From 2cb0f8676f2cf819466d8290ee4b1ddfb7ee2d0c Mon Sep 17 00:00:00 2001 From: Jaap ter Woerds Date: Tue, 14 Jan 2014 10:54:57 +0100 Subject: [PATCH] 341-auto-login-after-reset-password Add option to automatically sign in a user after resetting their password. --- docs/src/manual/source/guide/configuration.md | 2 ++ .../app/securesocial/controllers/Registration.scala | 13 +++++++++---- .../core/providers/UsernamePasswordProvider.scala | 2 ++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/src/manual/source/guide/configuration.md b/docs/src/manual/source/guide/configuration.md index 164769585..c6622f2ba 100644 --- a/docs/src/manual/source/guide/configuration.md +++ b/docs/src/manual/source/guide/configuration.md @@ -132,6 +132,8 @@ The following properties can be configured: - `hasher`: Specifies the current password hasher. +- `loginAfterResetPassword`: if set to `true`, the user will be automatically signed in when they have reset their password. If set to `false` the user will have to sign in after reset their password. Username/password only. + For example: :::bash diff --git a/module-code/app/securesocial/controllers/Registration.scala b/module-code/app/securesocial/controllers/Registration.scala index c9f7c1ffd..905e1ad83 100644 --- a/module-code/app/securesocial/controllers/Registration.scala +++ b/module-code/app/securesocial/controllers/Registration.scala @@ -299,21 +299,26 @@ object Registration extends Controller { BadRequest(use[TemplatesPlugin].getResetPasswordPage(request, errors, token)) }, p => { - val (toFlash, eventSession) = UserService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword) match { + val (toFlash, redirect, eventSession)= UserService.findByEmailAndProvider(t.email, UsernamePasswordProvider.UsernamePassword) match { case Some(user) => { val hashed = Registry.hashers.currentHasher.hash(p._1) val updated = UserService.save( SocialUser(user).copy(passwordInfo = Some(hashed)) ) UserService.deleteToken(token) Mailer.sendPasswordChangedNotice(updated) val eventSession = Events.fire(new PasswordResetEvent(user)) - ( (Success -> Messages(PasswordUpdated)), eventSession) + val redirect = if( UsernamePasswordProvider.loginAfterResetPassword ) { + Some(ProviderController.completeAuthentication(user, eventSession.getOrElse(Some(request.session).get))) + }else { + None + } + ( (Success -> Messages(PasswordUpdated)), redirect, eventSession) } case _ => { Logger.error("[securesocial] could not find user with email %s during password reset".format(t.email)) - ( (Error -> Messages(ErrorUpdatingPassword)), None) + ( (Error -> Messages(ErrorUpdatingPassword)), None, None) } } - val result = Redirect(onHandleResetPasswordGoTo).flashing(toFlash) + val result = redirect.orElse(Some(Redirect(onHandleResetPasswordGoTo))).get.flashing(toFlash) eventSession.map( result.withSession(_) ).getOrElse(result) }) }) diff --git a/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala b/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala index 4ce330cb2..9f7abb228 100644 --- a/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala +++ b/module-code/app/securesocial/core/providers/UsernamePasswordProvider.scala @@ -78,6 +78,7 @@ object UsernamePasswordProvider { private val Hasher = "securesocial.userpass.hasher" private val EnableTokenJob = "securesocial.userpass.enableTokenJob" private val SignupSkipLogin = "securesocial.userpass.signupSkipLogin" + private val LoginAfterResetPassword = "securesocial.userpass.loginAfterResetPassword" val loginForm = Form( tuple( @@ -92,6 +93,7 @@ object UsernamePasswordProvider { lazy val hasher = current.configuration.getString(Hasher).getOrElse(PasswordHasher.BCryptHasher) lazy val enableTokenJob = current.configuration.getBoolean(EnableTokenJob).getOrElse(true) lazy val signupSkipLogin = current.configuration.getBoolean(SignupSkipLogin).getOrElse(false) + lazy val loginAfterResetPassword = current.configuration.getBoolean(LoginAfterResetPassword).getOrElse(false) } /**