Portability | Portable |
---|---|
Stability | Stable |
Maintainer | pbrisbin@gmail.com |
Safe Haskell | None |
A yesod-auth AuthPlugin designed to look users up in Persist where their user ID and a Bcrypt hash + salt of their password is stored.
Example usage:
-- import the function import Auth.HashDB -- make sure you have an auth route mkYesodData "MyApp" [$parseRoutes| / RootR GET /auth AuthR Auth getAuth |] -- make your app an instance of YesodAuth using this plugin instance YesodAuth MyApp where type AuthId MyApp = UserId loginDest _ = RootR logoutDest _ = RootR getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser) authPlugins = [authHashDB (Just . UniqueUser)] -- include the migration function in site startup withServer :: (Application -> IO a) -> IO a withServer f = withConnectionPool $ \p -> do runSqlPool (runMigration migrateUsers) p let h = DevSite p
Note that function which converts username to unique identifier must be same.
Your app must be an instance of YesodPersist. and the username, salted-and-hashed-passwords should be added to the database.
- class HashDBUser siteuser where
- siteuserPasswordHash :: siteuser -> Maybe Text
- setSaltAndPasswordHash :: Text -> siteuser -> siteuser
- data family Unique record1
- setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuser
- validateUser :: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT yesod IO)), PersistEntity siteuser, HashDBUser siteuser) => Unique siteuser -> Text -> HandlerT yesod IO Bool
- authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin m
- getAuthIdHashDB :: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT master IO))) => (AuthRoute -> Route master) -> (Text -> Maybe (Unique siteuser)) -> Creds master -> HandlerT master IO (Maybe (AuthId master))
- type Siteuser = SiteuserGeneric SqlBackend
- data SiteuserGeneric backend = Siteuser {
- siteuserUsername :: !Text
- siteuserPassword :: !Text
- siteuserEmail :: !(Maybe Text)
- type SiteuserId = KeyBackend SqlBackend Siteuser
- data family EntityField record1 ($a)
- migrateSiteusers :: forall m. (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)
Documentation
class HashDBUser siteuser whereSource
Interface for data type which holds user info. It's just a collection of getters and setters
siteuserPasswordHash :: siteuser -> Maybe TextSource
Retrieve password hash from user data
:: Text | Hash and Salt |
-> siteuser | |
-> siteuser |
a callback for setPassword
HashDBUser (SiteuserGeneric backend) |
data family Unique record1
Unique keys besided the Key
setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuserSource
Set password for user. This function should be used for setting passwords. It generates random salt and calculates proper hashes.
Authentification
:: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT yesod IO)), PersistEntity siteuser, HashDBUser siteuser) | |
=> Unique siteuser | User unique identifier |
-> Text | Password in plaint-text |
-> HandlerT yesod IO Bool |
Given a user ID and password in plaintext, validate them against the database values.
authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin mSource
Prompt for username and password, validate that against a database which holds the username and a hash of the password
:: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT master IO))) | |
=> (AuthRoute -> Route master) | your site's Auth Route |
-> (Text -> Maybe (Unique siteuser)) | gets user ID |
-> Creds master | the creds argument |
-> HandlerT master IO (Maybe (AuthId master)) |
A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.
Predefined data type
data SiteuserGeneric backend Source
Generate data base instances for a valid user
Siteuser | |
|
Typeable1 SiteuserGeneric | |
PersistFieldSql (SiteuserGeneric backend) | |
PersistEntity (SiteuserGeneric backend) | |
PersistField (SiteuserGeneric backend) | |
HashDBUser (SiteuserGeneric backend) |
data family EntityField record1 ($a)
An EntityField
is parameterised by the Haskell record it belongs to
and the additional type of that field
migrateSiteusers :: forall m. (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)Source