From 28ccd407642bac5ded03a256c43349dff9a67ee4 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Sat, 26 Aug 2023 15:04:20 -0700
Subject: Remove deleted account session

---
 src/main/java/org/traccar/api/resource/UserResource.java  | 15 +++++++++++++++
 .../org/traccar/api/security/SecurityRequestFilter.java   |  9 ++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'src/main/java')

diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java
index cbee3bd4a..587be014b 100644
--- a/src/main/java/org/traccar/api/resource/UserResource.java
+++ b/src/main/java/org/traccar/api/resource/UserResource.java
@@ -15,6 +15,10 @@
  */
 package org.traccar.api.resource;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.ws.rs.DELETE;
+import jakarta.ws.rs.PathParam;
+import jakarta.ws.rs.core.Context;
 import org.traccar.api.BaseObjectResource;
 import org.traccar.config.Config;
 import org.traccar.helper.LogAction;
@@ -47,6 +51,9 @@ public class UserResource extends BaseObjectResource<User> {
     @Inject
     private Config config;
 
+    @Context
+    private HttpServletRequest request;
+
     public UserResource() {
         super(User.class);
     }
@@ -111,4 +118,12 @@ public class UserResource extends BaseObjectResource<User> {
         return Response.ok(entity).build();
     }
 
+    @Path("{id}")
+    @DELETE
+    public Response remove(@PathParam("id") long id) throws StorageException {
+        Response response = super.remove(id);
+        request.getSession().removeAttribute(SessionResource.USER_ID_KEY);
+        return response;
+    }
+
 }
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index a34361854..ee964c9e4 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -101,9 +101,12 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
 
                 Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY);
                 if (userId != null) {
-                    injector.getInstance(PermissionsService.class).getUser(userId).checkDisabled();
-                    statisticsManager.registerRequest(userId);
-                    securityContext = new UserSecurityContext(new UserPrincipal(userId));
+                    User user = injector.getInstance(PermissionsService.class).getUser(userId);
+                    if (user != null) {
+                        user.checkDisabled();
+                        statisticsManager.registerRequest(userId);
+                        securityContext = new UserSecurityContext(new UserPrincipal(userId));
+                    }
                 }
 
             }
-- 
cgit v1.2.3