Safe Haskell	None
Language	Haskell2010

Yesod.Auth.Simple

Contents

Plugin
Routes
Default widgets
Tokens
Error handlers
Misc
Types
Re-export from Scrypt

Description

A Yesod plugin for traditional email/password authentication

This plugin uses an alternative flow to Yesod.Auth.Email fom the yesod-auth package.

Note: this plugin reserves the following session names for its needs:

```
yesod-auth-simple-error
```
```
yesod-auth-simple-email
```
```
yas-set-password-token
```
```
yas-registration-token
```
```
yas-password-backup
```

Synopsis

class (YesodAuth a, PathPiece (AuthSimpleId a)) => YesodAuthSimple a where
- type AuthSimpleId a
- afterPasswordRoute :: a -> Route a
- getUserId :: MonadAuthHandler a m => Email -> m (Maybe (AuthSimpleId a))
- getUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> m EncryptedPass
- onRegisterSuccess :: MonadAuthHandler a m => m TypedContent
- insertUser :: MonadAuthHandler a m => Email -> EncryptedPass -> m (Maybe (AuthSimpleId a))
- updateUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> EncryptedPass -> m ()
- shouldPreventLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> m (Maybe UTCTime)
- onLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> Bool -> m ()
- sendVerifyEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m ()
- sendResetPasswordEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m ()
- matchRegistrationToken :: MonadAuthHandler a m => Text -> m (Maybe Email)
- isConfirmationPending :: MonadAuthHandler a m => Email -> m Bool
- matchPasswordToken :: MonadAuthHandler a m => Text -> m (Maybe (AuthSimpleId a))
- onRegistrationTokenUsed :: MonadAuthHandler a m => Email -> m ()
- onEmailAlreadyExist :: MonadAuthHandler a m => m TypedContent
- passwordFieldTemplate :: (AuthRoute -> Route a) -> WidgetFor a ()
- loginTemplate :: (AuthRoute -> Route a) -> Maybe Text -> Maybe Text -> WidgetFor a ()
- registerTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- resetPasswordTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- confirmTemplate :: (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a ()
- confirmationEmailSentTemplate :: WidgetFor a ()
- confirmationEmailResentTemplate :: WidgetFor a ()
- resetPasswordEmailSentTemplate :: WidgetFor a ()
- registerSuccessTemplate :: WidgetFor a ()
- userExistsTemplate :: WidgetFor a ()
- invalidPasswordTokenTemplate :: Text -> WidgetFor a ()
- invalidRegistrationTokenTemplate :: Text -> WidgetFor a ()
- tooManyLoginAttemptsTemplate :: UTCTime -> WidgetFor a ()
- setPasswordTemplate :: (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a ()
- onPasswordUpdated :: MonadAuthHandler a m => AuthSimpleId a -> m ()
- onBotPost :: MonadAuthHandler a m => m ()
- passwordCheck :: PasswordCheck
authSimple :: YesodAuthSimple m => AuthPlugin m
loginR :: AuthRoute
registerR :: AuthRoute
resetPasswordR :: AuthRoute
resetPasswordEmailSentR :: AuthRoute
setPasswordTokenR :: Text -> AuthRoute
confirmTokenR :: Text -> AuthRoute
confirmR :: AuthRoute
userExistsR :: AuthRoute
registerSuccessR :: AuthRoute
confirmationEmailSentR :: AuthRoute
passwordStrengthR :: AuthRoute
loginTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> Maybe Text -> WidgetFor a ()
setPasswordTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a ()
invalidTokenTemplateDef :: Text -> WidgetFor a ()
userExistsTemplateDef :: WidgetFor a ()
registerSuccessTemplateDef :: WidgetFor a ()
resetPasswordEmailSentTemplateDef :: WidgetFor a ()
confirmationEmailSentTemplateDef :: WidgetFor a ()
confirmTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a ()
resetPasswordTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
registerTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
passwordFieldTemplateBasic :: WidgetFor a ()
passwordFieldTemplateZxcvbn :: (AuthRoute -> Route a) -> Strength -> Vector Text -> WidgetFor a ()
honeypotFieldTemplate :: WidgetFor a ()
genToken :: IO ByteString
encodeToken :: ByteString -> Text
hashAndEncodeToken :: ByteString -> Text
decodeToken :: Text -> ByteString
getError :: AuthHandler a (Maybe Text)
setError :: MonadHandler m => Text -> m ()
clearError :: AuthHandler a ()
maxPasswordLength :: Int
newtype Email = Email {
- unEmail :: Text
}
newtype Password = Password Text
data Strength
- = Risky
- | Weak
- | Moderate
- | Safe
- | Strong
data PasswordCheck
- = RuleBased {
  - minChars :: Int
  }
- | Zxcvbn {
  - minStrength :: Strength
  - extraWords :: Vector Text
  }
data PasswordStrength
- = GoodPassword Strength
- | BadPassword Strength (Maybe Text)
newtype EncryptedPass = EncryptedPass {
- getEncryptedPass :: ByteString
}
newtype Pass = Pass {
- getPass :: ByteString
}
encryptPassIO' :: Pass -> IO EncryptedPass

