TF?E      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                              (c) Peter Scott, 2011 BSD-stylepjscott@iastate.edu experimentalportableNonelA salt is a unique random value which is stored as part of the password hash. You can generate a salt with  or f, or if you really know what you're doing, you can create them from your own ByteString values with  .!4PBKDF1 key-derivation function. Takes a password, a , and a number of iterations. The number of iterations should be at least 1000, and probably more. 5000 is a reasonable number, computing almost instantaneously. This will give a 32-byte " as output. Both the salt and this 32-byte key should be stored in the password file. When a user wishes to authenticate a password, just pass it and the salt to this function, and see if the output matches.#Hash a " for a given number of rounds. The number of rounds is 0 or more. If the number of rounds specified is 0, the ByteString will be returned unmodified.$=Computes the hmacSHA256 of the given message, with the given .%1PBKDF2 key-derivation function. For details see  "http://tools.ietf.org/html/rfc2898. 32$ is the most common digest size for SHA256/, and is what the algorithm internally uses.  HMAC+SHA256 is used as PRF , because  HMAC+SHA1 is considered too weak. Generate a  from 128 bits of data from  /dev/urandomV, with the system RNG as a fallback. This is the function used to generate salts by &.' Generate a  from  /dev/urandom.( Generate a  from   .)Try to parse a password hash.*Encode a password hash, from a (strength, salt, hash) tuple, where strength is an + , and both salt and hash are base64-encoded "s.&Hash a password with a given strength (14 is a good default). The output of this function can be written directly to a password file or database. Generates a salt using high-quality randomness from  /dev/urandom8 or (if that is not available, for example on Windows)   ), which is included in the hashed output.,A generic version of &7, which allow the user to choose the algorithm to use.%makePasswordWith pbkdf1 "password" 14-A generic version of .a, meant to give the user the maximum control over the generation parameters. Note that, unlike ,, this function takes the raw^ number of iterations. This means the user will need to specify a sensible value, typically 10000 or 20000..Hash a password with a given strength (14 is a good default), using a given salt. The output of this function can be written directly to a password file or database. Example: >>> makePasswordSalt "hunter2" (makeSalt "72cd18b5ebfe6e96") 14 "sha256|14|NzJjZDE4YjVlYmZlNmU5Ng==|yuiNrZW3KHX+pd0sWy9NTTsy5Yopmtx4UYscItSsoxc="// algorithm userInput pwHash verifies the password  userInput5 given by the user against the stored password hash pwHash, with the hashing algorithm  algorithm . Returns 0( if the given password is correct, and 1[ if it is not. This function allows the programmer to specify the algorithm to use, e.g. ! or %E. Note: If you want to verify a password previously generated with ->, but without modifying the number of iterations, you can do: ;>>> verifyPasswordWith pbkdf2 id "hunter2" "sha256..." True2Like / , but uses ! as algorithm.3CTry to strengthen a password hash, by hashing it some more times. 3 pwHash new_strength9 will return a new password hash with strength at least  new_strengthF. If the password hash already has strength greater than or equal to  new_strength|, then it is returned unmodified. If the password hash is invalid and does not parse, it will be returned without comment.This function can be used to periodically update your password database when computers get faster, in order to keep up with Moore's law. This isn't hugely important, but it's a good idea.4'Return the strength of a password hash.  