Comments (6)
By default the hashed password gets saved as the user ID in the sample for the password provider - that's why this gets returned. The sample application does not necessarily need the emails to be unique, as you can sign up via OAuth, etc. and the email gets set, but not verified in the beginning. A user could possibly have multiple accounts with the same email in the sample. Automatically merging the accounts based on email is a bad idea in case one of your providers gets compromised. Facebook for example does not guarantee the email really belongs to the user. if you want the email to be the ID, you would need to change the sample and store the password elsewhere - you'd be breaking the paradigm play! authenticate works with additionally.
from play-authenticate.
Well, yes, email as ID is probably a bad idea.
But I can't see how the user is fetched from the database when the session doesn't contain any identifier to User. The session seems to only be used to check if it contains some keys.
For example, in PlayAuthenticate the USER_KEY's value is set to some random number.
public static void storeUser(final Session session, final AuthUser authUser) {
// User logged in once more - wanna make some updates?
final AuthUser u = getUserService().update(authUser);
session.put(PlayAuthenticate.USER_KEY, u.getId());
session.put(PlayAuthenticate.PROVIDER_KEY, u.getProvider());
if (u.expires() != AuthUser.NO_EXPIRATION) {
session.put(EXPIRES_KEY, Long.toString(u.expires()));
} else {
session.remove(EXPIRES_KEY);
}
}
How will the user that is logged in with email and password be fetched and validated from the DB when the USER_KEY is set some random string?
from play-authenticate.
Have you looked at the UserService
? I will look into the exception.
from play-authenticate.
The exception is valid: "RuntimeException: Account not enabled for password usage" - did you try resetting a password for an OAuth-generated account? Its not enabled on heroku, you can enable it in your installation however if you want to and allow adding a password to an OAuth-based account.
from play-authenticate.
The UsernamePasswordAuthUser
class has a getEmail
method defined, see here: https://github.com/joscha/play-authenticate/blob/master/code/app/com/feth/play/module/pa/providers/password/UsernamePasswordAuthUser.java and here: https://github.com/joscha/play-authenticate/blob/master/samples/java/play-authenticate-usage/app/models/User.java#L120
from play-authenticate.
What do you mean? The email is given at login in the form, when using the UsernamePassword provider?!
from play-authenticate.
Related Issues (20)
- Play 2.6 support HOT 12
- Oauth2 Google Scope issue
- There is a problem with Login with LinkedIn
- UserServicePlugin registered multiple times during production HOT 3
- connection from mobile APP HOT 1
- "playeasymail" in from when receive mail HOT 1
- return Result in JSON from signup or login HOT 1
- Sign up does not send any email HOT 3
- How to sign up users on their behalf by another user HOT 1
- Conflicting cross'version
- Opposite of merging users?
- "Remember Me" functionality? HOT 13
- TOTP using Google Authenticator? HOT 2
- Redirect on other URL than index HOT 3
- Sample app not running HOT 1
- Basic provider route throws exception HOT 6
- Create SQL insert User (Admin ect)
- Change Password never persists because of lack of setters? HOT 1
- Play 2.7 support HOT 4
- Play 2.5 link is not working HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from play-authenticate.