { - storage.addPermission(new Permission(User.class, getUserId(), ManagedUser.class, entity.getId())); - LogAction.link(getUserId(), User.class, getUserId(), ManagedUser.class, entity.getId()); - } - return Response.ok(entity).build(); - } - -} +/* + * Copyright 2015 - 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.resource; + +import org.traccar.api.BaseObjectResource; +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.helper.LogAction; +import org.traccar.helper.model.UserUtil; +import org.traccar.model.ManagedUser; +import org.traccar.model.Permission; +import org.traccar.model.User; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; + +import javax.annotation.security.PermitAll; +import javax.inject.Inject; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.Collection; + +@Path("users") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class UserResource extends BaseObjectResource { + + @Inject + private Config config; + + public UserResource() { + super(User.class); + } + + @GET + public Collection get(@QueryParam("userId") long userId) throws StorageException { + if (userId > 0) { + permissionsService.checkUser(getUserId(), userId); + return storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, userId, ManagedUser.class).excludeGroups())); + } else if (permissionsService.notAdmin(getUserId())) { + return storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())); + } else { + return storage.getObjects(baseClass, new Request(new Columns.All())); + } + } + + @Override + @PermitAll + @POST + public Response add(User entity) throws StorageException { + User currentUser = getUserId() > 0 ? permissionsService.getUser(getUserId()) : null; + if (currentUser == null || !currentUser.getAdministrator()) { + permissionsService.checkUserUpdate(getUserId(), new User(), entity); + if (currentUser != null && currentUser.getUserLimit() != 0) { + int userLimit = currentUser.getUserLimit(); + if (userLimit > 0) { + int userCount = storage.getObjects(baseClass, new Request( + new Columns.All(), + new Condition.Permission(User.class, getUserId(), ManagedUser.class).excludeGroups())) + .size(); + if (userCount >= userLimit) { + throw new SecurityException("Manager user limit reached"); + } + } + } else { + if (!permissionsService.getServer().getRegistration()) { + throw new SecurityException("Registration disabled"); + } + UserUtil.setUserDefaults(entity, config); + } + } + + if (UserUtil.isEmpty(storage)) { + entity.setAdministrator(true); + } + + entity.setId(storage.addObject(entity, new Request(new Columns.Exclude("id")))); + storage.updateObject(entity, new Request( + new Columns.Include("hashedPassword", "salt"), + new Condition.Equals("id", entity.getId()))); + + LogAction.create(getUserId(), entity); + + if (currentUser != null && currentUser.getUserLimit() != 0) { + storage.addPermission(new Permission(User.class, getUserId(), ManagedUser.class, entity.getId())); + LogAction.link(getUserId(), User.class, getUserId(), ManagedUser.class, entity.getId()); + } + return Response.ok(entity).build(); + } + +} diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index 99539e50d..d92f7ce15 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -1,123 +1,123 @@ -/* - * Copyright 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.api.security; - -import org.traccar.api.signature.TokenManager; -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.database.LdapProvider; -import org.traccar.helper.model.UserUtil; -import org.traccar.model.User; -import org.traccar.storage.Storage; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Condition; -import org.traccar.storage.query.Request; - -import javax.annotation.Nullable; -import javax.inject.Inject; -import javax.inject.Singleton; -import java.io.IOException; -import java.security.GeneralSecurityException; - -@Singleton -public class LoginService { - - private final Config config; - private final Storage storage; - private final TokenManager tokenManager; - private final LdapProvider ldapProvider; - - private final String serviceAccountToken; - private final boolean forceLdap; - - @Inject - public LoginService( - Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) { - this.storage = storage; - this.config = config; - this.tokenManager = tokenManager; - this.ldapProvider = ldapProvider; - serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN); - forceLdap = config.getBoolean(Keys.LDAP_FORCE); - } - - public User login(String token) throws StorageException, GeneralSecurityException, IOException { - if (serviceAccountToken != null && serviceAccountToken.equals(token)) { - return new ServiceAccountUser(); - } - long userId = tokenManager.verifyToken(token); - User user = storage.getObject(User.class, new Request( - new Columns.All(), new Condition.Equals("id", userId))); - if (user != null) { - checkUserEnabled(user); - } - return user; - } - - public User login(String email, String password) throws StorageException { - email = email.trim(); - User user = storage.getObject(User.class, new Request( - new Columns.All(), - new Condition.Or( - new Condition.Equals("email", email), - new Condition.Equals("login", email)))); - if (user != null) { - if (ldapProvider != null && user.getLogin() != null && ldapProvider.login(user.getLogin(), password) - || !forceLdap && user.isPasswordValid(password)) { - checkUserEnabled(user); - return user; - } - } else { - if (ldapProvider != null && ldapProvider.login(email, password)) { - user = ldapProvider.getUser(email); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); - checkUserEnabled(user); - return user; - } - } - return null; - } - - public User login(String email, String name, Boolean administrator) throws StorageException { - User user = storage.getObject(User.class, new Request( - new Columns.All(), - new Condition.Equals("email", email))); - - if (user != null) { - checkUserEnabled(user); - return user; - } else { - user = new User(); - UserUtil.setUserDefaults(user, config); - user.setName(name); - user.setEmail(email); - user.setFixedEmail(true); - user.setAdministrator(administrator); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); - checkUserEnabled(user); - return user; - } - } - - private void checkUserEnabled(User user) throws SecurityException { - if (user == null) { - throw new SecurityException("Unknown account"); - } - user.checkDisabled(); - } - -} +/* + * Copyright 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.security; + +import org.traccar.api.signature.TokenManager; +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.database.LdapProvider; +import org.traccar.helper.model.UserUtil; +import org.traccar.model.User; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Condition; +import org.traccar.storage.query.Request; + +import javax.annotation.Nullable; +import javax.inject.Inject; +import javax.inject.Singleton; +import java.io.IOException; +import java.security.GeneralSecurityException; + +@Singleton +public class LoginService { + + private final Config config; + private final Storage storage; + private final TokenManager tokenManager; + private final LdapProvider ldapProvider; + + private final String serviceAccountToken; + private final boolean forceLdap; + + @Inject + public LoginService( + Config config, Storage storage, TokenManager tokenManager, @Nullable LdapProvider ldapProvider) { + this.storage = storage; + this.config = config; + this.tokenManager = tokenManager; + this.ldapProvider = ldapProvider; + serviceAccountToken = config.getString(Keys.WEB_SERVICE_ACCOUNT_TOKEN); + forceLdap = config.getBoolean(Keys.LDAP_FORCE); + } + + public User login(String token) throws StorageException, GeneralSecurityException, IOException { + if (serviceAccountToken != null && serviceAccountToken.equals(token)) { + return new ServiceAccountUser(); + } + long userId = tokenManager.verifyToken(token); + User user = storage.getObject(User.class, new Request( + new Columns.All(), new Condition.Equals("id", userId))); + if (user != null) { + checkUserEnabled(user); + } + return user; + } + + public User login(String email, String password) throws StorageException { + email = email.trim(); + User user = storage.getObject(User.class, new Request( + new Columns.All(), + new Condition.Or( + new Condition.Equals("email", email), + new Condition.Equals("login", email)))); + if (user != null) { + if (ldapProvider != null && user.getLogin() != null && ldapProvider.login(user.getLogin(), password) + || !forceLdap && user.isPasswordValid(password)) { + checkUserEnabled(user); + return user; + } + } else { + if (ldapProvider != null && ldapProvider.login(email, password)) { + user = ldapProvider.getUser(email); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + checkUserEnabled(user); + return user; + } + } + return null; + } + + public User login(String email, String name, Boolean administrator) throws StorageException { + User user = storage.getObject(User.class, new Request( + new Columns.All(), + new Condition.Equals("email", email))); + + if (user != null) { + checkUserEnabled(user); + return user; + } else { + user = new User(); + UserUtil.setUserDefaults(user, config); + user.setName(name); + user.setEmail(email); + user.setFixedEmail(true); + user.setAdministrator(administrator); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + checkUserEnabled(user); + return user; + } + } + + private void checkUserEnabled(User user) throws SecurityException { + if (user == null) { + throw new SecurityException("Unknown account"); + } + user.checkDisabled(); + } + +} diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index 22e5d6b50..5e5c54523 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -1,163 +1,163 @@ -/* - * Copyright 2023 Daniel Raper (me@danr.uk) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.database; - -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.api.resource.SessionResource; -import org.traccar.api.security.LoginService; -import org.traccar.model.User; -import org.traccar.storage.StorageException; -import org.traccar.helper.LogAction; -import org.traccar.helper.ServletHelper; - -import java.net.URI; -import java.net.URISyntaxException; -import java.security.GeneralSecurityException; -import java.io.IOException; -import javax.servlet.http.HttpServletRequest; -import com.google.inject.Inject; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.nimbusds.oauth2.sdk.http.HTTPResponse; -import com.nimbusds.oauth2.sdk.AuthorizationCode; -import com.nimbusds.oauth2.sdk.ResponseType; -import com.nimbusds.oauth2.sdk.Scope; -import com.nimbusds.oauth2.sdk.AuthorizationGrant; -import com.nimbusds.oauth2.sdk.TokenRequest; -import com.nimbusds.oauth2.sdk.TokenResponse; -import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; -import com.nimbusds.oauth2.sdk.ParseException; -import com.nimbusds.oauth2.sdk.AuthorizationResponse; -import com.nimbusds.oauth2.sdk.auth.Secret; -import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; -import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; -import com.nimbusds.oauth2.sdk.token.BearerAccessToken; -import com.nimbusds.oauth2.sdk.id.State; -import com.nimbusds.oauth2.sdk.id.ClientID; -import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; -import com.nimbusds.openid.connect.sdk.Nonce; -import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; -import com.nimbusds.openid.connect.sdk.UserInfoResponse; -import com.nimbusds.openid.connect.sdk.UserInfoRequest; -import com.nimbusds.openid.connect.sdk.AuthenticationRequest; - -import com.nimbusds.openid.connect.sdk.claims.UserInfo; - -public class OpenIdProvider { - private static final Logger LOGGER = LoggerFactory.getLogger(OpenIdProvider.class); - - public final Boolean force; - private final ClientID clientId; - private final ClientAuthentication clientAuth; - private URI callbackUrl; - private URI authUrl; - private URI tokenUrl; - private URI userInfoUrl; - private URI baseUrl; - private final String adminGroup; - - private LoginService loginService; - - @Inject - public OpenIdProvider(Config config, LoginService loginService) { - this.loginService = loginService; - - force = config.getBoolean(Keys.OPENID_FORCE); - clientId = new ClientID(config.getString(Keys.OPENID_CLIENTID)); - clientAuth = new ClientSecretBasic(clientId, new Secret(config.getString(Keys.OPENID_CLIENTSECRET))); - - try { - callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); - authUrl = new URI(config.getString(Keys.OPENID_AUTHURL, "")); - tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, "")); - userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, "")); - baseUrl = new URI(config.getString(Keys.WEB_URL, "")); - } catch(URISyntaxException error) { - LOGGER.error("Invalid URIs provided in OpenID configuration"); - } - - adminGroup = config.getString(Keys.OPENID_ADMINGROUP); - } - - public URI createAuthUri() { - AuthenticationRequest.Builder request = new AuthenticationRequest.Builder( - new ResponseType("code"), - new Scope("openid", "profile", "email", "groups"), - clientId, - callbackUrl); - - return request.endpointURI(authUrl) - .state(new State()) - .build() - .toURI(); - } - - private OIDCTokenResponse getToken(AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { - AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); - TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); - - HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); - TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); - if (!token.indicatesSuccess()) { - throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); - } - - return (OIDCTokenResponse) token.toSuccessResponse(); - } - - private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException { - HTTPResponse httpResponse = new UserInfoRequest(userInfoUrl, token) - .toHTTPRequest() - .send(); - - UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse); - - if (!userInfoResponse.indicatesSuccess()) { - throw new GeneralSecurityException("Failed to access OpenID Connect user info endpoint. Please contact your administrator."); - } - - return userInfoResponse.toSuccessResponse().getUserInfo(); - } - - public URI handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, GeneralSecurityException { - AuthorizationResponse response = AuthorizationResponse.parse(requestUri); - - if (!response.indicatesSuccess()) { - throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); - } - - AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); - - if (authCode == null) { - throw new GeneralSecurityException( "Malformed OpenID callback."); - } - - OIDCTokenResponse tokens = getToken(authCode); - - BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); - - UserInfo userInfo = getUserInfo(bearerToken); - - User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup)); - - request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - - return baseUrl; - } -} +/* + * Copyright 2023 Daniel Raper (me@danr.uk) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.database; + +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.api.resource.SessionResource; +import org.traccar.api.security.LoginService; +import org.traccar.model.User; +import org.traccar.storage.StorageException; +import org.traccar.helper.LogAction; +import org.traccar.helper.ServletHelper; + +import java.net.URI; +import java.net.URISyntaxException; +import java.security.GeneralSecurityException; +import java.io.IOException; +import javax.servlet.http.HttpServletRequest; +import com.google.inject.Inject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.nimbusds.oauth2.sdk.http.HTTPResponse; +import com.nimbusds.oauth2.sdk.AuthorizationCode; +import com.nimbusds.oauth2.sdk.ResponseType; +import com.nimbusds.oauth2.sdk.Scope; +import com.nimbusds.oauth2.sdk.AuthorizationGrant; +import com.nimbusds.oauth2.sdk.TokenRequest; +import com.nimbusds.oauth2.sdk.TokenResponse; +import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant; +import com.nimbusds.oauth2.sdk.ParseException; +import com.nimbusds.oauth2.sdk.AuthorizationResponse; +import com.nimbusds.oauth2.sdk.auth.Secret; +import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; +import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; +import com.nimbusds.oauth2.sdk.token.BearerAccessToken; +import com.nimbusds.oauth2.sdk.id.State; +import com.nimbusds.oauth2.sdk.id.ClientID; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; +import com.nimbusds.openid.connect.sdk.Nonce; +import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; +import com.nimbusds.openid.connect.sdk.UserInfoResponse; +import com.nimbusds.openid.connect.sdk.UserInfoRequest; +import com.nimbusds.openid.connect.sdk.AuthenticationRequest; + +import com.nimbusds.openid.connect.sdk.claims.UserInfo; + +public class OpenIdProvider { + private static final Logger LOGGER = LoggerFactory.getLogger(OpenIdProvider.class); + + public final Boolean force; + private final ClientID clientId; + private final ClientAuthentication clientAuth; + private URI callbackUrl; + private URI authUrl; + private URI tokenUrl; + private URI userInfoUrl; + private URI baseUrl; + private final String adminGroup; + + private LoginService loginService; + + @Inject + public OpenIdProvider(Config config, LoginService loginService) { + this.loginService = loginService; + + force = config.getBoolean(Keys.OPENID_FORCE); + clientId = new ClientID(config.getString(Keys.OPENID_CLIENTID)); + clientAuth = new ClientSecretBasic(clientId, new Secret(config.getString(Keys.OPENID_CLIENTSECRET))); + + try { + callbackUrl = new URI(config.getString(Keys.WEB_URL, "") + "/api/session/openid/callback"); + authUrl = new URI(config.getString(Keys.OPENID_AUTHURL, "")); + tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, "")); + userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, "")); + baseUrl = new URI(config.getString(Keys.WEB_URL, "")); + } catch(URISyntaxException error) { + LOGGER.error("Invalid URIs provided in OpenID configuration"); + } + + adminGroup = config.getString(Keys.OPENID_ADMINGROUP); + } + + public URI createAuthUri() { + AuthenticationRequest.Builder request = new AuthenticationRequest.Builder( + new ResponseType("code"), + new Scope("openid", "profile", "email", "groups"), + clientId, + callbackUrl); + + return request.endpointURI(authUrl) + .state(new State()) + .build() + .toURI(); + } + + private OIDCTokenResponse getToken(AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { + AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); + TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); + + HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); + TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); + if (!token.indicatesSuccess()) { + throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); + } + + return (OIDCTokenResponse) token.toSuccessResponse(); + } + + private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException { + HTTPResponse httpResponse = new UserInfoRequest(userInfoUrl, token) + .toHTTPRequest() + .send(); + + UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse); + + if (!userInfoResponse.indicatesSuccess()) { + throw new GeneralSecurityException("Failed to access OpenID Connect user info endpoint. Please contact your administrator."); + } + + return userInfoResponse.toSuccessResponse().getUserInfo(); + } + + public URI handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, GeneralSecurityException { + AuthorizationResponse response = AuthorizationResponse.parse(requestUri); + + if (!response.indicatesSuccess()) { + throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); + } + + AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); + + if (authCode == null) { + throw new GeneralSecurityException( "Malformed OpenID callback."); + } + + OIDCTokenResponse tokens = getToken(authCode); + + BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); + + UserInfo userInfo = getUserInfo(bearerToken); + + User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup)); + + request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + + return baseUrl; + } +} diff --git a/src/main/java/org/traccar/helper/model/UserUtil.java b/src/main/java/org/traccar/helper/model/UserUtil.java index 0dc355114..4b1c404f9 100644 --- a/src/main/java/org/traccar/helper/model/UserUtil.java +++ b/src/main/java/org/traccar/helper/model/UserUtil.java @@ -1,78 +1,78 @@ -/* - * Copyright 2022 Anton Tananaev (anton@traccar.org) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.traccar.helper.model; - -import org.traccar.config.Config; -import org.traccar.config.Keys; -import org.traccar.model.Server; -import org.traccar.model.User; -import org.traccar.storage.Storage; -import org.traccar.storage.StorageException; -import org.traccar.storage.query.Columns; -import org.traccar.storage.query.Order; -import org.traccar.storage.query.Request; - -import java.util.Date; -import java.util.TimeZone; - -public final class UserUtil { - - private UserUtil() { - } - - public static boolean isEmpty(Storage storage) throws StorageException { - return storage.getObjects(User.class, new Request( - new Columns.Include("id"), - new Order("id", false, 1))).isEmpty(); - } - - public static String getDistanceUnit(Server server, User user) { - return lookupStringAttribute(server, user, "distanceUnit", "km"); - } - - public static String getSpeedUnit(Server server, User user) { - return lookupStringAttribute(server, user, "speedUnit", "kn"); - } - - public static String getVolumeUnit(Server server, User user) { - return lookupStringAttribute(server, user, "volumeUnit", "ltr"); - } - - public static TimeZone getTimezone(Server server, User user) { - String timezone = lookupStringAttribute(server, user, "timezone", null); - return timezone != null ? TimeZone.getTimeZone(timezone) : TimeZone.getDefault(); - } - - private static String lookupStringAttribute(Server server, User user, String key, String defaultValue) { - String preference; - String serverPreference = server.getString(key); - String userPreference = user.getString(key); - if (server.getForceSettings()) { - preference = serverPreference != null ? serverPreference : userPreference; - } else { - preference = userPreference != null ? userPreference : serverPreference; - } - return preference != null ? preference : defaultValue; - } - - public static void setUserDefaults(User user, Config config) { - user.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT)); - int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS); - if (expirationDays > 0) { - user.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L)); - } - } -} +/* + * Copyright 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.helper.model; + +import org.traccar.config.Config; +import org.traccar.config.Keys; +import org.traccar.model.Server; +import org.traccar.model.User; +import org.traccar.storage.Storage; +import org.traccar.storage.StorageException; +import org.traccar.storage.query.Columns; +import org.traccar.storage.query.Order; +import org.traccar.storage.query.Request; + +import java.util.Date; +import java.util.TimeZone; + +public final class UserUtil { + + private UserUtil() { + } + + public static boolean isEmpty(Storage storage) throws StorageException { + return storage.getObjects(User.class, new Request( + new Columns.Include("id"), + new Order("id", false, 1))).isEmpty(); + } + + public static String getDistanceUnit(Server server, User user) { + return lookupStringAttribute(server, user, "distanceUnit", "km"); + } + + public static String getSpeedUnit(Server server, User user) { + return lookupStringAttribute(server, user, "speedUnit", "kn"); + } + + public static String getVolumeUnit(Server server, User user) { + return lookupStringAttribute(server, user, "volumeUnit", "ltr"); + } + + public static TimeZone getTimezone(Server server, User user) { + String timezone = lookupStringAttribute(server, user, "timezone", null); + return timezone != null ? TimeZone.getTimeZone(timezone) : TimeZone.getDefault(); + } + + private static String lookupStringAttribute(Server server, User user, String key, String defaultValue) { + String preference; + String serverPreference = server.getString(key); + String userPreference = user.getString(key); + if (server.getForceSettings()) { + preference = serverPreference != null ? serverPreference : userPreference; + } else { + preference = userPreference != null ? userPreference : serverPreference; + } + return preference != null ? preference : defaultValue; + } + + public static void setUserDefaults(User user, Config config) { + user.setDeviceLimit(config.getInteger(Keys.USERS_DEFAULT_DEVICE_LIMIT)); + int expirationDays = config.getInteger(Keys.USERS_DEFAULT_EXPIRATION_DAYS); + if (expirationDays > 0) { + user.setExpirationTime(new Date(System.currentTimeMillis() + expirationDays * 86400000L)); + } + } +} diff --git a/swagger.json b/swagger.json index 5a7349da8..cbdc9effd 100644 --- a/swagger.json +++ b/swagger.json @@ -1,3526 +1,3526 @@ -{ - "openapi": "3.0.1", - "info": { - "title": "Traccar", - "version": "5.6", - "description": "Traccar GPS tracking server API documentation. To use the API you need to have a server instance. For