Bz      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$% & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { |}~None+0KL     None+0KL None(*+03457>CKLN6 the   type is used to represent errors in a language agnostic manner. The errors are translated into human readable form via the I18N translations.-}when creating JSON field names, drop the first character. Since we are using lens, the leading character should always be _..Ian arbitrary, but unique string that the user uses to identify themselves1"convert a value to a JSON encoded 2"convert a value to a JSON encoded 3#convert an error to a JSON encoded  FIXME: I18N5an 5% address. No validation in performed.9 A unique 9?FVarious configuration options that apply to all authentication methodsA0can user administrate the authentication system?B-enforce username policies, valid email, etc. $ == ok, 'Just Text' == error messageIThe shared secret is used to encrypt a users data on a per-user basis. We can invalidate a JWT value by changing the shared secret.Oa very basic policy for userAcceptable Enforces:. can not be emptyP^This value is used to configure the type of new user registrations permitted for this system.Q'new users can create their own accountsRjnew users can apply to create their own accounts, but a moderator must approve them before they are activeS'only the admin can create a new accountTA map which stores the I for each V Generate a Salt from 128 bits of data from  /dev/urandomV, with the system RNG as a fallback. This is the function used to generate salts by  makePassword.W Generate a I from  /dev/urandom.see: VX Generate a I from .see: VY An empty TZNthis acid-state value contains the state common to all authentication methods_#default session time out in secondsfa reasonable initial Zset the I for ! overwritten any previous secret.get the I for 3set the default inactivity timeout for new sessions3set the default inactivity timeout for new sessionsset the Pget the P Create a new 9. This will allocate a new . The returned 9 value will have the updated . Create a new 9. This will allocate a new . The returned 9 value will have the updated .Update an existing 9. Must already have a valid .Delete 9 with the specified  look up a 9 by their . look up a 9 by their  look up a 9 by their 5MNOTE: if the email is associated with more than one account this will return &get the entire AuthenticateState valuegThe g= type represents the encrypted data used to identify a user.get the I for *. Generate one if they don't have one yet.b is used by the routing system to select which authentication backend should handle this request. is the encrypted form of the g4 which is passed between the server and the client. create a g for 9The  isAuthAdmin? paramater is a function which will be called to determine if o is a user who should be given Administrator privileges. This includes the ability to things such as set the OpenId+ realm, change the registeration mode, etc.decode and verify the . If successful, return the g otherwise . name of the  used to hold the  create a g for 9 and add a  to the  see also:  delete the g get, decode, and verify the g from the .get, decode, and verify the g from the  Authorization HTTP headerget, decode, and verify the g looking first in the  Authorization header and then in . see also: , get the calls  but returns only the a  for AuthenicateURLLhelper function which converts a URL for an authentication backend into an . !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef,default timout in seconds (should be >= 180)ghijklmnopqrstuvwxyz{|}~the user !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~?@ABCLNM+,-123./048O567>9:;<=GHFEDIJKUVWXTY !"#$%&'()*PQRSZ[\]^_`decabf}~{|yzwxuvstqropmnklghij !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~NoneNone35None(+0357>KLNoneNone(+0357>L hash a password stringverify a passwordset the password for delete the password for Iverify that the supplied password matches the stored hashed password for 3verify that the supplied username/password is valid JSON record for new account data$JSON record for change password data  JSON record for new account dataaccount handler JSON record for new account datarequest reset passwordissueResetTokenfpassword in plain textsalted and hashedpassword in plain texthashed version of passwordUserIdthe hashed passwordUserIdUserIdplain-text password      !"