Copyright	(c) Dennis Gosnell 2019; Felix Paulusma 2020
License	BSD-style (see LICENSE file)
Maintainer	cdep.illabout@gmail.com
Stability	experimental
Portability	POSIX
Safe Haskell	None
Language	Haskell2010

Data.Password.Types

Contents

Plain-text Password
Password Hashing
- Unsafe debugging function to show a Password
Hashing salts

Description

This library provides datatypes for interacting with passwords. It provides the types Password and PasswordHash, which correspond to plain-text and hashed passwords.

Special instances

There is an accompanying password-instances package that provides canonical typeclass instances for Password and PasswordHash for many common typeclasses, like FromJSON from aeson, PersistField from persistent, etc.

See the password-instances package for more information.

Phantom types

The PasswordHash and Salt data types have a phantom type parameter to be able to make sure salts and hashes can carry information about the algorithm they should be used with.

For example, the bcrypt algorithm requires its salt to be exactly 16 bytes (128 bits) long, so this way you won't accidentally use a Salt PBKDF2 when the hashing function requires a Salt Bcrypt. And checking a password using bcrypt would obviously fail if checked against a PasswordHash PBKDF2.

Synopsis

data Password
mkPassword :: Text -> Password
newtype PasswordHash a = PasswordHash {
- unPasswordHash :: Text
}
unsafeShowPassword :: Password -> Text
newtype Salt a = Salt {
- getSalt :: ByteString
}

Plain-text Password

data Password Source #

A plain-text password.

This represents a plain-text password that has NOT been hashed.

You should be careful with Password. Make sure not to write it to logs or store it in a database.

You can construct a Password by using the mkPassword function or as literal strings together with the OverloadedStrings pragma (or manually, by using fromString on a String). Alternatively, you could also use some of the instances in the password-instances library.

Instances

Instances details

Show Password Source #	CAREFUL: `Show`-ing a `Password` will always print `"PASSWORD"` `>>>` `show ("hello" :: Password)`"PASSWORD"
Instance details Defined in Data.Password.Types Methods showsPrec :: Int -> Password -> ShowS # show :: Password -> String # showList :: [Password] -> ShowS #
IsString Password Source #
Instance details Defined in Data.Password.Types Methods fromString :: String -> Password #

mkPassword :: Text -> Password Source #

Construct a Password

Password Hashing

newtype PasswordHash a Source #

A hashed password.

This represents a password that has been put through a hashing function. The hashed password can be stored in a database.

Constructors

PasswordHash
Fields unPasswordHash :: Text

Instances

Instances details

Eq (PasswordHash a) Source #
Instance details Defined in Data.Password.Types Methods (==) :: PasswordHash a -> PasswordHash a -> Bool # (/=) :: PasswordHash a -> PasswordHash a -> Bool #
Ord (PasswordHash a) Source #
Instance details Defined in Data.Password.Types Methods compare :: PasswordHash a -> PasswordHash a -> Ordering # (<) :: PasswordHash a -> PasswordHash a -> Bool # (<=) :: PasswordHash a -> PasswordHash a -> Bool # (>) :: PasswordHash a -> PasswordHash a -> Bool # (>=) :: PasswordHash a -> PasswordHash a -> Bool # max :: PasswordHash a -> PasswordHash a -> PasswordHash a # min :: PasswordHash a -> PasswordHash a -> PasswordHash a #
Read (PasswordHash a) Source #
Instance details Defined in Data.Password.Types Methods readsPrec :: Int -> ReadS (PasswordHash a) # readList :: ReadS [PasswordHash a] # readPrec :: ReadPrec (PasswordHash a) # readListPrec :: ReadPrec [PasswordHash a] #
Show (PasswordHash a) Source #
Instance details Defined in Data.Password.Types Methods showsPrec :: Int -> PasswordHash a -> ShowS # show :: PasswordHash a -> String # showList :: [PasswordHash a] -> ShowS #

Unsafe debugging function to show a Password

unsafeShowPassword :: Password -> Text Source #

This is an unsafe function that shows a password in plain-text.

>>> unsafeShowPassword ("foobar" :: Password)
"foobar"

You should generally not use this function in production settings, as you don't want to accidentally print a password anywhere, like logs, network responses, database entries, etc.

This will mostly be used by other libraries to handle the actual password internally, though it is conceivable that, even in a production setting, a password might have to be handled in an unsafe manner at some point.

Hashing salts

newtype Salt a Source #

A salt used by a hashing algorithm.

Constructors

Salt
Fields getSalt :: ByteString

Instances

Instances details

Eq (Salt a) Source #
Instance details Defined in Data.Password.Types Methods (==) :: Salt a -> Salt a -> Bool # (/=) :: Salt a -> Salt a -> Bool #
Show (Salt a) Source #
Instance details Defined in Data.Password.Types Methods showsPrec :: Int -> Salt a -> ShowS # show :: Salt a -> String # showList :: [Salt a] -> ShowS #