Copyright | (c) Patrick Brisbin 2010, Paul Rouse 2014 |
---|---|
License | MIT |
Maintainer | Paul Rouse <pyr@doynton.org> |
Stability | Stable |
Portability | Portable |
Safe Haskell | None |
Language | Haskell98 |
A yesod-auth AuthPlugin designed to look users up in a Persistent database where the hash of their password is stored.
This module was removed from yesod-auth-1.3.0.0
and is now
maintained separately.
Versions of this module prior to yesod-auth-1.3
used a relatively weak
hashing algorithm (a single round of SHA1) which does not provide
adequate protection against an attacker who discovers the hashed passwords.
See: https://github.com/yesodweb/yesod/issues/668.
It has now been rewritten to use Crypto.PasswordStore, but this has been done in a way which preserves compatibility both with the API and with databases which have been set up using older versions of this module. There are two levels of database compatibility:
- The verification code recognises both the old and new hash formats, so passwords can be verified against database entries which still contain old-style hashes.
- The function
upgradePasswordHash
can be used to migrate existing user records to use the new format hash. Unlike freshly created password hashes, entries converted this way must still have the old salt field, since the old hash function remains part of the algorithm needed for verification. (The new hash is layered on top of the old one.)
On the other hand, new passwords set up by setPassword
or
setPasswordStrength
no longer use a separate salt field, so new users
of this module need only provide a single password field in the user data,
and can ignore the salt.
In a system which has been migrated from the old format, passwords
which are reset will use the new format and will have an empty salt field.
Once all the entries are of this form, it is safe to change the model
to remove the salt, and change the HashDBUser
instance accordingly.
To use this in a Yesod application, the foundation data type must be an instance of YesodPersist, and the username and hashed passwords should be added to the database. The following steps give an outline of what is required.
You need a database table to store user records: in a scaffolded site it might look like:
User name Text -- user name used to uniquely identify users password Text Maybe -- password hash for HashDB UniqueUser name
Create an instance of HashDBUser
for this data type. For historical
reasons Yesod.Auth.HashDB exports some names which are quite likely to
clash with your own, so it is a good idea to import just the ones you need:
import Yesod.Auth.HashDB (HashDBUser(..)) .... instance HashDBUser User where userPasswordHash = userPassword setPasswordHash h u = u { userPassword = Just h }
In the YesodAuth instance declaration for your app, include authHashDB
like so:
import Yesod.Auth.HashDB (authHashDB, getAuthIdHashDB) .... instance YesodAuth App where .... authPlugins _ = [ authHashDB (Just . UniqueUser), .... ] getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser) -- Optional, see below
AuthR
should be your authentication route, and the function
(Just . UniqueUser)
supplied to both authHashDB
and
getAuthIdHashDB
takes a Text
and produces a Unique
value to
look up in the User table. In a scaffolded site you may not need to
change the definition of getAuthId
at all, or you may prefer to modify
the function which the scaffolding defines: getAuthIdHashDB
is just a
convenience for the case when HashDB
is the only plugin.
The application developer should provide an interface for setting passwords;
it needs to call setPassword
and save the result in the database.
You can also create password hashes manually as follows, if you need to
initialise the database by hand:
ghci -XOverloadedStrings > import Crypto.PasswordStore > makePassword "MyPassword" 14
where "14" is the default strength parameter (defaultStrength
) used
in this module.
Custom Login Form
Instead of using the built-in HTML form, a custom one can be supplied
by using authHashDBWithForm
instead of authHashDB
.
The custom form needs to be given as a function returning a Widget, since it has to build in the supplied "action" URL, and it must provide two text fields called "username" and "password". For example, the following modification of the outline code given above would replace the default form with a very minimal one which has no labels and a simple layout.