#$T     !"o      $#!"=       !"#$ None +0357KL%&'()*+,-./0123456789:;<=%&'()*+,-./0123456789:32%&'()*+,-./01=<;456789: % &'()*+,-./0123456789:;<= None>?>?>?>? None(+0357>KL @ABCDEFGHIJKL @ABCDEFGHIJK E@ABCDIHGFJLK @ABCDEFGHIJKL None +07>Le.Get the OpenId realm to use for authenticationf,set the realm used for OpenId AuthenticationIMPORTANT: Changing this value after users have registered is likely to invalidate existing OpenId tokens resulting in users no longer being able to access their old accounts.-MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy"MNOPUVWZ[\]^`abcdefhijklmnopqrtuvw9TMNOPSRQXUVWY^Z[\]_a`gbcdefqropmnklssssssssssssshijtyxuvwMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy Nonez{z{z{z{None +0357KL|}~ |}~|}~ |}~None !"#$%&'()*+,-./ !0123456789:;;<==>?@ABCCDEFFGHIJKKLMNOPQRSTTUVWXYZ[\]^_`abcddefghijklmnoppqrssttuuvvwwxxyyzz{{||}}~~p0                       ! " # $ % & ' ( ) * +  , - . / 0 1 2 3 4 5 6 7 0 8 9 : ; < = = > ? @ A A B C D E F G H I J K L M N N O P P Q Q R R S S T U V W X Y Z [\]^_`ab&'(cdefghijklmnopqrstuvwxeyz{|}~happs_EJabEf4iursKSdCNBVF5VDHappstack.Authenticate.Core)Happstack.Authenticate.OpenId.PartialsURL+Happstack.Authenticate.Password.PartialsURL!Happstack.Authenticate.ControllerHappstack.Authenticate.Route#Happstack.Authenticate.Password.URL+Happstack.Authenticate.Password.Controllers$Happstack.Authenticate.Password.Core(Happstack.Authenticate.Password.Partials%Happstack.Authenticate.Password.Route!Happstack.Authenticate.OpenId.URL"Happstack.Authenticate.OpenId.Core)Happstack.Authenticate.OpenId.Controllers&Happstack.Authenticate.OpenId.Partials#Happstack.Authenticate.OpenId.RouteSystemRandomuseri_5WjSaG0i2dt4WXyuBoYlhE Data.UserId succUserIdrUserIdunUserId _unUserIdUserId PartialURL UsingGoogle UsingYahoo RealmForm rUsingGoogle rUsingYahoo rRealmForm partialURL$fPathInfoPartialURL LoginInlineLoginLogoutSignupPasswordChangePasswordRequestResetPasswordFormResetPasswordForm rLoginInlinerLoginrLogoutrSignupPasswordrChangePasswordrRequestResetPasswordFormrResetPasswordForm CoreErrorHandlerNotFoundURLDecodeFailedUsernameAlreadyExistsAuthorizationRequired ForbiddenJSONDecodeFailed InvalidUserIdUsernameNotAcceptable InvalidEmail TextErrorHappstackAuthenticateI18N jsonOptionsUsername _unUsernametoJSONResponse toJSONSuccess toJSONError unUsernameEmail_unEmail rUsernameUser_userId _username_emailunEmailAuthenticateConfig _isAuthAdmin_usernameAcceptable _requireEmailIxUserUserIxsemailuserIdusername SharedSecret_unSharedSecret isAuthAdmin requireEmailusernameAcceptableusernamePolicyNewAccountModeOpenRegistrationModeratedRegistrationClosedRegistration SharedSecretsunSharedSecretgenSharedSecretgenSharedSecretDevURandomgenSharedSecretSysRandominitialSharedSecretsAuthenticateState_sharedSecrets_users _nextUserId_defaultSessionTimeout_newAccountModedefaultSessionTimeoutnewAccountMode nextUserId sharedSecretsusersinitialAuthenticateStateToken _tokenUser_tokenIsAuthAdminGetAuthenticateStateGetUserByEmailGetUserByUserIdGetUserByUsername DeleteUser UpdateUserCreateAnonymousUser CreateUserGetNewAccountModeSetNewAccountModeGetSharedSecretSetSharedSecretGetDefaultSessionTimeoutSetDefaultSessionTimeoutgetOrGenSharedSecretAuthenticationMethod_unAuthenticationMethod TokenTexttokenIsAuthAdmin tokenUser issueTokendecodeAndVerifyTokenauthCookieNameaddTokenCookiedeleteTokenCookiegetTokenCookiegetTokenHeadergetToken getUserIdunAuthenticationMethodAuthenticateURLAuthenticationMethods ControllersAuthenticationHandlersAuthenticationHandlerrAuthenticationMethodrAuthenticationMethods rControllersauthenticateURLnestAuthenticationMethodauthenticateCtrlauthenticateCtrlJsrouteinitAuthentication$fIntegerSupplyRouteT AccountURLPasswordpasswordAuthenticationMethod PasswordURLAccountPartialPasswordRequestReset PasswordResetUsernamePasswordCtrl rPassword accountURL$fPathInfoAccountURLrTokenrAccountrPartialrPasswordRequestResetrPasswordResetrUsernamePasswordCtrl