hails- Multi-app web platform framework

Safe HaskellTrustworthy




This module exports generic definitions for Wai-authentication pipelines in Hails. requireLoginMiddleware looks for the X-Hails-Login header from an Application 's Response and, if present, responds to the user with an authentication request instead of the Application response (e.g., a redirect to a login page or an HTTP response with status 401).

Additionally, this module exports authentication Middlewares for basic HTTP authentication, devBasicAuth, (useful in development environments) and federated (OpenID) authentication, openIdAuth. In general, authentication Middlewares are expected to set the X-Hails-User header on the request if it is from an authenticated user.



requireLoginMiddleware :: ResourceT IO Response -> MiddlewareSource

Executes the app and if the app Response has header X-Hails-Login and the user is not logged in, respond with an authentication response (Basic Auth, redirect, etc.)


Persona (BrowserID)

personaAuth :: ByteString -> Text -> MiddlewareSource

Authentica user with Mozilla's persona. If the X-Hails-Persona-Login header is set, this intercepts the request and verifies the supplied identity assertion, supplied in the request body.

If the authentication is successful, set the _hails_user and _hails_user_hmac cookies to identify the user. The former contains the user email address, the latter contains the MAC that is used for verifications in later requests.

If the X-Hails-Persona-Logout header is set, this intercepts the request and deletes the aforementioned cookies.

If the app wishes the user to authenticate (by setting X-Hails-Login) this redirects to audience/login -- where the app can call navigator.request().




:: Text

OpenID Provider

-> Middleware 

Perform OpenID authentication.

Authenticate with external app

Development: basic authentication

devBasicAuth :: MiddlewareSource

Basic HTTP authentication middleware for development. Accepts any username and password.