eOf      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWX Y Z [ \ ] ^ _ ` a b c d e NonelA salt is a unique random value which is stored as part of the password hash. You can generate a salt with  or f, or if you really know what you're doing, you can create them from your own ByteString values with .4PBKDF1 key-derivation function. Takes a password, a , and a number of iterations. The number of iterations should be at least 1000, and probably more. 5000 is a reasonable number, computing almost instantaneously. This will give a 32-byte f as output. Both the salt and this 32-byte key should be stored in the password file. When a user wishes to authenticate a password, just pass it and the salt to this function, and see if the output matches.gHash a f for a given number of rounds. The number of rounds is 0 or more. If the number of rounds specified is 0, the ByteString will be returned unmodified.h=Computes the hmacSHA256 of the given message, with the given .1PBKDF2 key-derivation function. For details see  "http://tools.ietf.org/html/rfc2898. 32$ is the most common digest size for SHA256/, and is what the algorithm internally uses.  HMAC+SHA256 is used as PRF , because  HMAC+SHA1 is considered too weak. Generate a  from 128 bits of data from  /dev/urandomV, with the system RNG as a fallback. This is the function used to generate salts by .i Generate a  from  /dev/urandom.j Generate a  from   .kTry to parse a password hash.lEncode a password hash, from a (strength, salt, hash) tuple, where strength is an m , and both salt and hash are base64-encoded fs.Hash a password with a given strength (14 is a good default). The output of this function can be written directly to a password file or database. Generates a salt using high-quality randomness from  /dev/urandom8 or (if that is not available, for example on Windows)   ), which is included in the hashed output.A generic version of 7, which allow the user to choose the algorithm to use.%makePasswordWith pbkdf1 "password" 14A generic version of  a, meant to give the user the maximum control over the generation parameters. Note that, unlike , this function takes the raw^ number of iterations. This means the user will need to specify a sensible value, typically 10000 or 20000. Hash a password with a given strength (14 is a good default), using a given salt. The output of this function can be written directly to a password file or database. Example: >>> makePasswordSalt "hunter2" (makeSalt "72cd18b5ebfe6e96") 14 "sha256|14|NzJjZDE4YjVlYmZlNmU5Ng==|yuiNrZW3KHX+pd0sWy9NTTsy5Yopmtx4UYscItSsoxc="   algorithm userInput pwHash verifies the password  userInput5 given by the user against the stored password hash pwHash, with the hashing algorithm  algorithm . Returns n( if the given password is correct, and o[ if it is not. This function allows the programmer to specify the algorithm to use, e.g.  or E. Note: If you want to verify a password previously generated with >, but without modifying the number of iterations, you can do: ;>>> verifyPasswordWith pbkdf2 id "hunter2" "sha256..." True Like   , but uses  as algorithm. CTry to strengthen a password hash, by hashing it some more times.   pwHash new_strength9 will return a new password hash with strength at least  new_strengthF. If the password hash already has strength greater than or equal to  new_strength|, then it is returned unmodified. If the password hash is invalid and does not parse, it will be returned without comment.This function can be used to periodically update your password database when computers get faster, in order to keep up with Moore's law. This isn't hugely important, but it's a good idea. 