- Added scalariform

- Separate creation and storage of mail tokens (thanks @normenmueller)
- Upgrade to Play 2.3.3 (thanks @benmccann)

Author: jaliss

ChangeLog

@@ -1,4 +1,7 @@
 master  -
+		- Added scalariform
+		- Separate creation and storage of mail tokens (thanks @normenmueller)
+		- Upgrade to Play 2.3.3 (thanks @benmccann)
 		- Updated GoogleProvider to use the new Google endpoints (see https://developers.google.com/+/api/auth-migration#timetable)
 		- Code is now compatible with Play 2.3
 		- Added SecureSocial.currentUser to support Websockets

module-code/app/securesocial/controllers/LoginApi.scala

@@ -19,7 +19,7 @@ package securesocial.controllers
 import org.joda.time.DateTime
 import securesocial.core._
 import play.api.mvc.Action
-import scala.concurrent.{ExecutionContext, Future}
+import scala.concurrent.{ ExecutionContext, Future }
 import securesocial.core.SignUpEvent
 import securesocial.core.AuthenticationResult.Authenticated
 import securesocial.core.LoginEvent
@@ -50,44 +50,44 @@ trait BaseLoginApi[U] extends SecureSocial[U] {
 
   def authenticate(providerId: String, builderId: String) = Action.async { implicit request =>
     import ExecutionContext.Implicits.global
-      val result = for (
-        builder <- env.authenticatorService.find(builderId) ;
-        provider <- env.providers.get(providerId) if provider.isInstanceOf[ApiSupport]
-      ) yield {
-        provider.asInstanceOf[ApiSupport].authenticateForApi.flatMap {
-          case authenticated: Authenticated =>
-            val profile = authenticated.profile
-            env.userService.find(profile.providerId, profile.userId).flatMap {
-              maybeExisting =>
-                val mode = if (maybeExisting.isDefined) SaveMode.LoggedIn else SaveMode.SignUp
-                env.userService.save(authenticated.profile, mode).flatMap {
-                  userForAction =>
-                    logger.debug(s"[securesocial] user completed authentication: provider = ${profile.providerId}, userId: ${profile.userId}, mode = $mode")
-                    val evt = if (mode == SaveMode.LoggedIn) new LoginEvent(userForAction) else new SignUpEvent(userForAction)
-                    // we're not using a session here .... review this.
-                    Events.fire(evt)
-                    builder.fromUser(userForAction).map { authenticator =>
-                      val token = TokenResponse(authenticator.id, authenticator.expirationDate)
-                      Ok(Json.toJson(token))
-                    }
-                }
-            }
-          case failed: AuthenticationResult.Failed =>
-            Future.successful(BadRequest(Json.toJson(Map("error" -> failed.error))).as("application/json"))
-          case other  =>
-            // todo: review this status
-            logger.error(s"[securesocial] unexpected result from authenticateForApi: $other")
-            Future.successful(InternalServerError(Json.toJson(Map("error" -> "unexpected internal error"))).as("application/json"))
-        }
+    val result = for (
+      builder <- env.authenticatorService.find(builderId);
+      provider <- env.providers.get(providerId) if provider.isInstanceOf[ApiSupport]
+    ) yield {
+      provider.asInstanceOf[ApiSupport].authenticateForApi.flatMap {
+        case authenticated: Authenticated =>
+          val profile = authenticated.profile
+          env.userService.find(profile.providerId, profile.userId).flatMap {
+            maybeExisting =>
+              val mode = if (maybeExisting.isDefined) SaveMode.LoggedIn else SaveMode.SignUp
+              env.userService.save(authenticated.profile, mode).flatMap {
+                userForAction =>
+                  logger.debug(s"[securesocial] user completed authentication: provider = ${profile.providerId}, userId: ${profile.userId}, mode = $mode")
+                  val evt = if (mode == SaveMode.LoggedIn) new LoginEvent(userForAction) else new SignUpEvent(userForAction)
+                  // we're not using a session here .... review this.
+                  Events.fire(evt)
+                  builder.fromUser(userForAction).map { authenticator =>
+                    val token = TokenResponse(authenticator.id, authenticator.expirationDate)
+                    Ok(Json.toJson(token))
+                  }
+              }
+          }
+        case failed: AuthenticationResult.Failed =>
+          Future.successful(BadRequest(Json.toJson(Map("error" -> failed.error))).as("application/json"))
+        case other =>
+          // todo: review this status
+          logger.error(s"[securesocial] unexpected result from authenticateForApi: $other")
+          Future.successful(InternalServerError(Json.toJson(Map("error" -> "unexpected internal error"))).as("application/json"))
       }
-      result.getOrElse(Future.successful(NotFound.as("application/json")))
+    }
+    result.getOrElse(Future.successful(NotFound.as("application/json")))
   }
 
