minimum support for Play 2.5

module-code/app/securesocial/controllers/Assets.scala

@@ -1,3 +1,3 @@
 package securesocial.controllers
 
-object Assets extends controllers.AssetsBuilder(play.api.http.LazyHttpErrorHandler)
+class Assets extends controllers.AssetsBuilder(play.api.http.LazyHttpErrorHandler)

module-code/app/securesocial/controllers/LoginPage.scala

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,13 +18,13 @@ package securesocial.controllers
 
 import javax.inject.Inject
 
+import play.api.Application
+import play.filters.csrf.CSRFAddToken
 import securesocial.core._
+import securesocial.core.providers.UsernamePasswordProvider
 import securesocial.core.utils._
-import play.api.Play
-import Play.current
-import providers.UsernamePasswordProvider
-import scala.concurrent.{ ExecutionContext, Future }
-import play.filters.csrf._
+
+import scala.concurrent.Future
 
 /**
  * A default Login controller that uses BasicProfile as the user type.
@@ -44,8 +44,12 @@ trait BaseLoginPage extends SecureSocial {
    */
   val onLogoutGoTo = "securesocial.onLogoutGoTo"
 
+  @Inject
+  implicit var CSRFAddToken: CSRFAddToken = null
+
   /**
    * Renders the login page
+    *
    * @return
    */
   def login = CSRFAddToken {
@@ -71,6 +75,9 @@ trait BaseLoginPage extends SecureSocial {
     }
   }
 
+  @Inject
+  var application: Application = null
+
   /**
    * Logs out the user by clearing the credentials from the session.
    * The browser is redirected either to the login page or to the page specified in the onLogoutGoTo property.
@@ -79,7 +86,7 @@ trait BaseLoginPage extends SecureSocial {
    */
   def logout = UserAwareAction.async {
     implicit request =>
-      val redirectTo = Redirect(Play.configuration.getString(onLogoutGoTo).getOrElse(env.routes.loginPageUrl))
+      val redirectTo = Redirect(application.configuration.getString(onLogoutGoTo).getOrElse(env.routes.loginPageUrl))
       val result = for {
         user <- request.user
         authenticator <- request.authenticator

module-code/app/securesocial/controllers/MailTokenBasedOperations.scala

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,18 +17,17 @@
 package securesocial.controllers
 
 import java.util.UUID
+import javax.inject.Inject
 
 import org.joda.time.DateTime
-import play.api.Play
+import play.api.Application
 import play.api.data.Form
 import play.api.data.Forms._
 import play.api.data.validation.Constraints._
 import play.api.i18n.Messages
-import play.api.mvc.{ RequestHeader, Result }
+import play.api.mvc.{RequestHeader, Result}
 import securesocial.core.SecureSocial
 import securesocial.core.providers.MailToken
-import play.api.i18n.Messages.Implicits._
-import play.api.Play.current
 
 import scala.concurrent.Future
 
@@ -42,7 +41,9 @@ abstract class MailTokenBasedOperations extends SecureSocial {
   val Email = "email"
   val TokenDurationKey = "securesocial.userpass.tokenDuration"
   val DefaultDuration = 60
-  val TokenDuration = Play.current.configuration.getInt(TokenDurationKey).getOrElse(DefaultDuration)
+  @Inject
+  implicit var application: Application = null
+  val TokenDuration = application.configuration.getInt(TokenDurationKey).getOrElse(DefaultDuration)
 
