@Override protected com.feth.play.module.pa.providers.password.UsernamePasswordAuthProvider.SignupResult signupUser(MyUsernamePasswordAuthUser user) { EntityManager em = JPA.em(JpaConstants.DB); UserHome userDao = new UserHome(); User u = userDao.findByUsernamePasswordIdentity(user, em); if (u != null) { if (u.getEmailValidated()) { // This user exists, has its email validated and is active em.close(); return SignupResult.USER_EXISTS; } else { // this user exists, is active but has not yet validated its // email em.close(); return SignupResult.USER_EXISTS_UNVERIFIED; } } // The user either does not exist or is inactive - create a new one @SuppressWarnings("unused") User newUser = userDao.create(user, em); // Usually the email should be verified before allowing login, however // if you return // return SignupResult.USER_CREATED; // then the user gets logged in directly em.close(); return SignupResult.USER_CREATED_UNVERIFIED; }
@Override protected com.feth.play.module.pa.providers.password.UsernamePasswordAuthProvider.LoginResult loginUser(MyLoginUsernamePasswordAuthUser authUser) { EntityManager em = JPA.em(JpaConstants.DB); UserHome userDao = new UserHome(); User u = userDao.findByUsernamePasswordIdentity(authUser, em); if (u == null) { em.close(); return LoginResult.NOT_FOUND; } else { if (!u.getEmailValidated()) { em.close(); return LoginResult.USER_UNVERIFIED; } else { for (LinkedAccount acc : u.getLinkedAccounts()) { if (getKey().equals(acc.getProviderKey())) { if (authUser.checkPassword(acc.getProviderUserId(), authUser.getPassword())) { // Password was correct em.close(); return LoginResult.USER_LOGGED_IN; } else { // if you don't return here, // you would allow the user to have // multiple passwords defined // usually we don't want this em.close(); return LoginResult.WRONG_PASSWORD; } } } em.close(); return LoginResult.WRONG_PASSWORD; } } }