'Return the strength of a password hash. Create a  from a f|. The input must be at least 8 characters, and can contain arbitrary bytes. Most users will not need to use this function. Convert a  into a f. The resulting fH will be base64-encoded. Most users will not need to use this function.Convert a raw f into a [. Use this function with caution, since using a weak salt will result in a weak password.ZIs the format of a password hash valid? Attempts to parse a given password hash. Returns n if it parses correctly, and o otherwise. Generate a  with 128 bits of data taken from a given random number generator. Returns the salt and the updated random number generator. This is meant to be used with  Z by people who would prefer to either use their own random number generator or avoid the p monad.qghThe secret (the salt)The clear-text messageThe encoded messageijkl"The algorithm to use (e.g. pbkdf1)The password to encrypt log2 of the number of iterations'A function modeling an algorithm (e.g. )!A function to modify the strengthA password, given as clear textA hash The password strength (e.g. 10000, 20000, etc.) .A function modeling an algorithm (e.g. pbkdf1)!A function to modify the strength User password&The generated hash (e.g. sha256|14...)    qghijkl None$09:;<=DORTrstuvwxvsturwrwxxstuvSafeB Defaults to C.< !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR< !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR< !"#$%&'()*+,-./0123456789:;<=>?@ABCDFGHIJKLPEMNOQR* !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRNone$*069:;<=DORT%U9Class which states that the given site is an instance of  YesodAuth and that its AuthId5 is a lookup key for the full user information in a  YesodPersist database.The default implementation of  getAuthEntity assumes that the AuthId for the  YesodAuth$ superclass is in fact a persistent Key for the given value. This is the common case in Yesod, and means that you can easily look up the full information on a given user. Since 1.4.0VIf the AuthIdV for a given site is a persistent ID, this will give the value for that entity. E.g.: 4type AuthId MySite = UserId AuthEntity MySite ~ User Since 1.2.0Z1specify the layout. Uses defaultLayout by default[IDefault destination on successful login, if no other destination exists.\JDefault destination on successful logout, if no other destination exists.]6Perform authentication based on the given credentials.&Default implementation is in terms of ^ Since: 1.4.4^8Determine the ID associated with the set of credentials.&Default implementation is in terms of ]_%Which authentication backends to use.`What to show on the login page.By default this calls }=, which concatenates plugin widgets and wraps the result in Z0. Override if you need fancy widget containers, additional functionality, or an entirely custom page. For example, in some applications you may want to prevent the login page being displayed for a user who is already logged in, even if the URL is visited explicitly; this can be done by overriding `3 in your instance declaration with something like: instance YesodAuth App where ... loginHandler = do ma <- lift maybeAuthId when (isJust ma) $ lift $ redirect HomeR -- or any other Handler code you want defaultLoginHandlera3Used for i18n of messages provided by this package.bDAfter login and logout, redirect to the referring page, instead of [ and \ . Default is o.chWhen being redirected to the login page should the current page be set to redirect back to. Default is n. @since 1.4.18dReturn an HTTP connection manager that is stored in the foundation type. This allows backends to reuse persistent connections. If none of the backends you're using use HTTP connections, you can safely return error "authHttpManager" here.e1Called on a successful login. By default, calls !addMessageI "success" NowLoggedIn.f*Called on logout. By default, does nothingg5Retrieves user credentials, if user is authenticated.By default, this calls | to get the user ID from the session. This can be overridden to allow authentication via other means, such as checking for a special token in a request header. This is especially useful for creating an API to be accessed via some means other than a browser. Since 1.2.0h<Called on login error for HTTP requests. By default, calls  addMessage) with "error" as status and redirects to dest.irunHttpRequest gives you a chance to handle an HttpException and retry The default behavior is to simply execute the request which will throw an exception on