Safe Haskell | Trustworthy |
---|
This module exports generic definitions for Wai-authentication pipelines
in Hails. requireLoginMiddleware
looks for the X-Hails-Login
header from an Application
's Response
and, if present, responds to
the user with an authentication request instead of the Application
response (e.g., a redirect to a login page or an HTTP response with
status 401).
Additionally, this module exports authentication Middleware
s for basic HTTP
authentication, devBasicAuth
, (useful in development environments)
and federated (OpenID) authentication, openIdAuth
. In general,
authentication Middleware
s are expected to set the X-Hails-User
header on the request if it is from an authenticated user.
- requireLoginMiddleware :: ResourceT IO Response -> Middleware
- personaAuth :: ByteString -> Text -> Middleware
- openIdAuth :: Text -> Middleware
- devBasicAuth :: Middleware
Documentation
requireLoginMiddleware :: ResourceT IO Response -> MiddlewareSource
Executes the app and if the app Response
has header
X-Hails-Login
and the user is not logged in, respond with an
authentication response (Basic Auth, redirect, etc.)
Production
Persona (BrowserID)
personaAuth :: ByteString -> Text -> MiddlewareSource
Authentica user with Mozilla's persona.
If the X-Hails-Persona-Login
header is set, this intercepts the
request and verifies the supplied identity assertion, supplied in the
request body.
If the authentication is successful, set the _hails_user
and
_hails_user_hmac
cookies to identify the user. The former
contains the user email address, the latter contains the MAC that is
used for verifications in later requests.
If the X-Hails-Persona-Logout
header is set, this intercepts the
request and deletes the aforementioned cookies.
If the app wishes the user to authenticate (by setting X-Hails-Login
)
this redirects to audience/login
-- where the app can call
navigator.request()
.
OpenID
Development: basic authentication
devBasicAuth :: MiddlewareSource
Basic HTTP authentication middleware for development. Accepts any username and password.