   def logout = Action.async { implicit request =>
     import securesocial.core.utils._
     import ExecutionContext.Implicits.global
     env.authenticatorService.fromRequest(request).flatMap {
-      case Some(authenticator) =>  Ok("").discardingAuthenticator(authenticator)
+      case Some(authenticator) => Ok("").discardingAuthenticator(authenticator)
       case None => Future.successful(Ok(""))
     }
   }

module-code/app/securesocial/controllers/LoginPage.scala

@@ -21,8 +21,7 @@ import securesocial.core.utils._
 import play.api.Play
 import Play.current
 import providers.UsernamePasswordProvider
-import scala.concurrent.{ExecutionContext, Future}
-
+import scala.concurrent.{ ExecutionContext, Future }
 
 /**
  * A default Login controller that uses BasicProfile as the user type.
@@ -34,8 +33,7 @@ class LoginPage(override implicit val env: RuntimeEnvironment[BasicProfile]) ext
 /**
  * The trait that defines the login page controller
  */
-trait BaseLoginPage[U] extends SecureSocial[U]
-{
+trait BaseLoginPage[U] extends SecureSocial[U] {
   private val logger = play.api.Logger("securesocial.controllers.LoginPage")
 
   /**
@@ -49,12 +47,12 @@ trait BaseLoginPage[U] extends SecureSocial[U]
    */
   def login = UserAwareAction { implicit request =>
     val to = ProviderControllerHelper.landingUrl
-    if ( request.user.isDefined ) {
+    if (request.user.isDefined) {
       // if the user is already logged in just redirect to the app
       logger.debug("User already logged in, skipping login page. Redirecting to %s".format(to))
-      Redirect( to )
+      Redirect(to)
     } else {
-      if ( SecureSocial.enableRefererAsOriginalUrl ) {
+      if (SecureSocial.enableRefererAsOriginalUrl) {
         SecureSocial.withRefererAsOriginalUrl(Ok(env.viewTemplates.getLoginPage(UsernamePasswordProvider.loginForm)))
       } else {
         Ok(env.viewTemplates.getLoginPage(UsernamePasswordProvider.loginForm))

module-code/app/securesocial/controllers/MailTokenBasedOperations.scala

@@ -16,19 +16,19 @@
  */
 package securesocial.controllers
 
-import securesocial.core.SecureSocial
-import scala.concurrent.{ExecutionContext, Future}
-import play.api.mvc.RequestHeader
-import play.api.i18n.Messages
+import java.util.UUID
+
+import org.joda.time.DateTime
+import play.api.Play
 import play.api.data.Form
 import play.api.data.Forms._
 import play.api.data.validation.Constraints._
+import play.api.i18n.Messages
+import play.api.mvc.{ RequestHeader, SimpleResult }
+import securesocial.core.SecureSocial
 import securesocial.core.providers.MailToken
-import scala.Some
-import play.api.mvc.SimpleResult
-import java.util.UUID
-import org.joda.time.DateTime
-import play.api.Play
+
+import scala.concurrent.Future
 
 /**
  * The base controller for password reset and password change operations
@@ -42,8 +42,8 @@ abstract class MailTokenBasedOperations[U] extends SecureSocial[U] {
   val DefaultDuration = 60
   val TokenDuration = Play.current.configuration.getInt(TokenDurationKey).getOrElse(DefaultDuration)
 
-  val startForm = Form (
-    Email -> email.verifying( nonEmpty )
+  val startForm = Form(
+    Email -> email.verifying(nonEmpty)
   )
 
   /**
@@ -57,11 +57,7 @@ abstract class MailTokenBasedOperations[U] extends SecureSocial[U] {
     val now = DateTime.now
 