failure The HTTP y is given in case it is useful to change behavior based on inspecting the request. This is an experimental API that is not broadly used throughout the yesod-auth code basejUser credentialslHow the user was authenticatedm,Identifier. Exact meaning depends on plugin.t4The result of an authentication based on credentials Since 1.4.4uAuthenticated successfullyv$Invalid credentials provided by userwSome other error{AInternal session key used to hold the authentication information. Since 1.2.3|FRetrieves user credentials from the session, if user is authenticated.This function does not. confirm that the credentials are valid, see maybeAuthIdRaw for more information. The first call in a request does a database request to make sure that the account is still in the database. Since 1.1.2}'Default handler to show the login page.This is the default `;. It concatenates plugin widgets and wraps the result in Z. See ` for more details. Since 1.4.9aFor HTML, set the message and redirect to the route. For JSON, send the message and a 401 statusWSets user credentials for the session after checking them with authentication backends.z.same as defaultLayoutJson, but uses authLayout0Clears current user credentials for the session. Since 1.1.7 Similar to g, but additionally look up the value associated with the user's database identifier to get the value in the database. This assumes that you are using a Persistent database. Since 1.1.0 Similar to ?, but doesn t assume that you are using a Persistent database. Since 1.4.0 Similar to g, but redirects to a login page if user is not authenticated or responds with error 401 if this is an API client (expecting JSON). Since 1.1.0 Similar to , but redirects to a login page if user is not authenticated or responds with error 401 if this is an API client (expecting JSON). Since 1.1.0 Similar to , but not tied to Persistent's { type. Instead, the Y and V are returned in a tuple. Since 1.4.0NST|UVW}~XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~new credentials if HTTP redirects should be donenew credentialszHTMLJSONif HTTP redirect to \ should be done?vstuSTUVWXY]i\Z[^_`abcdefghjklmnopqrstvuwxyz{|}~<yopqrszXYZ[\]^_`abcdefgghiUVWWjklmn~tuvw|}STx{-ST|UVWW}~XYZ[\]^_`abcdefgghijklmnopqrstuvwxyz{|}~zNone!"HA settings type for various configuration options relevant to BrowserID.See: +http://www.yesodweb.com/book/settings-types Since 1.2.0BrowserID audience value. If Nothing*, will be extracted based on the approot. Default: Nothing Since 1.2.0>Use asynchronous Javascript loading for the BrowserID JS file. Default: True. Since 1.2.0PGenerates a function to handle on-click events, and returns that function name.PGenerates a function to handle on-click events, and returns that function name.  NoneNone :<DMORTbAdd a new email address to the database, but indicate that the address has not yet been verified.7Send an email to the given address to verify ownership.0Get the verification key for the given email ID.0Set the verification key for the given email ID.Hash and salt a password Default: .DVerify a password matches the stored password for the given account.Default: Fetch a password with  and match using ..Verify the email address on the given account.Warning! If you have persisted the  site somewhere, this method should delete that key, or make it unusable in some fashion. Otherwise, the same key can be used multiple times!See  -https://github.com/yesodweb/yesod/issues/1222..Get the salted password for the given account..Set the salted password for the given account."Get the credentials for the given  IdentifierV, which may be either an email address or some other identification (e.g., username).-Get the email address for the given email ID.&Generate a random alphanumeric string.<Route to send user to after password has been set correctly.SDoes the user need to provide the current password in order to set a new password?KDefault: if the user logged in via an email link do not require a password.JCheck that the given plain-text password meets minimum security standards./Default: password is at least three characters.,Response after sending a confirmation email.OAdditional normalization of email addresses, besides standard canonicalization.