| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Yesod.Auth.Http.Basic
Contents
Description
A Yesod middleware for
This middleware performs a single authentication lookup per request and uses the Yesod request-local caching mechanisms to store valid auth credentials found in the Authorization header.
The recommended way to use this module is to override the
maybeAuthId to defaultMaybeBasicAuthId and supply a
lookup function.
instance YesodAuth App where
type AuthId App = Text
getAuthId = return . Just . credsIdent
maybeAuthId = defaultMaybeBasicAuthId checkCreds
where
checkCreds = k s -> return $ (k == "user")
&& (s == "secret")
WWW-Authenticate challenges are currently not implemented. The current workaround is to override the error handler:
instance Yesod App where
errorHandler NotAuthenticated = selectRep $
provideRep $ do
addHeader WWW-Authenticate $ T.concat
[ "RedirectJSON realm="Realm", param="myurl.com"" ]
-- send error response here
...
errorHandler e = defaultErrorHandler e
...
Proper response status on failed authentication is not implemented.
The current workaround is to override the Yesod typeclass
isAuthorized function to handle required auth routes. e.g.
instance Yesod App where
isAuthorized SecureR _ =
maybeAuthId >>= return . maybe AuthenticationRequired (const Authorized)
isAuthorized _ _ = Authorized
- defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text)
Drop in replace for maybeAuthId.
defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text) Source
Retrieve the AuthId using Authorization header.
If valid credentials are found and authorized the auth id is cached.
TODO use more general type than Text to represent the auth id