     Future.successful(MailToken(
-      UUID.randomUUID().toString
-    , email.toLowerCase
-    , now
-    , now.plusMinutes(TokenDuration)
-    , isSignUp = isSignUp
+      UUID.randomUUID().toString, email.toLowerCase, now, now.plusMinutes(TokenDuration), isSignUp = isSignUp
     ))
   }
 
@@ -76,17 +72,16 @@ abstract class MailTokenBasedOperations[U] extends SecureSocial[U] {
    * @return the action result
    */
   protected def executeForToken(token: String, isSignUp: Boolean,
-                                f: MailToken => Future[SimpleResult])
-                               (implicit request: RequestHeader): Future[SimpleResult] =
-  {
-    import ExecutionContext.Implicits.global
-    env.userService.findToken(token).flatMap {
-      case Some(t) if !t.isExpired && t.isSignUp == isSignUp => f(t)
-      case _ =>
-        val to = if ( isSignUp ) env.routes.signUpUrl else env.routes.resetPasswordUrl
-        Future.successful(Redirect(to).flashing(Error -> Messages(BaseRegistration.InvalidLink)))
+    f: MailToken => Future[SimpleResult])(implicit request: RequestHeader): Future[SimpleResult] =
+    {
+      import scala.concurrent.ExecutionContext.Implicits.global
+      env.userService.findToken(token).flatMap {
+        case Some(t) if !t.isExpired && t.isSignUp == isSignUp => f(t)
+        case _ =>
+          val to = if (isSignUp) env.routes.signUpUrl else env.routes.resetPasswordUrl
+          Future.successful(Redirect(to).flashing(Error -> Messages(BaseRegistration.InvalidLink)))
+      }
     }
-  }
 
   /**
    * The result sent after the start page is handled

module-code/app/securesocial/controllers/PasswordChange.scala

@@ -24,7 +24,7 @@ import play.api.data.Forms._
 import securesocial.core.providers.utils.PasswordValidator
 import play.api.i18n.Messages
 import scala.Some
-import scala.concurrent.{Await, ExecutionContext, Future}
+import scala.concurrent.{ Await, ExecutionContext, Future }
 
 /**
  * A default PasswordChange controller that uses the BasicProfile as the user type
@@ -37,7 +37,7 @@ class PasswordChange(override implicit val env: RuntimeEnvironment[BasicProfile]
  * A trait that defines the password change functionality
  *
  * @tparam U the user object type
- **/
+ */
 trait BasePasswordChange[U] extends SecureSocial[U] {
   val CurrentPassword = "currentPassword"
   val InvalidPasswordMessage = "securesocial.passwordChange.invalidPassword"
@@ -55,7 +55,7 @@ trait BasePasswordChange[U] extends SecureSocial[U] {
 
   /** The redirect target of the handlePasswordChange action. */
   def onHandlePasswordChangeGoTo = Play.current.configuration.getString(onPasswordChangeGoTo).getOrElse(
-      securesocial.controllers.routes.PasswordChange.page().url
+    securesocial.controllers.routes.PasswordChange.page().url
   )
 
   /**
@@ -67,13 +67,13 @@ trait BasePasswordChange[U] extends SecureSocial[U] {
    */
   def checkCurrentPassword[A](suppliedPassword: String)(implicit request: SecuredRequest[A]): Future[Boolean] = {
     import ExecutionContext.Implicits.global
-     env.userService.passwordInfoFor(request.user).map {
-       case Some(info) =>
-         env.passwordHashers.get(info.hasher).exists {
-           _.matches(info, suppliedPassword)
-         }
-       case None => false
-     }
+    env.userService.passwordInfoFor(request.user).map {
+      case Some(info) =>
+        env.passwordHashers.get(info.hasher).exists {
+          _.matches(info, suppliedPassword)
+        }
+      case None => false
+    }
   }
 
   private def execute[A](f: Form[ChangeInfo] => Future[SimpleResult])(implicit request: SecuredRequest[A]): Future[SimpleResult] = {
@@ -87,12 +87,11 @@ trait BasePasswordChange[U] extends SecureSocial[U] {
           }),
         NewPassword ->
           tuple(
-            Password1 -> nonEmptyText.verifying( PasswordValidator.constraint ),
+            Password1 -> nonEmptyText.verifying(PasswordValidator.constraint),
             Password2 -> nonEmptyText
           ).verifying(Messages(BaseRegistration.PasswordsDoNotMatch), passwords => passwords._1 == passwords._2)
 
