- /authenticate/:provider routes can now receive a 'redirectTo' parameter. This is where the user is redirected

  after succesful authentication (if used overrides the url set in OriginalUrl by SecuredAction)
- ProviderController.authenticate signature changed. Breaks compatibility: routes file needs to be adjusted (see sample apps)
- Added support for linking accounts. New 'link' method in UserService needs to be implemented.
- Update messages.fr for single quotes (thanks @fmasion)
- Small fixes for NL messages (thanks @francisdb)
- Added German translation (thanks @l0rdn1kk0n)
- Added Arabic translation (thanks @ahimta)
- Added Brazilian Portuguese translation (thanks @jeohalves)

Author: Jorge

ChangeLog

@@ -1,4 +1,13 @@
-master	- 
+master  -
+		- /authenticate/:provider routes can now receive a 'redirectTo' parameter. This is where the user is redirected
+                  after succesful authentication (if used overrides the url set in OriginalUrl by SecuredAction)
+		- ProviderController.authenticate signature changed. Breaks compatibility: routes file needs to be adjusted (see sample apps)
+		- Added support for linking accounts. New 'link' method in UserService needs to be implemented.
+		- Update messages.fr for single quotes (thanks @fmasion)
+		- Small fixes for NL messages (thanks @francisdb)
+		- Added German translation (thanks @l0rdn1kk0n)
+		- Added Arabic translation (thanks @Ahimta)
+		- Added Brazilian Portuguese translation (thanks @jeohalves)
 		- Added Polish translation (thanks Dominik Sienkiewicz)
 		- Added Spanish translation (thanks @jorgeolmos)
 		- Added Hungarian translation (thanks @bubbanat)

docs/src/manual/source/guide/user-service.md

@@ -3,7 +3,7 @@ file: user-service
 ---
 # UserService
 
-SecureSocial relies on an implementation of `UserService` to handle all the operations related to saving/finding users. Using this delegation model you are not forced to use a particular model object or a persistence mechanism but rather provide a service that translates back and forth between your models and what SecureSocial understands. 
+SecureSocial relies on an implementation of `UserService` to handle all the operations related to saving/finding users and linkind different external accounts to a local user. Using this delegation model you are not forced to use a particular model object or a persistence mechanism but rather provide a service that translates back and forth between your models and what SecureSocial understands. 
 
 Besides users, this service is also in charge of persisting the tokens that are used in signup and reset password requests. Some of these methods are only required if you are going to use the `UsernamePasswordProvider`. If you do not plan to use it just provide an empty implementation for them.  Check the documentation in the source code to know which ones are optional.
 
@@ -82,6 +82,16 @@ For Scala you need to extend the `UserServicePlugin`. For example:
 	  def save(user: Identity) {
 	  	// implement me
 	  }
+      
+      /**
+       * Links the current user Identity to another
+       *
+       * @param current The Identity of the current user
+       * @param to The Identity that needs to be linked to the current user
+       */
+      def link(current: Identity, to: Identity) {
+        // implement me
+      }
 
 	  /**
 	   * Saves a token.  This is needed for users that
@@ -154,6 +164,16 @@ For Java, you need to extend the `BaseUserService` class.
 	        // implement me
 	    }
 
+         /**
+         * Links the current user Identity to another
+         *
+         * @param current The Identity of the current user
+         * @param to The Identity that needs to be linked to the current user
+         */
+        public void doLink(Identity current, Identity to) {
+            // implement me
+        }
+        
 		/**
 	     * Finds an Identity in the backing store.	     
 	     * @return an Identity instance or null if no user matches the specified id
@@ -231,3 +251,4 @@ For Java, you need to extend the `BaseUserService` class.
 # Important
 
 Note that the `Token` class is implemented in Scala and Java.  Make sure you import the one that matches the language you are using in your `UserService` implementation.
+

module-code/app/securesocial/controllers/ProviderController.scala

@@ -25,12 +25,13 @@ import providers.utils.RoutesHelper
 import securesocial.core.LoginEvent
 import securesocial.core.AccessDeniedException
 import scala.Some
+import play.api.http.HeaderNames
 
