yesod-auth-1.2.7.1: Authentication for Yesod.

PortabilityPortable
StabilityStable
Maintainerpbrisbin@gmail.com
Safe HaskellNone

Yesod.Auth.HashDB

Contents

Description

WARNING: This module was not designed with security in mind, and is not suitable for production sites. In the near future, it will likely be either deprecated or rewritten to have a more secure implementation. For more information, see: https://github.com/yesodweb/yesod/issues/668.

A yesod-auth AuthPlugin designed to look users up in Persist where their user id's and a salted SHA1 hash of their password is stored.

Example usage:

 -- import the function
 import Auth.HashDB

 -- make sure you have an auth route
 mkYesodData "MyApp" [$parseRoutes|
 / RootR GET
 /auth AuthR Auth getAuth
 |]


 -- make your app an instance of YesodAuth using this plugin
 instance YesodAuth MyApp where
    type AuthId MyApp = UserId

    loginDest _  = RootR
    logoutDest _ = RootR
    getAuthId    = getAuthIdHashDB AuthR (Just . UniqueUser)
    authPlugins  = [authHashDB (Just . UniqueUser)]


 -- include the migration function in site startup
 withServer :: (Application -> IO a) -> IO a
 withServer f = withConnectionPool $ \p -> do
     runSqlPool (runMigration migrateUsers) p
     let h = DevSite p

Note that function which converts username to unique identifier must be same.

Your app must be an instance of YesodPersist. and the username, salt and hashed-passwords should be added to the database.

 echo -n 'MySaltMyPassword' | sha1sum

can be used to get the hash from the commandline.

Synopsis

Documentation

class HashDBUser user whereSource

Interface for data type which holds user info. It's just a collection of getters and setters

Methods

userPasswordHash :: user -> Maybe TextSource

Retrieve password hash from user data

userPasswordSalt :: user -> Maybe TextSource

Retrieve salt for password

setUserHashAndSaltSource

Arguments

:: Text

Salt

-> Text

Password hash

-> user 
-> user 

Deprecated for the better named setSaltAndPasswordHash

setSaltAndPasswordHashSource

Arguments

:: Text

Salt

-> Text

Password hash

-> user 
-> user 

a callback for setPassword

Instances

data family Unique val1

setPassword :: (MonadIO m, HashDBUser user) => Text -> user -> m userSource

Set password for user. This function should be used for setting passwords. It generates random salt and calculates proper hashes.

Authentification

validateUserSource

Arguments

:: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT yesod IO)), PersistEntity user, HashDBUser user) 
=> Unique user

User unique identifier

-> Text

Password in plaint-text

-> HandlerT yesod IO Bool 

Given a user ID and password in plaintext, validate them against the database values.

authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser user, PersistEntity user, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique user)) -> AuthPlugin mSource

Prompt for username and password, validate that against a database which holds the username and a hash of the password

getAuthIdHashDBSource

Arguments

:: (YesodAuth master, YesodPersist master, HashDBUser user, PersistEntity user, Key user ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT master IO))) 
=> (AuthRoute -> Route master)

your site's Auth Route

-> (Text -> Maybe (Unique user))

gets user ID

-> Creds master

the creds argument

-> HandlerT master IO (Maybe (AuthId master)) 

A drop in for the getAuthId method of your YesodAuth instance which can be used if authHashDB is the only plugin in use.

Predefined data type

type User = UserGeneric SqlBackendSource

data UserGeneric backend Source

Generate data base instances for a valid user

Constructors

User 

Instances

Typeable1 UserGeneric 
PersistField (UserGeneric backend) 
PersistEntity (UserGeneric backend) 
PersistFieldSql (UserGeneric backend) 
HashDBUser (UserGeneric backend) 

type UserId = KeyBackend SqlBackend UserSource

data family EntityField val1 ($a)

migrateUsers :: forall m. (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)Source