-      )((currentPassword, newPassword) => ChangeInfo(currentPassword, newPassword._1))
-        ((changeInfo: ChangeInfo) => Some("", ("", "")))
+      )((currentPassword, newPassword) => ChangeInfo(currentPassword, newPassword._1))((changeInfo: ChangeInfo) => Some("", ("", "")))
     )
 
     env.userService.passwordInfoFor(request.user).flatMap {
@@ -123,9 +122,9 @@ trait BasePasswordChange[U] extends SecureSocial[U] {
    */
   def handlePasswordChange = SecuredAction.async { implicit request =>
     execute { form: Form[ChangeInfo] =>
-      form.bindFromRequest()(request).fold (
+      form.bindFromRequest()(request).fold(
         errors => Future.successful(BadRequest(env.viewTemplates.getPasswordChangePage(errors))),
-        info =>  {
+        info => {
           val newPasswordInfo = env.currentHasher.hash(info.newPassword)
           import ExecutionContext.Implicits.global
           implicit val userLang = request2lang(request)

module-code/app/securesocial/controllers/PasswordReset.scala

@@ -45,10 +45,10 @@ trait BasePasswordReset[U] extends MailTokenBasedOperations[U] {
   val PasswordUpdated = "securesocial.password.passwordUpdated"
   val ErrorUpdatingPassword = "securesocial.password.error"
 
-  val changePasswordForm = Form (
+  val changePasswordForm = Form(
     BaseRegistration.Password ->
       tuple(
-        BaseRegistration.Password1 -> nonEmptyText.verifying( PasswordValidator.constraint ),
+        BaseRegistration.Password1 -> nonEmptyText.verifying(PasswordValidator.constraint),
         BaseRegistration.Password2 -> nonEmptyText
       ).verifying(Messages(BaseRegistration.PasswordsDoNotMatch), passwords => passwords._1 == passwords._2)
   )
@@ -106,25 +106,26 @@ trait BasePasswordReset[U] extends MailTokenBasedOperations[U] {
   def handleResetPassword(token: String) = Action.async { implicit request =>
     import scala.concurrent.ExecutionContext.Implicits.global
     executeForToken(token, false, {
-      t => changePasswordForm.bindFromRequest.fold(errors =>
+      t =>
+        changePasswordForm.bindFromRequest.fold(errors =>
           Future.successful(BadRequest(env.viewTemplates.getResetPasswordPage(errors, token))),
-      p =>
-          env.userService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword).flatMap {
-            case Some(profile) =>
-              val hashed = env.currentHasher.hash(p._1)
-              for (
-                updated <- env.userService.save(profile.copy(passwordInfo = Some(hashed)), SaveMode.PasswordChange);
-                deleted <- env.userService.deleteToken(token)
-              ) yield {
-                env.mailer.sendPasswordChangedNotice(profile)
-                val eventSession = Events.fire(new PasswordResetEvent(updated)).getOrElse(request.session)
-                confirmationResult().withSession(eventSession).flashing(Success -> Messages(PasswordUpdated))
-              }
-            case _ =>
-              logger.error("[securesocial] could not find user with email %s during password reset".format(t.email))
-              Future.successful(confirmationResult().flashing(Error -> Messages(ErrorUpdatingPassword)))
-          }
-      )
+          p =>
+            env.userService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword).flatMap {
+              case Some(profile) =>
+                val hashed = env.currentHasher.hash(p._1)
+                for (
+                  updated <- env.userService.save(profile.copy(passwordInfo = Some(hashed)), SaveMode.PasswordChange);
+                  deleted <- env.userService.deleteToken(token)
+                ) yield {
+                  env.mailer.sendPasswordChangedNotice(profile)
+                  val eventSession = Events.fire(new PasswordResetEvent(updated)).getOrElse(request.session)
+                  confirmationResult().withSession(eventSession).flashing(Success -> Messages(PasswordUpdated))
+                }
+              case _ =>
+                logger.error("[securesocial] could not find user with email %s during password reset".format(t.email))
+                Future.successful(confirmationResult().flashing(Error -> Messages(ErrorUpdatingPassword)))
+            }
+        )
     })
   }
 }