wai-middleware-crowd- Middleware and utilities for using Atlassian Crowd authentication

Safe HaskellNone





data CrowdSettings Source #

Settings for creating the Crowd middleware.

To create a value, use defaultCrowdSettings and then various setter functions.

Since 0.1.0

defaultCrowdSettings :: CrowdSettings Source #

Default value for CrowdSettings.

Since 0.1.0

setCrowdKey :: IO Key -> CrowdSettings -> CrowdSettings Source #

Set the function to get client session key for encrypting cookie data.

Default: getDefaultKey

Since 0.1.0

setCrowdRoot :: Text -> CrowdSettings -> CrowdSettings Source #

Set the root of the Crowd service. This is used as an OpenID endpoint.

Default: http://localhost:8095/openidserver

Since 0.1.0

setCrowdApprootStatic :: Text -> CrowdSettings -> CrowdSettings Source #

The application root for this application.

This is used for constructing completion URLs when communicating with Crowd's OpenID implementation.

Default: use the APPROOT environment variable.

Since 0.1.0

setCrowdApprootGeneric :: IO (Request -> IO Text) -> CrowdSettings -> CrowdSettings Source #

More generalized version of setCrowdApprootStatic.

Since 0.1.0

setCrowdManager :: IO Manager -> CrowdSettings -> CrowdSettings Source #

Acquire an HTTP connection manager.

Default: get a new tls-enabled manager.

Since 0.1.0

setCrowdAge :: Int -> CrowdSettings -> CrowdSettings Source #

Number of seconds to keep an authentication cookie active

Default: 3600

Since 0.1.0


mkCrowdMiddleware :: CrowdSettings -> IO Middleware Source #

Create the Crowd middleware based on the given settings.

Since 0.1.0


smartApproot :: IO (Request -> IO Text) Source #

Determine approot by:

  • First respecting the APPROOT environment variable if present
  • If not, respect the Host header and isSecure property, together with the following de facto standards: x-forwarded-protocol, x-forwarded-ssl, x-url-scheme, x-forwarded-proto, front-end-https. (Note: this list may be updated at will in the future without doc updates.)

Normally trusting headers in this way is insecure, however in the case of approot, the worst that can happen is that the client will get an incorrect URL. Note that this does not work for some situations, e.g.:

  • Reverse proxies not setting one of the above mentioned headers
  • Applications hosted somewhere besides the root of the domain name
  • Reverse proxies that modify the host header

Since 0.1.0

waiMiddlewareCrowdVersion :: Version Source #

Current version

Since 0.1.0

getUserName :: Request -> Maybe ByteString Source #

Get the username for the current user.

If called on a Request behind the middleware, should always return a Just value.