Plugin

class (YesodAuth a, PathPiece (AuthSimpleId a)) => YesodAuthSimple a where Source #

Minimal complete definition

afterPasswordRoute, getUserId, getUserPassword, onRegisterSuccess, insertUser, updateUserPassword, matchRegistrationToken, matchPasswordToken

Associated Types

type AuthSimpleId a Source #

Alias for some UserId datatype, likely same as the one in YesodAuth Refer to documentation for yesod-auth: http://hackage.haskell.org/package/yesod-auth

Methods

afterPasswordRoute :: a -> Route a Source #

route to redirect to after resetting password e.g. homepage

getUserId :: MonadAuthHandler a m => Email -> m (Maybe (AuthSimpleId a)) Source #

find user by email e.g. `runDB $ getBy $ UniqueUser email`

getUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> m EncryptedPass Source #

find user's password (encrypted), handling user not found case

onRegisterSuccess :: MonadAuthHandler a m => m TypedContent Source #

return this content after successful user registration

insertUser :: MonadAuthHandler a m => Email -> EncryptedPass -> m (Maybe (AuthSimpleId a)) Source #

insert user to database with just email and password other mandatory fields are not supported

updateUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> EncryptedPass -> m () Source #

update record in database after validation

shouldPreventLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> m (Maybe UTCTime) Source #

Return time until which the user should not be allowed to log in. The time is returned so that the UI can provide a helpful message in the event that a legitimate user somehow triggers the rate-limiting mechanism. If the time is Nothing, the user may log in.

onLoginAttempt Source #

Arguments

:: MonadAuthHandler a m
=> Maybe (AuthSimpleId a)	The user id of the given email, if one exists
-> Bool	Whether the password given was correct. Always False when user id is Nothing
-> m ()

Perform an action on a login attempt.

sendVerifyEmail Source #

Arguments

:: MonadAuthHandler a m
=> Email	A valid email they've registered.
-> VerUrl	An verification URL (in absolute form).
-> Text	A sha256 base64-encoded hash of the verification token. You should store this in your database.
-> m ()

Called when someone requests registration.

sendResetPasswordEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m () Source #

Like sendVerifyEmail but for password resets.

matchRegistrationToken :: MonadAuthHandler a m => Text -> m (Maybe Email) Source #

Given a hashed and base64-encoded token from the user, look up if the token is still valid and return the associated email if so.

isConfirmationPending :: MonadAuthHandler a m => Email -> m Bool Source #

Сheck if a registration confirmation is pending for the given email.

Since: 1.0.0

matchPasswordToken :: MonadAuthHandler a m => Text -> m (Maybe (AuthSimpleId a)) Source #

Like matchRegistrationToken but for password resets.

onRegistrationTokenUsed :: MonadAuthHandler a m => Email -> m () Source #

Can be used to invalidate the registration token. This is different from onRegisterSuccess because this will also be called for existing users who use the registration form as a one-time login link. Note that onPasswordUpdated can handle the case where a password reset token is used.

onEmailAlreadyExist :: MonadAuthHandler a m => m TypedContent Source #

What to do if the email specified during registration is already registered.

Since: 1.0.0

passwordFieldTemplate :: (AuthRoute -> Route a) -> WidgetFor a () Source #

Password field widget for a chosen PasswordCheck algorithm

loginTemplate Source #

Arguments

:: (AuthRoute -> Route a)
-> Maybe Text	Error
-> Maybe Text	Email
-> WidgetFor a ()

A template for showing the user authentication form

While a default is provided, you should probably override this with a template that matches your own product's branding.

registerTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #

resetPasswordTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #

confirmTemplate :: (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a () Source #

confirmationEmailSentTemplate :: WidgetFor a () Source #

confirmationEmailResentTemplate :: WidgetFor a () Source #

Template to notify user that a confirmation email has been resent.

