i'm writing a play 2.3 application using secure social. I've customize my login form:
@(loginForm: Form[(String,String)], errorMsg: Option[String] = None)(implicit request: RequestHeader, lang: Lang, env:securesocial.core.RuntimeEnvironment[_])
@import securesocial.core.providers.UsernamePasswordProvider.UsernamePassword
@main(Messages("securesocial.login.title"))(null) {
<div class="login">
<div class="page-header">
<h1>@Messages("securesocial.login.title")</h1>
</div>
@errorMsg.map { msg =>
<div class="alert alert-danger">
@Messages(msg)
</div>
}
@request.flash.get("success").map { msg =>
<div class="alert alert-info">
@msg
</div>
}
@request.flash.get("error").map { msg =>
<div class="alert alert-danger">
@msg
</div>
}
@defining( env.providers.values.filter( _.id != UsernamePassword) ) { externalProviders =>
@env.providers.get(UsernamePassword).map { up =>
<div class="clearfix">
@if( externalProviders.size > 0 ) {
<p>@Messages("securesocial.login.useEmailAndPassword")</p>
} else {
<p>@Messages("securesocial.login.useEmailAndPasswordOnly")</p>
}
@securesocial.views.html.provider("userpass", Some(loginForm))
</div>
}
}
</div>
}
But when the view is display i see "Did you forget your password? If you don't have an account with us yet you can sign up here". But i don't want it, in my application the user get the credentials from the administrator, he can't signup and change the password. how can i do that?
Furthemore i don't want to import all the secure social routes, but only the routes needed for the login action.
If you look into the source of the securesocial.views.html.provider template which is imported in your customized login page you will see that password recovery information is defined there:
<div class="clearfix">
<p><a href="@env.routes.resetPasswordUrl">@Messages("securesocial.login.forgotPassword") </a></p>
</div>
All you need to do is to customize this part of a view as well. Create an another template based on the original SecureSocial view and remove parts that are not required for you.
If you want to allow only login and logout actions simply omit other route definitions and don't put them in your route file. You need only:
GET /login securesocial.controllers.LoginPage.login
GET /logout securesocial.controllers.LoginPage.logout
and providers entry points:
GET /authenticate/:provider securesocial.controllers.ProviderController.authenticate(provider)
POST /authenticate/:provider securesocial.controllers.ProviderController.authenticateByPost(provider)
GET /not-authorized securesocial.controllers.ProviderController.notAuthorized
If you want to allow your user to change a password after login you should consider using build-in actions:
GET /password securesocial.controllers.PasswordChange.page
POST /password securesocial.controllers.PasswordChange.handlePasswordChange