authenticate 0.9.2.2 → 0.9.3
raw patch · 2 files changed
+77/−3 lines, 2 filesdep +processPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependencies added: process
API changes (from Hackage documentation)
- Web.Authenticate.OAuth: getAccessToken :: OAuth -> Credential -> IO Credential
- Web.Authenticate.OAuth: getTokenCredential :: OAuth -> Credential -> IO Credential
+ Web.Authenticate.Kerberos: NoSuchUser :: KerberosAuthResult
+ Web.Authenticate.Kerberos: Ok :: KerberosAuthResult
+ Web.Authenticate.Kerberos: TimeOut :: KerberosAuthResult
+ Web.Authenticate.Kerberos: UnknownError :: Text -> KerberosAuthResult
+ Web.Authenticate.Kerberos: WrongPassword :: KerberosAuthResult
+ Web.Authenticate.Kerberos: data KerberosAuthResult
+ Web.Authenticate.Kerberos: instance Show KerberosAuthResult
+ Web.Authenticate.Kerberos: loginKerberos :: Text -> Text -> IO KerberosAuthResult
+ Web.Authenticate.OAuth: getAccessToken, getTokenCredential :: OAuth -> Credential -> IO Credential
Files
- Web/Authenticate/Kerberos.hs +72/−0
- authenticate.cabal +5/−3
+ Web/Authenticate/Kerberos.hs view
@@ -0,0 +1,72 @@+{-# LANGUAGE OverloadedStrings #-}+-- | Module for using a kerberos authentication service.+--+-- Please note that all configuration should have been done+-- manually on the machine prior to running the code.+--+-- On linux machines the configuration might be in /etc/krb5.conf.+-- It's worth checking if the Kerberos service provider (e.g. your university)+-- already provide a complete configuration file.+--+-- Be certain that you can manually login from a shell by typing+--+-- > kinit username+--+-- If you fill in your password and the program returns no error code,+-- then your kerberos configuration is setup properly.+-- Only then can this module be of any use.+module Web.Authenticate.Kerberos+ ( loginKerberos+ , KerberosAuthResult(..)+ ) where++import Data.Text (Text)+import qualified Data.Text as T+import Data.Maybe (fromJust)+import Control.Monad (msum, guard)+import System.Process (readProcessWithExitCode)+import System.Timeout (timeout)+import System.Exit (ExitCode(..))++-- | Occurreable results of a Kerberos login+data KerberosAuthResult = Ok+ | NoSuchUser+ | WrongPassword+ | TimeOut+ | UnknownError Text++instance Show KerberosAuthResult where+ show Ok = "Login sucessful"+ show NoSuchUser = "Wrong username"+ show WrongPassword = "Wrong password"+ show TimeOut = "kinit respone timeout"+ show (UnknownError msg) = "Unkown error: " ++ T.unpack msg+++-- Given the errcode and stderr, return error-value+interpretError :: Int -> Text -> KerberosAuthResult+interpretError _ errmsg = fromJust . msum $+ ["Client not found in Kerberos database while getting" --> NoSuchUser,+ "Preauthentication failed while getting" --> WrongPassword,+ Just $ UnknownError errmsg]+ where+ substr --> kError = guard (substr `T.isInfixOf` errmsg) >> Just kError++-- | Given the username and password, try login to Kerberos service+loginKerberos :: Text -- ^ Username+ -> Text -- ^ Password+ -> IO KerberosAuthResult+loginKerberos username password = do+ timedFetch <- timeout (10*1000000) fetch+ case timedFetch of+ Just res -> return res+ Nothing -> return TimeOut+ where+ fetch :: IO KerberosAuthResult+ fetch = do+ (exitCode, _out, err) <- readProcessWithExitCode+ "kinit" [T.unpack username] (T.unpack password)+ case exitCode of+ ExitSuccess -> return Ok+ ExitFailure x -> return $ interpretError x (T.pack err)+
authenticate.cabal view
@@ -1,8 +1,8 @@ name: authenticate-version: 0.9.2.2+version: 0.9.3 license: BSD3 license-file: LICENSE-author: Michael Snoyman, Hiromi Ishii+author: Michael Snoyman, Hiromi Ishii, Arash Rouhani maintainer: Michael Snoyman <michael@snoyman.com> synopsis: Authentication methods for Haskell web applications. description: Focus is on third-party authentication methods, such as OpenID,@@ -35,13 +35,15 @@ blaze-builder >= 0.2 && < 0.4, attoparsec >= 0.9 && < 0.10, tls >= 0.7 && < 0.8,- containers+ containers,+ process >= 1.0.1.1 && < 1.1 exposed-modules: Web.Authenticate.Rpxnow, Web.Authenticate.OpenId, Web.Authenticate.BrowserId, Web.Authenticate.OpenId.Providers, Web.Authenticate.OAuth, Web.Authenticate.Facebook+ Web.Authenticate.Kerberos other-modules: Web.Authenticate.Internal, OpenId2.Discovery, OpenId2.Normalization,