 
 /**
  * A controller to provide the authentication entry point
  */
-object ProviderController extends Controller
+object ProviderController extends Controller with SecureSocial
 {
   /**
    * The property that specifies the page the user is redirected to if there is no original URL saved in
@@ -82,15 +83,51 @@ object ProviderController extends Controller
    * @param provider The id of the provider that needs to handle the call
    * @return
    */
-  def authenticate(provider: String) = handleAuth(provider)
-  def authenticateByPost(provider: String) = handleAuth(provider)
+  def authenticate(provider: String, redirectTo: Option[String] = None) = handleAuth(provider, redirectTo)
+  def authenticateByPost(provider: String, redirectTo: Option[String] = None) = handleAuth(provider, redirectTo)
+
+  private def overrideOriginalUrl(session: Session, redirectTo: Option[String]) = redirectTo match {
+    case Some(url) =>
+      session + (SecureSocial.OriginalUrlKey -> url)
+    case _ =>
+      session
+  }
+
+  private def handleAuth(provider: String, redirectTo: Option[String]) = UserAwareAction { implicit request =>
+    val authenticationFlow = request.user.isEmpty
+    val modifiedSession = overrideOriginalUrl(session, redirectTo)
 
-  private def handleAuth(provider: String) = Action { implicit request =>
     Registry.providers.get(provider) match {
       case Some(p) => {
         try {
-          p.authenticate().fold( result => result , {
-            user => completeAuthentication(user, session)
+          p.authenticate().fold( result => {
+            redirectTo match {
+              case Some(url) =>
+                val cookies = Cookies(result.header.headers.get(HeaderNames.SET_COOKIE))
+                val resultSession = Session.decodeFromCookie(cookies.get(Session.COOKIE_NAME))
+                result.withSession(resultSession + (SecureSocial.OriginalUrlKey -> url))
+              case _ => result
+            }
+          } , {
+            user => if ( authenticationFlow ) {
+              val saved = UserService.save(user)
+              completeAuthentication(saved, modifiedSession)
+            } else {
+              request.user match {
+                case Some(currentUser) =>
+                  UserService.link(currentUser, user)
+                  if ( Logger.isDebugEnabled ) {
+                    Logger.debug(s"[securesocial] linked $currentUser to $user")
+                  }
+                  // improve this, I'm duplicating part of the code in completeAuthentication
+                  Redirect(toUrl(modifiedSession)).withSession(modifiedSession-
+                    SecureSocial.OriginalUrlKey -
+                    IdentityProvider.SessionId -
+                    OAuth1Provider.CacheKey)
+                case _ =>
+                  Unauthorized
+              }
+            }
           })
         } catch {
           case ex: AccessDeniedException => {

module-code/app/securesocial/core/IdentityProvider.scala

@@ -17,7 +17,7 @@
 package securesocial.core
 
 import providers.utils.RoutesHelper
-import play.api.mvc.{AnyContent, Request, Result}
+import play.api.mvc.{SimpleResult, AnyContent, Request}
 import play.api.{Play, Application, Logger, Plugin}
 import concurrent.{Await, Future}
 import play.api.libs.ws.Response
@@ -70,15 +70,10 @@ abstract class IdentityProvider(application: Application) extends Plugin with Re
    * @param request
    * @return
    */
-  def authenticate()(implicit request: Request[AnyContent]):Either[Result, Identity] = {
+  def authenticate()(implicit request: Request[AnyContent]):Either[SimpleResult, Identity] = {
     doAuth().fold(
       result => Left(result),
-      u =>
-      {
-        val user = fillProfile(u)
-        val saved = UserService.save(user)
-        Right(saved)
-      }
+      u => Right(fillProfile(u))
     )
   }
 
@@ -87,7 +82,8 @@ abstract class IdentityProvider(application: Application) extends Plugin with Re
    * to the provider url.
    * @return
    */
-  def authenticationUrl:String = RoutesHelper.authenticate(id).url
+  def authenticationUrl: String = RoutesHelper.authenticate(id).url
+  def authenticationUrl(redirectTo: String): String = RoutesHelper.authenticate(id, Some(redirectTo)).url
 
