From fc8678b22929026e6c62284add8ff1cbca247f20 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Sun, 26 Nov 2023 08:18:32 -0800
Subject: Store session expiration

---
 src/main/java/org/traccar/api/resource/SessionResource.java   |  6 +++++-
 .../java/org/traccar/api/security/SecurityRequestFilter.java  |  7 +++++--
 src/main/java/org/traccar/api/security/UserPrincipal.java     | 11 +++++++++--
 3 files changed, 19 insertions(+), 5 deletions(-)

(limited to 'src/main/java/org/traccar')

diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index 3e80e0020..0435f4f92 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -17,6 +17,7 @@ package org.traccar.api.resource;
 
 import org.traccar.api.BaseResource;
 import org.traccar.api.security.CodeRequiredException;
+import org.traccar.api.security.LoginResult;
 import org.traccar.api.security.LoginService;
 import org.traccar.api.signature.TokenManager;
 import org.traccar.database.OpenIdProvider;
@@ -61,6 +62,7 @@ import java.net.URI;
 public class SessionResource extends BaseResource {
 
     public static final String USER_ID_KEY = "userId";
+    public static final String EXPIRATION_KEY = "expiration";
     public static final String USER_COOKIE_KEY = "user";
     public static final String PASS_COOKIE_KEY = "password";
 
@@ -82,9 +84,11 @@ public class SessionResource extends BaseResource {
     public User get(@QueryParam("token") String token) throws StorageException, IOException, GeneralSecurityException {
 
         if (token != null) {
-            User user = loginService.login(token).getUser();
+            LoginResult loginResult = loginService.login(token);
+            User user = loginResult.getUser();
             if (user != null) {
                 request.getSession().setAttribute(USER_ID_KEY, user.getId());
+                request.getSession().setAttribute(EXPIRATION_KEY, loginResult.getExpiration());
                 LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
                 return user;
             }
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index e308024da..c33a80015 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -38,6 +38,7 @@ import java.io.IOException;
 import java.lang.reflect.Method;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
+import java.util.Date;
 
 public class SecurityRequestFilter implements ContainerRequestFilter {
 
@@ -92,7 +93,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
                     User user = loginResult.getUser();
                     if (user != null) {
                         statisticsManager.registerRequest(user.getId());
-                        securityContext = new UserSecurityContext(new UserPrincipal(user.getId()));
+                        securityContext = new UserSecurityContext(
+                                new UserPrincipal(user.getId(), loginResult.getExpiration()));
                     }
                 } catch (StorageException | GeneralSecurityException | IOException e) {
                     throw new WebApplicationException(e);
@@ -101,12 +103,13 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
             } else if (request.getSession() != null) {
 
                 Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
+                Date expiration = (Date) request.getSession().getAttribute(SessionResource.EXPIRATION_KEY);
                 if (userId != null) {
                     User user = injector.getInstance(PermissionsService.class).getUser(userId);
                     if (user != null) {
                         user.checkDisabled();
                         statisticsManager.registerRequest(userId);
-                        securityContext = new UserSecurityContext(new UserPrincipal(userId));
+                        securityContext = new UserSecurityContext(new UserPrincipal(userId, expiration));
                     }
                 }
 
diff --git a/src/main/java/org/traccar/api/security/UserPrincipal.java b/src/main/java/org/traccar/api/security/UserPrincipal.java
index 18b84a0e1..83bd06fe9 100644
--- a/src/main/java/org/traccar/api/security/UserPrincipal.java
+++ b/src/main/java/org/traccar/api/security/UserPrincipal.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 - 2020 Anton Tananaev (anton@traccar.org)
+ * Copyright 2015 - 2023 Anton Tananaev (anton@traccar.org)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,19 +16,26 @@
 package org.traccar.api.security;
 
 import java.security.Principal;
+import java.util.Date;
 
 public class UserPrincipal implements Principal {
 
     private final long userId;
+    private final Date expiration;
 
-    public UserPrincipal(long userId) {
+    public UserPrincipal(long userId, Date expiration) {
         this.userId = userId;
+        this.expiration = expiration;
     }
 
     public Long getUserId() {
         return userId;
     }
 
+    public Date getExpiration() {
+        return expiration;
+    }
+
     @Override
     public String getName() {
         return null;
-- 
cgit v1.2.3