yesod-auth-bcrypt-0.1.1: BCrypt salted and hashed passwords in a database as auth for yesod

Safe HaskellNone




A yesod-auth AuthPlugin designed to look users up in Persist where their user ID and a Bcrypt hash + salt of their password is stored.

Example usage:

 -- import the function
 import Auth.HashDB

 -- make sure you have an auth route
 mkYesodData "MyApp" [$parseRoutes|
 / RootR GET
 /auth AuthR Auth getAuth

 -- make your app an instance of YesodAuth using this plugin
 instance YesodAuth MyApp where
    type AuthId MyApp = UserId

    loginDest _  = RootR
    logoutDest _ = RootR
    getAuthId    = getAuthIdHashDB AuthR (Just . UniqueUser)
    authPlugins  = [authHashDB (Just . UniqueUser)]

 -- include the migration function in site startup
 withServer :: (Application -> IO a) -> IO a
 withServer f = withConnectionPool $ \p -> do
     runSqlPool (runMigration migrateUsers) p
     let h = DevSite p

Note that function which converts username to unique identifier must be same.

Your app must be an instance of YesodPersist. and the username, salted-and-hashed-passwords should be added to the database.



class HashDBUser siteuser whereSource

Interface for data type which holds user info. It's just a collection of getters and setters


siteuserPasswordHash :: siteuser -> Maybe TextSource

Retrieve password hash from user data



:: Text

Hash and Salt

-> siteuser 
-> siteuser 

a callback for setPassword


data family Unique record1

Unique keys besided the Key

setPassword :: HashDBUser siteuser => Text -> siteuser -> IO siteuserSource

Set password for user. This function should be used for setting passwords. It generates random salt and calculates proper hashes.




:: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT yesod IO)), PersistEntity siteuser, HashDBUser siteuser) 
=> Unique siteuser

User unique identifier

-> Text

Password in plaint-text

-> HandlerT yesod IO Bool 

Given a user ID and password in plaintext, validate them against the database values.

authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser siteuser, PersistEntity siteuser, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique siteuser)) -> AuthPlugin mSource

Prompt for username and password, validate that against a database which holds the username and a hash of the password



:: (YesodAuth master, YesodPersist master, HashDBUser siteuser, PersistEntity siteuser, Key siteuser ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend siteuser, PersistUnique (b (HandlerT master IO))) 
=> (AuthRoute -> Route master)

your site's Auth Route

-> (Text -> Maybe (Unique siteuser))

gets user ID

-> Creds master

the creds argument

-> HandlerT master IO (Maybe (AuthId master)) 

A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.

Predefined data type

data SiteuserGeneric backend Source

Generate data base instances for a valid user

data family EntityField record1 ($a)

An EntityField is parameterised by the Haskell record it belongs to and the additional type of that field