happstack-authenticate-2.3.4: Happstack Authentication Library

Safe HaskellNone
LanguageHaskell98

Happstack.Authenticate.Core

Synopsis

Documentation

data AuthenticateConfig Source

Various configuration options that apply to all authentication methods

Constructors

AuthenticateConfig 

Fields

_isAuthAdmin :: UserId -> IO Bool

can user administrate the authentication system?

_usernameAcceptable :: Username -> Maybe CoreError

enforce username policies, valid email, etc. Nothing == ok, 'Just Text' == error message

_requireEmail :: Bool
 

newtype UserId :: *

Constructors

UserId 

Fields

_unUserId :: Integer
 

Instances

Enum UserId 
Eq UserId 
Data UserId 
Ord UserId 
Read UserId 
Show UserId 
Generic UserId 
ToJSON UserId 
FromJSON UserId 
PathInfo UserId 
SafeCopy UserId 
Indexable UserIxs User 
type Rep UserId = D1 D1UserId (C1 C1_0UserId (S1 S1_0_0UserId (Rec0 Integer))) 

rUserId :: Boomerang e tok ((:-) Integer r) ((:-) UserId r)

jsonOptions :: Options Source

when creating JSON field names, drop the first character. Since we are using lens, the leading character should always be _.

toJSONResponse :: (RenderMessage HappstackAuthenticateI18N e, ToJSON a) => Either e a -> Response Source

convert a value to a JSON encoded Response

toJSONSuccess :: ToJSON a => a -> Response Source

convert a value to a JSON encoded Response

toJSONError :: forall e. RenderMessage HappstackAuthenticateI18N e => e -> Response Source

convert an error to a JSON encoded Response

FIXME: I18N

newtype Username Source

an arbitrary, but unique string that the user uses to identify themselves

Constructors

Username 

Fields

_unUsername :: Text
 

rUsername :: forall tok e r. Boomerang e tok ((:-) Text r) ((:-) Username r) Source

usernamePolicy :: Username -> Maybe CoreError Source

a very basic policy for userAcceptable

Enforces:

Username can not be empty

newtype Email Source

an Email address. No validation in performed.

Constructors

Email 

Fields

_unEmail :: Text
 

type IxUser = IxSet UserIxs User Source

newtype SharedSecret Source

The shared secret is used to encrypt a users data on a per-user basis. We can invalidate a JWT value by changing the shared secret.

Constructors

SharedSecret 

genSharedSecret :: MonadIO m => m SharedSecret Source

Generate a Salt from 128 bits of data from /dev/urandom, with the system RNG as a fallback. This is the function used to generate salts by makePassword.

type SharedSecrets = Map UserId SharedSecret Source

A map which stores the SharedSecret for each UserId

data NewAccountMode Source

This value is used to configure the type of new user registrations permitted for this system.

Constructors

OpenRegistration

new users can create their own accounts

ModeratedRegistration

new users can apply to create their own accounts, but a moderator must approve them before they are active

ClosedRegistration

only the admin can create a new account

data AuthenticateState Source

this acid-state value contains the state common to all authentication methods

newtype CreateUser Source

Constructors

CreateUser User 

Instances

UpdateEvent CreateUser Source 
Method CreateUser Source 
SafeCopy CreateUser Source 
type MethodState CreateUser = AuthenticateState Source 
type MethodResult CreateUser = Either CoreError User Source 

newtype UpdateUser Source

Constructors

UpdateUser User 

Instances

UpdateEvent UpdateUser Source 
Method UpdateUser Source 
SafeCopy UpdateUser Source 
type MethodState UpdateUser = AuthenticateState Source 
type MethodResult UpdateUser = () Source 

newtype DeleteUser Source

Constructors

DeleteUser UserId 

Instances

UpdateEvent DeleteUser Source 
Method DeleteUser Source 
SafeCopy DeleteUser Source 
type MethodState DeleteUser = AuthenticateState Source 
type MethodResult DeleteUser = () Source 

newtype GetUserByUserId Source

Constructors

GetUserByUserId UserId 

Instances

newtype GetUserByEmail Source

Constructors

GetUserByEmail Email 

Instances

QueryEvent GetUserByEmail Source 
Method GetUserByEmail Source 
SafeCopy GetUserByEmail Source 
type MethodState GetUserByEmail = AuthenticateState Source 
type MethodResult GetUserByEmail = Maybe User Source 

getOrGenSharedSecret :: MonadIO m => AcidState AuthenticateState -> UserId -> m SharedSecret Source

get the SharedSecret for UserId. Generate one if they don't have one yet.

data Token Source

The Token type represents the encrypted data used to identify a user.

Constructors

Token 

type TokenText = Text Source

TokenText is the encrypted form of the Token which is passed between the server and the client.

issueToken Source

Arguments

:: MonadIO m 
=> AcidState AuthenticateState 
-> AuthenticateConfig 
-> User

the user

-> m TokenText 

create a Token for User

The isAuthAdmin paramater is a function which will be called to determine if UserId is a user who should be given Administrator privileges. This includes the ability to things such as set the OpenId realm, change the registeration mode, etc.

decodeAndVerifyToken :: MonadIO m => AcidState AuthenticateState -> UTCTime -> TokenText -> m (Maybe (Token, JWT VerifiedJWT)) Source

decode and verify the TokenText. If successful, return the Token otherwise Nothing.

authCookieName :: String Source

name of the Cookie used to hold the TokenText

addTokenCookie :: Happstack m => AcidState AuthenticateState -> AuthenticateConfig -> User -> m TokenText Source

create a Token for User and add a Cookie to the Response

see also: issueToken

deleteTokenCookie :: Happstack m => m () Source

delete the Token Cookie

getTokenCookie :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Cookie.

getTokenHeader :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Authorization HTTP header

getToken :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token looking first in the Authorization header and then in Cookie.

see also: getTokenHeader, getTokenCookie

getUserId :: Happstack m => AcidState AuthenticateState -> m (Maybe UserId) Source

get the UserId

calls getToken but returns only the UserId

rAuthenticationMethod :: forall tok e r. Boomerang e tok ((:-) Text r) ((:-) AuthenticationMethod r) Source

type AuthenticationHandler = [Text] -> RouteT AuthenticateURL (ServerPartT IO) Response Source

rAuthenticationMethods :: forall tok e r. Boomerang e tok ((:-) (Maybe (AuthenticationMethod, [Text])) r) ((:-) AuthenticateURL r) Source

rControllers :: forall tok e r. Boomerang e tok r ((:-) AuthenticateURL r) Source

authenticateURL :: Router () (AuthenticateURL :- ()) Source

a Router for AuthenicateURL

nestAuthenticationMethod :: PathInfo methodURL => AuthenticationMethod -> RouteT methodURL m a -> RouteT AuthenticateURL m a Source

helper function which converts a URL for an authentication backend into an AuthenticateURL.