search

joscha / play-authenticate

An authentication plugin for Play Framework 2.x (Java)
http://joscha.github.com/play-authenticate/
Other
807 stars 366 forks source link

How to get authenticated User model? #131

Closed stefanhuber closed 10 years ago

stefanhuber commented 10 years ago

I am trying to figure out an important question...

I have integrated the Play-authenticate Framework 0.5.0-SNAPSHOT into an Play 2.2.0 application. For now I am using only the password provider. Everything works fine so far.

While logging in the AuthUser Id and Email is outputted to the Logger and returns an Id and the Email from the form:

    @Override
    protected com.feth.play.module.pa.providers.password.UsernamePasswordAuthProvider.LoginResult loginUser(UsernamePasswordAuthUser auth) {
        final User user = User.findByEmail(auth.getEmail());

        if (user == null) {
            return LoginResult.NOT_FOUND;
        } else if (user.getPassword().equals(auth.getPassword())) { 

            Logger.info(auth.getId() + " " + auth.getEmail());
            return LoginResult.USER_LOGGED_IN;
        } else {
            return LoginResult.WRONG_PASSWORD;
        }

    }

Later on in my code a have a controller action, which has the following code and logging ouput:

    public static Result index() {      
        final AuthUser user = PlayAuthenticate.getUser(session());              
        final SessionUsernamePasswordAuthUser session = (SessionUsernamePasswordAuthUser) user;

        Logger.info(session.getId() + " " + session.getEmail());

        return ok(index.render());
    }   
}

The first log returns something like this: $2a$10$H0Ua7GrkV.XRjH6/SGv13.9o2G3/h4UH7mO/x5lPFGkDpP8kATaqq somebody@test.com

The second returns something like this: $2a$10$1ii4bHYDvlKkun9enPpDjODwdlxNSQFvHFU017N83zQ4i.aVtpNNG $2a$10$1ii4bHYDvlKkun9enPpDjODwdlxNSQFvHFU017N83zQ4i.aVtpNNG

The problem which I face right now is how do I get the user model from the database (or cache) if the identifier is changing or rather the email is not storted in the session... Is there a point where i can tell the framework it should also store the email?

Would be great if you can help me! If my question is not clear please tell me, i'll try my best to clearify!

stefanhuber commented 10 years ago

My mistake was that I used the UsernamePasswordAuthUser within my implementation of the UsernamePasswordAuthProvider inside the buildLoginAuthUser. The UsernamePasswordAuthUser generated new ids on every call of getId() (Password salt ...). I am using the DefaultUsernamePasswordAuthUser, which is using retrieves the email after calling getId().