instance YesodAuth App where .... authPlugins _ = [ authHashDBWithForm myform (Just . UniqueUser), .... ] myform :: Route App -> Widget myform action = $(whamletFile "templates/loginform.hamlet")
where templates/loginform.hamlet contains
<form method="post" action="@{action}"> <input name="username"> <input type="password" name="password"> <input type="submit" value="Login">
- class HashDBUser user where
- userPasswordHash :: user -> Maybe Text
- userPasswordSalt :: user -> Maybe Text
- setPasswordHash :: Text -> user -> user
- setUserHashAndSalt :: Text -> Text -> user -> user
- setSaltAndPasswordHash :: Text -> Text -> user -> user
- data family Unique record
- defaultStrength :: Int
- setPasswordStrength :: (MonadIO m, HashDBUser user) => Int -> Text -> user -> m user
- setPassword :: (MonadIO m, HashDBUser user) => Text -> user -> m user
- validatePass :: HashDBUser u => u -> Text -> Maybe Bool
- upgradePasswordHash :: (MonadIO m, HashDBUser user) => Int -> user -> m (Maybe user)
- validateUser :: HashDBPersist site user => Unique user -> Text -> HandlerT site IO Bool
- authHashDB :: HashDBPersist site user => (Text -> Maybe (Unique user)) -> AuthPlugin site
- authHashDBWithForm :: HashDBPersist site user => (Route site -> WidgetT site IO ()) -> (Text -> Maybe (Unique user)) -> AuthPlugin site
- getAuthIdHashDB :: HashDBPersist site user => (AuthRoute -> Route site) -> (Text -> Maybe (Unique user)) -> Creds site -> HandlerT site IO (Maybe (AuthId site))
- type User = UserGeneric SqlBackend
- data UserGeneric backend = User {
- userUsername :: !Text
- userPassword :: !Text
- userSalt :: !Text
- type UserId = Key User
- data family EntityField record $a
- migrateUsers :: Migration
Documentation
class HashDBUser user where Source
The type representing user information stored in the database should be an instance of this class. It just provides the getters and setters used by the functions in this module.
userPasswordHash :: user -> Maybe Text Source
Retrieve password hash from user data
userPasswordSalt :: user -> Maybe Text Source
Deprecated: Compatibility with old data containing a separate salt field will be removed eventually
Retrieve salt for password from user data. This is needed only for compatibility with old database entries, which contain the salt as a separate field. New implementations do not require a separate salt field in the user data, and should leave this as the default.
:: Text | Password hash |
-> user | |
-> user |
Callback for setPassword
and upgradePasswordHash
. Produces a
version of the user data with the hash set to the new value.
This is the method which you should define for new applications, which
do not require compatibility with databases containing hashes written
by previous versions of this module. If you do need compatibility,
define setSaltAndPasswordHash
instead.
:: Text | Salt |
-> Text | Password hash |
-> user | |
-> user |
Deprecated: Please use setSaltAndPasswordHash instead
:: Text | Salt |
-> Text | Password hash |
-> user | |
-> user |
Deprecated: Compatibility with old data containing a separate salt field will be removed eventually
Callback used in upgradePasswordHash
when compatibility is needed
with old-style hashes (including ones already upgraded using
upgradePasswordHash
). This is not required for new applications,
which do not have a separate salt field in user data: please define
setPasswordHash
instead.
The default implementation produces a runtime error, and will only be called if a non-empty salt value needs to be set for compatibility with an old database.
HashDBUser (UserGeneric backend) |
data family Unique record
data Unique (UserGeneric backend) = UniqueUser Text |
Default strength used for passwords (see Crypto.PasswordStore for details).
setPasswordStrength :: (MonadIO m, HashDBUser user) => Int -> Text -> user -> m user Source
Set password for user, using the given strength setting. Use this
function, or setPassword
, to produce a user record containing the
hashed password. Unlike previous versions of this module, no separate
salt field is required for new passwords (but it may still be required
for compatibility while old password hashes remain in the database).
This function does not change the database; the calling application is responsible for saving the data which is returned.
setPassword :: (MonadIO m, HashDBUser user) => Text -> user -> m user Source
As setPasswordStrength
, but using the defaultStrength
validatePass :: HashDBUser u => u -> Text -> Maybe Bool Source
Validate a plaintext password against the hash in the user data structure.
This function retains compatibility with user data produced by old
versions of this module (prior to 1.3), although the hashes are less
secure and should be upgraded as soon as possible. They can be
upgraded using upgradePasswordHash
, or by insisting that users set
new passwords.