testing purposes you can use one of free [demo servers](https://www.traccar.org/demo-server/). For production use you can install your own server or get a [subscription service](https://www.traccar.org/product/tracking-server/).", - "contact": { - "name": "Traccar Support", - "url": "https://www.traccar.org/", - "email": "support@traccar.org" - }, - "license": { - "name": "Apache 2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0.html" - } - }, - "servers": [ - { - "url": "https://demo.traccar.org/api", - "description": "Demo Server 1" - }, - { - "url": "https://demo2.traccar.org/api", - "description": "Demo Server 2" - }, - { - "url": "https://demo3.traccar.org/api", - "description": "Demo Server 3" - }, - { - "url": "https://demo4.traccar.org/api", - "description": "Demo Server 4" - }, - { - "url": "https://server.traccar.org/api", - "description": "Subscription Server" - }, - { - "url": "http://{host}:{port}/api", - "description": "Other Server", - "variables": { - "host": { - "default": "localhost" - }, - "port": { - "enum": [ - "8082", - "80" - ], - "default": "8082" - } - } - } - ], - "security": [ - { - "basicAuth": [] - } - ], - "tags": [ - { - "name": "Server", - "description": "Server information" - }, - { - "name": "Session", - "description": "User session management" - }, - { - "name": "Devices", - "description": "Device management" - }, - { - "name": "Groups", - "description": "Group management" - }, - { - "name": "Users", - "description": "User management" - }, - { - "name": "Permissions", - "description": "User permissions and other object linking" - }, - { - "name": "Positions", - "description": "Retrieving raw location information" - }, - { - "name": "Events", - "description": "Retrieving event information" - }, - { - "name": "Reports", - "description": "Reports generation" - }, - { - "name": "Notifications", - "description": "User notifications management" - }, - { - "name": "Geofences", - "description": "Geofence management" - }, - { - "name": "Commands", - "description": "Sending commands to devices and stored command management" - }, - { - "name": "Attributes", - "description": "Computed attributes management" - }, - { - "name": "Drivers", - "description": "Drivers management" - }, - { - "name": "Maintenance", - "description": "Maintenance management" - }, - { - "name": "Calendars", - "description": "Calendar management" - }, - { - "name": "Statistics", - "description": "Retrieving server statistics" - } - ], - "paths": { - "/commands": { - "get": { - "summary": "Fetch a list of Saved Commands", - "tags": [ - "Commands" - ], - "description": "Without params, it returns a list of Saved Commands the user has access to", - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Command" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Saved Command", - "tags": [ - "Commands" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/commands/{id}": { - "put": { - "summary": "Update a Saved Command", - "tags": [ - "Commands" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Saved Command", - "tags": [ - "Commands" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/commands/send": { - "get": { - "summary": "Fetch a list of Saved Commands supported by Device at the moment", - "description": "Return a list of saved commands linked to Device and its groups, filtered by current Device protocol support", - "tags": [ - "Commands" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Command" - } - } - } - } - }, - "400": { - "description": "Could happen when the user doesn't have permission for the device", - "content": {} - } - } - }, - "post": { - "summary": "Dispatch commands to device", - "description": "Dispatch a new command or Saved Command if _body.id_ set", - "tags": [ - "Commands" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "Command sent", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - } - }, - "202": { - "description": "Command queued", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - } - }, - "400": { - "description": "Could happen when the user doesn't have permission or an incorrect command _type_ for the device", - "content": {} - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/commands/types": { - "get": { - "summary": "Fetch a list of available Commands for the Device or all possible Commands if Device ommited", - "tags": [ - "Commands" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "description": "Internal device identifier. Only works if device has already reported some locations", - "schema": { - "type": "integer" - } - }, - { - "name": "protocol", - "in": "query", - "description": "Protocol name. Can be used instead of device id", - "schema": { - "type": "string" - } - }, - { - "name": "textChannel", - "in": "query", - "description": "When `true` return SMS commands. If not specified or `false` return data commands", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/CommandType" - } - } - } - } - }, - "400": { - "description": "Could happen when trying to fetch from a device the user does not have permission", - "content": {} - } - } - } - }, - "/devices": { - "get": { - "summary": "Fetch a list of Devices", - "description": "Without any params, returns a list of the user's devices", - "tags": [ - "Devices" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "id", - "in": "query", - "description": "To fetch one or more devices. Multiple params can be passed like `id=31&id=42`", - "schema": { - "type": "integer" - } - }, - { - "name": "uniqueId", - "in": "query", - "description": "To fetch one or more devices. Multiple params can be passed like `uniqueId=333331&uniqieId=44442`", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Device" - } - } - } - } - }, - "400": { - "description": "No permission", - "content": {} - } - } - }, - "post": { - "summary": "Create a Device", - "tags": [ - "Devices" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Device" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Device" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/devices/{id}": { - "put": { - "summary": "Update a Device", - "tags": [ - "Devices" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Device" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Device" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Device", - "tags": [ - "Devices" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/devices/{id}/accumulators": { - "put": { - "summary": "Update total distance and hours of the Device", - "tags": [ - "Devices" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DeviceAccumulators" - } - } - }, - "required": true - }, - "responses": { - "204": { - "description": "No Content", - "content": {} - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/groups": { - "get": { - "summary": "Fetch a list of Groups", - "description": "Without any params, returns a list of the Groups the user belongs to", - "tags": [ - "Groups" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Group" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Group", - "tags": [ - "Groups" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Group" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Group" - } - } - } - }, - "400": { - "description": "No permission", - "content": {} - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/groups/{id}": { - "put": { - "summary": "Update a Group", - "tags": [ - "Groups" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Group" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Group" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Group", - "tags": [ - "Groups" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/permissions": { - "post": { - "summary": "Link an Object to another Object", - "tags": [ - "Permissions" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Permission" - } - } - }, - "required": true - }, - "responses": { - "204": { - "description": "No Content", - "content": {} - }, - "400": { - "description": "No permission", - "content": {} - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Unlink an Object from another Object", - "tags": [ - "Permissions" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Permission" - } - } - }, - "required": true - }, - "responses": { - "204": { - "description": "No Content", - "content": {} - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/positions": { - "get": { - "summary": "Fetches a list of Positions", - "description": "We strongly recommend using [Traccar WebSocket API](https://www.traccar.org/traccar-api/) instead of periodically polling positions endpoint. Without any params, it returns a list of last known positions for all the user's Devices. _from_ and _to_ fields are not required with _id_.", - "tags": [ - "Positions" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "description": "_deviceId_ is optional, but requires the _from_ and _to_ parameters when used", - "schema": { - "type": "integer" - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "id", - "in": "query", - "description": "To fetch one or more positions. Multiple params can be passed like `id=31&id=42`", - "schema": { - "type": "integer" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Position" - } - } - }, - "text/csv": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Position" - } - } - }, - "application/gpx+xml": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Position" - } - } - } - } - } - } - } - }, - "/server": { - "get": { - "summary": "Fetch Server information", - "tags": [ - "Server" - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Server" - } - } - } - } - } - }, - "put": { - "summary": "Update Server information", - "tags": [ - "Server" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Server" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Server" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/session": { - "get": { - "summary": "Fetch Session information", - "tags": [ - "Session" - ], - "parameters": [ - { - "name": "token", - "in": "query", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - } - }, - "404": { - "description": "Not Found", - "content": {} - } - } - }, - "post": { - "summary": "Create a new Session", - "tags": [ - "Session" - ], - "requestBody": { - "content": { - "application/x-www-form-urlencoded": { - "schema": { - "required": [ - "email", - "password" - ], - "properties": { - "email": { - "type": "string" - }, - "password": { - "type": "string", - "format": "password" - } - } - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - } - }, - "401": { - "description": "Unauthorized", - "content": {} - } - } - }, - "delete": { - "summary": "Close the Session", - "tags": [ - "Session" - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/session/openid/auth": { - "get": { - "summary": "Fetch Session information", - "tags": [ - "Session" - ], - "parameters": [ - { - } - ], - "responses": { - "303": { - "description": "Redirect to OpenID Connect identity provider", - "content": { } - } - } - } - }, - "/session/openid/callback": { - "get": { - "summary": "OpenID Callback", - "tags": [ - "Session" - ], - "parameters": [ - { - } - ], - "responses": { - "303": { - "description": "Successful authentication, redirect to homepage", - "content": { } - } - } - } - }, - "/users": { - "get": { - "summary": "Fetch a list of Users", - "tags": [ - "Users" - ], - "parameters": [ - { - "name": "userId", - "in": "query", - "description": "Can only be used by admin or manager users", - "schema": { - "type": "string" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/User" - } - } - } - } - }, - "400": { - "description": "No Permission", - "content": {} - } - } - }, - "post": { - "summary": "Create a User", - "tags": [ - "Users" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/users/{id}": { - "put": { - "summary": "Update a User", - "tags": [ - "Users" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a User", - "tags": [ - "Users" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/notifications": { - "get": { - "summary": "Fetch a list of Notifications", - "description": "Without params, it returns a list of Notifications the user has access to", - "tags": [ - "Notifications" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Notification" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Notification", - "tags": [ - "Notifications" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Notification" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Notification" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/notifications/{id}": { - "put": { - "summary": "Update a Notification", - "tags": [ - "Notifications" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Notification" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Notification" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Notification", - "tags": [ - "Notifications" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/notifications/types": { - "get": { - "summary": "Fetch a list of available Notification types", - "tags": [ - "Notifications" - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/NotificationType" - } - } - } - } - } - } - } - }, - "/notifications/test": { - "post": { - "summary": "Send test notification to current user via Email and SMS", - "tags": [ - "Notifications" - ], - "responses": { - "204": { - "description": "Successful sending", - "content": {} - }, - "400": { - "description": "Could happen if sending has failed", - "content": {} - } - } - } - }, - "/geofences": { - "get": { - "summary": "Fetch a list of Geofences", - "description": "Without params, it returns a list of Geofences the user has access to", - "tags": [ - "Geofences" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Geofence" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Geofence", - "tags": [ - "Geofences" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Geofence" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Geofence" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/geofences/{id}": { - "put": { - "summary": "Update a Geofence", - "tags": [ - "Geofences" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Geofence" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Geofence" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Geofence", - "tags": [ - "Geofences" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/events/{id}": { - "get": { - "tags": [ - "Events" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Event" - } - } - } - } - } - } - }, - "/reports/route": { - "get": { - "summary": "Fetch a list of Positions within the time period for the Devices or Groups", - "description": "At least one _deviceId_ or one _groupId_ must be passed", - "tags": [ - "Reports" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Position" - } - } - }, - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Position" - } - } - } - } - } - } - } - }, - "/reports/events": { - "get": { - "summary": "Fetch a list of Events within the time period for the Devices or Groups", - "description": "At least one _deviceId_ or one _groupId_ must be passed", - "tags": [ - "Reports" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "type", - "in": "query", - "description": "% can be used to return events of all types", - "style": "form", - "explode": false, - "schema": { - "type": "array", - "items": { - "type": "string" - } - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Event" - } - } - }, - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Event" - } - } - } - } - } - } - } - }, - "/reports/summary": { - "get": { - "summary": "Fetch a list of ReportSummary within the time period for the Devices or Groups", - "description": "At least one _deviceId_ or one _groupId_ must be passed", - "tags": [ - "Reports" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportSummary" - } - } - }, - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportSummary" - } - } - } - } - } - } - } - }, - "/reports/trips": { - "get": { - "summary": "Fetch a list of ReportTrips within the time period for the Devices or Groups", - "description": "At least one _deviceId_ or one _groupId_ must be passed", - "tags": [ - "Reports" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportTrips" - } - } - }, - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportTrips" - } - } - } - } - } - } - } - }, - "/reports/stops": { - "get": { - "summary": "Fetch a list of ReportStops within the time period for the Devices or Groups", - "description": "At least one _deviceId_ or one _groupId_ must be passed", - "tags": [ - "Reports" - ], - "parameters": [ - { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportStops" - } - } - }, - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/ReportStops" - } - } - } - } - } - } - } - }, - "/statistics": { - "get": { - "summary": "Fetch server Statistics", - "tags": [ - "Statistics" - ], - "parameters": [ - { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Statistics" - } - } - } - } - } - } - } - }, - "/calendars": { - "get": { - "summary": "Fetch a list of Calendars", - "description": "Without params, it returns a list of Calendars the user has access to", - "tags": [ - "Calendars" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Calendar" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Calendar", - "tags": [ - "Calendars" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Calendar" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Calendar" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/calendars/{id}": { - "put": { - "summary": "Update a Calendar", - "tags": [ - "Calendars" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Calendar" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Calendar" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Calendar", - "tags": [ - "Calendars" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/attributes/computed": { - "get": { - "summary": "Fetch a list of Attributes", - "description": "Without params, it returns a list of Attributes the user has access to", - "tags": [ - "Attributes" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Attribute" - } - } - } - } - } - } - }, - "post": { - "summary": "Create an Attribute", - "tags": [ - "Attributes" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Attribute" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Attribute" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/attributes/computed/{id}": { - "put": { - "summary": "Update an Attribute", - "tags": [ - "Attributes" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Attribute" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Attribute" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete an Attribute", - "tags": [ - "Attributes" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/drivers": { - "get": { - "summary": "Fetch a list of Drivers", - "description": "Without params, it returns a list of Drivers the user has access to", - "tags": [ - "Drivers" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Driver" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Driver", - "tags": [ - "Drivers" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Driver" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Driver" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/drivers/{id}": { - "put": { - "summary": "Update a Driver", - "tags": [ - "Drivers" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Driver" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Driver" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Driver", - "tags": [ - "Drivers" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - }, - "/maintenance": { - "get": { - "summary": "Fetch a list of Maintenance", - "description": "Without params, it returns a list of Maintenance the user has access to", - "tags": [ - "Maintenance" - ], - "parameters": [ - { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - } - ], - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "type": "array", - "items": { - "$ref": "#/components/schemas/Maintenance" - } - } - } - } - } - } - }, - "post": { - "summary": "Create a Maintenance", - "tags": [ - "Maintenance" - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Maintenance" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Maintenance" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - } - }, - "/maintenance/{id}": { - "put": { - "summary": "Update a Maintenance", - "tags": [ - "Maintenance" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Maintenance" - } - } - }, - "required": true - }, - "responses": { - "200": { - "description": "OK", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Maintenance" - } - } - } - } - }, - "x-codegen-request-body-name": "body" - }, - "delete": { - "summary": "Delete a Maintenance", - "tags": [ - "Maintenance" - ], - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - } - ], - "responses": { - "204": { - "description": "No Content", - "content": {} - } - } - } - } - }, - "components": { - "schemas": { - "Position": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "deviceId": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "deviceTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "fixTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "serverTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "outdated": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - }, - "latitude": { - "type": "number" - }, - "longitude": { - "type": "number" - }, - "altitude": { - "type": "number" - }, - "speed": { - "type": "number", - "description": "in knots" - }, - "course": { - "type": "number" - }, - "address": { - "type": "string" - }, - "accuracy": { - "type": "number" - }, - "network": { - "type": "object", - "properties": {} - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "User": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "email": { - "type": "string" - }, - "phone": { - "type": "string" - }, - "readonly": { - "type": "boolean" - }, - "administrator": { - "type": "boolean" - }, - "map": { - "type": "string" - }, - "latitude": { - "type": "number" - }, - "longitude": { - "type": "number" - }, - "zoom": { - "type": "integer" - }, - "password": { - "type": "string" - }, - "twelveHourFormat": { - "type": "boolean" - }, - "coordinateFormat": { - "type": "string" - }, - "disabled": { - "type": "boolean" - }, - "expirationTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "deviceLimit": { - "type": "integer" - }, - "userLimit": { - "type": "integer" - }, - "deviceReadonly": { - "type": "boolean" - }, - "limitCommands": { - "type": "boolean" - }, - "poiLayer": { - "type": "string" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Server": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "registration": { - "type": "boolean" - }, - "readonly": { - "type": "boolean" - }, - "deviceReadonly": { - "type": "boolean" - }, - "limitCommands": { - "type": "boolean" - }, - "map": { - "type": "string" - }, - "bingKey": { - "type": "string" - }, - "mapUrl": { - "type": "string" - }, - "poiLayer": { - "type": "string" - }, - "latitude": { - "type": "number" - }, - "longitude": { - "type": "number" - }, - "zoom": { - "type": "integer" - }, - "twelveHourFormat": { - "type": "boolean" - }, - "version": { - "type": "string" - }, - "forceSettings": { - "type": "boolean" - }, - "coordinateFormat": { - "type": "string" - }, - "openIdEnabled": { - "type": "boolean" - }, - "openIdForce": { - "type": "boolean" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Command": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "deviceId": { - "type": "integer" - }, - "description": { - "type": "string" - }, - "type": { - "type": "string" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Device": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "uniqueId": { - "type": "string" - }, - "status": { - "type": "string" - }, - "disabled": { - "type": "boolean" - }, - "lastUpdate": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "positionId": { - "type": "integer" - }, - "groupId": { - "type": "integer" - }, - "phone": { - "type": "string" - }, - "model": { - "type": "string" - }, - "contact": { - "type": "string" - }, - "category": { - "type": "string" - }, - "geofenceIds": { - "type": "array", - "items": { - "type": "integer" - } - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Group": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "groupId": { - "type": "integer" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Permission": { - "type": "object", - "properties": { - "userId": { - "type": "integer", - "description": "User Id, can be only first parameter" - }, - "deviceId": { - "type": "integer", - "description": "Device Id, can be first parameter or second only in combination with userId" - }, - "groupId": { - "type": "integer", - "description": "Group Id, can be first parameter or second only in combination with userId" - }, - "geofenceId": { - "type": "integer", - "description": "Geofence Id, can be second parameter only" - }, - "notificationId": { - "type": "integer", - "description": "Notification Id, can be second parameter only" - }, - "calendarId": { - "type": "integer", - "description": "Calendar Id, can be second parameter only and only in combination with