Safe Haskell | None |
---|---|
Language | Haskell2010 |
A Yesod plugin for traditional email/password authentication
This plugin uses an alternative flow to Yesod.Auth.Email fom the yesod-auth package.
Note: this plugin reserves the following session names for its needs:
yesod-auth-simple-error
yesod-auth-simple-email
yas-set-password-token
yas-registration-token
yas-password-backup
Synopsis
- class (YesodAuth a, PathPiece (AuthSimpleId a)) => YesodAuthSimple a where
- type AuthSimpleId a
- afterPasswordRoute :: a -> Route a
- getUserId :: MonadAuthHandler a m => Email -> m (Maybe (AuthSimpleId a))
- getUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> m EncryptedPass
- onRegisterSuccess :: MonadAuthHandler a m => m TypedContent
- insertUser :: MonadAuthHandler a m => Email -> EncryptedPass -> m (Maybe (AuthSimpleId a))
- updateUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> EncryptedPass -> m ()
- shouldPreventLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> m (Maybe UTCTime)
- onLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> Bool -> m ()
- sendVerifyEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m ()
- sendResetPasswordEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m ()
- matchRegistrationToken :: MonadAuthHandler a m => Text -> m (Maybe Email)
- isConfirmationPending :: MonadAuthHandler a m => Email -> m Bool
- matchPasswordToken :: MonadAuthHandler a m => Text -> m (Maybe (AuthSimpleId a))
- onRegistrationTokenUsed :: MonadAuthHandler a m => Email -> m ()
- onEmailAlreadyExist :: MonadAuthHandler a m => m TypedContent
- passwordFieldTemplate :: (AuthRoute -> Route a) -> WidgetFor a ()
- loginTemplate :: (AuthRoute -> Route a) -> Maybe Text -> Maybe Text -> WidgetFor a ()
- registerTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- resetPasswordTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- confirmTemplate :: (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a ()
- confirmationEmailSentTemplate :: WidgetFor a ()
- confirmationEmailResentTemplate :: WidgetFor a ()
- resetPasswordEmailSentTemplate :: WidgetFor a ()
- registerSuccessTemplate :: WidgetFor a ()
- userExistsTemplate :: WidgetFor a ()
- invalidPasswordTokenTemplate :: Text -> WidgetFor a ()
- invalidRegistrationTokenTemplate :: Text -> WidgetFor a ()
- tooManyLoginAttemptsTemplate :: UTCTime -> WidgetFor a ()
- setPasswordTemplate :: (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a ()
- onPasswordUpdated :: MonadAuthHandler a m => AuthSimpleId a -> m ()
- onBotPost :: MonadAuthHandler a m => m ()
- passwordCheck :: PasswordCheck
- authSimple :: YesodAuthSimple m => AuthPlugin m
- loginR :: AuthRoute
- registerR :: AuthRoute
- resetPasswordR :: AuthRoute
- resetPasswordEmailSentR :: AuthRoute
- setPasswordTokenR :: Text -> AuthRoute
- confirmTokenR :: Text -> AuthRoute
- confirmR :: AuthRoute
- userExistsR :: AuthRoute
- registerSuccessR :: AuthRoute
- confirmationEmailSentR :: AuthRoute
- passwordStrengthR :: AuthRoute
- loginTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> Maybe Text -> WidgetFor a ()
- setPasswordTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a ()
- invalidTokenTemplateDef :: Text -> WidgetFor a ()
- userExistsTemplateDef :: WidgetFor a ()
- registerSuccessTemplateDef :: WidgetFor a ()
- resetPasswordEmailSentTemplateDef :: WidgetFor a ()
- confirmationEmailSentTemplateDef :: WidgetFor a ()
- confirmTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a ()
- resetPasswordTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- registerTemplateDef :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a ()
- passwordFieldTemplateBasic :: WidgetFor a ()
- passwordFieldTemplateZxcvbn :: (AuthRoute -> Route a) -> Strength -> Vector Text -> WidgetFor a ()
- honeypotFieldTemplate :: WidgetFor a ()
- genToken :: IO ByteString
- encodeToken :: ByteString -> Text
- hashAndEncodeToken :: ByteString -> Text
- decodeToken :: Text -> ByteString
- getError :: AuthHandler a (Maybe Text)
- setError :: MonadHandler m => Text -> m ()
- clearError :: AuthHandler a ()
- maxPasswordLength :: Int
- newtype Email = Email {}
- newtype Password = Password Text
- data Strength