Create a  from a "|. The input must be at least 8 characters, and can contain arbitrary bytes. Most users will not need to use this function.5 Convert a  into a ". The resulting "H will be base64-encoded. Most users will not need to use this function.6Convert a raw " into a [. Use this function with caution, since using a weak salt will result in a weak password.7ZIs the format of a password hash valid? Attempts to parse a given password hash. Returns 0 if it parses correctly, and 1 otherwise. Generate a  with 128 bits of data taken from a given random number generator. Returns the salt and the updated random number generator. This is meant to be used with .Z by people who would prefer to either use their own random number generator or avoid the 8 monad.9!#$The secret (the salt)The clear-text messageThe encoded message%'()*&,"The algorithm to use (e.g. pbkdf1)The password to encrypt log2 of the number of iterations-'A function modeling an algorithm (e.g. !)!A function to modify the strengthA password, given as clear textA hash The password strength (e.g. 10000, 20000, etc.)./.A function modeling an algorithm (e.g. pbkdf1)!A function to modify the strength User password&The generated hash (e.g. sha256|14...)234 567:;!%&,-./234 5679!#$%'()*&,-./234 567:;Safe- Defaults to ..;  !"#$%&'()*+,-./0123456789:<;:  !"#$%&'()*+,-./0123456789:;:  !"#$%&'()*+,-./1234567089:;*  !"#$%&'()*+,-./0123456789:<;None +3457>ILN<=>?@ABC<=>?@AB<=BCC>?@ANone &+13457>ILN$?9Class which states that the given site is an instance of  YesodAuth and that its AuthId5 is a lookup key for the full user information in a  YesodPersist database.The default implementation of  getAuthEntity assumes that the AuthId for the  YesodAuth$ superclass is in fact a persistent Key for the given value. This is the common case in Yesod, and means that you can easily look up the full information on a given user. Since 1.4.0@If the AuthIdV for a given site is a persistent ID, this will give the value for that entity. E.g.: 4type AuthId MySite = UserId AuthEntity MySite ~ User Since 1.2.0D1specify the layout. Uses defaultLayout by defaultEIDefault destination on successful login, if no other destination exists.FJDefault destination on successful logout, if no other destination exists.G6Perform authentication based on the given credentials.&Default implementation is in terms of H Since: 1.4.4H8Determine the ID associated with the set of credentials.&Default implementation is in terms of GI%Which authentication backends to use.JWhat to show on the login page.By default this calls f=, which concatenates plugin widgets and wraps the result in D0. Override if you need fancy widget containers, additional functionality, or an entirely custom page. For example, in some applications you may want to prevent the login page being displayed for a user who is already logged in, even if the URL is visited explicitly; this can be done by overriding J3 in your instance declaration with something like: instance YesodAuth App where ... loginHandler = do ma <- lift maybeAuthId when (isJust ma) $ lift $ redirect HomeR -- or any other Handler code you want defaultLoginHandlerK3Used for i18n of messages provided by this package.LDAfter login and logout, redirect to the referring page, instead of E and F . Default is 1.MReturn an HTTP connection manager that is stored in the foundation type. This allows backends to reuse persistent connections. If none of the backends you're using use HTTP connections, you can safely return error "authHttpManager" here.N1Called on a successful login. By default, calls !addMessageI "success" NowLoggedIn.O*Called on logout. By default, does nothingP5Retrieves user credentials, if user is authenticated.By default, this calls e to get the user ID from the session. This can be overridden to allow authentication via other means, such as checking for a special token in a request header. This is especially useful for creating an API to be accessed via some means other than a browser. Since 1.2.0Q<Called on login error for HTTP requests. By default, calls  addMessage) with "error" as status