| Safe Haskell | Trustworthy |
|---|---|
| Language | Haskell98 |
Hails.HttpServer.Auth
Contents
Description
This module exports generic definitions for Wai-authentication pipelines
in Hails. requireLoginMiddleware looks for the X-Hails-Login
header from an Application 's Response and, if present, responds to
the user with an authentication request instead of the Application
response (e.g., a redirect to a login page or an HTTP response with
status 401).
Additionally, this module exports authentication Middlewares for basic HTTP
authentication, devBasicAuth, (useful in development environments)
and federated (OpenID) authentication, openIdAuth. In general,
authentication Middlewares are expected to set the X-Hails-User
header on the request if it is from an authenticated user.
- requireLoginMiddleware :: IO Response -> Middleware
- personaAuth :: ByteString -> Text -> Middleware
- openIdAuth :: Text -> Middleware
- externalAuth :: ByteString -> String -> Middleware
- devBasicAuth :: Middleware
Documentation
requireLoginMiddleware :: IO Response -> Middleware Source
Executes the app and if the app Response has header
X-Hails-Login and the user is not logged in, respond with an
authentication response (Basic Auth, redirect, etc.)
Production
Persona (BrowserID)
personaAuth :: ByteString -> Text -> Middleware Source
Authentica user with Mozilla's persona.
If the X-Hails-Persona-Login header is set, this intercepts the
request and verifies the supplied identity assertion, supplied in the
request body.
If the authentication is successful, set the _hails_user and
_hails_user_hmac cookies to identify the user. The former
contains the user email address, the latter contains the MAC that is
used for verifications in later requests.
If the X-Hails-Persona-Logout header is set, this intercepts the
request and deletes the aforementioned cookies.
If the app wishes the user to authenticate (by setting X-Hails-Login)
this redirects to audience/login -- where the app can call
navigator.request().
OpenID
Authenticate with external app
externalAuth :: ByteString -> String -> Middleware Source
Use an external authentication service that sets cookies.
The cookie names are _hails_user, whose contents contains the
user-name, and _hails_user_hmac, whose contents contains
HMAC-SHA1(user-name). This function simply checks that the cookie
exists and the MAC'd user name is correct. If this is the case, it
returns a request with the cookie removed and x-hails-user header
set. Otherwies the original request is returned.
The login service retuns a redirect (to the provided url).
Additionally, cookie _hails_refer$ is set to the current
URL (scheme:/domain:portpath@).
Development: basic authentication
devBasicAuth :: Middleware Source
Basic HTTP authentication middleware for development. Accepts any username and password.