Safe Haskell | None |
---|---|
Language | Haskell2010 |
A Yesod middleware for
Performs a single authentication lookup per request and uses the <<https://github.com/yesodweb/yesod/blob/7f775e1ddebaeb4b8509b512b6d4b539d96258bd/yesod-core/Yesod/Core/TypeCache.hs#L21 Yesod request-local caching>> mechanisms to store valid auth credentials found in the Authorization header.
The recommended way to use this module is to override the
maybeAuthId
to defaultMaybeBasicAuthId
and supply a
lookup function.
instance YesodAuth App where type AuthId App = Text getAuthId = return . Just . credsIdent maybeAuthId = defaultMaybeBasicAuthId checkCreds defaultAuthSettings where checkCreds = k s -> return $ (k == "user") && (s == "secret")
WWW-Authenticate challenges are currently not implemented. The current workaround is to override the error handler:
instance Yesod App where errorHandler NotAuthenticated = selectRep $ provideRep $ do addHeader WWW-Authenticate $ T.concat [ "RedirectJSON realm="Realm", param="myurl.com"" ] -- send error response here ... errorHandler e = defaultErrorHandler e ...
Proper response status on failed authentication is not implemented.
The current workaround is to override the Yesod
typeclass
isAuthorized
function to handle required auth routes. e.g.
instance Yesod App where isAuthorized SecureR _ = maybeAuthId >>= return . maybe AuthenticationRequired (const Authorized) isAuthorized _ _ = Authorized
- defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text)
- data AuthSettings
- authRealm :: AuthSettings -> Text
- defaultAuthSettings :: AuthSettings
Drop in replace for maybeAuthId.
defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text) Source
Retrieve the AuthId
using Authorization header.
If valid credentials are found and authorized the auth id is cached.
TODO use more general type than Text to represent the auth id
The AuthSettings currently do nothing
data AuthSettings Source
Authentication Settings
authRealm :: AuthSettings -> Text Source
defaultAuthSettings :: AuthSettings Source
ready-to-go AuthSettings
which can be used