public static void authenticate( @Required String username, String password, String hash, boolean remember) throws Throwable { Boolean allowed = false; allowed = Security.authenticate(username, password); String redirectUrl = flash.get("url"); if (validation.hasErrors() || !allowed) { flash.put("url", redirectUrl); flash.error("secure.error"); params.flash(); Secure.login(); } session.put("username", username); if (remember) { response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d"); } if (redirectUrl == null) redirectUrl = "/"; if (hash != null) redirectUrl += hash; redirect(redirectUrl); }
public void beforeRoleCheck() { // Note that if you provide your own implementation of Secure's Security class you would refer // to that instead if (!Secure.Security.isConnected()) { try { if (!session.contains("username")) { flash.put("url", "GET".equals(request.method) ? request.url : "/"); Secure.login(); } } catch (Throwable t) { // handle this in an app-specific way } } }
public static void forget() throws Throwable { String username = params.get("username"); String mobile = params.get("mobile"); Profile p = Profile.find("user.username=? and contact_phone=?", username, mobile).first(); if (p == null) { flash.error("用户名和手机不匹配,请确认您输入的信息"); flash.put("username", username); toForget(); } else { // SendSMS SendMessage m = new SendMessage(); m.sendSms(p.contact_phone, "您的密码为:" + p.user.password, "0000009"); flash.success("您的密码已发送您的手机,请查收"); flash.put("username", username); Secure.login(); } }