   /**
    * The property key used for all the provider properties.
@@ -117,7 +113,7 @@ abstract class IdentityProvider(application: Application) extends Plugin with Re
    * @param request
    * @return Either a Result or a User
    */
-  def doAuth()(implicit request: Request[AnyContent]):Either[Result, SocialUser]
+  def doAuth()(implicit request: Request[AnyContent]):Either[SimpleResult, SocialUser]
 
   /**
    * Subclasses need to implement this method to populate the User object with profile

module-code/app/securesocial/core/OAuth1Provider.scala

@@ -21,7 +21,7 @@ import play.api.cache.Cache
 import play.api.libs.oauth.{RequestToken, ConsumerKey, OAuth, ServiceInfo}
 import play.api.{Application, Logger, Play}
 import providers.utils.RoutesHelper
-import play.api.mvc.{AnyContent, Request, Result}
+import play.api.mvc.{SimpleResult, AnyContent, Request}
 import play.api.mvc.Results.Redirect
 import Play.current
 
@@ -53,7 +53,7 @@ abstract class OAuth1Provider(application: Application) extends IdentityProvider
   }
 
 
-  def doAuth()(implicit request: Request[AnyContent]):Either[Result, SocialUser] = {
+  def doAuth()(implicit request: Request[AnyContent]):Either[SimpleResult, SocialUser] = {
     if ( request.queryString.get("denied").isDefined ) {
       // the user did not grant access to the account
       throw new AccessDeniedException()

module-code/app/securesocial/core/OAuth2Provider.scala

@@ -21,10 +21,12 @@ import _root_.java.util.UUID
 import play.api.{Logger, Play, Application}
 import play.api.cache.Cache
 import Play.current
-import play.api.mvc.{AnyContent, Results, Result, Request}
+import play.api.mvc._
 import providers.utils.RoutesHelper
-import play.api.libs.ws.{Response, WS}
+import play.api.libs.ws.WS
 import scala.collection.JavaConversions._
+import play.api.libs.ws.Response
+import scala.Some
 
 /**
  * Base class for all OAuth2 providers
@@ -90,7 +92,7 @@ abstract class OAuth2Provider(application: Application, jsonResponse: Boolean =
       )
   }
 
-  def doAuth()(implicit request: Request[AnyContent]): Either[Result, SocialUser] = {
+  def doAuth()(implicit request: Request[AnyContent]): Either[SimpleResult, SocialUser] = {
     request.queryString.get(OAuth2Constants.Error).flatMap(_.headOption).map( error => {
       error match {
         case OAuth2Constants.AccessDenied => throw new AccessDeniedException()

module-code/app/securesocial/core/UserService.scala

@@ -56,6 +56,14 @@ trait UserService {
    */
   def save(user: Identity): Identity
 
+  /**
+   * Links the current user Identity to another
+   *
+   * @param current The Identity of the current user
+   * @param to The Identity that needs to be linked to the current user
+   */
+  def link(current: Identity, to: Identity)
+
   /**
    * Saves a token.  This is needed for users that
    * are creating an account in the system instead of using one in a 3rd party system.
@@ -171,6 +179,12 @@ object UserService {
     }
   }
 
+  def link(current: Identity, to: Identity)  {
+    delegate.map( _.link(current, to) ).getOrElse {
+      notInitialized()
+    }
+  }
+
   def save(token: Token) {
     delegate.map( _.save(token) ).getOrElse {
       notInitialized()

module-code/app/securesocial/core/java/BaseUserService.java

@@ -88,6 +88,16 @@ public Identity save(securesocial.core.Identity user) {
         return doSave(user);
     }
 
+    /**
+     * Links the current user Identity to another
+     *
+     * @param current The Identity of the current user
+     * @param to The Identity that needs to be linked to the current user
+     */
+    @Override
+    public void link(Identity current, Identity to) {
+        doLink(current, to);
+    }
     /**
      * Saves a token.  This is needed for users that
      * are creating an account in the system instead of using one in a 3rd party system.
@@ -162,6 +172,14 @@ public void deleteExpiredTokens() {
      */
     public abstract void doSave(Token token);
 
