Create a new user from just a username and password

Check whether a user with the given username exists.

Create or update a given user

Destroy the given user

Lookup a user by her username, check given password and perform login

Remember user from the remember token if possible and perform login

Login and persist the given AuthUser in the active session

Meant to be used if you have other means of being sure that the person is who she says she is.

Logout the active user

Return the current user; trying to remember from cookie if possible.

Convenience wrapper around rememberUser that returns a bool result

Mutate an AuthUser, marking successful authentication

This will save the user to the backend.

Mutate an AuthUser, marking failed authentication

This will save the user to the backend.

Authenticate and log the user into the current session if successful.

This is a mid-level function exposed to allow roll-your-own ways of looking up a user from the database.

This function will:

1. Check the password
2. Login the user into the current session
3. Mark success/failure of the authentication trial on the user record

Abstract data type holding all necessary information for auth operation

All storage backends need to implement this typeclass

Authentication settings defined at initialization time

Default settings for Auth.

asMinPasswdLen = 8
asRememberCookieName = "_remember"
asRememberPeriod = Just (2*7*24*60*60) = 2 weeks
asLockout = Nothing
asSiteKey = "site_key.txt"

Type representing the concept of a User in your application.

Default AuthUser that has all empty values.

Internal representation of a User. By convention, we demand that the application is able to directly fetch a User using this identifier.

Think of this type as a secure, authenticated user. You should normally never see this type unless a user has been authenticated.

Password is clear when supplied by the user and encrypted later when returned from the db.

Authentication failures indicate what went wrong during authentication. They may provide useful information to the developer, although it is generally not advisable to show the user the exact details about why login failed.

This will be replaced by a role-based permission system.

Function to get auth settings from a config file. This function can be used by the authors of auth snaplet backends in the initializer to let the user configure the auth snaplet from a config file. All options are optional and default to what's in defAuthSettings if not supplied. Here's what the default options would look like in the config file:

minPasswordLen = 8
rememberCookie = "_remember"
rememberPeriod = 1209600 # 2 weeks
lockout = [5, 86400] # 5 attempts locks you out for 86400 seconds
siteKey = "site_key.txt"

Run a function on the backend, and return the result.

This uses an existential type so that the backend type doesn't escape AuthManager. The reason that the type is Handler b (AuthManager v) a and not a is because anything that uses the backend will return an IO something, which you can liftIO, or a Handler b (AuthManager v) a if it uses other handler things.

Turn a ClearText password into an Encrypted password, ready to be stuffed into a database.

Check password for a given user.

Returns Nothing if check is successful and an IncorrectPassword error otherwise

Set a new password for the given user. Given password should be clear-text; it will be encrypted into a Encrypted.

The underlying encryption function, in case you need it for external processing.

The underlying verify function, in case you need it for external processing.

Register a new user by specifying login and password Param fields

A MonadSnap handler that processes a login form.

The request paremeters are passed to performLogin

To make your users stay logged in for longer than the session replay prevention timeout, you must pass a field name as the third parameter and that field must be set to a value of "1" by the submitting form. This lets you use a user selectable check box. Or if you want user remembering always turned on, you can use a hidden form field.

Simple handler to log the user out. Deletes user from session.

Require that an authenticated AuthUser is present in the current session.

This function has no DB cost - only checks to see if a user_id is present in the current session.

This function generates a random password reset token and stores it in the database for the user. Call this function when a user forgets their password. Then use the token to autogenerate a link that the user can visit to reset their password. This function also sets a timestamp so the reset token can be expired.

Clears a user's password reset token. Call this when the user successfully changes their password to ensure that the password reset link cannot be used again.

Add all standard auth splices to a Heist-enabled application.

This adds the following splices: <ifLoggedIn> <ifLoggedOut> <loggedInUser>

List containing compiled splices for ifLoggedIn, ifLoggedOut, and loggedInUser.

Compiled splices for AuthUser.

Function to generate interpreted splices from an AuthUser.

A splice that can be used to check for existence of a user. If a user is present, this will run the contents of the node.

<ifLoggedIn> Show this when there is a logged in user </ifLoggedIn>

A splice that can be used to check for absence of a user. If a user is not present, this will run the contents of the node.

<ifLoggedOut> Show this when there is a logged in user </ifLoggedOut>

A splice that will simply print the current user's login, if there is one.