happstack-authenticate-2.1.5: Happstack Authentication Library

Safe HaskellNone
LanguageHaskell98

Happstack.Authenticate.Core

Synopsis

Documentation

data HappstackAuthenticateI18N Source

Constructors

HappstackAuthenticateI18N 

Instances

newtype UserId :: *

a UserId uniquely identifies a user.

Constructors

UserId 

Fields

_unUserId :: Integer
 

Instances

unUserId :: Iso' UserId Integer

rUserId :: Boomerang e tok ((:-) Integer r) ((:-) UserId r)

succUserId :: UserId -> UserId

get the next UserId

jsonOptions :: Options Source

when creating JSON field names, drop the first character. Since we are using lens, the leading character should always be _.

toJSONResponse :: (RenderMessage HappstackAuthenticateI18N e, ToJSON a) => Either e a -> Response Source

convert a value to a JSON encoded Response

toJSONSuccess :: ToJSON a => a -> Response Source

convert a value to a JSON encoded Response

toJSONError :: forall e. RenderMessage HappstackAuthenticateI18N e => e -> Response Source

convert an error to a JSON encoded Response

newtype Username Source

an arbitrary, but unique string that the user uses to identify themselves

Constructors

Username 

Fields

_unUsername :: Text
 

Instances

unUsername :: Iso' Username Text Source

rUsername :: forall tok e r. Boomerang e tok ((:-) Text r) ((:-) Username r) Source

newtype Email Source

an Email address. No validation in performed.

Constructors

Email 

Fields

_unEmail :: Text
 

Instances

unEmail :: Iso' Email Text Source

data User Source

A unique User

Constructors

User 

Fields

_userId :: UserId
 
_username :: Username
 
_email :: Maybe Email
 

Instances

userId :: Lens' User UserId Source

username :: Lens' User Username Source

email :: Lens' User (Maybe Email) Source

type UserIxs = `[UserId, Username, Email]` Source

type IxUser = IxSet UserIxs User Source

newtype SharedSecret Source

The shared secret is used to encrypt a users data on a per-user basis. We can invalidate a JWT value by changing the shared secret.

Constructors

SharedSecret 

Fields

_unSharedSecret :: Text
 

Instances

unSharedSecret :: Iso' SharedSecret Text Source

genSharedSecret :: MonadIO m => m SharedSecret Source

Generate a Salt from 128 bits of data from /dev/urandom, with the system RNG as a fallback. This is the function used to generate salts by makePassword.

genSharedSecretDevURandom :: IO SharedSecret Source

Generate a SharedSecret from /dev/urandom.

see: genSharedSecret

genSharedSecretSysRandom :: IO SharedSecret Source

Generate a SharedSecret from Random.

see: genSharedSecret

type SharedSecrets = Map UserId SharedSecret Source

A map which stores the SharedSecret for each UserId

initialSharedSecrets :: SharedSecrets Source

An empty SharedSecrets

data CoreError Source

the CoreError type is used to represent errors in a language agnostic manner. The errors are translated into human readable form via the I18N translations.

Constructors

HandlerNotFound 
URLDecodeFailed 
UsernameAlreadyExists 
AuthorizationRequired 
Forbidden 
JSONDecodeFailed 
InvalidUserId 

Instances

data NewAccountMode Source

This value is used to configure the type of new user registrations permitted for this system.

Constructors

OpenRegistration

new users can create their own accounts

ModeratedRegistration

new users can apply to create their own accounts, but a moderator must approve them before they are active

