Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 10 09:34
    takayahilton closed #195
  • Sep 10 09:34
    takayahilton opened #195
  • Sep 10 06:56
    takayahilton closed #37
  • Sep 10 06:56
    takayahilton opened #37
  • Jul 31 10:08
    JensRichnow opened #194
  • Jul 08 17:32

    gakuzzzz on play2.7

    play2.7 (compare)

  • Jul 08 17:30

    gakuzzzz on play2.7

    play2.7 (compare)

  • Jul 07 10:56

    gakuzzzz on play2.6

    temp (compare)

  • Jul 06 14:29

    gakuzzzz on play2.6

    temp commit (compare)

  • Jul 05 10:12

    gakuzzzz on play2.6

    Change withLoggedIn signature t… (compare)

  • May 11 18:45
    fdoumet commented #184
  • May 11 18:45
    fdoumet commented #184
  • Apr 13 18:03
    tokkiyaa closed #190
  • Aug 23 2018 12:19
    jAANUSZEK0700 opened #193
  • Jul 11 2018 20:56
    mycaule closed #181
  • Jul 02 2018 12:59
    philliptaylorpro opened #192
  • Jun 19 2018 14:58
    Enalmada commented #184
  • Jun 19 2018 07:14
    Enalmada commented #184
  • Jun 18 2018 01:33
    Enalmada commented #184
  • Jun 18 2018 01:32
    Enalmada commented #184
Pierce Lamb
@piercelamb
[warn] /Users/plamb/Documents/Personal/Coding/portlandpaella/app/controllers/auth/AuthConfigImpl.scala:32: method maybeApplication in object Play is deprecated: This is a static reference to application, use DI instead
[warn]     cookieSecureOption = play.api.Play.maybeApplication.exists(app => play.api.Play.isProd(app)),
[warn]                                        ^
[warn] /Users/plamb/Documents/Personal/Coding/portlandpaella/app/controllers/auth/AuthConfigImpl.scala:32: method isProd in object Play is deprecated: inject the play.api.Environment instead
[warn]     cookieSecureOption = play.api.Play.maybeApplication.exists(app => play.api.Play.isProd(app)),
Manabu Nakamura
@gakuzzzz
@piercelamb You need not change in cookieSecureOption to enable SSL. The default setting is using SSL in PROD.
All you need to access with https in your application on production site
Pierce Lamb
@piercelamb
ohh
@gakuzzzz so i need SSL enabled on my site?
is it possible to NOT use SSL in prod? or is that really bad?
i’d like to just test that SSL enabling is exactly the problem
Manabu Nakamura
@gakuzzzz
@piercelamb No, It is possible to NOT use SSL in prod.
Set false to cookieSecureOption.
However the setting is big security hole. Attackers can session hijack at your application. We strongly recommend using SSL in prod.
Pierce Lamb
@piercelamb
okay
@gakuzzzz just to be clear, by that you mean https right
Pierce Lamb
@piercelamb
@gakuzzzz tested with false and you are correct
was able to login fine
mhzajac
@mhzajac
Are there plans for maintaining this library moving forward?
Manabu Nakamura
@gakuzzzz
We want to integrate to Play2.5 later & Scala2.12
Rob
@ChickenSniper
2 questions...
1) I noticed its been a while since there's been any updates to the code. Is active development suspended at this time?
2) from what I understand, authenticated tokens are cached server side. Is there risk of these tokens aging out of the cache?
Manabu Nakamura
@gakuzzzz
@ChickenSniper
1) Sorry now we are not going to take resources to update.
2) There is no risk. the default implementation has cache timeout.
Camilo A. Sampedro Restrepo
@camilosampedro
Hello
Is there any way to send the user information in the loginSucceeded method?
For instance, send the Full name
mhzajac
@mhzajac
@gakuzzzz If you don't have the time to maintain/update the library, would you consider adding other maintainers to avoid the need for people to publish forks in the future?
Camilo A. Sampedro Restrepo
@camilosampedro
@mhzajac I second this idea
nafg
@nafg
+1
Jonathan Lyons
@jclyons
i also support @mhzajac 's suggestion
Frank Rosner
@FRosner

Hi!

I'm trying to use play2-auth also for my websocket controller but I don't see a way to conveniently get the session ID for a logged in user. I am now overwriting a lot of methods / writing my own classes already. Is there a built-in support or a different module that handles this in a good way? I need the session ID because I need to cut the websocket connection on logout.

Thanks!

Alexej Haak
@Daxten
   Controller with AsyncAuth {

  def socket: WebSocket = WebSocket.acceptOrResult[String, String] { implicit request =>
    authorized(isLoggedIn).map {
      case Left(_) => Left(Forbidden)
      case Right((user, _)) =>
        Right {
          ActorFlow.actorRef(out => {
            actorManager.agentWebsocketServer ! (out, user.id.get)
            AgentClientActor.props(out, actorManager, user)
          })
        }
    }
  }
   }
quickly copied out of my code
AsyncAuth is the trick
Frank Rosner
@FRosner
Cool thanks! I'll take a look
Alexej Haak
@Daxten
hey, @t2v are you already working on 2.6 support?
nafg
@nafg
+1
Joe Zulli
@GitsMcGee
+1 for 2.6 support
Rob
@ChickenSniper
Has anyone been able to integrate this with Play 2.6.6??
Frank Rosner
@FRosner
@ChickenSniper nope. I am migrating to silhouette now.
mhzajac
@mhzajac
@ChickenSniper Kind of. We rely heavily on play2-auth, so we've been working on a fork that allows it to with runtime DI in Play 2.5.x and on. The basic functionality is the same, but now all components are runtime injectable and all weird globals have been stomped out. https://github.com/jaroop/play-sentry
Still putting the finishing touches on it, but 1.0.0-SNAPSHOT is published to sonatype for any one that's interested. I expect to finalize it within a week or two.
nafg
@nafg
@mhzajac to be clear, it cannot be used without guice?
mhzajac
@mhzajac
Correct. Unfortunately in order to maintain the type flexibility of AuthConfig, it required the use of TypeLiterals from guice, which are not supported by all DI frameworks.
Unless some brave soul can find another way to make it work.
nafg
@nafg
@mhzajac I would like to. Can you give me exact instructions what needs to be done?
mhzajac
@mhzajac
I don't know if it's theoretically possible with runtime DI. The main roadblock that I ran into is that AuthConfig contains three type aliases, which made it difficult to make that component (and basically all others) difficult to inject and runtime and also know about the correct types at compile time. Using a type parameter (same trick that play-silhouette uses) cut down on the required boilerplate, but I couldn't find a way to make it work without guice.
As I needed TypeLiteral bindings in the module.
It looks like play-silhouette only works with guice right now, too.
We opted not to use silhouette because it is massive and would require a decent amount of rework in our applications with the risk of it also becoming abandonware down the road. Porting play2-auth to work with guice was straightforward enough, but with some limitations to keep a similar API.
Confining ourselves to guice was a small sacrifice since Play seems to provide the most out-of-the-box support for it.
nafg
@nafg
@mhzajac I know silhouette does not require guice
Yes, most examples for it and play use guice
I think play is moving away from that though
It's very unidiomatic Scala, and really unnecessary
mhzajac
@mhzajac
Play attempts to provide an API that is DI framework agnostic, but I don't think they're "moving away from that". That was kind of the entire reason this library ceases to work in Play 2.6. To say a DI framework is unnecessary (if that's what you meant to say) though is very dismissive. I was resistant at first, but it has taken away many headaches from building and testing applications. .. but that's neither here nor there.