passwordURLnestPasswordURL$fPathInfoPasswordURLusernamePasswordCtrlusernamePasswordCtrlJsPasswordConfig _resetLink_domain_passwordAcceptable PasswordErrorNotAuthenticated NotAuthorizedInvalidUsernameInvalidPasswordInvalidUsernamePasswordNoEmailAddressMissingResetTokenInvalidResetTokenPasswordMismatchUnacceptablePasswordpasswordErrorMessageMsgpasswordErrorMessageEdomainpasswordAcceptable resetLink$fToJExprPasswordError$fFromJSONPasswordError$fToJSONPasswordError HashedPass _unHashedPass5$fRenderMessageHappstackAuthenticateI18NPasswordError$fSafeCopyHashedPass PasswordState _passwords unHashedPass mkHashedPassverifyHashedPass$fSafeCopyPasswordState passwordsinitialPasswordState setPassworddeletePasswordverifyPasswordForUserIdUserPass_user _passwordVerifyPasswordForUserIdDeletePassword SetPasswordverifyPassword*TFCo:R:MethodResultVerifyPasswordForUserIdNewAccountData_naUser _naPassword_naPasswordConfirmpasswordusertoken$fToJExprUserPass$fFromJSONUserPass$fToJSONUserPassChangePasswordData_cpOldPassword_cpNewPassword_cpNewPasswordConfirm naPasswordnaPasswordConfirmnaUser$fFromJSONNewAccountData$fToJSONNewAccountDataRequestResetPasswordData _rrpUsername cpNewPasswordcpNewPasswordConfirm cpOldPasswordaccount$fFromJSONChangePasswordData$fToJSONChangePasswordDataResetPasswordData _rpPassword_rpPasswordConfirm _rpResetToken rrpUsernamepasswordRequestResetissueResetTokensendResetEmail"$fFromJSONRequestResetPasswordData $fToJSONRequestResetPasswordData rpPasswordrpPasswordConfirm rpResetToken passwordResetdecodeAndVerifyResetToken$fFromJSONResetPasswordData$fToJSONResetPasswordData PartialMsgs UsernameMsgEmailMsg PasswordMsgPasswordConfirmationMsg SignUpMsg SignInMsg LogoutMsgOldPasswordMsgNewPasswordMsgNewPasswordConfirmationMsgChangePasswordMsgRequestPasswordResetMsgPartial' routePartialsignupPasswordFormusernamePasswordForm logoutFormchangePasswordFormrequestResetPasswordFormresetPasswordForm$fEmbedAsAttrRouteTAttr$fEmbedAsChildRouteTPartialMsgs3$fRenderMessageHappstackAuthenticateI18NPartialMsgs routePassword initPassword OpenIdURL BeginDanceReturnToRealmopenIdAuthenticationMethod rBeginDance rReturnTorRealm openIdURL nestOpenIdURL$fPathInfoOpenIdURL OpenIdErrorUnknownIdentifieropenIdErrorMessageE$fToJExprOpenIdError$fFromJSONOpenIdError$fToJSONOpenIdError$fSafeCopyIdentifier OpenIdState_1_identifiers_13$fRenderMessageHappstackAuthenticateI18NOpenIdError$fSafeCopyOpenIdState_1 OpenIdState _identifiers _openIdRealm identifiers_1$fSafeCopyOpenIdState identifiers openIdRealminitialOpenIdStateidentifierToUserIdassociateIdentifierWithUserIdgetOpenIdRealmsetOpenIdRealm$fMigrateOpenIdState SetRealmData_srOpenIdRealmSetOpenIdRealmGetOpenIdRealmAssociateIdentifierWithUserIdIdentifierToUserId!TFCo:R:MethodResultSetOpenIdRealm srOpenIdRealmrealm getIdentifier$fFromJSONSetRealmData$fToJSONSetRealmData openIdCtrl openIdCtrlJsUsingGoogleMsg UsingYahooMsg SetRealmMsgOpenIdRealmMsg usingGoogle usingYahoo realmForm routeOpenId initOpenIdhapps_GVWQJ5kbM6pFHUAnQA4gAJHappstack.Server.Internal.TypesResponsebaseGHC.BaseNothingsetSharedSecretgetSharedSecretsetDefaultSessionTimeoutgetDefaultSessionTimeoutsetNewAccountModegetNewAccountMode createUsercreateAnonymousUser updateUser deleteUsergetUserByUsernamegetUserByUserIdgetUserByEmailgetAuthenticateState Happstack.Server.Internal.CookieCookiewebro_KMrP6L5UMfg010XTdMyF7fWeb.Routes.BoomerangRouter$fToJExprCoreError$fFromJSONCoreError$fToJSONCoreError$fSafeCopyCoreErrorStatusOkNotOk1$fRenderMessageHappstackAuthenticateI18NCoreError$fSafeCopyStatus JSONResponse _jrStatus_jrDatarOkrNotOk$fFromJSONStatus$fToJSONStatusjrDatajrStatus rJSONResponse$fFromJSONJSONResponse$fToJSONJSONResponse$fSafeCopyUsername$fPathInfoUsername$fFromJSONUsername$fToJSONUsername$fSafeCopyEmail$fPathInfoEmail$fFromJSONEmail $fToJSONEmail$fSafeCopyUser$fIndexable:User$fFromJSONUser $fToJSONUser$fSafeCopySharedSecret$fSafeCopyNewAccountMode$fSafeCopyAuthenticateState'TFCo:R:MethodResultGetAuthenticateState$fFromJSONToken $fToJSONToken$fPathInfoAuthenticationMethod$fSafeCopyAuthenticationMethod$fFromJSONAuthenticationMethod$fToJSONAuthenticationMethod$fPathInfoAuthenticateURL