packages feed

happstack-server 7.5.3 → 7.5.4

raw patch · 2 files changed

+41/−11 lines, 2 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

+ Happstack.Server.Auth: basicAuthBy :: Happstack m => (ByteString -> ByteString -> Bool) -> String -> m a -> m a
+ Happstack.Server.Auth: validLoginPlaintext :: Map String String -> ByteString -> ByteString -> Bool

Files

happstack-server.cabal view
@@ -1,5 +1,5 @@ Name:                happstack-server-Version:             7.5.3+Version:             7.5.4 Synopsis:            Web related tools and services. Description:         Happstack Server provides an HTTP server and a rich set of functions for routing requests, handling query parameters, generating responses, working with cookies, serving files, and more. For in-depth documentation see the Happstack Crash Course <http://happstack.com/docs/crashcourse/index.html> License:             BSD3
src/Happstack/Server/Auth.hs view
@@ -25,26 +25,56 @@    -> M.Map String String -- ^ the username password map    -> m a -- ^ the part to guard    -> m a-basicAuth realmName authMap xs = basicAuthImpl `mplus` xs+basicAuth realmName authMap = basicAuthBy (validLoginPlaintext authMap) realmName+++-- | Generalized version of 'basicAuth'.+--+-- The function that checks the username password combination must be+-- supplied as first argument.+--+-- example:+--+-- > main = simpleHTTP nullConf $+-- >  msum [ basicAuth' (validLoginPlaintext (fromList [("happstack","rocks")])) "127.0.0.1" $ ok "You are in the secret club"+-- >       , ok "You are not in the secret club."+-- >       ]+--+basicAuthBy :: (Happstack m) =>+   (B.ByteString -> B.ByteString -> Bool) -- ^ function that returns true if the name password combination is valid+   -> String -- ^ the realm name+   -> m a -- ^ the part to guard+   -> m a+basicAuthBy validLogin realmName xs = basicAuthImpl `mplus` xs   where     basicAuthImpl = do         aHeader <- getHeaderM "authorization"         case aHeader of             Nothing -> err-            Just x -> -                do r <- parseHeader x -                   case r of-                     (name, ':':password) | validLogin name password -> mzero-                                          | otherwise -> err-                     _  -> err-    validLogin name password = M.lookup name authMap == Just password-    parseHeader h = +            Just x ->+                do (name, password) <- parseHeader x+                   if B.length password > 0+                      && B.head password == ':'+                      && validLogin name (B.tail password)+                     then mzero+                     else err+    parseHeader h =       case Base64.decode . B.drop 6 $ h of         (Left _)   -> err-        (Right bs) -> return (break (':'==) (B.unpack bs))+        (Right bs) -> return (B.break (':'==) bs)     headerName  = "WWW-Authenticate"     headerValue = "Basic realm=\"" ++ realmName ++ "\""     err :: (Happstack m) => m a     err = escape $ do             setHeaderM headerName headerValue             unauthorized $ toResponse "Not authorized"+++-- | Function that looks up the plain text password for username in a+-- Map and returns True if it matches with the given password.+validLoginPlaintext ::+  M.Map String String -- ^ the username password map+  -> B.ByteString -- ^ the username+  -> B.ByteString -- ^ the password+  -> Bool+validLoginPlaintext authMap name password = M.lookup (B.unpack name) authMap == Just (B.unpack password)