and redirects to dest.RrunHttpRequest gives you a chance to handle an HttpException and retry The default behavior is to simply execute the request which will throw an exception on failure The HTTP D is given in case it is useful to change behavior based on inspecting the request. This is an experimental API that is not broadly used throughout the yesod-auth code baseSUser credentialsUHow the user was authenticatedV,Identifier. Exact meaning depends on plugin.]4The result of an authentication based on credentials Since 1.4.4^Authenticated successfully_$Invalid credentials provided by user`Some other errordAInternal session key used to hold the authentication information. Since 1.2.3eFRetrieves user credentials from the session, if user is authenticated.This function does not. confirm that the credentials are valid, see maybeAuthIdRaw for more information. Since 1.1.2f'Default handler to show the login page.This is the default J;. It concatenates plugin widgets and wraps the result in D. See J for more details. Since 1.4.9haFor HTML, set the message and redirect to the route. For JSON, send the message and a 401 statuslWSets user credentials for the session after checking them with authentication backends.E.same as defaultLayoutJson, but uses authLayoutm0Clears current user credentials for the session. Since 1.1.7n Similar to P, but additionally look up the value associated with the user's database identifier to get the value in the database. This assumes that you are using a Persistent database. Since 1.1.0o Similar to n?, but doesn t assume that you are using a Persistent database. Since 1.4.0p Similar to P, but redirects to a login page if user is not authenticated or responds with error 401 if this is an API client (expecting JSON). Since 1.1.0q Similar to n, but redirects to a login page if user is not authenticated or responds with error 401 if this is an API client (expecting JSON). Since 1.1.0r Similar to q, but not tied to Persistent's F type. Instead, the C and @ are returned in a tuple. Since 1.4.0N=>G?@AHIJBCDEFGHIJK languagesLMNOPQRSTUVWXYZ[\]^_`KLabcdeMfgNhiOPjknew credentialsl if HTTP redirects should be donenew credentialsEHTMLJSONmif HTTP redirect to F should be doneQRSTUVnopqrWXsYZ[\>]<>?@A=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs9<bXYZ[\cBCDEFGHIJKLMNOPQR?@ASTUVWlkmhg]^_`efonprq=>adjis.=>G?@AHIJBCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`KLabcdeMfgNhiOPjklEmQRSTUVnopqrWXsYZ[\NonetHA settings type for various configuration options relevant to BrowserID.See: +http://www.yesodweb.com/book/settings-types Since 1.2.0uBrowserID audience value. If Nothing*, will be extracted based on the approot. Default: Nothing Since 1.2.0v>Use asynchronous Javascript loading for the BrowserID JS file. Default: True. Since 1.2.0yPGenerates a function to handle on-click events, and returns that function name.zPGenerates a function to handle on-click events, and returns that function name. t^uv_w`xyzatuvwxyz xzytuvuvwt^uv_w`xyzaNone{{{{None 46>GILN~bAdd a new email address to the database, but indicate that the address has not yet been verified. Since 1.1.07Send an email to the given address to verify ownership. Since 1.1.00Get the verification key for the given email ID. Since 1.1.00Set the verification key for the given email ID. Since 1.1.0.Verify the email address on the given account. Since 1.1.0.Get the salted password for the given account. Since 1.1.0.Set the salted password for the given account. Since 1.1.0"Get the credentials for the given  IdentifierV, which may be either an email address or some other identification (e.g., username). Since 1.2.0-Get the email address for the given email ID. Since 1.1.0&Generate a random alphanumeric string. Since 1.1.0<Route to send user to after password has been set correctly. Since 1.2.0SDoes the user need to provide the current password in order to set a new password?KDefault: if the user logged in via an email link do not require a password. Since 1.2.1JCheck that the given plain-text password meets minimum security standards./Default: password is at least three characters.,Response after sending a confirmation email. Since 1.2.2OAdditional normalization of email addresses, besides standard canonicalization.