Portability	non-portable
Stability	experimental
Maintainer	mail@n-sch.de

Happstack.Auth

Contents

High level functions
- User registration
- Session management
Basic functions
- Users
- Sessions
Data types

Description

Happstack.Auth offers an easy way to implement user authentication for Happstack web applications. It uses Happstack.State as database back-end and SHA512 for password encryption. Session safety is ensured by a HTTP header fingerprint (client ip & user-agent) and a configurable session timeout.

To use this module, add the AuthState to your state dependencies, for example:

 import Happstack.Auth

 instance Component MyState where
     type Dependencies MyState = AuthState :+: End
     initialValue = ...

One of the first things in your response monad should be updateTimeout to make sure session timeouts are updated correctly.

Synopsis

High level functions

User registration

register Source

Arguments

:: (MonadIO m, FilterMonad Response m, ServerMonad m)
=> Minutes	Session timeout
-> Username
-> Password
-> m a	User exists response
-> m a	Success response
-> m a

Register a new user

changePassword Source

Arguments

:: MonadIO m
=> Username
-> Password	Old password
-> Password	New password
-> m Bool

setPassword :: MonadIO m => Username -> Password -> m Bool Source

Session management

updateTimeout :: (MonadIO m, FilterMonad Response m, MonadPlus m, ServerMonad m) => Minutes -> m ()Source

Update the session timeout of logged in users. Add this to the top of your application route, for example:

 appRoute :: ServerPart Response
 appRoute = updateTimeout 5 >> msum
     [ {- your routing here -}
     ]

performLogin Source

Arguments

:: (MonadIO m, FilterMonad Response m, ServerMonad m)
=> Minutes	Session timeout
-> User
-> m a	Run with modified headers, including the new session cookie
-> m a

performLogout :: (MonadIO m, FilterMonad Response m) => SessionKey -> m ()Source

loginHandler Source

Arguments

:: (MonadIO m, FilterMonad Response m, MonadPlus m, ServerMonad m)
=> Minutes	Session timeout
-> Maybe String	POST field to look for username (default: "username")
-> Maybe String	POST field to look for password (default: "password")
-> m a	Success response
-> (Maybe Username -> Maybe Password -> m a)	Fail response. Arguments: Post data
-> m a

Handles data from a login form to log the user in.

logoutHandler Source

Arguments

:: (ServerMonad m, MonadPlus m, MonadIO m, FilterMonad Response m)
=> m a	Response after logout
-> m a

withSession Source

Arguments

:: MonadIO m
=> (SessionData -> ServerPartT m a)	Logged in response
-> ServerPartT m a	Not logged in response
-> ServerPartT m a

Run a ServerPartT with the SessionData of the currently logged in user (if available)

loginGate Source

Arguments

:: MonadIO m
=> ServerPartT m a	Logged in
-> ServerPartT m a	Not registered
-> ServerPartT m a

Require a login

getSessionData :: (MonadIO m, MonadPlus m, ServerMonad m) => m (Maybe SessionData)Source

Get the SessionData of the currently logged in user

getSessionKey :: (MonadIO m, MonadPlus m, ServerMonad m) => m (Maybe SessionKey)Source

Get the identifier for the current session

clearSessionCookie :: FilterMonad Response m => m ()Source

Basic functions

Users

addUser :: MonadIO m => Username -> Password -> m (Maybe User)Source

getUser :: MonadIO m => Username -> m (Maybe User)Source

getUserById :: MonadIO m => UserId -> m (Maybe User)Source

delUser :: MonadIO m => Username -> m ()Source

updateUser :: MonadIO m => User -> m ()Source

Update (replace) a user

authUser :: MonadIO m => Username -> Password -> m (Maybe User)Source

isUser :: MonadIO m => Username -> m Bool Source

listUsers :: MonadIO m => m [Username]Source

numUsers :: MonadIO m => m Int Source

askUsers :: MonadIO m => m UserDB Source

Warning: This UserDB uses the internal types from Happstack.Auth.Data.Internal

Sessions

newSession :: MonadIO m => SessionData -> m SessionKey Source

getSession :: MonadIO m => SessionKey -> m (Maybe SessionData)Source

setSession :: MonadIO m => SessionKey -> SessionData -> m ()Source

delSession :: MonadIO m => SessionKey -> m ()Source

clearAllSessions :: MonadIO m => m ()Source

numSessions :: MonadIO m => m Int Source

getSessions :: MonadIO m => m (Sessions SessionData)Source

Warning: This Sessions uses the internal types from Happstack.Auth.Data.Internal

clearExpiredSessions :: MonadIO m => m ()Source

Data types

These data types collide with the data definitions used internaly in Happstack.Auth.Data.Internal. However, if you need both modules you might want to import the Data module qualified:

 import Happstack.Auth
 import qualified Happstack.Auth.Data.Internal as AuthD

data User Source

Instances

Convertible User User
Convertible User User

userName :: User -> Username Source

userId :: User -> UserId Source

type Username = String Source

type Password = String Source

data UserId Source

Abstract user identification

Instances

Eq UserId
Data UserId
Num UserId
Ord UserId
Read UserId
Show UserId
Typeable UserId
Version UserId
Serialize UserId

data SessionData Source

Constructors

SessionData
Fields sessionUserId :: UserId sessionUsername :: Username sessionTimeout :: ClockTime sessionFingerprint :: (Either String ByteString, Maybe ByteString) either IP or "x-forwarded-for" header & user-agent

Instances

Convertible SessionData SessionData
Convertible SessionData SessionData

data SessionKey Source

Abstract session identification

type Minutes = Int Source

data AuthState Source

Add this to your Dependency-List of your application state

Instances

Data AuthState
Show AuthState
Typeable AuthState
Version AuthState
Serialize AuthState
Methods AuthState
Component AuthState

authProxy :: Proxy AuthState Source

Eq SessionKey
Data SessionKey
Num SessionKey
Ord SessionKey
Read SessionKey
Show SessionKey
Typeable SessionKey
Version SessionKey
Serialize SessionKey
Random SessionKey
(Serialize NewSession, Serialize SessionKey) => UpdateEvent NewSession SessionKey