Since: 1.0.0

resetPasswordEmailSentTemplate :: WidgetFor a () Source #

registerSuccessTemplate :: WidgetFor a () Source #

userExistsTemplate :: WidgetFor a () Source #

invalidPasswordTokenTemplate :: Text -> WidgetFor a () Source #

invalidRegistrationTokenTemplate :: Text -> WidgetFor a () Source #

tooManyLoginAttemptsTemplate :: UTCTime -> WidgetFor a () Source #

setPasswordTemplate :: (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a () Source #

onPasswordUpdated :: MonadAuthHandler a m => AuthSimpleId a -> m () Source #

Run after a user successfully changing the user's password. This is a good time to delete any password reset tokens for this user.

onBotPost :: MonadAuthHandler a m => m () Source #

Action called when a bot is detected

passwordCheck :: PasswordCheck Source #

Provide suitable constructor e.g. `RuleBased 8`

authSimple :: YesodAuthSimple m => AuthPlugin m Source #

This instance of AuthPlugin for inserting into authPlugins of YesodAuth

Routes

loginR :: AuthRoute Source #

registerR :: AuthRoute Source #

resetPasswordR :: AuthRoute Source #

resetPasswordEmailSentR :: AuthRoute Source #

setPasswordTokenR :: Text -> AuthRoute Source #

confirmTokenR :: Text -> AuthRoute Source #

confirmR :: AuthRoute Source #

userExistsR :: AuthRoute Source #

registerSuccessR :: AuthRoute Source #

confirmationEmailSentR :: AuthRoute Source #

passwordStrengthR :: AuthRoute Source #

Default widgets

loginTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> Maybe Text -> WidgetFor a () Source #

setPasswordTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a () Source #

invalidTokenTemplateDef :: Text -> WidgetFor a () Source #

userExistsTemplateDef :: WidgetFor a () Source #

registerSuccessTemplateDef :: WidgetFor a () Source #

resetPasswordEmailSentTemplateDef :: WidgetFor a () Source #

confirmationEmailSentTemplateDef :: WidgetFor a () Source #

confirmTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a () Source #

resetPasswordTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #

registerTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #

passwordFieldTemplateBasic :: WidgetFor a () Source #

passwordFieldTemplateZxcvbn :: (AuthRoute -> Route a) -> Strength -> Vector Text -> WidgetFor a () Source #

honeypotFieldTemplate :: WidgetFor a () Source #

Tokens

genToken :: IO ByteString Source #

encodeToken :: ByteString -> Text Source #

encode to base64url form

hashAndEncodeToken :: ByteString -> Text Source #

Hashes input via SHA256 and returns the hash encoded as base64 text

decodeToken :: Text -> ByteString Source #

Decode from base64url. Lenient decoding because this is random input from the user and not all valid utf8 is valid base64

Error handlers

getError :: AuthHandler a (Maybe Text) Source #

Get the error session (see errorSessionName) if present. It also clears up the session after.

setError :: MonadHandler m => Text -> m () Source #

Sets up the error session (errorSessionName) to the given value.

clearError :: AuthHandler a () Source #

Clears up the error session (errorSessionName).

Misc

maxPasswordLength :: Int Source #

Types

newtype Email Source #

Constructors

Email
Fields unEmail :: Text

Instances

Instances details

Eq Email Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods (==) :: Email -> Email -> Bool # (/=) :: Email -> Email -> Bool #
Show Email Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods showsPrec :: Int -> Email -> ShowS # show :: Email -> String # showList :: [Email] -> ShowS #
ToJSON Email Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods toJSON :: Email -> Value # toEncoding :: Email -> Encoding # toJSONList :: [Email] -> Value # toEncodingList :: [Email] -> Encoding #
FromJSON Email Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods parseJSON :: Value -> Parser Email # parseJSONList :: Value -> Parser [Email] #
PersistField Email Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.EmailTextCI Methods toPersistValue :: Email -> PersistValue # fromPersistValue :: PersistValue -> Either Text Email #
PersistField Email Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.EmailText Methods toPersistValue :: Email -> PersistValue # fromPersistValue :: PersistValue -> Either Text Email #
PersistFieldSql Email Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.EmailTextCI Methods sqlType :: Proxy Email -> SqlType #
PersistFieldSql Email Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.EmailText Methods sqlType :: Proxy Email -> SqlType #

newtype Password Source #

Constructors

Password Text

Instances

Instances details

Eq Password Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods (==) :: Password -> Password -> Bool # (/=) :: Password -> Password -> Bool #
Show Password Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods showsPrec :: Int -> Password -> ShowS # show :: Password -> String # showList :: [Password] -> ShowS #
ToJSON Password Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods toJSON :: Password -> Value # toEncoding :: Password -> Encoding # toJSONList :: [Password] -> Value # toEncodingList :: [Password] -> Encoding #
FromJSON Password Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods parseJSON :: Value -> Parser Password # parseJSONList :: Value -> Parser [Password] #
PersistField Password Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.PasswordText Methods toPersistValue :: Password -> PersistValue # fromPersistValue :: PersistValue -> Either Text Password #
PersistFieldSql Password Source #
Instance details Defined in Yesod.Auth.Simple.Instance.Persist.PasswordText Methods sqlType :: Proxy Password -> SqlType #

data Strength #

Measurement of password strength.

