/**
   * This handles the login form submission for the Web IDE.
   *
   * @return The result of rendering the page.
   */
  @AddCSRFToken
  @RequireCSRFCheck
  @Transactional
  public CompletionStage<Result> login() {
    Form<LoginForm> userForm = myFormFactory.form(LoginForm.class).bindFromRequest();

    // Perform the basic validation checks.
    if (userForm.hasErrors()) {
      // Render the page with the login form with the errors fields
      String token = CSRF.getToken(request()).map(t -> t.value()).orElse("no token");
      return CompletableFuture.supplyAsync(
          () -> badRequest(index.render(userForm, token)), myHttpExecutionContext.current());
    } else {
      LoginForm form = userForm.get();

      // Check for a registered user with the same email.
      // Note that "connect" expects a JPA entity manager,
      // which is not present if we don't wrap the call using
      // "withTransaction()".
      User user = myJpaApi.withTransaction(() -> User.connect(form.getEmail(), form.getPassword()));
      if (user != null) {
        // Check to see if this account has been authenticated or not.
        boolean hasAuthenticated =
            myJpaApi.withTransaction(() -> User.hasAuthenticated(form.getEmail()));
        if (hasAuthenticated) {
          // Update the login date
          final User updatedUser = myJpaApi.withTransaction(() -> User.lastLogin(form.getEmail()));

          // Add a new user event
          myJpaApi.withTransaction(() -> UserEvent.addRegularEvent("login", "", updatedUser));

          // Stores the email as session value
          session("connected", form.getEmail());

          // Obtain the http context from the configuration file
          String context = myConfiguration.getString("play.http.context");
          if (context == null) {
            context = "";
          }

          // Redirect back to the home page
          final String finalContext = context;
          return CompletableFuture.supplyAsync(
              () -> redirect(finalContext + "/"), myHttpExecutionContext.current());
        } else {
          // Render the not authenticated page
          return CompletableFuture.supplyAsync(
              () -> ok(notAuthenticated.render(form.getEmail())), myHttpExecutionContext.current());
        }
      } else {
        // The email and/or password does not match, so we add a new validation error.
        userForm.reject(new ValidationError("loginError", "Could not login."));

        // Render the page with the login form with the errors fields
        String token = CSRF.getToken(request()).map(t -> t.value()).orElse("no token");
        return CompletableFuture.supplyAsync(
            () -> badRequest(index.render(userForm, token)), myHttpExecutionContext.current());
      }
    }
  }
示例#2
0
  public CompletionStage<Result> internalCall(
      final Context ctx, final String clients, final String authorizers, final boolean multiProfile)
      throws Throwable {

    assertNotNull("securityLogic", securityLogic);

    assertNotNull("config", config);
    final PlayWebContext playWebContext = new PlayWebContext(ctx, sessionStore);
    final HttpActionAdapter actionAdapter = config.getHttpActionAdapter();

    return CompletableFuture.supplyAsync(
        () -> {
          return securityLogic.perform(
              playWebContext,
              config,
              (webCtx, parameters) -> {
                // when called from Scala
                if (delegate == null) {
                  return null;
                } else {
                  return delegate.call(ctx).toCompletableFuture().get();
                }
              },
              actionAdapter,
              clients,
              authorizers,
              null,
              multiProfile);
        },
        ec.current());
  }