| Safe Haskell | Trustworthy |
|---|
Hails.HttpServer.Auth
Description
This module exports generic definitions for Wai-authentication pipelines
in Hails. requireLoginMiddleware looks for the X-Hails-Login
header from an Application 's Response and, if present, responds to
the user with an authentication request instead of the Application
response (e.g., a redirect to a login page or an HTTP response with
status 401).
Additionally, this module exports authentication Middlewares for basic HTTP
authentication, devBasicAuth, (useful in development environments)
and federated (OpenID) authentication, openIdAuth. In general,
authentication Middlewares are expected to set the X-Hails-User
header on the request if it is from an authenticated user.
- requireLoginMiddleware :: ResourceT IO Response -> Middleware
- personaAuth :: ByteString -> Text -> Middleware
- openIdAuth :: Text -> Middleware
- devBasicAuth :: Middleware
Documentation
requireLoginMiddleware :: ResourceT IO Response -> MiddlewareSource
Executes the app and if the app Response has header
X-Hails-Login and the user is not logged in, respond with an
authentication response (Basic Auth, redirect, etc.)
Production
Persona (BrowserID)
personaAuth :: ByteString -> Text -> MiddlewareSource
Authentica user with Mozilla's persona.
If the X-Hails-Persona-Login header is set, this intercepts the
request and verifies the supplied identity assertion, supplied in the
request body.
If the authentication is successful, set the _hails_user and
_hails_user_hmac cookies to identify the user. The former
contains the user email address, the latter contains the MAC that is
used for verifications in later requests.
If the X-Hails-Persona-Logout header is set, this intercepts the
request and deletes the aforementioned cookies.
If the app wishes the user to authenticate (by setting X-Hails-Login)
this redirects to audience/login -- where the app can call
navigator.request().
OpenID
Development: basic authentication
devBasicAuth :: MiddlewareSource
Basic HTTP authentication middleware for development. Accepts any username and password.