   val startForm = Form(
     Email -> email.verifying(nonEmpty)
@@ -51,7 +52,7 @@ abstract class MailTokenBasedOperations extends SecureSocial {
   /**
    * Creates a token for mail based operations
    *
-   * @param email the email address
+    * @param email   the email address
    * @param isSignUp a boolean indicating if the token is used for a signup or password reset operation
    * @return a MailToken instance
    */
@@ -67,22 +68,21 @@ abstract class MailTokenBasedOperations extends SecureSocial {
    * Helper method to execute actions where a token needs to be retrieved from
    * the backing store
    *
-   * @param token the token id
+    * @param token   the token id
    * @param isSignUp a boolean indicating if the token is used for a signup or password reset operation
-   * @param f the function that gets invoked if the token exists
-   * @param request the current request
+    * @param f       the function that gets invoked if the token exists
+    * @param request the current request
    * @return the action result
    */
   protected def executeForToken(token: String, isSignUp: Boolean,
-    f: MailToken => Future[Result])(implicit request: RequestHeader): Future[Result] =
-    {
-      env.userService.findToken(token).flatMap {
-        case Some(t) if !t.isExpired && t.isSignUp == isSignUp => f(t)
-        case _ =>
-          val to = if (isSignUp) env.routes.startSignUpUrl else env.routes.startResetPasswordUrl
-          Future.successful(Redirect(to).flashing(Error -> Messages(BaseRegistration.InvalidLink)))
-      }
+                                f: MailToken => Future[Result])(implicit request: RequestHeader): Future[Result] = {
+    env.userService.findToken(token).flatMap {
+      case Some(t) if !t.isExpired && t.isSignUp == isSignUp => f(t)
+      case _ =>
+        val to = if (isSignUp) env.routes.startSignUpUrl else env.routes.startResetPasswordUrl
+        Future.successful(Redirect(to).flashing(Error -> Messages(BaseRegistration.InvalidLink)))
     }
+  }
 
   /**
    * The result sent after the start page is handled

module-code/app/securesocial/controllers/PasswordChange.scala

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,18 +18,17 @@ package securesocial.controllers
 
 import javax.inject.Inject
 
-import securesocial.core._
-import securesocial.core.SecureSocial._
-import play.api.mvc.Result
-import play.api.Play
+import play.api.Application
 import play.api.data.Form
 import play.api.data.Forms._
+import play.api.i18n.Messages
+import play.api.mvc.Result
+import play.filters.csrf.{CSRFCheck, _}
+import securesocial.core.SecureSocial._
+import securesocial.core._
 import securesocial.core.providers.utils.PasswordValidator
-import play.api.i18n.{ I18nSupport, Messages }
-import scala.concurrent.{ Await, ExecutionContext, Future }
-import play.filters.csrf._
-import play.api.i18n.Messages.Implicits._
-import play.api.Play.current
+
+import scala.concurrent.{Await, Future}
 
 /**
  * A default PasswordChange controller that uses the BasicProfile as the user type
@@ -57,15 +56,18 @@ trait BasePasswordChange extends SecureSocial {
    */
   val onPasswordChangeGoTo = "securesocial.onPasswordChangeGoTo"
 
+  @Inject
+  implicit var application: Application = null
   /** The redirect target of the handlePasswordChange action. */
-  def onHandlePasswordChangeGoTo = Play.current.configuration.getString(onPasswordChangeGoTo).getOrElse(
+  def onHandlePasswordChangeGoTo = application.configuration.getString(onPasswordChangeGoTo).getOrElse(
     securesocial.controllers.routes.PasswordChange.page().url
   )
 
   /**
    * checks if the supplied password matches the stored one
+    *
    * @param suppliedPassword the password entered in the form
-   * @param request the current request
+    * @param request         the current request
    * @tparam A the type of the user object
    * @return a future boolean
    */
@@ -104,6 +106,9 @@ trait BasePasswordChange extends SecureSocial {
     }
   }
 
+  @Inject
+  implicit var CSRFAddToken: CSRFAddToken = null
+
   /**
    * Renders the password change page
    *
@@ -119,6 +124,9 @@ trait BasePasswordChange extends SecureSocial {
     }
   }
 
+  @Inject
+  implicit var CSRFCheck: CSRFCheck = null
+
   /**
    * Handles form submission from the password change page
    *
@@ -132,7 +140,6 @@ trait BasePasswordChange extends SecureSocial {
           info => {
             val newPasswordInfo = env.currentHasher.hash(info.newPassword)
             val userLang = request2lang(request)
-            implicit val messages = applicationMessages
             env.userService.updatePasswordInfo(request.user, newPasswordInfo).map {
               case Some(u) =>
                 env.mailer.sendPasswordChangedNotice(u)(request, userLang)
@@ -152,6 +159,6 @@ trait BasePasswordChange extends SecureSocial {
  * The class used in the form
  *
  * @param currentPassword the user's current password
- * @param newPassword the new password
+  * @param newPassword    the new password
  */
 case class ChangeInfo(currentPassword: String, newPassword: String)