- data PasswordCheck
- data PasswordStrength
- newtype EncryptedPass = EncryptedPass {}
- newtype Pass = Pass {}
- encryptPassIO' :: Pass -> IO EncryptedPass
Plugin
class (YesodAuth a, PathPiece (AuthSimpleId a)) => YesodAuthSimple a where Source #
afterPasswordRoute, getUserId, getUserPassword, onRegisterSuccess, insertUser, updateUserPassword, matchRegistrationToken, matchPasswordToken
type AuthSimpleId a Source #
Alias for some UserId datatype, likely same as the one in YesodAuth Refer to documentation for yesod-auth: http://hackage.haskell.org/package/yesod-auth
afterPasswordRoute :: a -> Route a Source #
route to redirect to after resetting password e.g. homepage
getUserId :: MonadAuthHandler a m => Email -> m (Maybe (AuthSimpleId a)) Source #
find user by email e.g. `runDB $ getBy $ UniqueUser email`
getUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> m EncryptedPass Source #
find user's password (encrypted), handling user not found case
onRegisterSuccess :: MonadAuthHandler a m => m TypedContent Source #
return this content after successful user registration
insertUser :: MonadAuthHandler a m => Email -> EncryptedPass -> m (Maybe (AuthSimpleId a)) Source #
insert user to database with just email and password other mandatory fields are not supported
updateUserPassword :: MonadAuthHandler a m => AuthSimpleId a -> EncryptedPass -> m () Source #
update record in database after validation
shouldPreventLoginAttempt :: MonadAuthHandler a m => Maybe (AuthSimpleId a) -> m (Maybe UTCTime) Source #
Return time until which the user should not be allowed to log in. The time is returned so that the UI can provide a helpful message in the event that a legitimate user somehow triggers the rate-limiting mechanism. If the time is Nothing, the user may log in.
:: MonadAuthHandler a m | |
=> Maybe (AuthSimpleId a) | The user id of the given email, if one exists |
-> Bool | Whether the password given was correct. Always False when user id is Nothing |
-> m () |
Perform an action on a login attempt.
:: MonadAuthHandler a m | |
A valid email they've registered. | |
-> VerUrl | An verification URL (in absolute form). |
-> Text | A sha256 base64-encoded hash of the verification token. You should store this in your database. |
-> m () |
Called when someone requests registration.
sendResetPasswordEmail :: MonadAuthHandler a m => Email -> VerUrl -> Text -> m () Source #
Like sendVerifyEmail
but for password resets.
matchRegistrationToken :: MonadAuthHandler a m => Text -> m (Maybe Email) Source #
Given a hashed and base64-encoded token from the user, look up if the token is still valid and return the associated email if so.
isConfirmationPending :: MonadAuthHandler a m => Email -> m Bool Source #
Сheck if a registration confirmation is pending for the given email.
Since: 1.0.0
matchPasswordToken :: MonadAuthHandler a m => Text -> m (Maybe (AuthSimpleId a)) Source #
Like matchRegistrationToken
but for password resets.
onRegistrationTokenUsed :: MonadAuthHandler a m => Email -> m () Source #
Can be used to invalidate the registration token. This is
different from onRegisterSuccess
because this will also be
called for existing users who use the registration form as a
one-time login link. Note that onPasswordUpdated
can handle the
case where a password reset token is used.
onEmailAlreadyExist :: MonadAuthHandler a m => m TypedContent Source #
What to do if the email specified during registration is already registered.
Since: 1.0.0
passwordFieldTemplate :: (AuthRoute -> Route a) -> WidgetFor a () Source #
Password field widget for a chosen PasswordCheck algorithm
A template for showing the user authentication form
While a default is provided, you should probably override this with a template that matches your own product's branding.
registerTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #
resetPasswordTemplate :: (AuthRoute -> Route a) -> Maybe Text -> WidgetFor a () Source #
confirmTemplate :: (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a () Source #
confirmationEmailSentTemplate :: WidgetFor a () Source #
confirmationEmailResentTemplate :: WidgetFor a () Source #
Template to notify user that a confirmation email has been resent.