+    /**
+     * Links the current user Identity to another
+     *
+     * @param current The Identity of the current user
+     * @param to The Identity that needs to be linked to the current user
+     */
+    public abstract void doLink(Identity current, Identity to);
+
     /**
      * Finds the user in the backing store.
      * @return an Identity instance or null if no user matches the specified id

module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala

@@ -41,7 +41,7 @@ class UsernamePasswordProvider(application: Application) extends IdentityProvide
 
   val InvalidCredentials = "securesocial.login.invalidCredentials"
 
-  def doAuth()(implicit request: Request[AnyContent]): Either[Result, SocialUser] = {
+  def doAuth()(implicit request: Request[AnyContent]): Either[SimpleResult, SocialUser] = {
     val form = UsernamePasswordProvider.loginForm.bindFromRequest()
     form.fold(
       errors => Left(badRequest(errors)(request)),

module-code/app/securesocial/core/providers/utils/RoutesHelper.scala

@@ -31,13 +31,13 @@ object RoutesHelper {
   // ProviderController
   lazy val pc = Play.application().classloader().loadClass("securesocial.controllers.ReverseProviderController")
   lazy val providerControllerMethods = pc.newInstance().asInstanceOf[{
-    def authenticateByPost(p: String): Call
-    def authenticate(p: String): Call
+    def authenticateByPost(p: String, redirectTo: Option[String]): Call
+    def authenticate(p: String, redirectTo: Option[String]): Call
     def notAuthorized: Call
   }]
 
-  def authenticateByPost(provider:String): Call = providerControllerMethods.authenticateByPost(provider)
-  def authenticate(provider:String): Call = providerControllerMethods.authenticate(provider)
+  def authenticateByPost(provider:String, redirectTo: Option[String] = None): Call = providerControllerMethods.authenticateByPost(provider, redirectTo)
+  def authenticate(provider:String, redirectTo: Option[String] = None): Call = providerControllerMethods.authenticate(provider, redirectTo)
   def notAuthorized: Call = providerControllerMethods.notAuthorized
 
   // LoginPage

module-code/app/securesocial/views/main.scala.html

@@ -9,6 +9,7 @@
         <link rel="stylesheet" media="screen" href="@RoutesHelper.bootstrapCssPath">
         <link rel="shortcut icon" type="image/png" href="@RoutesHelper.faviconPath">
         <link rel="stylesheet" media="screen" href="@RoutesHelper.customCssPath.getOrElse("")">
+        <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
         <script src="@RoutesHelper.jqueryPath" type="text/javascript"></script>
     </head>
     <body>

module-code/conf/messages.es

@@ -26,7 +26,7 @@ securesocial.signup.createAccount=Crear Cuenta
 securesocial.signup.cancel=Cancelar
 securesocial.signup.userNameAlreadyTaken=El nombre de Usuario ya esta tomado
 securesocial.signup.passwordsDoNotMatch=Las Contraseñas no coinciden
-securesocial.signup.thankYouCheckEmail=Gracias. Pof favor revise su email para más instrucciones
+securesocial.signup.thankYouCheckEmail=Gracias. Por favor revise su email para más instrucciones
 securesocial.signup.invalidLink=El enlace que siguió no es válido
 securesocial.signup.signUpDone=Gracias por registrarse. Ahora puede iniciar Sesión
 securesocial.signup.invalidPassword=Ingrese al menos {0} caracteres

samples/java/demo/app/controllers/Application.java

@@ -16,11 +16,16 @@
  */
 package controllers;
 
+import play.Play;
 import play.mvc.Controller;
 import play.mvc.Result;
 import securesocial.core.Identity;
+import securesocial.core.java.BaseUserService;
 import securesocial.core.java.SecureSocial;
+import service.InMemoryUserService;
 import views.html.index;
+import views.html.linkResult;
+
 
 /**
  * A sample controller
@@ -48,4 +53,14 @@ public static Result userAware() {
     public static Result onlyTwitter() {
         return ok("You are seeing this because you logged in using Twitter");
     }
+
+    @SecureSocial.SecuredAction
+    public static Result linkResult() {
+        Identity identity = (Identity) ctx().args.get(SecureSocial.USER_KEY);
+        // get the user identities
+        InMemoryUserService service = (InMemoryUserService) Play.application().plugin(BaseUserService.class);
+        InMemoryUserService.User user = service.userForIdentity(identity);
+
+        return ok(linkResult.render(identity, user.identities));
+    }
 }