cabal-version: 1.12

name:           password
version:        3.0.2.1
x-revision: 1
category:       Data
synopsis:       Hashing and checking of passwords
description:
    A library providing functionality for working with plain-text and hashed passwords
    with different types of algorithms.
    .
    == API
    .
    Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt")
    which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the
    types and functions in this module. If you are not sure about the specifics of an
    algorithm you want to use, you can rest assured that by using the @hashPassword@ function
    of the respective algorithm you are not making any big mistakes, security-wise.
    .
    Of course, if you know what you're doing and you want more fine-grained control
    over the hashing function, you can adjust it using the @hashPasswordWithParams@
    function of the respective algorithm.
    .
    == Algorithms
    .
    Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@,
    then @bcrypt@, and lastly @PBKDF2@.
    @bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and
    tested, though they both lack a memory cost, and therefore have a greater vulnerability
    to specialized hardware attacks.
    .
    When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if
    your password does not need the highest security possible.
    It's still a fine way for hashing passwords, and the cost is easily adjustable if needed.
    If your needs do require stronger protection, you should find someone who can advise you
    on this topic. (And if you're already knowledgeable enough, you know what to do)

homepage:       https://github.com/cdepillabout/password/tree/master/password#readme
bug-reports:    https://github.com/cdepillabout/password/issues
author:         Dennis Gosnell, Felix Paulusma
maintainer:     cdep.illabout@gmail.com, felix.paulusma@gmail.com
copyright:      Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020
license:        BSD3
license-file:   LICENSE
build-type:     Custom
extra-source-files:
    README.md
    ChangeLog.md

flag argon2
  description: Compile with argon2 support?
  default: True
  manual: True

flag bcrypt
  description: Compile with Scrypt support?
  default: True
  manual: True

flag pbkdf2
  description: Compile with PBKDF2 support?
  default: True
  manual: True

flag scrypt
  description: Compile with Scrypt support?
  default: True
  manual: True

custom-setup
  setup-depends:
      base                      <5
    , Cabal                     <4
    , cabal-doctest  >=1.0.6 && <1.1

source-repository head
  type: git
  location: https://github.com/cdepillabout/password

library
  hs-source-dirs:
      src
  exposed-modules:
      Data.Password.Validate
  if flag(argon2)
    exposed-modules:
        Data.Password.Argon2
  if flag(bcrypt)
    exposed-modules:
        Data.Password.Bcrypt
  if flag(pbkdf2)
    exposed-modules:
        Data.Password.PBKDF2
  if flag(scrypt)
    exposed-modules:
        Data.Password.Scrypt
  other-modules:
      Paths_password
      Data.Password.Internal
  build-depends:
      base        >= 4.9      && < 5
    , base64      >= 0.3      && < 0.5
    , bytestring  >= 0.9      && < 0.13
    , cryptonite  >= 0.15.1   && < 0.31
    , memory                     < 1
    , password-types             < 2
    , template-haskell
    , text        >= 1.2.2    && < 3
  ghc-options:
      -Wall
  default-language:
      Haskell2010

test-suite doctests
  type:
      exitcode-stdio-1.0
  hs-source-dirs:
      test/doctest
  main-is:
      doctest.hs
  ghc-options:
      -threaded -O2 -rtsopts -with-rtsopts=-N
  build-depends:
      base >=4.9 && <5
    , base-compat
    , doctest
    , password
    , QuickCheck
    , quickcheck-instances
    , template-haskell
  default-language:
      Haskell2010

test-suite password-tasty
  type:
      exitcode-stdio-1.0
  hs-source-dirs:
      src
      test/tasty
  main-is:
      Spec.hs
  other-modules:
      Data.Password.Internal
    -- We're also putting all the modules from
    -- the library in these 'other-modules' so
    -- we don't get warnings.
    -- Therefore we also don't need to depend
    -- on the 'password' package in 'build-depends'.
    , Data.Password.Validate
    , Internal
    , TestPolicy
    , Validate
    , Paths_password
  if flag(argon2)
    other-modules:
      Argon2
      Data.Password.Argon2
  if flag(bcrypt)
    other-modules:
      Bcrypt
      Data.Password.Bcrypt
  if flag(pbkdf2)
    other-modules:
      PBKDF2
      Data.Password.PBKDF2
  if flag(scrypt)
    other-modules:
      Scrypt
      Data.Password.Scrypt
  ghc-options:
      -threaded -O2 -rtsopts -with-rtsopts=-N
  build-depends:
      base >=4.9 && <5
    , base64
    , password-types
    , bytestring
    , cryptonite
    , memory
    , quickcheck-instances
    , scrypt
    , tasty
    , tasty-hunit
    , tasty-quickcheck
    , template-haskell
    , text
  default-language:
      Haskell2010
  if flag(argon2)
    cpp-options:
      -DCABAL_FLAG_argon2
  if flag(bcrypt)
    cpp-options:
      -DCABAL_FLAG_bcrypt
  if flag(pbkdf2)
    cpp-options:
      -DCABAL_FLAG_pbkdf2
  if flag(scrypt)
    cpp-options:
      -DCABAL_FLAG_scrypt