Since: 1.0.0
resetPasswordEmailSentTemplate :: WidgetFor a () Source #
registerSuccessTemplate :: WidgetFor a () Source #
userExistsTemplate :: WidgetFor a () Source #
invalidPasswordTokenTemplate :: Text -> WidgetFor a () Source #
invalidRegistrationTokenTemplate :: Text -> WidgetFor a () Source #
tooManyLoginAttemptsTemplate :: UTCTime -> WidgetFor a () Source #
setPasswordTemplate :: (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a () Source #
onPasswordUpdated :: MonadAuthHandler a m => AuthSimpleId a -> m () Source #
Run after a user successfully changing the user's password. This is a good time to delete any password reset tokens for this user.
onBotPost :: MonadAuthHandler a m => m () Source #
Action called when a bot is detected
passwordCheck :: PasswordCheck Source #
Provide suitable constructor e.g. `RuleBased 8`
authSimple :: YesodAuthSimple m => AuthPlugin m Source #
This instance of AuthPlugin for inserting into authPlugins
of YesodAuth
Routes
setPasswordTokenR :: Text -> AuthRoute Source #
confirmTokenR :: Text -> AuthRoute Source #
Default widgets
setPasswordTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Maybe Text -> WidgetFor a () Source #
invalidTokenTemplateDef :: Text -> WidgetFor a () Source #
userExistsTemplateDef :: WidgetFor a () Source #
registerSuccessTemplateDef :: WidgetFor a () Source #
confirmTemplateDef :: forall a. YesodAuthSimple a => (AuthRoute -> Route a) -> Route a -> Email -> Maybe Text -> WidgetFor a () Source #
passwordFieldTemplateBasic :: WidgetFor a () Source #
passwordFieldTemplateZxcvbn :: (AuthRoute -> Route a) -> Strength -> Vector Text -> WidgetFor a () Source #
honeypotFieldTemplate :: WidgetFor a () Source #
Tokens
genToken :: IO ByteString Source #
encodeToken :: ByteString -> Text Source #
encode to base64url form
hashAndEncodeToken :: ByteString -> Text Source #
Hashes input via SHA256 and returns the hash encoded as base64 text
decodeToken :: Text -> ByteString Source #
Decode from base64url. Lenient decoding because this is random input from the user and not all valid utf8 is valid base64
Error handlers
getError :: AuthHandler a (Maybe Text) Source #
Get the error session (see errorSessionName
) if present. It also clears
up the session after.
setError :: MonadHandler m => Text -> m () Source #
Sets up the error session (errorSessionName
) to the given value.
clearError :: AuthHandler a () Source #
Clears up the error session (errorSessionName
).
Misc
Types
Instances
Eq Email Source # | |
Show Email Source # | |
ToJSON Email Source # | |
Defined in Yesod.Auth.Simple.Types | |
FromJSON Email Source # | |
PersistField Email Source # | |
Defined in Yesod.Auth.Simple.Instance.Persist.EmailTextCI toPersistValue :: Email -> PersistValue # fromPersistValue :: PersistValue -> Either Text Email # | |
PersistField Email Source # | |
Defined in Yesod.Auth.Simple.Instance.Persist.EmailText toPersistValue :: Email -> PersistValue # fromPersistValue :: PersistValue -> Either Text Email # | |
PersistFieldSql Email Source # | |
PersistFieldSql Email Source # | |
Measurement of password strength.
Risky | Too guessable: risky password. (guesses < \(10^{3}\)) |
Weak | Very guessable: protection from throttled online attacks. (guesses < \(10^{6}\)) |
Moderate | Somewhat guessable: protection from unthrottled online attacks. (guesses < \(10^{8}\)) |
Safe | Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < \(10^{10}\)) |
Strong | Very unguessable: strong protection from offline slow-hash scenario. (guesses >= \(10^{10}\)) |
Instances
Bounded Strength | |
Enum Strength | |
Eq Strength | |
Ord Strength | |
Defined in Text.Password.Strength | |
Read Strength | |
Show Strength | |
data PasswordCheck Source #
extraWords
are common words, likely in the application domain,
that should be noted in the zxcvbn password strength check. These
words will not be banned in passwords, but they will be noted as
less secure than they could have been otherwise.
data PasswordStrength Source #
Instances
ToJSON PasswordStrength Source # | |
Defined in Yesod.Auth.Simple.Types toJSON :: PasswordStrength -> Value # toEncoding :: PasswordStrength -> Encoding # toJSONList :: [PasswordStrength] -> Value # toEncodingList :: [PasswordStrength] -> Encoding # |
Re-export from Scrypt
newtype EncryptedPass #
Instances
Eq EncryptedPass | |
Defined in Crypto.Scrypt (==) :: EncryptedPass -> EncryptedPass -> Bool # (/=) :: EncryptedPass -> EncryptedPass -> Bool # | |
Show EncryptedPass | |
Defined in Crypto.Scrypt showsPrec :: Int -> EncryptedPass -> ShowS # show :: EncryptedPass -> String # showList :: [EncryptedPass] -> ShowS # |
encryptPassIO' :: Pass -> IO EncryptedPass #
Equivalent to encryptPassIO defaultParams
.