module-code/app/securesocial/controllers/PasswordReset.scala

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,14 +21,12 @@ import javax.inject.Inject
 import play.api.data.Form
 import play.api.data.Forms._
 import play.api.i18n.Messages
-import play.filters.csrf._
 import play.api.mvc.Action
+import play.filters.csrf.{CSRFCheck, _}
 import securesocial.core._
 import securesocial.core.providers.UsernamePasswordProvider
 import securesocial.core.providers.utils.PasswordValidator
 import securesocial.core.services.SaveMode
-import play.api.i18n.Messages.Implicits._
-import play.api.Play.current
 
 import scala.concurrent.Future
 
@@ -57,6 +55,9 @@ trait BasePasswordReset extends MailTokenBasedOperations {
       ).verifying(Messages(BaseRegistration.PasswordsDoNotMatch), passwords => passwords._1 == passwords._2)
   )
 
+  @Inject
+  implicit var CSRFAddToken: CSRFAddToken = null
+
   /**
    * Renders the page that starts the password reset flow
    */
@@ -67,6 +68,9 @@ trait BasePasswordReset extends MailTokenBasedOperations {
     }
   }
 
+  @Inject
+  implicit var CSRFCheck: CSRFCheck = null
+
   /**
    * Handles form submission for the start page
    */

module-code/app/securesocial/controllers/ProviderController.scala

@@ -17,15 +17,14 @@
 package securesocial.controllers
 
 import javax.inject.Inject
-import play.api.Play
+
+import play.api.Application
 import play.api.i18n.Messages
 import play.api.mvc._
 import securesocial.core._
 import securesocial.core.authenticator.CookieAuthenticator
 import securesocial.core.services.SaveMode
 import securesocial.core.utils._
-import play.api.i18n.Messages.Implicits._
-import play.api.Play.current
 
 import scala.concurrent.Future
 
@@ -39,7 +38,8 @@ class ProviderController @Inject() (override implicit val env: RuntimeEnvironmen
  * A trait that provides the means to authenticate users for web applications
  */
 trait BaseProviderController extends SecureSocial {
-  import securesocial.controllers.ProviderControllerHelper.{ logger, toUrl }
+
+  import securesocial.controllers.ProviderControllerHelper.{logger, toUrl}
 
   /**
    * The authentication entry point for GET requests
@@ -173,10 +173,13 @@ object ProviderControllerHelper {
    *
    * @return
    */
-  def landingUrl = Play.configuration.getString(onLoginGoTo).getOrElse(
-    Play.configuration.getString(ApplicationContext).getOrElse(Root)
+  def landingUrl = application.configuration.getString(onLoginGoTo).getOrElse(
+    application.configuration.getString(ApplicationContext).getOrElse(Root)
   )
 
+  @Inject
+  implicit var application: Application = null
+
   /**
    * Returns the url that the user should be redirected to after login
    *

module-code/app/securesocial/controllers/Registration.scala

@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,17 +21,15 @@ import javax.inject.Inject
 import play.api.data.Forms._
 import play.api.data._
 import play.api.i18n.Messages
-import play.filters.csrf._
 import play.api.mvc.Action
+import play.filters.csrf.{CSRFCheck, _}
 import securesocial.core._
 import securesocial.core.authenticator.CookieAuthenticator
 import securesocial.core.providers.UsernamePasswordProvider
 import securesocial.core.providers.utils._
 import securesocial.core.services.SaveMode
-import play.api.i18n.Messages.Implicits._
-import play.api.Play.current
 
-import scala.concurrent.{ Await, Future }
+import scala.concurrent.{Await, Future}
 
 /**
  * A default Registration controller that uses the BasicProfile as the user type
@@ -92,6 +90,9 @@ trait BaseRegistration extends MailTokenBasedOperations {
 
   val form = if (UsernamePasswordProvider.withUserNameSupport) formWithUsername else formWithoutUsername
 
+  @Inject
+  implicit var CSRFAddToken: CSRFAddToken = null
+
   /**
    * Starts the sign up process
    */
@@ -106,6 +107,9 @@ trait BaseRegistration extends MailTokenBasedOperations {
     }
   }
 
+  @Inject
+  implicit var CSRFCheck: CSRFCheck = null
+
   def handleStartSignUp = CSRFCheck {
     Action.async {
       implicit request =>
@@ -137,6 +141,7 @@ trait BaseRegistration extends MailTokenBasedOperations {
 
   /**
    * Renders the sign up page
+    *
    * @return
    */
   def signUp(token: String) = CSRFAddToken {