happstack-authenticate-2.1.4: Happstack Authentication Library

Safe HaskellNone
LanguageHaskell98

Happstack.Authenticate.Core

Synopsis

Documentation

jsonOptions :: Options Source

when creating JSON field names, drop the first character. Since we are using lens, the leading character should always be _.

toJSONResponse :: (RenderMessage HappstackAuthenticateI18N e, ToJSON a) => Either e a -> Response Source

convert a value to a JSON encoded Response

toJSONSuccess :: ToJSON a => a -> Response Source

convert a value to a JSON encoded Response

toJSONError :: forall e. RenderMessage HappstackAuthenticateI18N e => e -> Response Source

convert an error to a JSON encoded Response

rUserId :: forall tok e r. Boomerang e tok ((:-) Integer r) ((:-) UserId r) Source

newtype Username Source

an arbitrary, but unique string that the user uses to identify themselves

Constructors

Username 

Fields

_unUsername :: Text
 

rUsername :: forall tok e r. Boomerang e tok ((:-) Text r) ((:-) Username r) Source

newtype Email Source

an Email address. No validation in performed.

Constructors

Email 

Fields

_unEmail :: Text
 

newtype SharedSecret Source

The shared secret is used to encrypt a users data on a per-user basis. We can invalidate a JWT value by changing the shared secret.

Constructors

SharedSecret 

genSharedSecret :: MonadIO m => m SharedSecret Source

Generate a Salt from 128 bits of data from /dev/urandom, with the system RNG as a fallback. This is the function used to generate salts by makePassword.

type SharedSecrets = Map UserId SharedSecret Source

A map which stores the SharedSecret for each UserId

data NewAccountMode Source

This value is used to configure the type of new user registrations permitted for this system.

Constructors

OpenRegistration

new users can create their own accounts

ModeratedRegistration

new users can apply to create their own accounts, but a moderator must approve them before they are active

ClosedRegistration

only the admin can create a new account

setSharedSecret :: UserId -> SharedSecret -> Update AuthenticateState () Source

set the SharedSecret for UserId overwritten any previous secret.

setDefaultSessionTimeout Source

Arguments

:: Int

default timout in seconds (should be >= 180)

-> Update AuthenticateState () 

set the default inactivity timeout for new sessions

getDefaultSessionTimeout :: Query AuthenticateState Int Source

set the default inactivity timeout for new sessions

createUser :: User -> Update AuthenticateState (Either CoreError User) Source

Create a new User. This will allocate a new UserId. The returned User value will have the updated UserId.

createAnonymousUser :: Update AuthenticateState User Source

Create a new User. This will allocate a new UserId. The returned User value will have the updated UserId.

updateUser :: User -> Update AuthenticateState () Source

Update an existing User. Must already have a valid UserId.

deleteUser :: UserId -> Update AuthenticateState () Source

Delete User with the specified UserId

getAuthenticateState :: Query AuthenticateState AuthenticateState Source

get the entire AuthenticateState value

getOrGenSharedSecret :: MonadIO m => AcidState AuthenticateState -> UserId -> m SharedSecret Source

get the SharedSecret for UserId. Generate one if they don't have one yet.

data Token Source

The Token type represents the encrypted data used to identify a user.

Constructors

Token 

type TokenText = Text Source

TokenText is the encrypted form of the Token which is passed between the server and the client.

issueToken Source

Arguments

:: MonadIO m 
=> AcidState AuthenticateState 
-> (UserId -> IO Bool)

isAuthAdmin function

-> User

the user

-> m TokenText 

create a Token for User

The isAuthAdmin paramater is a function which will be called to determine if UserId is a user who should be given Administrator privileges. This includes the ability to things such as set the OpenId realm, change the registeration mode, etc.

decodeAndVerifyToken :: MonadIO m => AcidState AuthenticateState -> TokenText -> m (Maybe (Token, JWT VerifiedJWT)) Source

decode and verify the TokenText. If successful, return the Token otherwise Nothing.

authCookieName :: String Source

name of the Cookie used to hold the TokenText

addTokenCookie :: Happstack m => AcidState AuthenticateState -> (UserId -> IO Bool) -> User -> m TokenText Source

create a Token for User and add a Cookie to the Response

see also: issueToken

getTokenCookie :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Cookie.

getTokenHeader :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Authorization HTTP header

getToken :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token looking first in the Authorization header and then in Cookie.

see also: getTokenHeader, getTokenCookie

getUserId :: Happstack m => AcidState AuthenticateState -> m (Maybe UserId) Source

get the UserId

calls getToken but returns only the UserId

rControllers :: forall tok e r. Boomerang e tok r ((:-) AuthenticateURL r) Source

authenticateURL :: Router () (AuthenticateURL :- ()) Source

a Router for AuthenicateURL

nestAuthenticationMethod :: PathInfo methodURL => AuthenticationMethod -> RouteT methodURL m a -> RouteT AuthenticateURL m a Source

helper function which converts a URL for an authentication backend into an AuthenticateURL.