userId" - }, - "attributeId": { - "type": "integer", - "description": "Computed Attribute Id, can be second parameter only" - }, - "driverId": { - "type": "integer", - "description": "Driver Id, can be second parameter only" - }, - "managedUserId": { - "type": "integer", - "description": "User Id, can be second parameter only and only in combination with userId" - } - }, - "description": "This is a permission map that contain two object indexes. It is used to link/unlink objects. Order is important. Example: { deviceId:8, geofenceId: 16 }" - }, - "CommandType": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - } - }, - "Geofence": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "description": { - "type": "string" - }, - "area": { - "type": "string" - }, - "calendarId": { - "type": "integer" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Notification": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "type": { - "type": "string" - }, - "always": { - "type": "boolean" - }, - "web": { - "type": "boolean" - }, - "mail": { - "type": "boolean" - }, - "sms": { - "type": "boolean" - }, - "calendarId": { - "type": "integer" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "NotificationType": { - "type": "object", - "properties": { - "type": { - "type": "string" - } - } - }, - "Event": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "type": { - "type": "string" - }, - "eventTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "deviceId": { - "type": "integer" - }, - "positionId": { - "type": "integer" - }, - "geofenceId": { - "type": "integer" - }, - "maintenanceId": { - "type": "integer" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "ReportSummary": { - "type": "object", - "properties": { - "deviceId": { - "type": "integer" - }, - "deviceName": { - "type": "string" - }, - "maxSpeed": { - "type": "number", - "description": "in knots" - }, - "averageSpeed": { - "type": "number", - "description": "in knots" - }, - "distance": { - "type": "number", - "description": "in meters" - }, - "spentFuel": { - "type": "number", - "description": "in liters" - }, - "engineHours": { - "type": "integer" - } - } - }, - "ReportTrips": { - "type": "object", - "properties": { - "deviceId": { - "type": "integer" - }, - "deviceName": { - "type": "string" - }, - "maxSpeed": { - "type": "number", - "description": "in knots" - }, - "averageSpeed": { - "type": "number", - "description": "in knots" - }, - "distance": { - "type": "number", - "description": "in meters" - }, - "spentFuel": { - "type": "number", - "description": "in liters" - }, - "duration": { - "type": "integer" - }, - "startTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "startAddress": { - "type": "string" - }, - "startLat": { - "type": "number" - }, - "startLon": { - "type": "number" - }, - "endTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "endAddress": { - "type": "string" - }, - "endLat": { - "type": "number" - }, - "endLon": { - "type": "number" - }, - "driverUniqueId": { - "type": "integer" - }, - "driverName": { - "type": "string" - } - } - }, - "ReportStops": { - "type": "object", - "properties": { - "deviceId": { - "type": "integer" - }, - "deviceName": { - "type": "string" - }, - "duration": { - "type": "integer" - }, - "startTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "address": { - "type": "string" - }, - "lat": { - "type": "number" - }, - "lon": { - "type": "number" - }, - "endTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "spentFuel": { - "type": "number", - "description": "in liters" - }, - "engineHours": { - "type": "integer" - } - } - }, - "Statistics": { - "type": "object", - "properties": { - "captureTime": { - "type": "string", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "format": "date-time" - }, - "activeUsers": { - "type": "integer" - }, - "activeDevices": { - "type": "integer" - }, - "requests": { - "type": "integer" - }, - "messagesReceived": { - "type": "integer" - }, - "messagesStored": { - "type": "integer" - } - } - }, - "DeviceAccumulators": { - "type": "object", - "properties": { - "deviceId": { - "type": "integer" - }, - "totalDistance": { - "type": "number", - "description": "in meters" - }, - "hours": { - "type": "number" - } - } - }, - "Calendar": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "data": { - "type": "string", - "description": "base64 encoded in iCalendar format" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Attribute": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "description": { - "type": "string" - }, - "attribute": { - "type": "string" - }, - "expression": { - "type": "string" - }, - "type": { - "type": "string", - "description": "String|Number|Boolean" - } - } - }, - "Driver": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "uniqueId": { - "type": "string" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - }, - "Maintenance": { - "type": "object", - "properties": { - "id": { - "type": "integer" - }, - "name": { - "type": "string" - }, - "type": { - "type": "string" - }, - "start": { - "type": "number" - }, - "period": { - "type": "number" - }, - "attributes": { - "type": "object", - "properties": {} - } - } - } - }, - "parameters": { - "entityId": { - "name": "id", - "in": "path", - "required": true, - "schema": { - "type": "integer" - } - }, - "all": { - "name": "all", - "in": "query", - "description": "Can only be used by admins or managers to fetch all entities", - "schema": { - "type": "boolean" - } - }, - "refresh": { - "name": "refresh", - "in": "query", - "schema": { - "type": "boolean" - } - }, - "userId": { - "name": "userId", - "in": "query", - "description": "Standard users can use this only with their own _userId_", - "schema": { - "type": "integer" - } - }, - "deviceId": { - "name": "deviceId", - "in": "query", - "description": "Standard users can use this only with _deviceId_s, they have access to", - "schema": { - "type": "integer" - } - }, - "groupId": { - "name": "groupId", - "in": "query", - "description": "Standard users can use this only with _groupId_s, they have access to", - "schema": { - "type": "integer" - } - }, - "deviceIdArray": { - "name": "deviceId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - "groupIdArray": { - "name": "groupId", - "in": "query", - "style": "form", - "explode": true, - "schema": { - "type": "array", - "items": { - "type": "integer" - } - } - }, - "fromTime": { - "name": "from", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - }, - "toTime": { - "name": "to", - "in": "query", - "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", - "required": true, - "schema": { - "type": "string", - "format": "date-time" - } - } - }, - "requestBodies": { - "Device": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Device" - } - } - }, - "required": true - }, - "Permission": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Permission" - } - } - }, - "required": true - }, - "Group": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Group" - } - } - }, - "required": true - }, - "User": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/User" - } - } - }, - "required": true - }, - "Geofence": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Geofence" - } - } - }, - "required": true - }, - "Calendar": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Calendar" - } - } - }, - "required": true - }, - "Attribute": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Attribute" - } - } - }, - "required": true - }, - "Driver": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Driver" - } - } - }, - "required": true - }, - "Command": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Command" - } - } - }, - "required": true - }, - "Notification": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Notification" - } - } - }, - "required": true - }, - "Maintenance": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/Maintenance" - } - } - }, - "required": true - } - }, - "securitySchemes": { - "basicAuth": { - "type": "http", - "description": "Basic HTTP authorization with _email_ and _password_", - "scheme": "basic" - } - } - } -} +{ + "openapi": "3.0.1", + "info": { + "title": "Traccar", + "version": "5.6", + "description": "Traccar GPS tracking server API documentation. To use the API you need to have a server instance. For testing purposes you can use one of free [demo servers](https://www.traccar.org/demo-server/). For production use you can install your own server or get a [subscription service](https://www.traccar.org/product/tracking-server/).", + "contact": { + "name": "Traccar Support", + "url": "https://www.traccar.org/", + "email": "support@traccar.org" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + } + }, + "servers": [ + { + "url": "https://demo.traccar.org/api", + "description": "Demo Server 1" + }, + { + "url": "https://demo2.traccar.org/api", + "description": "Demo Server 2" + }, + { + "url": "https://demo3.traccar.org/api", + "description": "Demo Server 3" + }, + { + "url": "https://demo4.traccar.org/api", + "description": "Demo Server 4" + }, + { + "url": "https://server.traccar.org/api", + "description": "Subscription Server" + }, + { + "url": "http://{host}:{port}/api", + "description": "Other Server", + "variables": { + "host": { + "default": "localhost" + }, + "port": { + "enum": [ + "8082", + "80" + ], + "default": "8082" + } + } + } + ], + "security": [ + { + "basicAuth": [] + } + ], + "tags": [ + { + "name": "Server", + "description": "Server information" + }, + { + "name": "Session", + "description": "User session management" + }, + { + "name": "Devices", + "description": "Device management" + }, + { + "name": "Groups", + "description": "Group management" + }, + { + "name": "Users", + "description": "User management" + }, + { + "name": "Permissions", + "description": "User permissions and other object linking" + }, + { + "name": "Positions", + "description": "Retrieving raw location information" + }, + { + "name": "Events", + "description": "Retrieving event information" + }, + { + "name": "Reports", + "description": "Reports generation" + }, + { + "name": "Notifications", + "description": "User notifications management" + }, + { + "name": "Geofences", + "description": "Geofence management" + }, + { + "name": "Commands", + "description": "Sending commands to devices and stored command management" + }, + { + "name": "Attributes", + "description": "Computed attributes management" + }, + { + "name": "Drivers", + "description": "Drivers management" + }, + { + "name": "Maintenance", + "description": "Maintenance management" + }, + { + "name": "Calendars", + "description": "Calendar management" + }, + { + "name": "Statistics", + "description": "Retrieving server statistics" + } + ], + "paths": { + "/commands": { + "get": { + "summary": "Fetch a list of Saved Commands", + "tags": [ + "Commands" + ], + "description": "Without params, it returns a list of Saved Commands the user has access to", + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Command" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Saved Command", + "tags": [ + "Commands" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/commands/{id}": { + "put": { + "summary": "Update a Saved Command", + "tags": [ + "Commands" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Saved Command", + "tags": [ + "Commands" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/commands/send": { + "get": { + "summary": "Fetch a list of Saved Commands supported by Device at the moment", + "description": "Return a list of saved commands linked to Device and its groups, filtered by current Device protocol support", + "tags": [ + "Commands" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Command" + } + } + } + } + }, + "400": { + "description": "Could happen when the user doesn't have permission for the device", + "content": {} + } + } + }, + "post": { + "summary": "Dispatch commands to device", + "description": "Dispatch a new command or Saved Command if _body.id_ set", + "tags": [ + "Commands" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "Command sent", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + } + }, + "202": { + "description": "Command queued", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + } + }, + "400": { + "description": "Could happen when the user doesn't have permission or an incorrect command _type_ for the device", + "content": {} + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/commands/types": { + "get": { + "summary": "Fetch a list of available Commands for the Device or all possible Commands if Device ommited", + "tags": [ + "Commands" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "description": "Internal device identifier. Only works if device has already reported some locations", + "schema": { + "type": "integer" + } + }, + { + "name": "protocol", + "in": "query", + "description": "Protocol name. Can be used instead of device id", + "schema": { + "type": "string" + } + }, + { + "name": "textChannel", + "in": "query", + "description": "When `true` return SMS commands. If not specified or `false` return data commands", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CommandType" + } + } + } + } + }, + "400": { + "description": "Could happen when trying to fetch from a device the user does not have permission", + "content": {} + } + } + } + }, + "/devices": { + "get": { + "summary": "Fetch a list of Devices", + "description": "Without any params, returns a list of the user's devices", + "tags": [ + "Devices" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "id", + "in": "query", + "description": "To fetch one or more devices. Multiple params can be passed like `id=31&id=42`", + "schema": { + "type": "integer" + } + }, + { + "name": "uniqueId", + "in": "query", + "description": "To fetch one or more devices. Multiple params can be passed like `uniqueId=333331&uniqieId=44442`", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Device" + } + } + } + } + }, + "400": { + "description": "No permission", + "content": {} + } + } + }, + "post": { + "summary": "Create a Device", + "tags": [ + "Devices" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Device" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Device" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/devices/{id}": { + "put": { + "summary": "Update a Device", + "tags": [ + "Devices" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Device" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Device" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Device", + "tags": [ + "Devices" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/devices/{id}/accumulators": { + "put": { + "summary": "Update total distance and hours of the Device", + "tags": [ + "Devices" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeviceAccumulators" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "No Content", + "content": {} + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/groups": { + "get": { + "summary": "Fetch a list of Groups", + "description": "Without any params, returns a list of the Groups the user belongs to", + "tags": [ + "Groups" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Group" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Group", + "tags": [ + "Groups" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Group" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Group" + } + } + } + }, + "400": { + "description": "No permission", + "content": {} + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/groups/{id}": { + "put": { + "summary": "Update a Group", + "tags": [ + "Groups" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Group" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Group" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Group", + "tags": [ + "Groups" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/permissions": { + "post": { + "summary": "Link an Object to another Object", + "tags": [ + "Permissions" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Permission" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "No Content", + "content": {} + }, + "400": { + "description": "No permission", + "content": {} + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Unlink an Object from another Object", + "tags": [ + "Permissions" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Permission" + } + } + }, + "required": true + }, + "responses": { + "204": { + "description": "No Content", + "content": {} + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/positions": { + "get": { + "summary": "Fetches a list of Positions", + "description": "We strongly recommend using [Traccar WebSocket API](https://www.traccar.org/traccar-api/) instead of periodically polling positions endpoint. Without any params, it returns a list of last known positions for all the user's Devices. _from_ and _to_ fields are not required with _id_.", + "tags": [ + "Positions" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "description": "_deviceId_ is optional, but requires the _from_ and _to_ parameters when used", + "schema": { + "type": "integer" + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "id", + "in": "query", + "description": "To fetch one or more positions. Multiple params can be passed like `id=31&id=42`", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Position" + } + } + }, + "text/csv": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Position" + } + } + }, + "application/gpx+xml": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Position" + } + } + } + } + } + } + } + }, + "/server": { + "get": { + "summary": "Fetch Server information", + "tags": [ + "Server" + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server" + } + } + } + } + } + }, + "put": { + "summary": "Update Server information", + "tags": [ + "Server" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Server" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/session": { + "get": { + "summary": "Fetch Session information", + "tags": [ + "Session" + ], + "parameters": [ + { + "name": "token", + "in": "query", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + } + }, + "404": { + "description": "Not Found", + "content": {} + } + } + }, + "post": { + "summary": "Create a new Session", + "tags": [ + "Session" + ], + "requestBody": { + "content": { + "application/x-www-form-urlencoded": { + "schema": { + "required": [ + "email", + "password" + ], + "properties": { + "email": { + "type": "string" + }, + "password": { + "type": "string", + "format": "password" + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + } + }, + "401": { + "description": "Unauthorized", + "content": {} + } + } + }, + "delete": { + "summary": "Close the Session", + "tags": [ + "Session" + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/session/openid/auth": { + "get": { + "summary": "Fetch Session information", + "tags": [ + "Session" + ], + "parameters": [ + { + } + ], + "responses": { + "303": { + "description": "Redirect to OpenID Connect identity provider", + "content": { } + } + } + } + }, + "/session/openid/callback": { + "get": { + "summary": "OpenID Callback", + "tags": [ + "Session" + ], + "parameters": [ + { + } + ], + "responses": { + "303": { + "description": "Successful authentication, redirect to homepage", + "content": { } + } + } + } + }, + "/users": { + "get": { + "summary": "Fetch a list of Users", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "userId", + "in": "query", + "description": "Can only be used by admin or manager users", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/User" + } + } + } + } + }, + "400": { + "description": "No Permission", + "content": {} + } + } + }, + "post": { + "summary": "Create a User", + "tags": [ + "Users" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/users/{id}": { + "put": { + "summary": "Update a User", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a User", + "tags": [ + "Users" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/notifications": { + "get": { + "summary": "Fetch a list of Notifications", + "description": "Without params, it returns a list of Notifications the user has access to", + "tags": [ + "Notifications" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Notification" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Notification", + "tags": [ + "Notifications" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Notification" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Notification" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/notifications/{id}": { + "put": { + "summary": "Update a Notification", + "tags": [ + "Notifications" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Notification" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Notification" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Notification", + "tags": [ + "Notifications" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/notifications/types": { + "get": { + "summary": "Fetch a list of available Notification types", + "tags": [ + "Notifications" + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/NotificationType" + } + } + } + } + } + } + } + }, + "/notifications/test": { + "post": { + "summary": "Send test notification to current user via Email and SMS", + "tags": [ + "Notifications" + ], + "responses": { + "204": { + "description": "Successful sending", + "content": {} + }, + "400": { + "description": "Could happen if sending has failed", + "content": {} + } + } + } + }, + "/geofences": { + "get": { + "summary": "Fetch a list of Geofences", + "description": "Without params, it returns a list of Geofences the user has access to", + "tags": [ + "Geofences" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Geofence" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Geofence", + "tags": [ + "Geofences" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Geofence" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Geofence" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/geofences/{id}": { + "put": { + "summary": "Update a Geofence", + "tags": [ + "Geofences" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Geofence" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Geofence" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Geofence", + "tags": [ + "Geofences" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/events/{id}": { + "get": { + "tags": [ + "Events" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Event" + } + } + } + } + } + } + }, + "/reports/route": { + "get": { + "summary": "Fetch a list of Positions within the time period for the Devices or Groups", + "description": "At least one _deviceId_ or one _groupId_ must be passed", + "tags": [ + "Reports" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Position" + } + } + }, + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Position" + } + } + } + } + } + } + } + }, + "/reports/events": { + "get": { + "summary": "Fetch a list of Events within the time period for the Devices or Groups", + "description": "At least one _deviceId_ or one _groupId_ must be passed", + "tags": [ + "Reports" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "type", + "in": "query", + "description": "% can be used to return events of all types", + "style": "form", + "explode": false, + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Event" + } + } + }, + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Event" + } + } + } + } + } + } + } + }, + "/reports/summary": { + "get": { + "summary": "Fetch a list of ReportSummary within the time period for the Devices or Groups", + "description": "At least one _deviceId_ or one _groupId_ must be passed", + "tags": [ + "Reports" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportSummary" + } + } + }, + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportSummary" + } + } + } + } + } + } + } + }, + "/reports/trips": { + "get": { + "summary": "Fetch a list of ReportTrips within the time period for the Devices or Groups", + "description": "At least one _deviceId_ or one _groupId_ must be passed", + "tags": [ + "Reports" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportTrips" + } + } + }, + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportTrips" + } + } + } + } + } + } + } + }, + "/reports/stops": { + "get": { + "summary": "Fetch a list of ReportStops within the time period for the Devices or Groups", + "description": "At least one _deviceId_ or one _groupId_ must be passed", + "tags": [ + "Reports" + ], + "parameters": [ + { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportStops" + } + } + }, + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ReportStops" + } + } + } + } + } + } + } + }, + "/statistics": { + "get": { + "summary": "Fetch server Statistics", + "tags": [ + "Statistics" + ], + "parameters": [ + { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Statistics" + } + } + } + } + } + } + } + }, + "/calendars": { + "get": { + "summary": "Fetch a list of Calendars", + "description": "Without params, it returns a list of Calendars the user has access to", + "tags": [ + "Calendars" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Calendar" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Calendar", + "tags": [ + "Calendars" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Calendar" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Calendar" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/calendars/{id}": { + "put": { + "summary": "Update a Calendar", + "tags": [ + "Calendars" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Calendar" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Calendar" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Calendar", + "tags": [ + "Calendars" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/attributes/computed": { + "get": { + "summary": "Fetch a list of Attributes", + "description": "Without params, it returns a list of Attributes the user has access to", + "tags": [ + "Attributes" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Attribute" + } + } + } + } + } + } + }, + "post": { + "summary": "Create an Attribute", + "tags": [ + "Attributes" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Attribute" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Attribute" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/attributes/computed/{id}": { + "put": { + "summary": "Update an Attribute", + "tags": [ + "Attributes" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Attribute" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Attribute" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete an Attribute", + "tags": [ + "Attributes" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/drivers": { + "get": { + "summary": "Fetch a list of Drivers", + "description": "Without params, it returns a list of Drivers the user has access to", + "tags": [ + "Drivers" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Driver" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Driver", + "tags": [ + "Drivers" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Driver" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Driver" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/drivers/{id}": { + "put": { + "summary": "Update a Driver", + "tags": [ + "Drivers" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Driver" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Driver" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Driver", + "tags": [ + "Drivers" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + }, + "/maintenance": { + "get": { + "summary": "Fetch a list of Maintenance", + "description": "Without params, it returns a list of Maintenance the user has access to", + "tags": [ + "Maintenance" + ], + "parameters": [ + { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Maintenance" + } + } + } + } + } + } + }, + "post": { + "summary": "Create a Maintenance", + "tags": [ + "Maintenance" + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Maintenance" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Maintenance" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + } + }, + "/maintenance/{id}": { + "put": { + "summary": "Update a Maintenance", + "tags": [ + "Maintenance" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Maintenance" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Maintenance" + } + } + } + } + }, + "x-codegen-request-body-name": "body" + }, + "delete": { + "summary": "Delete a Maintenance", + "tags": [ + "Maintenance" + ], + "parameters": [ + { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + } + ], + "responses": { + "204": { + "description": "No Content", + "content": {} + } + } + } + } + }, + "components": { + "schemas": { + "Position": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "deviceId": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "deviceTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "fixTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "serverTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "outdated": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + }, + "latitude": { + "type": "number" + }, + "longitude": { + "type": "number" + }, + "altitude": { + "type": "number" + }, + "speed": { + "type": "number", + "description": "in knots" + }, + "course": { + "type": "number" + }, + "address": { + "type": "string" + }, + "accuracy": { + "type": "number" + }, + "network": { + "type": "object", + "properties": {} + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "User": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "email": { + "type": "string" + }, + "phone": { + "type": "string" + }, + "readonly": { + "type": "boolean" + }, + "administrator": { + "type": "boolean" + }, + "map": { + "type": "string" + }, + "latitude": { + "type": "number" + }, + "longitude": { + "type": "number" + }, + "zoom": { + "type": "integer" + }, + "password": { + "type": "string" + }, + "twelveHourFormat": { + "type": "boolean" + }, + "coordinateFormat": { + "type": "string" + }, + "disabled": { + "type": "boolean" + }, + "expirationTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "deviceLimit": { + "type": "integer" + }, + "userLimit": { + "type": "integer" + }, + "deviceReadonly": { + "type": "boolean" + }, + "limitCommands": { + "type": "boolean" + }, + "poiLayer": { + "type": "string" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Server": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "registration": { + "type": "boolean" + }, + "readonly": { + "type": "boolean" + }, + "deviceReadonly": { + "type": "boolean" + }, + "limitCommands": { + "type": "boolean" + }, + "map": { + "type": "string" + }, + "bingKey": { + "type": "string" + }, + "mapUrl": { + "type": "string" + }, + "poiLayer": { + "type": "string" + }, + "latitude": { + "type": "number" + }, + "longitude": { + "type": "number" + }, + "zoom": { + "type": "integer" + }, + "twelveHourFormat": { + "type": "boolean" + }, + "version": { + "type": "string" + }, + "forceSettings": { + "type": "boolean" + }, + "coordinateFormat": { + "type": "string" + }, + "openIdEnabled": { + "type": "boolean" + }, + "openIdForce": { + "type": "boolean" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Command": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "deviceId": { + "type": "integer" + }, + "description": { + "type": "string" + }, + "type": { + "type": "string" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Device": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "uniqueId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "disabled": { + "type": "boolean" + }, + "lastUpdate": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "positionId": { + "type": "integer" + }, + "groupId": { + "type": "integer" + }, + "phone": { + "type": "string" + }, + "model": { + "type": "string" + }, + "contact": { + "type": "string" + }, + "category": { + "type": "string" + }, + "geofenceIds": { + "type": "array", + "items": { + "type": "integer" + } + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Group": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "groupId": { + "type": "integer" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Permission": { + "type": "object", + "properties": { + "userId": { + "type": "integer", + "description": "User Id, can be only first parameter" + }, + "deviceId": { + "type": "integer", + "description": "Device Id, can be first parameter or second only in combination with userId" + }, + "groupId": { + "type": "integer", + "description": "Group Id, can be first parameter or second only in combination with userId" + }, + "geofenceId": { + "type": "integer", + "description": "Geofence Id, can be second parameter only" + }, + "notificationId": { + "type": "integer", + "description": "Notification Id, can be second parameter only" + }, + "calendarId": { + "type": "integer", + "description": "Calendar Id, can be second parameter only and only in combination with userId" + }, + "attributeId": { + "type": "integer", + "description": "Computed Attribute Id, can be second parameter only" + }, + "driverId": { + "type": "integer", + "description": "Driver Id, can be second parameter only" + }, + "managedUserId": { + "type": "integer", + "description": "User Id, can be second parameter only and only in combination with userId" + } + }, + "description": "This is a permission map that contain two object indexes. It is used to link/unlink objects. Order is important. Example: { deviceId:8, geofenceId: 16 }" + }, + "CommandType": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "Geofence": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "description": { + "type": "string" + }, + "area": { + "type": "string" + }, + "calendarId": { + "type": "integer" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Notification": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "type": { + "type": "string" + }, + "always": { + "type": "boolean" + }, + "web": { + "type": "boolean" + }, + "mail": { + "type": "boolean" + }, + "sms": { + "type": "boolean" + }, + "calendarId": { + "type": "integer" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "NotificationType": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + }, + "Event": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "type": { + "type": "string" + }, + "eventTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "deviceId": { + "type": "integer" + }, + "positionId": { + "type": "integer" + }, + "geofenceId": { + "type": "integer" + }, + "maintenanceId": { + "type": "integer" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "ReportSummary": { + "type": "object", + "properties": { + "deviceId": { + "type": "integer" + }, + "deviceName": { + "type": "string" + }, + "maxSpeed": { + "type": "number", + "description": "in knots" + }, + "averageSpeed": { + "type": "number", + "description": "in knots" + }, + "distance": { + "type": "number", + "description": "in meters" + }, + "spentFuel": { + "type": "number", + "description": "in liters" + }, + "engineHours": { + "type": "integer" + } + } + }, + "ReportTrips": { + "type": "object", + "properties": { + "deviceId": { + "type": "integer" + }, + "deviceName": { + "type": "string" + }, + "maxSpeed": { + "type": "number", + "description": "in knots" + }, + "averageSpeed": { + "type": "number", + "description": "in knots" + }, + "distance": { + "type": "number", + "description": "in meters" + }, + "spentFuel": { + "type": "number", + "description": "in liters" + }, + "duration": { + "type": "integer" + }, + "startTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "startAddress": { + "type": "string" + }, + "startLat": { + "type": "number" + }, + "startLon": { + "type": "number" + }, + "endTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "endAddress": { + "type": "string" + }, + "endLat": { + "type": "number" + }, + "endLon": { + "type": "number" + }, + "driverUniqueId": { + "type": "integer" + }, + "driverName": { + "type": "string" + } + } + }, + "ReportStops": { + "type": "object", + "properties": { + "deviceId": { + "type": "integer" + }, + "deviceName": { + "type": "string" + }, + "duration": { + "type": "integer" + }, + "startTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "address": { + "type": "string" + }, + "lat": { + "type": "number" + }, + "lon": { + "type": "number" + }, + "endTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "spentFuel": { + "type": "number", + "description": "in liters" + }, + "engineHours": { + "type": "integer" + } + } + }, + "Statistics": { + "type": "object", + "properties": { + "captureTime": { + "type": "string", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "format": "date-time" + }, + "activeUsers": { + "type": "integer" + }, + "activeDevices": { + "type": "integer" + }, + "requests": { + "type": "integer" + }, + "messagesReceived": { + "type": "integer" + }, + "messagesStored": { + "type": "integer" + } + } + }, + "DeviceAccumulators": { + "type": "object", + "properties": { + "deviceId": { + "type": "integer" + }, + "totalDistance": { + "type": "number", + "description": "in meters" + }, + "hours": { + "type": "number" + } + } + }, + "Calendar": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "data": { + "type": "string", + "description": "base64 encoded in iCalendar format" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Attribute": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "description": { + "type": "string" + }, + "attribute": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "type": { + "type": "string", + "description": "String|Number|Boolean" + } + } + }, + "Driver": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "uniqueId": { + "type": "string" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + }, + "Maintenance": { + "type": "object", + "properties": { + "id": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + }, + "start": { + "type": "number" + }, + "period": { + "type": "number" + }, + "attributes": { + "type": "object", + "properties": {} + } + } + } + }, + "parameters": { + "entityId": { + "name": "id", + "in": "path", + "required": true, + "schema": { + "type": "integer" + } + }, + "all": { + "name": "all", + "in": "query", + "description": "Can only be used by admins or managers to fetch all entities", + "schema": { + "type": "boolean" + } + }, + "refresh": { + "name": "refresh", + "in": "query", + "schema": { + "type": "boolean" + } + }, + "userId": { + "name": "userId", + "in": "query", + "description": "Standard users can use this only with their own _userId_", + "schema": { + "type": "integer" + } + }, + "deviceId": { + "name": "deviceId", + "in": "query", + "description": "Standard users can use this only with _deviceId_s, they have access to", + "schema": { + "type": "integer" + } + }, + "groupId": { + "name": "groupId", + "in": "query", + "description": "Standard users can use this only with _groupId_s, they have access to", + "schema": { + "type": "integer" + } + }, + "deviceIdArray": { + "name": "deviceId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + "groupIdArray": { + "name": "groupId", + "in": "query", + "style": "form", + "explode": true, + "schema": { + "type": "array", + "items": { + "type": "integer" + } + } + }, + "fromTime": { + "name": "from", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + }, + "toTime": { + "name": "to", + "in": "query", + "description": "in IS0 8601 format. eg. `1963-11-22T18:30:00Z`", + "required": true, + "schema": { + "type": "string", + "format": "date-time" + } + } + }, + "requestBodies": { + "Device": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Device" + } + } + }, + "required": true + }, + "Permission": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Permission" + } + } + }, + "required": true + }, + "Group": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Group" + } + } + }, + "required": true + }, + "User": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/User" + } + } + }, + "required": true + }, + "Geofence": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Geofence" + } + } + }, + "required": true + }, + "Calendar": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Calendar" + } + } + }, + "required": true + }, + "Attribute": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Attribute" + } + } + }, + "required": true + }, + "Driver": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Driver" + } + } + }, + "required": true + }, + "Command": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Command" + } + } + }, + "required": true + }, + "Notification": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Notification" + } + } + }, + "required": true + }, + "Maintenance": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Maintenance" + } + } + }, + "required": true + } + }, + "securitySchemes": { + "basicAuth": { + "type": "http", + "description": "Basic HTTP authorization with _email_ and _password_", + "scheme": "basic" + } + } + } +} -- cgit v1.2.3 From 9de791026d5aaf5b5997ed7fab4d30c6cb1fb057 Mon Sep 17 00:00:00 2001 From: Dan Date: Mon, 3 Apr 2023 17:53:15 +0100 Subject: Lint fixes --- src/main/java/org/traccar/MainModule.java | 2 +- .../org/traccar/api/resource/ServerResource.java | 2 +- .../org/traccar/api/resource/SessionResource.java | 2 +- .../org/traccar/api/resource/UserResource.java | 1 - .../org/traccar/api/security/LoginService.java | 2 +- src/main/java/org/traccar/config/Keys.java | 2 +- .../java/org/traccar/database/OpenIdProvider.java | 73 ++++++++++++---------- 7 files changed, 46 insertions(+), 38 deletions(-) (limited to 'src/main/java/org/traccar/api/security/LoginService.java') diff --git a/src/main/java/org/traccar/MainModule.java b/src/main/java/org/traccar/MainModule.java index 7b06b4840..51097511a 100644 --- a/src/main/java/org/traccar/MainModule.java +++ b/src/main/java/org/traccar/MainModule.java @@ -171,7 +171,7 @@ public class MainModule extends AbstractModule { } return null; } - + @Singleton @Provides public static OpenIdProvider provideOpenIDProvider(Config config, LoginService loginService) { diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java index 9b4d82a66..6a3b8919e 100644 --- a/src/main/java/org/traccar/api/resource/ServerResource.java +++ b/src/main/java/org/traccar/api/resource/ServerResource.java @@ -71,7 +71,7 @@ public class ServerResource extends BaseResource { server.setEmailEnabled(mailManager.getEmailEnabled()); server.setGeocoderEnabled(geocoder != null); server.setOpenIdEnabled(openIdProvider != null); - server.setOpenIdForce(openIdProvider != null && openIdProvider.force); + server.setOpenIdForce(openIdProvider != null && openIdProvider.getForce()); User user = permissionsService.getUser(getUserId()); if (user != null) { if (user.getAdministrator()) { diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java index 94a6a4595..ac39fa449 100644 --- a/src/main/java/org/traccar/api/resource/SessionResource.java +++ b/src/main/java/org/traccar/api/resource/SessionResource.java @@ -174,7 +174,7 @@ public class SessionResource extends BaseResource { public Response openIdAuth() throws IOException { return Response.seeOther(openIdProvider.createAuthUri()).build(); } - + @PermitAll @Path("openid/callback") @GET diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index 1c58cec3c..19d88782f 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -17,7 +17,6 @@ package org.traccar.api.resource; import org.traccar.api.BaseObjectResource; import org.traccar.config.Config; -import org.traccar.config.Keys; import org.traccar.helper.LogAction; import org.traccar.helper.model.UserUtil; import org.traccar.model.ManagedUser; diff --git a/src/main/java/org/traccar/api/security/LoginService.java b/src/main/java/org/traccar/api/security/LoginService.java index d92f7ce15..c7482a2e3 100644 --- a/src/main/java/org/traccar/api/security/LoginService.java +++ b/src/main/java/org/traccar/api/security/LoginService.java @@ -107,7 +107,7 @@ public class LoginService { user.setEmail(email); user.setFixedEmail(true); user.setAdministrator(administrator); - user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); + user.setId(storage.addObject(user, new Request(new Columns.Exclude("id")))); checkUserEnabled(user); return user; } diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java index a666667d4..707e9e815 100644 --- a/src/main/java/org/traccar/config/Keys.java +++ b/src/main/java/org/traccar/config/Keys.java @@ -628,7 +628,7 @@ public final class Keys { List.of(KeyType.CONFIG)); /** - * OpenID Connect Client Secret. + * OpenID Connect Client Secret. * This is a secret assigned to each application you register with your identity provider. * Required to enable SSO. */ diff --git a/src/main/java/org/traccar/database/OpenIdProvider.java b/src/main/java/org/traccar/database/OpenIdProvider.java index 5e5c54523..f5c7eef15 100644 --- a/src/main/java/org/traccar/database/OpenIdProvider.java +++ b/src/main/java/org/traccar/database/OpenIdProvider.java @@ -50,7 +50,6 @@ import com.nimbusds.oauth2.sdk.token.BearerAccessToken; import com.nimbusds.oauth2.sdk.id.State; import com.nimbusds.oauth2.sdk.id.ClientID; import com.nimbusds.openid.connect.sdk.OIDCTokenResponse; -import com.nimbusds.openid.connect.sdk.Nonce; import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser; import com.nimbusds.openid.connect.sdk.UserInfoResponse; import com.nimbusds.openid.connect.sdk.UserInfoRequest; @@ -60,8 +59,8 @@ import com.nimbusds.openid.connect.sdk.claims.UserInfo; public class OpenIdProvider { private static final Logger LOGGER = LoggerFactory.getLogger(OpenIdProvider.class); - - public final Boolean force; + + private final Boolean force; private final ClientID clientId; private final ClientAuthentication clientAuth; private URI callbackUrl; @@ -74,7 +73,7 @@ public class OpenIdProvider { private LoginService loginService; @Inject - public OpenIdProvider(Config config, LoginService loginService) { + public OpenIdProvider(Config config, LoginService loginService) { this.loginService = loginService; force = config.getBoolean(Keys.OPENID_FORCE); @@ -87,7 +86,7 @@ public class OpenIdProvider { tokenUrl = new URI(config.getString(Keys.OPENID_TOKENURL, "")); userInfoUrl = new URI(config.getString(Keys.OPENID_USERINFOURL, "")); baseUrl = new URI(config.getString(Keys.WEB_URL, "")); - } catch(URISyntaxException error) { + } catch (URISyntaxException error) { LOGGER.error("Invalid URIs provided in OpenID configuration"); } @@ -100,24 +99,25 @@ public class OpenIdProvider { new Scope("openid", "profile", "email", "groups"), clientId, callbackUrl); - + return request.endpointURI(authUrl) .state(new State()) .build() .toURI(); } - private OIDCTokenResponse getToken(AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { - AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); - TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); + private OIDCTokenResponse getToken( + AuthorizationCode code) throws IOException, ParseException, GeneralSecurityException { + AuthorizationGrant codeGrant = new AuthorizationCodeGrant(code, callbackUrl); + TokenRequest tokenRequest = new TokenRequest(tokenUrl, clientAuth, codeGrant); - HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); - TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); - if (!token.indicatesSuccess()) { - throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); - } + HTTPResponse tokenResponse = tokenRequest.toHTTPRequest().send(); + TokenResponse token = OIDCTokenResponseParser.parse(tokenResponse); + if (!token.indicatesSuccess()) { + throw new GeneralSecurityException("Unable to authenticate with the OpenID Connect provider."); + } - return (OIDCTokenResponse) token.toSuccessResponse(); + return (OIDCTokenResponse) token.toSuccessResponse(); } private UserInfo getUserInfo(BearerAccessToken token) throws IOException, ParseException, GeneralSecurityException { @@ -128,36 +128,45 @@ public class OpenIdProvider { UserInfoResponse userInfoResponse = UserInfoResponse.parse(httpResponse); if (!userInfoResponse.indicatesSuccess()) { - throw new GeneralSecurityException("Failed to access OpenID Connect user info endpoint. Please contact your administrator."); + throw new GeneralSecurityException( + "Failed to access OpenID Connect user info endpoint. Please contact your administrator."); } return userInfoResponse.toSuccessResponse().getUserInfo(); } - public URI handleCallback(URI requestUri, HttpServletRequest request) throws StorageException, ParseException, IOException, GeneralSecurityException { - AuthorizationResponse response = AuthorizationResponse.parse(requestUri); + public URI handleCallback( + URI requestUri, HttpServletRequest request + ) throws StorageException, ParseException, IOException, GeneralSecurityException { + AuthorizationResponse response = AuthorizationResponse.parse(requestUri); - if (!response.indicatesSuccess()) { - throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); - } + if (!response.indicatesSuccess()) { + throw new GeneralSecurityException(response.toErrorResponse().getErrorObject().getDescription()); + } - AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); + AuthorizationCode authCode = response.toSuccessResponse().getAuthorizationCode(); - if (authCode == null) { - throw new GeneralSecurityException( "Malformed OpenID callback."); - } + if (authCode == null) { + throw new GeneralSecurityException("Malformed OpenID callback."); + } + + OIDCTokenResponse tokens = getToken(authCode); - OIDCTokenResponse tokens = getToken(authCode); + BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); - BearerAccessToken bearerToken = tokens.getOIDCTokens().getBearerAccessToken(); + UserInfo userInfo = getUserInfo(bearerToken); - UserInfo userInfo = getUserInfo(bearerToken); + User user = loginService.login( + userInfo.getEmailAddress(), userInfo.getName(), + userInfo.getStringListClaim("groups").contains(adminGroup)); - User user = loginService.login(userInfo.getEmailAddress(), userInfo.getName(), userInfo.getStringListClaim("groups").contains(adminGroup)); + request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); + LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); - request.getSession().setAttribute(SessionResource.USER_ID_KEY, user.getId()); - LogAction.login(user.getId(), ServletHelper.retrieveRemoteAddress(request)); + return baseUrl; + } - return baseUrl; + public boolean getForce() { + return force; } } -- cgit v1.2.3