play silhouette is not inserting password into database table

Question

I am using play silhouette 4.0.0-BETA4. Everything seems to work fine except for storing the password. Each time I try to sign a new user up, all it's details are entered except for the password which seems to be stored in passwordinfo table.

I am using a MySQL database.

I spent a few hours trying to find out where the problem is and I couldn't figure it out.

build.sbt

  "com.mohiva" %% "play-silhouette" % "4.0.0-BETA4",
  "com.mohiva" %% "play-silhouette-persistence-memory" % "4.0.0-BETA4",
  "com.mohiva" %% "play-silhouette-password-bcrypt" % "4.0.0-BETA4",
  "com.mohiva" %% "play-silhouette-testkit" % "4.0.0-BETA4" % "test"

SignUpController

val user = User(
  None,
  userID = UUID.randomUUID(),
  loginInfo = loginInfo,
  firstName = Some(data.firstName),
  lastName = Some(data.lastName),
  fullName = Some(data.firstName + " " + data.lastName),
  email = Some(data.email),
  avatarURL = None
)
for {
  avatar <- avatarService.retrieveURL(data.email)
  user <- userService.save(user.copy(avatarURL = avatar))
  authInfo <- authInfoRepository.add(loginInfo, authInfo)
  authenticator <- silhouette.env.authenticatorService.create(loginInfo)
  token <- silhouette.env.authenticatorService.init(authenticator)
} yield {
  silhouette.env.eventBus.publish(SignUpEvent(user, request))
  silhouette.env.eventBus.publish(LoginEvent(user, request))
  Ok(Json.obj("token" -> token))
}

Here authInfoRepository.add should add the password in database.

I tried to debug the add function of authInfoRepository and it seems to get me to an add function in DelegableAuthInfoRepository.scala. Here is the function:

  override def add[T <: AuthInfo](loginInfo: LoginInfo, authInfo: T): Future[T] = {
    daos.find(_.classTag.runtimeClass == authInfo.getClass) match {
      case Some(dao) => dao.asInstanceOf[AuthInfoDAO[T]].add(loginInfo, authInfo)
      case _         => throw new ConfigurationException(AddError.format(authInfo.getClass))
    }
  }

I used IntelliJ to evaluate daos.find(_.classTag.runtimeClass == authInfo.getClass) and it seems to give me an error which I cannot understand (the error is: Could not evaluate due to a change in a source file; this error appears only when evaluating with IntelliJ, nothing else appears in the logs). If I try to continue the execution, it goes to the case Some line. If I continue, the debugger return to daos.find line. I tried to check for implementations of the add function from the case Some line and it seems to find only something related to In Memory Database: InMemoryAuthInfoDAO.scala.

I am not sure if the problem is coming from here but I really cannot understand why it is not adding the password and everything else works as expected.

The code I used was taken from a few exemples from Silhouette website. I don't have much knowledge about security.

If there is anything else missing, please let me know.

Answer 1

I know this is too late. But, it may help someone. the solution is to make your own class that extends DelegableAuthInfoDAO. as commented in the SilhouetteModule, it is using InMemmoryAuthInfoDAO class by default.

// Replace this with the bindings to your concrete DAOs
bind[DelegableAuthInfoDAO[GoogleTotpInfo]].toInstance(new InMemoryAuthInfoDAO[GoogleTotpInfo])
// this line has been changed to persist passwords in a DB
bind[DelegableAuthInfoDAO[PasswordInfo]].toInstance(new DBAuthDAO)
// this line has been changed to persist passwords in a DB
bind[DelegableAuthInfoDAO[OAuth1Info]].toInstance(new InMemoryAuthInfoDAO[OAuth1Info])
bind[DelegableAuthInfoDAO[OAuth2Info]].toInstance(new InMemoryAuthInfoDAO[OAuth2Info])
bind[DelegableAuthInfoDAO[OpenIDInfo]].toInstance(new InMemoryAuthInfoDAO[OpenIDInfo])

this code block is located in SilhouetteModule.scala

Answer 2

I solved a similar problem. I added this line.

/** SilhouetteModule.scala */

import net.ceedubs.ficus.readers.EnumerationReader._

Hope it helps :D