| Portability | Portable |
|---|---|
| Stability | Stable |
| Maintainer | pbrisbin@gmail.com |
| Safe Haskell | None |
Yesod.Auth.BCrypt
Contents
Description
A yesod-auth AuthPlugin designed to look users up in Persist where their user ID and a Bcrypt hash + salt of their password is stored.
Example usage:
-- import the function
import Auth.HashDB
-- make sure you have an auth route
mkYesodData "MyApp" [$parseRoutes|
/ RootR GET
/auth AuthR Auth getAuth
|]
-- make your app an instance of YesodAuth using this plugin
instance YesodAuth MyApp where
type AuthId MyApp = UserId
loginDest _ = RootR
logoutDest _ = RootR
getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser)
authPlugins = [authHashDB (Just . UniqueUser)]
-- include the migration function in site startup
withServer :: (Application -> IO a) -> IO a
withServer f = withConnectionPool $ \p -> do
runSqlPool (runMigration migrateUsers) p
let h = DevSite p
Note that function which converts username to unique identifier must be same.
Your app must be an instance of YesodPersist. and the username, salted-and-hashed-passwords should be added to the database.
- class HashDBUser siteuser where
- siteuserPasswordHash :: siteuser -> Maybe Text
- setSaltAndPasswordHash :: Text -> siteuser -> siteuser
- data family Unique record1
- setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuser
- validateUser :: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT yesod IO)), PersistEntity siteuser, HashDBUser siteuser) => Unique siteuser -> Text -> HandlerT yesod IO Bool
- authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin m
- getAuthIdHashDB :: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT master IO))) => (AuthRoute -> Route master) -> (Text -> Maybe (Unique siteuser)) -> Creds master -> HandlerT master IO (Maybe (AuthId master))
- type Siteuser = SiteuserGeneric SqlBackend
- data SiteuserGeneric backend = Siteuser {
- siteuserUsername :: !Text
- siteuserPassword :: !Text
- siteuserEmail :: !(Maybe Text)
- type SiteuserId = KeyBackend SqlBackend Siteuser
- data family EntityField record1 ($a)
- migrateSiteusers :: forall m. (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)
Documentation
class HashDBUser siteuser whereSource
Interface for data type which holds user info. It's just a collection of getters and setters
Methods
siteuserPasswordHash :: siteuser -> Maybe TextSource
Retrieve password hash from user data
Arguments
| :: Text | Hash and Salt |
| -> siteuser | |
| -> siteuser |
a callback for setPassword
Instances
| HashDBUser (SiteuserGeneric backend) |
data family Unique record1
Unique keys besided the Key
setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuserSource
Set password for user. This function should be used for setting passwords. It generates random salt and calculates proper hashes.
Authentification
Arguments
| :: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT yesod IO)), PersistEntity siteuser, HashDBUser siteuser) | |
| => Unique siteuser | User unique identifier |
| -> Text | Password in plaint-text |
| -> HandlerT yesod IO Bool |
Given a user ID and password in plaintext, validate them against the database values.
authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin mSource
Prompt for username and password, validate that against a database which holds the username and a hash of the password
Arguments
| :: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT master IO))) | |
| => (AuthRoute -> Route master) | your site's Auth Route |
| -> (Text -> Maybe (Unique siteuser)) | gets user ID |
| -> Creds master | the creds argument |
| -> HandlerT master IO (Maybe (AuthId master)) |
A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.
Predefined data type
data SiteuserGeneric backend Source
Generate data base instances for a valid user
Constructors
| Siteuser | |
Fields
| |
Instances
| Typeable1 SiteuserGeneric | |
| PersistFieldSql (SiteuserGeneric backend) | |
| PersistEntity (SiteuserGeneric backend) | |
| PersistField (SiteuserGeneric backend) | |
| HashDBUser (SiteuserGeneric backend) |
data family EntityField record1 ($a)
An EntityField is parameterised by the Haskell record it belongs to
and the additional type of that field
migrateSiteusers :: forall m. (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)Source