&Default: Lower case the email address.Handler called to render the login page. The default works fine, but you may want to override it in order to have a different DOM. Default: .Handler called to render the registration page. The default works fine, but you may want to override it in order to have a different DOM. Default: . @since: 1.2.6Handler called to render the "forgot password" page. The default works fine, but you may want to override it in order to have a different DOM. Default: . @since: 1.2.6Handler called to render the "set password" page. The default works fine, but you may want to override it in order to have a different DOM. Default: . @since: 1.2.62Data stored in a database for each e-mail address.zAn Identifier generalizes an email address to allow users to log in with some other form of credentials (e.g., username).KNote that any of these other identifiers must not be valid email addresses.Default implementation of .Default implementation of .Default implementation of .Default implementation of ./Salt a password with a randomly generated salt.@Session variable set when user logged in via a login link. See .Set  to the current time.:setLoginLinkKey :: (MonadHandler m) => AuthId site -> m ()Qallow usernames?cleartext passwordsalted passwordcleartext passwordsalted password22*None:OTNone:@ Type of emailGoogle account email addressHome email addressWork email adressOther email addressSomething elsePerson's email?Information about the user Full description of the resource 1https://developers.google.com/+/api/latest/people6The name of this person, which is suitable for display Birthday formatted as YYYY-MM-DD The URI of this person's profile!A short biography for this person$The brief description of this person+Whether this user has signed up for Google+)The "bragging rights" line of this person?if a Google+ page, the number of people who have +1'd this pagefFor followers who are visible, the number of people who have added this person or page to a circle.Whether the person or Google+ Page has been verified. This is used only for pages with a higher risk of being impersonated or similar. This flag will not be present on most profiles.,The user's preferred language for rendering.The occupation of this personThe person's skills&The URI of the person's profile photo.!The person's relationship status.Person is singlePerson is in a relationshipPerson is engagedPerson is marriedThe relationship is complicated!Person is in an open relationshipPerson is widowed#Person is in a domestic partnershipPerson is in a civil unionSomething elseIndividual components of a nameCThe full name of this person, including middle names, suffixes, etc*The family name (last name) of this person*The given name (first name) of this personThe middle name of this person.@The honorific prefixes (such as "Dr." or "Mrs.") for this person6The honorific suffixes (such as "Jr.") for this person>A place where the person has lived or is living at the moment. PA place where this person has lived. For example: "Seattle, WA", "Near Toronto". If True=, this place of residence is this person's primary residence. The type of an organizationSomething elseBCurrent or past organizations with which this person is associated6The person's job title or role within the organization2The date that the person joined this organization.0The date that the person left this organization.If Truep, indicates this organization is the person's ^ primary one, which is typically interpreted as the current one.The type of URIURI for another profile4URI to a site for which this person is a contributor+URI for this Google+ Page's primary website Other URLSomething else&URIs specified in the person's profile"Gender of the person&An authentication token which was acquired from OAuth callback. The token gets saved into the session storage only if you use .&. You can acquire saved token with ,.