public static void authenticate(
@Required String username, String password, String hash, boolean remember) throws Throwable {
Boolean allowed = false;
allowed = Security.authenticate(username, password);
String redirectUrl = flash.get("url");
if (validation.hasErrors() || !allowed) {
flash.put("url", redirectUrl);
flash.error("secure.error");
params.flash();
Secure.login();
}
session.put("username", username);
if (remember) {
response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
}
if (redirectUrl == null) redirectUrl = "/";
if (hash != null) redirectUrl += hash;
redirect(redirectUrl);
}
public void beforeRoleCheck() {
// Note that if you provide your own implementation of Secure's Security class you would refer
// to that instead
if (!Secure.Security.isConnected()) {
try {
if (!session.contains("username")) {
flash.put("url", "GET".equals(request.method) ? request.url : "/");
Secure.login();
}
} catch (Throwable t) {
// handle this in an app-specific way
}
}
}
public static void forget() throws Throwable {
String username = params.get("username");
String mobile = params.get("mobile");
Profile p = Profile.find("user.username=? and contact_phone=?", username, mobile).first();
if (p == null) {
flash.error("用户名和手机不匹配,请确认您输入的信息");
flash.put("username", username);
toForget();
} else {
// SendSMS
SendMessage m = new SendMessage();
m.sendSms(p.contact_phone, "您的密码为:" + p.user.password, "0000009");
flash.success("您的密码已发送您的手机,请查收");
flash.put("username", username);
Secure.login();
}
}
