From 28ccd407642bac5ded03a256c43349dff9a67ee4 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Sat, 26 Aug 2023 15:04:20 -0700 Subject: Remove deleted account session --- src/main/java/org/traccar/api/resource/UserResource.java | 15 +++++++++++++++ .../org/traccar/api/security/SecurityRequestFilter.java | 9 ++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/main/java/org/traccar/api/resource/UserResource.java b/src/main/java/org/traccar/api/resource/UserResource.java index cbee3bd4a..587be014b 100644 --- a/src/main/java/org/traccar/api/resource/UserResource.java +++ b/src/main/java/org/traccar/api/resource/UserResource.java @@ -15,6 +15,10 @@ */ package org.traccar.api.resource; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.ws.rs.DELETE; +import jakarta.ws.rs.PathParam; +import jakarta.ws.rs.core.Context; import org.traccar.api.BaseObjectResource; import org.traccar.config.Config; import org.traccar.helper.LogAction; @@ -47,6 +51,9 @@ public class UserResource extends BaseObjectResource { @Inject private Config config; + @Context + private HttpServletRequest request; + public UserResource() { super(User.class); } @@ -111,4 +118,12 @@ public class UserResource extends BaseObjectResource { return Response.ok(entity).build(); } + @Path("{id}") + @DELETE + public Response remove(@PathParam("id") long id) throws StorageException { + Response response = super.remove(id); + request.getSession().removeAttribute(SessionResource.USER_ID_KEY); + return response; + } + } diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java index a34361854..ee964c9e4 100644 --- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java +++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java @@ -101,9 +101,12 @@ public class SecurityRequestFilter implements ContainerRequestFilter { Long userId = (Long) request.getSession().getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { - injector.getInstance(PermissionsService.class).getUser(userId).checkDisabled(); - statisticsManager.registerRequest(userId); - securityContext = new UserSecurityContext(new UserPrincipal(userId)); + User user = injector.getInstance(PermissionsService.class).getUser(userId); + if (user != null) { + user.checkDisabled(); + statisticsManager.registerRequest(userId); + securityContext = new UserSecurityContext(new UserPrincipal(userId)); + } } } -- cgit v1.2.3