Source Code of controllers.Secure

package controllers;


import models.User;
import play.Logger;
import play.Play;
import play.libs.OAuth;
import play.libs.OAuth2;
import play.libs.WS;
import play.mvc.Before;
import play.mvc.Controller;


import com.google.gson.JsonObject;


public class Secure extends Controller {


  private final static String USER_COOKIE = "user";
  
  private final static OAuth.ServiceInfo TWITTER = new OAuth.ServiceInfo(
    Play.configuration.getProperty("twitter.requestTokenURL"),
    Play.configuration.getProperty("twitter.accessTokenURL"),
    Play.configuration.getProperty("twitter.authorizationURL"),
    Play.configuration.getProperty("twitter.consumerKey"),
    Play.configuration.getProperty("twitter.consumerSecret")
  );


  public static OAuth2 FACEBOOK = new OAuth2(
      Play.configuration.getProperty("facebook.authorizationURL"),
      Play.configuration.getProperty("facebook.accessTokenURL"),
      Play.configuration.getProperty("facebook.clientid"),
      Play.configuration.getProperty("facebook.secret")
  );


  @Before(only={"Application.form", "Application.save", "Application.delete"})
  static void checkAccess() {
    final String userId = session.get(USER_COOKIE);
    
    if (userId==null) {
      login();
    } else {
      final User user = User.findById(Long.valueOf(userId));
      // user had the cookie but was deleted from db
      if (user==null) {
        session.clear();
        login();
      }
      //leave user for being used by the templates
      renderArgs.put("user", user);
    }
  }
  
  static void loadUser() {
    final String userId = session.get(USER_COOKIE);
    if (userId!=null) {
      final User user = User.findById(Long.valueOf(userId));
      // user had the cookie but was deleted from db
      if (user!=null) {
        //leave user for being used by the templates
        renderArgs.put("user", user);
      }
    }
  }
  
  public static void oauthTwitter() {


    // first time the request comes here
    // the user has just pushed the "sign in with twitter button"
    if (!OAuth.isVerifierResponse()) {
      final OAuth twitter = OAuth.service(TWITTER);
      final OAuth.Response response = twitter.retrieveRequestToken();
      if (response.error==null) {
        final User user = new User();
        user.token = response.token;
        user.secret = response.secret;
        user.save();
        session.put("userId", user.id);
        redirect(twitter.redirectUrl(response.token));
      } else {
              Logger.error("Error contacting twitter: " + response.error);
              login();
          }
      
    // the user has been redirected by twitter
    // OAuth.isVerifierResponse() == true
    } else {    
      // user has not authorized access
      if (params.get("denied")!=null) login();


      // user authorized access
      final String userId = session.get("userId");
      if(userId==null) login();
      session.remove("userId");
      
      final User user = User.findById(Long.valueOf(userId));
      final OAuth.Response response = OAuth.service(TWITTER).retrieveAccessToken(user.token, user.secret);
      
      if (response.error==null) {
        // replace old token and secret with new ones
        user.token = response.token;
        user.secret = response.secret;
        
        // get user info
        JsonObject twitterUser = 
            WS.url("http://api.twitter.com/1/account/verify_credentials.json")
            .oauth(TWITTER, user.token, user.secret).get().getJson().getAsJsonObject();
        
        if (twitterUser.get("error") != null) {
                    // error fetching user info, probably the token has expired 
                    Logger.error("Twitter authentication error: %s", twitterUser.get("error"));
                    login();
        }
        user.name = twitterUser.get("name").getAsString();
        user.avatarUrl = twitterUser.get("profile_image_url").getAsString();
        user.save();
        session.put(USER_COOKIE, user.id);
      }
      Application.list();
    }
  }


  public static void oauthFacebook() throws Throwable
    {
        if ( params.get("error") != null ) {
            // El usuario no autorizo el acceso
            // error_reason y error_description traen mas info
            login();
        }
        final String authUrl = play.mvc.Router.getFullUrl("Secure.oauthFacebook");


        if (OAuth2.isCodeResponse()) {
            // El usuario autorizo el acceso desde Facebook
            OAuth2.Response response = FACEBOOK.retrieveAccessToken(authUrl);
            User user = User.find("accessToken = ?", response.accessToken).first();
            if ( user == null ) {
                user = new User();
                user.accessToken = response.accessToken;
            }
            JsonObject me = WS.url("https://graph.facebook.com/me?fields=name,picture&access_token=%s", WS.encode(user.accessToken)).get().getJson().getAsJsonObject();
            user.name = me.get("name").getAsString();
            user.avatarUrl = me.get("picture").getAsString();
            user.save();
            session.put(USER_COOKIE, user.id);


            Application.list();
        }
        FACEBOOK.retrieveVerificationCode(authUrl);
    }
  
  
  public static void login() {
    render();
  }
  
  public static void logout() {
    session.clear();
    Application.list();
  }
  
}
Source Code of controllers.Secure

Related Classes of controllers.Secure