ClosedRegistration

only the admin can create a new account

Instances

data AuthenticateState Source

this acid-state value contains the state common to all authentication methods

Constructors

AuthenticateState 

Fields

_sharedSecrets :: SharedSecrets
 
_users :: IxUser
 
_nextUserId :: UserId
 
_defaultSessionTimeout :: Int

default session time out in seconds

_newAccountMode :: NewAccountMode
 

Instances

sharedSecrets :: Lens' AuthenticateState SharedSecrets Source

users :: Lens' AuthenticateState IxUser Source

nextUserId :: Lens' AuthenticateState UserId Source

defaultSessionTimeout :: Lens' AuthenticateState Int Source

newAccountMode :: Lens' AuthenticateState NewAccountMode Source

initialAuthenticateState :: AuthenticateState Source

a reasonable initial AuthenticateState

data SetSharedSecret Source

Constructors

SetSharedSecret UserId SharedSecret 

Instances

newtype GetSharedSecret Source

Constructors

GetSharedSecret UserId 

Instances

newtype SetDefaultSessionTimeout Source

Constructors

SetDefaultSessionTimeout Int 

Instances

data GetDefaultSessionTimeout Source

Constructors

GetDefaultSessionTimeout 

Instances

newtype SetNewAccountMode Source

Constructors

SetNewAccountMode NewAccountMode 

Instances

data GetNewAccountMode Source

Constructors

GetNewAccountMode 

Instances

newtype CreateUser Source

Constructors

CreateUser User 

Instances

data CreateAnonymousUser Source

Constructors

CreateAnonymousUser 

Instances

newtype UpdateUser Source

Constructors

UpdateUser User 

Instances

newtype DeleteUser Source

Constructors

DeleteUser UserId 

Instances

newtype GetUserByUsername Source

Constructors

GetUserByUsername Username 

Instances

newtype GetUserByUserId Source

Constructors

GetUserByUserId UserId 

Instances

newtype GetUserByEmail Source

Constructors

GetUserByEmail Email 

Instances

data GetAuthenticateState Source

Constructors

GetAuthenticateState 

Instances

getOrGenSharedSecret :: MonadIO m => AcidState AuthenticateState -> UserId -> m SharedSecret Source

get the SharedSecret for UserId. Generate one if they don't have one yet.

data Token Source

The Token type represents the encrypted data used to identify a user.

Constructors

Token 

Fields

_tokenUser :: User
 
_tokenIsAuthAdmin :: Bool
 

Instances

tokenUser :: Lens' Token User Source

tokenIsAuthAdmin :: Lens' Token Bool Source

type TokenText = Text Source

TokenText is the encrypted form of the Token which is passed between the server and the client.

issueToken Source

Arguments

:: MonadIO m 
=> AcidState AuthenticateState 
-> (UserId -> IO Bool)

isAuthAdmin function

-> User

the user

-> m TokenText 

create a Token for User

The isAuthAdmin paramater is a function which will be called to determine if UserId is a user who should be given Administrator privileges. This includes the ability to things such as set the OpenId realm, change the registeration mode, etc.

decodeAndVerifyToken :: MonadIO m => AcidState AuthenticateState -> TokenText -> m (Maybe (Token, JWT VerifiedJWT)) Source

decode and verify the TokenText. If successful, return the Token otherwise Nothing.

authCookieName :: String Source

name of the Cookie used to hold the TokenText

addTokenCookie :: Happstack m => AcidState AuthenticateState -> (UserId -> IO Bool) -> User -> m TokenText Source

create a Token for User and add a Cookie to the Response

see also: issueToken

deleteTokenCookie :: Happstack m => m () Source

delete the Token Cookie

getTokenCookie :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Cookie.

getTokenHeader :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token from the Authorization HTTP header

getToken :: Happstack m => AcidState AuthenticateState -> m (Maybe (Token, JWT VerifiedJWT)) Source

get, decode, and verify the Token looking first in the Authorization header and then in Cookie.

see also: getTokenHeader, getTokenCookie

getUserId :: Happstack m => AcidState AuthenticateState -> m (Maybe UserId) Source

get the UserId

calls getToken but returns only the UserId

newtype AuthenticationMethod Source

AuthenticationMethod is used by the routing system to select which authentication backend should handle this request.

Constructors

AuthenticationMethod 

Fields

_unAuthenticationMethod :: Text
 

Instances

unAuthenticationMethod :: Iso' AuthenticationMethod Text Source

rAuthenticationMethod :: forall tok e r. Boomerang e tok ((:-) Text r) ((:-) AuthenticationMethod r) Source

type AuthenticationHandler = [Text] -> RouteT AuthenticateURL (ServerPartT IO) Response Source

type AuthenticationHandlers = Map AuthenticationMethod AuthenticationHandler Source

data AuthenticateURL Source

Constructors

AuthenticationMethods (Maybe (AuthenticationMethod, [Text])) 
Controllers 

Instances

rAuthenticationMethods :: forall tok e r. Boomerang e tok ((:-) (Maybe (AuthenticationMethod, [Text])) r) ((:-) AuthenticateURL r) Source

rControllers :: forall tok e r. Boomerang e tok r ((:-) AuthenticateURL r) Source

authenticateURL :: Router () (AuthenticateURL :- ()) Source

a Router for AuthenicateURL

nestAuthenticationMethod :: PathInfo methodURL => AuthenticationMethod -> RouteT methodURL m a -> RouteT AuthenticateURL m a Source

helper function which converts a URL for an authentication backend into an AuthenticateURL.