Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 10 09:34
    takayahilton closed #195
  • Sep 10 09:34
    takayahilton opened #195
  • Sep 10 06:56
    takayahilton closed #37
  • Sep 10 06:56
    takayahilton opened #37
  • Jul 31 10:08
    JensRichnow opened #194
  • Jul 08 17:32

    gakuzzzz on play2.7

    play2.7 (compare)

  • Jul 08 17:30

    gakuzzzz on play2.7

    play2.7 (compare)

  • Jul 07 10:56

    gakuzzzz on play2.6

    temp (compare)

  • Jul 06 14:29

    gakuzzzz on play2.6

    temp commit (compare)

  • Jul 05 10:12

    gakuzzzz on play2.6

    Change withLoggedIn signature t… (compare)

  • May 11 18:45
    fdoumet commented #184
  • May 11 18:45
    fdoumet commented #184
  • Apr 13 18:03
    tokkiyaa closed #190
  • Aug 23 2018 12:19
    jAANUSZEK0700 opened #193
  • Jul 11 2018 20:56
    mycaule closed #181
  • Jul 02 2018 12:59
    philliptaylorpro opened #192
  • Jun 19 2018 14:58
    Enalmada commented #184
  • Jun 19 2018 07:14
    Enalmada commented #184
  • Jun 18 2018 01:33
    Enalmada commented #184
  • Jun 18 2018 01:32
    Enalmada commented #184
Manabu Nakamura
@gakuzzzz
the “basic” sample is a sample using 'HTTP Basic Authentication' https://www.ietf.org/rfc/rfc2617.txt
Pierce Lamb
@piercelamb
@gakuzzzz argh
@gakuzzzz i implemented the standard sample
@gakuzzzz same thing still happens, works fine locally, but does not work on my production site
after calling this
gotoLoginSucceeded(user.get.id, Future.successful(Redirect(controllers.auth.routes.AuthController.adminLoggedIn)))
authentication is failing
Pierce Lamb
@piercelamb
need to get this solved asap
learning more about what is going on here would really help
Manabu Nakamura
@gakuzzzz
@piercelamb Do you use default tokenAccesor configuration in your AuthConfig implementation?
The default configuration needs SSL in production for security.
https://github.com/t2v/play2-auth/blob/a15dbaf6d1a984bfd2fa09f877ea964df573bb3b/module/src/main/scala/jp/t2v/lab/play2/auth/AuthConfig.scala#L53
Pierce Lamb
@piercelamb
@gakuzzzz My BaseAuthConfig extends AuthConfig which has that same code in it
what do I need to change in cookieSecureOption to enable SSL ?
@gakuzzzz could this be the problem?
[warn] /Users/plamb/Documents/Personal/Coding/portlandpaella/app/controllers/auth/AuthConfigImpl.scala:32: method maybeApplication in object Play is deprecated: This is a static reference to application, use DI instead
[warn]     cookieSecureOption = play.api.Play.maybeApplication.exists(app => play.api.Play.isProd(app)),
[warn]                                        ^
[warn] /Users/plamb/Documents/Personal/Coding/portlandpaella/app/controllers/auth/AuthConfigImpl.scala:32: method isProd in object Play is deprecated: inject the play.api.Environment instead
[warn]     cookieSecureOption = play.api.Play.maybeApplication.exists(app => play.api.Play.isProd(app)),
Manabu Nakamura
@gakuzzzz
@piercelamb You need not change in cookieSecureOption to enable SSL. The default setting is using SSL in PROD.
All you need to access with https in your application on production site
Pierce Lamb
@piercelamb
ohh
@gakuzzzz so i need SSL enabled on my site?
is it possible to NOT use SSL in prod? or is that really bad?
i’d like to just test that SSL enabling is exactly the problem
Manabu Nakamura
@gakuzzzz
@piercelamb No, It is possible to NOT use SSL in prod.
Set false to cookieSecureOption.
However the setting is big security hole. Attackers can session hijack at your application. We strongly recommend using SSL in prod.
Pierce Lamb
@piercelamb
okay
@gakuzzzz just to be clear, by that you mean https right
Pierce Lamb
@piercelamb
@gakuzzzz tested with false and you are correct
was able to login fine
mhzajac
@mhzajac
Are there plans for maintaining this library moving forward?
Manabu Nakamura
@gakuzzzz
We want to integrate to Play2.5 later & Scala2.12
Rob
@ChickenSniper
2 questions...
1) I noticed its been a while since there's been any updates to the code. Is active development suspended at this time?
2) from what I understand, authenticated tokens are cached server side. Is there risk of these tokens aging out of the cache?
Manabu Nakamura
@gakuzzzz
@ChickenSniper
1) Sorry now we are not going to take resources to update.
2) There is no risk. the default implementation has cache timeout.
Camilo A. Sampedro Restrepo
@camilosampedro
Hello
Is there any way to send the user information in the loginSucceeded method?
For instance, send the Full name
mhzajac
@mhzajac
@gakuzzzz If you don't have the time to maintain/update the library, would you consider adding other maintainers to avoid the need for people to publish forks in the future?
Camilo A. Sampedro Restrepo
@camilosampedro
@mhzajac I second this idea
nafg
@nafg
+1
Jonathan Lyons
@jclyons
i also support @mhzajac 's suggestion
Frank Rosner
@FRosner

Hi!

I'm trying to use play2-auth also for my websocket controller but I don't see a way to conveniently get the session ID for a logged in user. I am now overwriting a lot of methods / writing my own classes already. Is there a built-in support or a different module that handles this in a good way? I need the session ID because I need to cut the websocket connection on logout.

Thanks!

Alexej Haak
@Daxten
   Controller with AsyncAuth {

  def socket: WebSocket = WebSocket.acceptOrResult[String, String] { implicit request =>
    authorized(isLoggedIn).map {
      case Left(_) => Left(Forbidden)
      case Right((user, _)) =>
        Right {
          ActorFlow.actorRef(out => {
            actorManager.agentWebsocketServer ! (out, user.id.get)
            AgentClientActor.props(out, actorManager, user)
          })
        }
    }
  }
   }
quickly copied out of my code
AsyncAuth is the trick
Frank Rosner
@FRosner
Cool thanks! I'll take a look
Alexej Haak
@Daxten
hey, @t2v are you already working on 2.6 support?
nafg
@nafg
+1
Joe Zulli
@GitsMcGee
+1 for 2.6 support
Rob
@ChickenSniper
Has anyone been able to integrate this with Play 2.6.6??
Frank Rosner
@FRosner
@ChickenSniper nope. I am migrating to silhouette now.
mhzajac
@mhzajac
@ChickenSniper Kind of. We rely heavily on play2-auth, so we've been working on a fork that allows it to with runtime DI in Play 2.5.x and on. The basic functionality is the same, but now all components are runtime injectable and all weird globals have been stomped out. https://github.com/jaroop/play-sentry