&Default: Lower case the email address. Since 1.2.3Handler called to render the registration page. The default works fine, but you may want to override it in order to have a different DOM. Default: . Since: 1.2.6.Handler called to render the "forgot password" page. The default works fine, but you may want to override it in order to have a different DOM. Default: . Since: 1.2.6.Handler called to render the "set password" page. The default works fine, but you may want to override it in order to have a different DOM. Default: . Since: 1.2.6.2Data stored in a database for each e-mail address.zAn Identifier generalizes an email address to allow users to log in with some other form of credentials (e.g., username).KNote that any of these other identifiers must not be valid email addresses. Since 1.2.0 Since 1.4.5Default implementation of . Since: 1.2.6Default implementation of . Since: 1.2.6Default implementation of . Since: 1.2.6/Salt a password with a randomly generated salt.@Session variable set when user logged in via a login link. See . Since 1.2.1Set  to the current time. Since 1.2.1K|}~(Whether the old password is needed. If Truer, a field for the old password should be presented. Otherwise, just two fields for the new password are needed.bcdefghijklmnopqrsallow usernames?tuvwxyz{|cleartext passwordsalted password}cleartext passwordsalted password~.|}~.|}~'|}~bcdefghijklmnopqrstuvwxyz{|}~None4INThe main identifier provided by the OpenID authentication plugin is the "OP-local identifier". There is also sometimes a "claimed" identifier available.In the W field of the SQ datatype, you can lookup this key to find the claimed identifier, if available. ]let finalID = fromMaybe (credsIdent creds) $ lookup claimedKey (credsExtra creds) Since 1.0.2oA helper function which will get the claimed identifier, if available, falling back to the OP local identifier.See . Since 1.0.2 extension fieldsNone4IN Get some form of a display name.app namekeyNone4IN None4? Type of email Since 1.4.3Google account email addressHome email addressWork email adressOther email addressSomething elsePerson's email Since 1.4.3?Information about the user Full description of the resource 1https://developers.google.com/+/api/latest/people Since 1.4.36The name of this person, which is suitable for display Birthday formatted as YYYY-MM-DD The URI of this person's profile!A short biography for this person$The brief description of this person+Whether this user has signed up for Google+)The "bragging rights" line of this person?if a Google+ page, the number of people who have +1'd this pagefFor followers who are visible, the number of people who have added this person or page to a circle.Whether the person or Google+ Page has been verified. This is used only for pages with a higher risk of being impersonated or similar. This flag will not be present on most profiles.,The user's preferred language for rendering.The occupation of this personThe person's skills&The URI of the person's profile photo. Since 1.4.3!The person's relationship status. Since 1.4.3Person is singlePerson is in a relationshipPerson is engagedPerson is marriedThe relationship is complicated!Person is in an open relationshipPerson is widowed#Person is in a domestic partnershipPerson is in a civil unionSomething elseIndividual components of a name Since 1.4.3CThe full name of this person, including middle names, suffixes, etc*The family name (last name) of this person*The given name (first name) of this personThe middle name of this person.