Copyright | (c) Patrick Brisbin 2010 |
---|---|
License | as-is |
Maintainer | pbrisbin@gmail.com |
Stability | Stable |
Portability | Portable |
Safe Haskell | None |
Language | Haskell98 |
A yesod-auth AuthPlugin designed to look users up in Persist where their user ID and a Bcrypt hash + salt of their password is stored.
Example usage:
-- import the function import Auth.HashDB -- make sure you have an auth route mkYesodData "MyApp" [$parseRoutes| / RootR GET /auth AuthR Auth getAuth |] -- make your app an instance of YesodAuth using this plugin instance YesodAuth MyApp where type AuthId MyApp = UserId loginDest _ = RootR logoutDest _ = RootR getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser) authPlugins = [authHashDB (Just . UniqueUser)] -- include the migration function in site startup withServer :: (Application -> IO a) -> IO a withServer f = withConnectionPool $ \p -> do runSqlPool (runMigration migrateUsers) p let h = DevSite p
Note that function which converts username to unique identifier must be same.
Your app must be an instance of YesodPersist. and the username, salted-and-hashed-passwords should be added to the database.
- class HashDBUser siteuser where
- siteuserPasswordHash :: siteuser -> Maybe Text
- setSaltAndPasswordHash :: Text -> siteuser -> siteuser
- data family Unique record
- setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuser
- validateUser :: (YesodPersist yesod, PersistEntity siteuser, HashDBUser siteuser, PersistEntityBackend siteuser ~ YesodPersistBackend yesod, PersistUnique (YesodPersistBackend yesod)) => Unique siteuser -> Text -> HandlerT yesod IO Bool
- authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, PersistEntityBackend siteuser ~ YesodPersistBackend m, PersistUnique (YesodPersistBackend m)) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin m
- getAuthIdHashDB :: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, PersistEntityBackend siteuser ~ YesodPersistBackend master, PersistUnique (YesodPersistBackend master)) => (AuthRoute -> Route master) -> (Text -> Maybe (Unique siteuser)) -> Creds master -> HandlerT master IO (Maybe (AuthId master))
- data Siteuser = Siteuser {
- siteuserUsername :: !Text
- siteuserPassword :: !Text
- siteuserEmail :: !(Maybe Text)
- type SiteuserId = Key Siteuser
- data family EntityField record $a
- migrateSiteusers :: Migration
Documentation
class HashDBUser siteuser where Source
Interface for data type which holds user info. It's just a collection of getters and setters
siteuserPasswordHash :: siteuser -> Maybe Text Source
Retrieve password hash from user data
:: Text | Hash and Salt |
-> siteuser | |
-> siteuser |
a callback for setPassword
setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuser Source
Set password for user. This function should be used for setting passwords. It generates random salt and calculates proper hashes.
Authentification
:: (YesodPersist yesod, PersistEntity siteuser, HashDBUser siteuser, PersistEntityBackend siteuser ~ YesodPersistBackend yesod, PersistUnique (YesodPersistBackend yesod)) | |
=> Unique siteuser | User unique identifier |
-> Text | Password in plaint-text |
-> HandlerT yesod IO Bool |
Given a user ID and password in plaintext, validate them against the database values.
authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, PersistEntityBackend siteuser ~ YesodPersistBackend m, PersistUnique (YesodPersistBackend m)) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin m Source
Prompt for username and password, validate that against a database which holds the username and a hash of the password
:: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, PersistEntityBackend siteuser ~ YesodPersistBackend master, PersistUnique (YesodPersistBackend master)) | |
=> (AuthRoute -> Route master) | your site's Auth Route |
-> (Text -> Maybe (Unique siteuser)) | gets user ID |
-> Creds master | the creds argument |
-> HandlerT master IO (Maybe (AuthId master)) |
A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.
Predefined data type
Generate data base instances for a valid user
Siteuser | |
|
PersistFieldSql Siteuser | |
PersistEntity Siteuser | |
PersistField Siteuser | |
HashDBUser Siteuser | |
Typeable * Siteuser | |
ToBackendKey SqlBackend Siteuser | |
Eq (Key Siteuser) | |
Ord (Key Siteuser) | |
Read (Key Siteuser) | |
Show (Key Siteuser) | |
ToJSON (Key Siteuser) | |
FromJSON (Key Siteuser) | |
PathPiece (Key Siteuser) | |
PersistFieldSql (Key Siteuser) | |
PersistField (Key Siteuser) | |
data Unique Siteuser = UniqueSiteuser Text | |
data EntityField Siteuser where
| |
data Key Siteuser = SiteuserKey {} | |
type PersistEntityBackend Siteuser = SqlBackend |
type SiteuserId = Key Siteuser Source
data family EntityField record $a
An EntityField
is parameterised by the Haskell record it belongs to
and the additional type of that field
data EntityField Siteuser where
|