Constructors

Risky	Too guessable: risky password. (guesses < $10^{3}$)
Weak	Very guessable: protection from throttled online attacks. (guesses < $10^{6}$)
Moderate	Somewhat guessable: protection from unthrottled online attacks. (guesses < $10^{8}$)
Safe	Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < $10^{10}$)
Strong	Very unguessable: strong protection from offline slow-hash scenario. (guesses >= $10^{10}$)

Instances

Instances details

Bounded Strength
Instance details Defined in Text.Password.Strength Methods minBound :: Strength # maxBound :: Strength #
Enum Strength
Instance details Defined in Text.Password.Strength Methods succ :: Strength -> Strength # pred :: Strength -> Strength # toEnum :: Int -> Strength # fromEnum :: Strength -> Int # enumFrom :: Strength -> [Strength] # enumFromThen :: Strength -> Strength -> [Strength] # enumFromTo :: Strength -> Strength -> [Strength] # enumFromThenTo :: Strength -> Strength -> Strength -> [Strength] #
Eq Strength
Instance details Defined in Text.Password.Strength Methods (==) :: Strength -> Strength -> Bool # (/=) :: Strength -> Strength -> Bool #
Ord Strength
Instance details Defined in Text.Password.Strength Methods compare :: Strength -> Strength -> Ordering # (<) :: Strength -> Strength -> Bool # (<=) :: Strength -> Strength -> Bool # (>) :: Strength -> Strength -> Bool # (>=) :: Strength -> Strength -> Bool # max :: Strength -> Strength -> Strength # min :: Strength -> Strength -> Strength #
Read Strength
Instance details Defined in Text.Password.Strength Methods readsPrec :: Int -> ReadS Strength # readList :: ReadS [Strength] # readPrec :: ReadPrec Strength # readListPrec :: ReadPrec [Strength] #
Show Strength
Instance details Defined in Text.Password.Strength Methods showsPrec :: Int -> Strength -> ShowS # show :: Strength -> String # showList :: [Strength] -> ShowS #

data PasswordCheck Source #

extraWords are common words, likely in the application domain, that should be noted in the zxcvbn password strength check. These words will not be banned in passwords, but they will be noted as less secure than they could have been otherwise.

Constructors

RuleBased
Fields minChars :: Int
Zxcvbn
Fields minStrength :: Strength extraWords :: Vector Text

data PasswordStrength Source #

Constructors

GoodPassword Strength
BadPassword Strength (Maybe Text)

Instances

Instances details

ToJSON PasswordStrength Source #
Instance details Defined in Yesod.Auth.Simple.Types Methods toJSON :: PasswordStrength -> Value # toEncoding :: PasswordStrength -> Encoding # toJSONList :: [PasswordStrength] -> Value # toEncodingList :: [PasswordStrength] -> Encoding #

Re-export from Scrypt

newtype EncryptedPass #

Constructors

EncryptedPass
Fields getEncryptedPass :: ByteString

Instances

Instances details

Eq EncryptedPass
Instance details Defined in Crypto.Scrypt Methods (==) :: EncryptedPass -> EncryptedPass -> Bool # (/=) :: EncryptedPass -> EncryptedPass -> Bool #
Show EncryptedPass
Instance details Defined in Crypto.Scrypt Methods showsPrec :: Int -> EncryptedPass -> ShowS # show :: EncryptedPass -> String # showList :: [EncryptedPass] -> ShowS #

newtype Pass #

Constructors

Pass
Fields getPass :: ByteString

Instances

Instances details

Eq Pass
Instance details Defined in Crypto.Scrypt Methods (==) :: Pass -> Pass -> Bool # (/=) :: Pass -> Pass -> Bool #
Show Pass
Instance details Defined in Crypto.Scrypt Methods showsPrec :: Int -> Pass -> ShowS # show :: Pass -> String # showList :: [Pass] -> ShowS #

encryptPassIO' :: Pass -> IO EncryptedPass #

Equivalent to encryptPassIO defaultParams.