*UPlugin identifier. This is used to identify the plugin used for authentication. The  credsPluginU will contain this value when this plugin is used for authentication. @since 1.4.17,Get user's access token from the session. Returns Nothing if it's not found (probably because the user is not logged in via  or you are not using .).An alternative version which stores user access token in the session variable. Use it if you want to request user's profile from your app./`Allows to fetch information about a user from Google's API. In case of parsing error returns . Will throw  HttpException4 in case of network problems or error response code.0resizePersonImage img 30 would set query part to ?sz=30 which would resize the image under the URI. If for some reason you need to modify the query part, you should do it after resizing.z      !"#$%&'()*+,- client ID client secret. client ID client secretif the token should be stored client ID client secret/0123456789:;<=d      !"#$%&'()*+,-./0d-.+&'(),/"#$%0 !     **       !"#$%&'()*+,-./0123456789:;<= 1Very simple auth plugin for hardcoded auth pairs.(c) Arthur Fayzrakhmanov, 2015MITheraldhoi@gmail.com experimentalNone :<=DORTY;Check whether given user name exists among hardcoded names.Z-Validate given user name with given password.XYZ[\XZY[\XYZ\[XYZ[\ None:OTbThe main identifier provided by the OpenID authentication plugin is the "OP-local identifier". There is also sometimes a "claimed" identifier available.In the n field of the jQ datatype, you can lookup this key to find the claimed identifier, if available. ]let finalID = fromMaybe (credsIdent creds) $ lookup claimedKey (credsExtra creds) Since 1.0.2doA helper function which will get the claimed identifier, if available, falling back to the OP local identifier.See b. Since 1.0.2 ]^_`aextension fieldsbcd]^_`abcda`bcd]^_]^_`abcd None:OT Get some form of a display name.eapp namekeyeee !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~~000       !"#$%&'(()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV W X Y Z [ \ ] ^ _ ` a bcdefghijklmnlmolmplmqr*stuvwxyz{|}~++   (yesod-auth-1.4.21-5IVgtxUVKBsBfJWDhufg56Yesod.Auth.BrowserId Yesod.AuthYesod.Auth.Util.PasswordStoreYesod.Auth.MessageYesod.Auth.DummyYesod.Auth.EmailYesod.Auth.GoogleEmailYesod.Auth.GoogleEmail2Yesod.Auth.HardcodedYesod.Auth.OpenIdYesod.Auth.RpxnowSystemRandomYesod.Auth.RoutesverifyPassword GoogleEmail20data-default-class-0.1.2.0-GsXqKN6o1X9jr0fF5qCVDData.Default.Classdef*yesod-core-1.4.37.2-6FpWZ6dloPyI7RWgclT8l5Yesod.Routes.ClassRouteSaltpbkdf1pbkdf2 genSaltIO makePasswordmakePasswordWithmakePasswordSaltWithmakePasswordSaltverifyPasswordWithstrengthenPasswordpasswordStrengthmakeSalt exportSalt importSaltisPasswordFormatValid genSaltRandom $fShowSalt$fEqSalt $fOrdSaltAuth AuthMessageNoOpenID LoginOpenID LoginGoogle LoginYahooEmailUserNameIdentifierNotFoundPasswordRegister RegisterLong EnterEmailConfirmationEmailSentTitleConfirmationEmailSentAddressVerifiedInvalidKeyTitle InvalidKeyInvalidEmailPass BadSetPass SetPassTitleSetPassNewPass ConfirmPass PassMismatch PassUpdatedFacebook LoginViaEmail InvalidLogin NowLoggedIn LoginTitlePleaseProvideUsernamePleaseProvidePasswordNoIdentifierProvidedInvalidEmailAddressPasswordResetTitleProvideIdentifierSendPasswordResetEmailPasswordResetPromptCurrentPasswordInvalidUsernamePassLogout LogoutTitle AuthErrordefaultMessageenglishMessageportugueseMessagespanishMessageswedishMessage germanMessage frenchMessagenorwegianBokmålMessagejapaneseMessagefinnishMessagechineseMessage czechMessagerussianMessage dutchMessagecroatianMessage danishMessage koreanMessage AuthExceptionInvalidFacebookResponseYesodAuthPersist AuthEntity getAuthEntity YesodAuthAuthId authLayout loginDest logoutDest authenticate getAuthId authPlugins loginHandlerrenderAuthMessageredirectToRefererredirectToCurrentauthHttpManageronLoginonLogout maybeAuthId onErrorHtmlrunHttpRequestCreds credsPlugin credsIdent credsExtra AuthPluginapName apDispatchapLoginAuthenticationResult Authenticated UserError ServerError AuthHandler AuthRoutegetAuthcredsKeydefaultMaybeAuthIddefaultLoginHandlerloginErrorMessageIloginErrorMessagemessageJson401provideJsonMessagesetCredsRedirectsetCreds