Unauthorized: You must be authenticated to access this page. - When passing play forms

Question

Now I know I might not have clean code but I just want the damn thing to work. It gives me an "Unauthorized. You must be authenticated to access this page" error.

I have the following controller

    package controllers

import javax.inject._
import play.api._
import play.api.mvc._
import play.api.data._
import play.api.data.Forms._
import models.UserData
import models.Contact
import play.api.i18n._
/**
 * This controller creates an `Action` to handle HTTP requests to the
 * application's home page.
 */
@Singleton
class HomeController @Inject()(val messagesApi: MessagesApi)extends Controller with I18nSupport {

  /**
   * Create an Action to render an HTML page.
   *
   * The configuration in the `routes` file means that this method
   * will be called when the application receives a `GET` request with
   * a path of `/`.
   */
  def index = Action { implicit request =>
     Ok("Got request [" + request + "]")
  }

  val userForm = Form(mapping("name"->nonEmptyText, "age"->number(min=0, max=100))(UserData.apply)(UserData.unapply))

  def userPost = Action {
    implicit request =>
      userForm.bindFromRequest.fold(
          formWithErrors => {
            BadRequest(views.html.user(formWithErrors))
          },
          userData => {
            val newUser = models.UserData(userData.name, userData.age)
            Redirect(routes.HomeController.home())
          })
  }

  def home = Action { implicit request =>
    Ok(views.html.index())

  }

  def user = Action {implicit request =>
    Ok(views.html.user(userForm))
  }

}

The following user.scala.html file

@(userForm: Form[UserData])(implicit messages: Messages)

@helper.form(action = routes.HomeController.userPost()) {
  @helper.inputText(userForm("name"), 'id -> "name", 'size -> 30)
  @helper.inputText(userForm("age"))

  <input type="submit" value="submit"</input>
}

and the following routes file:

    # Routes
# This file defines all application routes (Higher priority routes first)
# https://www.playframework.com/documentation/latest/ScalaRouting
# ~~~~

# An example controller showing a sample home page
GET     /                           controllers.HomeController.index

# Map static resources from the /public folder to the /assets URL path
GET     /assets/*file               controllers.Assets.versioned(path="/public", file: Asset)

GET /home controllers.HomeController.home

GET /user controllers.HomeController.user

POST /user controllers.HomeController.userPost

Can someone please help me get past the Unauthorized page error. I have no idea why its coming up. I just want to pass a simple form.

Thank you.

Answer 1

As per Alexander B reply above, you need to change the line in your user.scala.html from

@helper.form(action = routes.HomeController.userPost()) {

to

@helper.form(action = helper.CSRF(routes.HomeController.userPost())) {

It worked for me.

About CSRF and Play: https://www.playframework.com/documentation/2.6.x/ScalaCsrf