Safe Haskell | None |
---|---|
Language | Haskell2010 |
A Yesod middleware for
This middleware performs a single authentication lookup per request and uses the Yesod request-local caching mechanisms to store valid auth credentials found in the Authorization header.
The recommended way to use this module is to override the
maybeAuthId
to defaultMaybeBasicAuthId
and supply a
lookup function.
instance YesodAuth App where type AuthId App = Text getAuthId = return . Just . credsIdent maybeAuthId = defaultMaybeBasicAuthId checkCreds where checkCreds = k s -> return $ (k == "user") && (s == "secret")
WWW-Authenticate challenges are currently not implemented. The current workaround is to override the error handler:
instance Yesod App where errorHandler NotAuthenticated = selectRep $ provideRep $ do addHeader WWW-Authenticate $ T.concat [ "RedirectJSON realm="Realm", param="myurl.com"" ] -- send error response here ... errorHandler e = defaultErrorHandler e ...
Proper response status on failed authentication is not implemented.
The current workaround is to override the Yesod
typeclass
isAuthorized
function to handle required auth routes. e.g.
instance Yesod App where isAuthorized SecureR _ = maybeAuthId >>= return . maybe AuthenticationRequired (const Authorized) isAuthorized _ _ = Authorized
- defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text)
Drop in replace for maybeAuthId.
defaultMaybeBasicAuthId :: (MonadIO m, MonadThrow m, MonadBaseControl IO m) => CheckCreds -> AuthSettings -> HandlerT site m (Maybe Text) Source
Retrieve the AuthId
using Authorization header.
If valid credentials are found and authorized the auth id is cached.
TODO use more general type than Text to represent the auth id