clearCreds maybeAuth maybeAuthPair requireAuthId requireAuthrequireAuthPairasHtml$fYesodSubDispatchAuthHandlerT$fExceptionAuthException $fRenderMessagemasterAuthMessage $fShowCreds$fShowAuthExceptionBrowserIdSettings bisAudience bisLazyLoad forwardUrl authBrowserIdcreateOnClickOverride createOnClick$fDefaultBrowserIdSettings authDummyYesodAuthEmail AuthEmailId addUnverifiedsendVerifyEmail getVerifyKey setVerifyKeyhashAndSaltPassword verifyAccount getPassword setPassword getEmailCredsgetEmail randomKeyafterPasswordRouteneedOldPasswordcheckPasswordSecurityconfirmationEmailSentResponsenormalizeEmailAddressemailLoginHandlerregisterHandlerforgotPasswordHandlersetPasswordHandler EmailCreds emailCredsIdemailCredsAuthIdemailCredsStatusemailCredsVerkeyemailCredsEmail Identifier VerStatus SaltedPassVerUrlVerKeyloginR registerRforgotPasswordRsetpassRverifyR authEmaildefaultEmailLoginHandlerdefaultRegisterHandlerdefaultForgotPasswordHandlerdefaultSetPasswordHandlersaltPass isValidPass loginLinkKeysetLoginLinkKeyauthGoogleEmail EmailType EmailAccount EmailHome EmailWork EmailOther emailValue emailTypePersonpersonIdpersonDisplayName personNamepersonNicknamepersonBirthday personGenderpersonProfileUri personImage personAboutMepersonRelationshipStatus personUrispersonOrganizationspersonPlacesLived personTaglinepersonIsPlusUserpersonBraggingRightspersonPlusOneCountpersonCircledByCountpersonVerifiedpersonLanguage personEmails personDomainpersonOccupation personSkills PersonImageimageUriRelationshipStatusSingleInRelationshipEngagedMarried ComplicatedOpenRelationshipWidowedDomesticPartnership CivilUnionName nameFormatted nameFamily nameGiven nameMiddlenameHonorificPrefixnameHonorificSuffixPlace placeValue placePrimaryOrganizationTypeWorkSchool OrganizationorgNameorgTitleorgType orgStartDate orgEndDate orgPrimary PersonURIType OtherProfile ContributorWebsiteOtherURI PersonURIuriLabeluriValueuriTypeGenderMaleFemale OtherGenderToken accessToken tokenTypepidgetUserAccessTokenauthGoogleEmailSaveToken getPersonresizePersonImage$fFromJSONEmailType$fFromJSONEmail$fFromJSONPerson$fFromJSONPersonImage$fFromJSONRelationshipStatus$fFromJSONName$fFromJSONPlace$fFromJSONOrganizationType$fFromJSONOrganization$fFromJSONPersonURIType$fFromJSONPersonURI$fFromJSONGender$fFromJSONToken $fShowToken $fEqToken $fShowGender $fEqGender$fShowPersonURIType$fEqPersonURIType$fShowPersonURI $fEqPersonURI$fShowOrganizationType$fEqOrganizationType$fShowOrganization$fEqOrganization $fShowPlace $fEqPlace $fShowName$fEqName$fShowRelationshipStatus$fEqRelationshipStatus$fShowPersonImage$fEqPersonImage$fShowEmailType $fEqEmailType $fShowEmail $fEqEmail $fShowPerson $fEqPersonYesodAuthHardcodeddoesUserNameExistvalidatePassword authHardcodedIdentifierTypeClaimedOPLocal authOpenId claimedKey opLocalKeycredsIdentClaimed authRpxnowbytestring-0.10.8.1Data.ByteString.Internal ByteString hashRounds hmacSHA256genSaltDevURandomgenSaltSysRandom readPwHash writePwHashghc-prim GHC.TypesIntTrueFalseIOSaltBSCheckRLoginRLogoutRPluginR resourcesAuthD:R:RouteAuth0*http-client-0.5.7.1-22NedRMiVT8HKNR4ODKehdNetwork.HTTP.Client.TypesRequestauthLayoutJson'persistent-2.7.1-B22VWLzktr85Zcbt06tjq9$Database.Persist.Class.PersistEntityEntity KeyEntityCachedMaybeAuthunCachedMaybeAuthPieceMethod cachedAuthloginErrorMessageMasterImessageJson500messageJsonStatus getCheckRsetUltDestReferer' getLoginR getLogoutR postLogoutR handlePluginRhandleAuthLack redirectLoginYesod.Core.Internal.LiteApp LiteAppRoutecomplete UserLoginForm _loginEmail_loginPasswordUserForm_userFormEmail PasswordForm_passwordCurrent _passwordNew_passwordConfirmForgotPasswordForm _forgotEmail getRegisterR parseEmailregisterHelper postRegisterRgetForgotPasswordRpostForgotPasswordR getVerifyR parseCreds postLoginR getPasswordR parsePassword postPasswordR saltLength saltPass' isValidPass'defaultNonceGen googleIdentcompleteHelperbaseGHC.BaseNothingcsrfKey getCsrfTokenaccessTokenKeygetCreateCsrfToken authPluginmakeHttpRequestpersonValueRequest allPersonInfogetDisplayName