@The honorific prefixes (such as "Dr." or "Mrs.") for this person6The honorific suffixes (such as "Jr.") for this person>A place where the person has lived or is living at the moment. Since 1.4.3PA place where this person has lived. For example: "Seattle, WA", "Near Toronto".If True=, this place of residence is this person's primary residence.The type of an organization Since 1.4.3Something elseBCurrent or past organizations with which this person is associated Since 1.4.36The person's job title or role within the organization2The date that the person joined this organization.0The date that the person left this organization.If Truep, indicates this organization is the person's ^ primary one, which is typically interpreted as the current one.The type of URI Since 1.4.3URI for another profile4URI to a site for which this person is a contributor+URI for this Google+ Page's primary website Other URLSomething else&URIs specified in the person's profile Since 1.4.3 Gender of the person Since 1.4.3An authentication token which was acquired from OAuth callback. The token gets saved into the session storage only if you use &. You can acquire saved token with . Since 1.4.3Get user's access token from the session. Returns Nothing if it's not found (probably because the user is not logged in via  or you are not using )An alternative version which stores user access token in the session variable. Use it if you want to request user's profile from your app. Since 1.4.3`Allows to fetch information about a user from Google's API. In case of parsing error returns . Will throw  HttpException4 in case of network problems or error response code. Since 1.4.3resizePersonImage img 30 would set query part to ?sz=30 which would resize the image under the URI. If for some reason you need to modify the query part, you should do it after resizing. Since 1.4.3z      client ID client secret client ID client secretif the token should be stored client ID client secretc     c     *       1Very simple auth plugin for hardcoded auth pairs.(c) Arthur Fayzrakhmanov, 2015MITheraldhoi@gmail.com experimentalNone 47>ILN;Check whether given user name exists among hardcoded names.-Validate given user name with given password. !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgghijkklmnopqrstuvwxyz{|}~                                                                     !" # $ % & ' ( ) *+,- . / 0 1+,2+,3 4 5 6 7 8 9+,: ; < =>P?@ABCDEFGHIJKLMMNOPQRSTUVWXYZ[\]^_`abcdeffghiijkklmnoopqrstuvwxyz{|}~c c         ~              xyesod_1DQUOs66HDJ9A4mfiHSpdWYesod.Auth.BrowserId Yesod.AuthYesod.Auth.MessageYesod.Auth.DummyYesod.Auth.EmailYesod.Auth.OpenIdYesod.Auth.RpxnowYesod.Auth.GoogleEmailYesod.Auth.GoogleEmail2Yesod.Auth.HardcodedYesod.PasswordStoreSystemRandomYesod.Auth.Routes GoogleEmail2datad_K91y8NcZUJI9yaBI61rgdDData.Default.Classdefyesod_CUCUAA1WMHI1hehrAjGcPGYesod.Routes.ClassRoute AuthMessageNoOpenID LoginOpenID LoginGoogle LoginYahooEmailUserNameIdentifierNotFoundPasswordRegister RegisterLong EnterEmailConfirmationEmailSentTitleConfirmationEmailSentAddressVerifiedInvalidKeyTitle InvalidKeyInvalidEmailPass BadSetPass SetPassTitleSetPassNewPass ConfirmPass PassMismatch PassUpdatedFacebook LoginViaEmail InvalidLogin NowLoggedIn LoginTitlePleaseProvideUsernamePleaseProvidePasswordNoIdentifierProvidedInvalidEmailAddressPasswordResetTitleProvideIdentifierSendPasswordResetEmailPasswordResetPromptCurrentPasswordInvalidUsernamePassLogout LogoutTitle AuthErrordefaultMessageenglishMessageportugueseMessagespanishMessageswedishMessage germanMessage frenchMessagenorwegianBokmålMessagejapaneseMessagefinnishMessagechineseMessage czechMessagerussianMessage dutchMessage danishMessageAuth AuthExceptionInvalidFacebookResponseYesodAuthPersist AuthEntity getAuthEntity YesodAuthAuthId authLayout loginDest logoutDest authenticate getAuthId authPlugins loginHandlerrenderAuthMessageredirectToRefererauthHttpManageronLoginonLogout maybeAuthId onErrorHtmlrunHttpRequestCreds credsPlugin credsIdent credsExtra AuthPluginapName apDispatchapLoginAuthenticationResult Authenticated