The result distinguishes two types of validation failure, which may be useful in an application which supports multiple authentication methods:
- Just False - the user has a password set up, but the given one does not match it
- Nothing - the user does not have a password (the hash is Nothing)
Since 1.4.1
upgradePasswordHash :: (MonadIO m, HashDBUser user) => Int -> user -> m (Maybe user) Source
Upgrade existing user credentials to a stronger hash. The existing hash may have been produced either by previous versions of this module, which used a weak algorithm, or from a weaker setting in the current algorithm. Use this function to produce an updated user record to store in the database.
To allow transitional use, starting from hashes produced by older versions of this module, and upgrading them to the new format, we have to use the hash alone, without knowledge of the user's plaintext password. In this case, we apply the new algorithm to the old hash, resulting in both hash functions, old and new, being used one on top of the other; this situation is recognised by the hash having the new format while the separate salt field is non-empty.
Returns Nothing if the user has no password (ie if userPasswordHash
u
is Nothing
and/or userPasswordSalt
u is Nothing
).
Interface to database and Yesod.Auth
:: HashDBPersist site user | |
=> Unique user | User unique identifier |
-> Text | Password in plaintext |
-> HandlerT site IO Bool |
Given a user ID and password in plaintext, validate them against
the database values. This function simply looks up the user id in the
database and calls validatePass
to do the work.
authHashDB :: HashDBPersist site user => (Text -> Maybe (Unique user)) -> AuthPlugin site Source
Prompt for username and password, validate that against a database which holds the username and a hash of the password
authHashDBWithForm :: HashDBPersist site user => (Route site -> WidgetT site IO ()) -> (Text -> Maybe (Unique user)) -> AuthPlugin site Source
Like authHashDB
, but with an extra parameter to supply a custom HTML
form.
The custom form should be specified as a function which takes a route to use as the form action, and returns a Widget containing the form. The form must use the supplied route as its action URL, and, when submitted, it must send two text fields called "username" and "password".
Please see the example in the documentation at the head of this module.
Since 1.3.2
:: HashDBPersist site user | |
=> (AuthRoute -> Route site) | your site's Auth Route |
-> (Text -> Maybe (Unique user)) | gets user ID |
-> Creds site | the creds argument |
-> HandlerT site IO (Maybe (AuthId site)) |
A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.
Predefined data type
type User = UserGeneric SqlBackend Source
Deprecated: The predefined User data type will be removed soon - please define your own database table and accompanying instance of HashDBUser
data UserGeneric backend Source
Generate data base instances for a valid user
User | Deprecated: The predefined User data type will be removed soon - please define your own database table and accompanying instance of HashDBUser |
|
PersistStore backend => ToBackendKey backend (UserGeneric backend) | |
Eq (BackendKey backend) => Eq (Key (UserGeneric backend)) | |
Ord (BackendKey backend) => Ord (Key (UserGeneric backend)) | |
Read (BackendKey backend) => Read (Key (UserGeneric backend)) | |
Show (BackendKey backend) => Show (Key (UserGeneric backend)) | |
PersistField (BackendKey backend) => PersistField (Key (UserGeneric backend)) | |
PersistStore backend => PersistField (UserGeneric backend) | |
PersistStore backend => PersistEntity (UserGeneric backend) | |
PathPiece (BackendKey backend) => PathPiece (Key (UserGeneric backend)) | |
ToJSON (BackendKey backend) => ToJSON (Key (UserGeneric backend)) | |
FromJSON (BackendKey backend) => FromJSON (Key (UserGeneric backend)) | |
PersistFieldSql (BackendKey backend) => PersistFieldSql (Key (UserGeneric backend)) | |
PersistStore backend => PersistFieldSql (UserGeneric backend) | |
HashDBUser (UserGeneric backend) | |
Typeable (* -> *) UserGeneric | |
data Unique (UserGeneric backend) = UniqueUser Text | |
type PersistEntityBackend (UserGeneric backend) = backend | |
data Key (UserGeneric backend) = UserKey {
| |
data EntityField (UserGeneric backend) where
|
data family EntityField record $a
data EntityField (UserGeneric backend) where
|
migrateUsers :: Migration Source
Deprecated: The predefined User data type will be removed soon - please define your own database table and accompanying instance of HashDBUser