final User user = User.findByEmail(email);
if (user != null) {
// yep, we have a user with this email that is active - we do
// not know if the user owning that account has requested this
// reset, though.
final MyUsernamePasswordAuthProvider provider = MyUsernamePasswordAuthProvider
.getProvider();
// User exists
if (user.emailValidated) {
provider.sendPasswordResetMailing(user, ctx());
// In case you actually want to let (the unknown person)
// know whether a user was found/an email was sent, use,
// change the flash message
} else {
// We need to change the message here, otherwise the user
// does not understand whats going on - we should not verify
// with the password reset, as a "bad" user could then sign
// up with a fake email via OAuth and get it verified by an
// a unsuspecting user that clicks the link.
flash(Application.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.email_not_verified"));
// You might want to re-send the verification email here...
provider.sendVerifyEmailMailingAfterSignup(user, ctx());
}
}
return redirect(routes.Application.index());
}