UserError ServerError AuthHandler AuthRoutegetAuthcredsKeydefaultMaybeAuthIddefaultLoginHandlerloginErrorMessageIloginErrorMessagemessageJson401provideJsonMessagesetCredsRedirectsetCreds clearCreds maybeAuth maybeAuthPair requireAuthId requireAuthrequireAuthPairasHtmlBrowserIdSettings bisAudience bisLazyLoad forwardUrl authBrowserIdcreateOnClickOverride createOnClick authDummyYesodAuthEmail AuthEmailId addUnverifiedsendVerifyEmail getVerifyKey setVerifyKey verifyAccount getPassword setPassword getEmailCredsgetEmail randomKeyafterPasswordRouteneedOldPasswordcheckPasswordSecurityconfirmationEmailSentResponsenormalizeEmailAddressregisterHandlerforgotPasswordHandlersetPasswordHandler EmailCreds emailCredsIdemailCredsAuthIdemailCredsStatusemailCredsVerkeyemailCredsEmail Identifier VerStatus SaltedPassVerUrlVerKeyloginR registerRforgotPasswordRsetpassRverifyR authEmaildefaultRegisterHandlerdefaultForgotPasswordHandlerdefaultSetPasswordHandlersaltPass isValidPass loginLinkKeysetLoginLinkKeyIdentifierTypeClaimedOPLocal authOpenId claimedKey opLocalKeycredsIdentClaimed authRpxnowauthGoogleEmail EmailType EmailAccount EmailHome EmailWork EmailOther emailValue emailTypePersonpersonIdpersonDisplayName personNamepersonNicknamepersonBirthday personGenderpersonProfileUri personImage personAboutMepersonRelationshipStatus personUrispersonOrganizationspersonPlacesLived personTaglinepersonIsPlusUserpersonBraggingRightspersonPlusOneCountpersonCircledByCountpersonVerifiedpersonLanguage personEmails personDomainpersonOccupation personSkills PersonImageimageUriRelationshipStatusSingleInRelationshipEngagedMarried ComplicatedOpenRelationshipWidowedDomesticPartnership CivilUnionName nameFormatted nameFamily nameGiven nameMiddlenameHonorificPrefixnameHonorificSuffixPlace placeValue placePrimaryOrganizationTypeWorkSchool OrganizationorgNameorgTitleorgType orgStartDate orgEndDate orgPrimary PersonURIType OtherProfile ContributorWebsiteOtherURI PersonURIuriLabeluriValueuriTypeGenderMaleFemale OtherGenderToken accessToken tokenTypegetUserAccessTokenauthGoogleEmailSaveToken getPersonresizePersonImageYesodAuthHardcodeddoesUserNameExistvalidatePassword authHardcodedSalt genSaltIO genSaltRandommakeSaltpbkdf1bytes_6VWy06pWzJq9evDvK2d4w6Data.ByteString.Internal ByteString hashRounds hmacSHA256pbkdf2 makePasswordgenSaltDevURandomgenSaltSysRandom readPwHash writePwHashghc-prim GHC.TypesIntmakePasswordWithmakePasswordSaltWithmakePasswordSaltverifyPasswordWithTrueFalseverifyPasswordstrengthenPasswordpasswordStrength exportSalt importSaltisPasswordFormatValidIOSaltBStoStrict fromStrictcroatianMessageCheckRLoginRLogoutRPluginR resourcesAuthTFCo:R:RouteAuthhttpc_2ftXothlM7QEUjpCnKv1nANetwork.HTTP.Client.TypesRequestauthLayoutJsonpersi_GnohlU2HgpmKhd1VfvVQrQ$Database.Persist.Class.PersistEntityEntity KeyEntityCachedMaybeAuthunCachedMaybeAuthPieceMethod cachedAuthloginErrorMessageMasterImessageJson500messageJsonStatus getCheckRsetUltDestReferer' getLoginR getLogoutR postLogoutR handlePluginRhandleAuthLack redirectLogin$fYesodSubDispatchAuthHandlerT$fExceptionAuthException $fRenderMessagemasterAuthMessageTFCo:R:KeyEntityKeyYesod.Core.Internal.LiteApp LiteAppRoutepidcomplete$fDefaultBrowserIdSettings UserLoginForm loginEmail loginPasswordUserFormemail PasswordFormpasswordCurrent passwordNewpasswordConfirmForgotPasswordForm forgotEmail getRegisterRemailLoginHandlerregisterHelper postRegisterRgetForgotPasswordRpostForgotPasswordR getVerifyR postLoginR getPasswordR postPasswordR saltLength saltPass' isValidPass'defaultNonceGencompleteHelpergetDisplayName googleIdentbaseGHC.BaseNothingcsrfKey getCsrfTokenaccessTokenKeygetCreateCsrfToken authPluginmakeHttpRequestpersonValueRequest allPersonInfo$fFromJSONEmailType$fFromJSONEmail$fFromJSONPerson$fFromJSONPersonImage$fFromJSONRelationshipStatus$fFromJSONName$fFromJSONPlace$fFromJSONOrganizationType$fFromJSONOrganization$fFromJSONPersonURIType$fFromJSONPersonURI$fFromJSONGender$fFromJSONToken