servant-auth-cookie 0.4.1 → 0.4.2
raw patch · 3 files changed
+50/−37 lines, 3 filesdep ~cryptonitedep ~memory
Dependency ranges changed: cryptonite, memory
Files
- servant-auth-cookie.cabal +7/−7
- src/Servant/Server/Experimental/Auth/Cookie.hs +22/−0
- tests/Main.hs +21/−30
servant-auth-cookie.cabal view
@@ -1,5 +1,5 @@ name: servant-auth-cookie-version: 0.4.1+version: 0.4.2 synopsis: Authentication via encrypted cookies description: Authentication via encrypted client-side cookies, inspired by client-session library by Michael Snoyman and based on@@ -25,7 +25,7 @@ flag servant9 description: Use servant-0.9 manual: False- default: False+ default: True library exposed-modules:@@ -37,11 +37,11 @@ , bytestring , cereal >= 0.5 && < 0.6 , cookie >= 0.4.1 && < 0.5- , cryptonite >= 0.14 && <= 0.20+ , cryptonite >= 0.14 && <= 0.21 , data-default , exceptions >= 0.8 && < 0.9 , http-types >= 0.9 && < 0.10- , memory >= 0.11 && < 0.14+ , memory >= 0.11 && <= 0.14 , mtl >= 2.0 && < 3.0 , servant >= 0.5 && < 0.10 , servant-server >= 0.5 && < 0.10@@ -75,7 +75,7 @@ , blaze-markup >= 0.7 && < 0.8 , bytestring , cereal >= 0.5 && < 0.6- , cryptonite >= 0.14 && <= 0.20+ , cryptonite >= 0.14 && <= 0.21 , data-default , http-media , mtl >= 2.0 && < 3.0@@ -115,7 +115,7 @@ , QuickCheck >= 2.4 && < 3.0 , bytestring , cereal >= 0.5 && < 0.6- , cryptonite >= 0.14 && <= 0.20+ , cryptonite >= 0.14 && <= 0.21 , data-default , deepseq >= 1.3 && < 1.5 , hspec >= 2.0 && < 3.0@@ -137,7 +137,7 @@ build-depends: base >= 4.7 && < 5.0 , bytestring , criterion >= 0.6.2.1 && < 1.2- , cryptonite >= 0.14 && <= 0.20+ , cryptonite >= 0.14 && <= 0.21 , servant-auth-cookie , servant-server >= 0.5 && < 0.10 if flag(dev)
src/Servant/Server/Experimental/Auth/Cookie.hs view
@@ -51,6 +51,7 @@ , decryptSession , addSession+ , removeSession , addSessionToErr , getSession @@ -440,6 +441,27 @@ addSession acs rs sk sessionData response = do header <- renderSession acs rs sk sessionData return (addHeader (EncryptedSession header) response)++-- | "Remove" a session by invalidating the cookie.+-- Cookie expiry date is set at 0 and content is wiped+removeSession :: ( Monad m,+ AddHeader (e :: Symbol) ByteString s r )+ => AuthCookieSettings -- ^ Options, see 'AuthCookieSettings'+ -> s -- ^ Response to return with session removed+ -> m r -- ^ Response with the session "removed"+removeSession AuthCookieSettings{..} response = + let invalidDate = BSC8.pack $ formatTime+ defaultTimeLocale+ acsExpirationFormat+ timeOrigin+ timeOrigin = UTCTime (toEnum 0) 0+ cookies =+ (acsSessionField, "") :+ ("Path", acsPath) :+ ("Expires", invalidDate) :+ ((,"") <$> acsCookieFlags)+ header = (toByteString . renderCookies) cookies+ in return (addHeader header response) -- | Add cookie session to error allowing to set cookie even if response is -- not 200.
tests/Main.hs view
@@ -192,51 +192,42 @@ sessionSpec :: Spec sessionSpec = do+ let treesOfInt = Proxy :: Proxy Int+ treesOfString = Proxy :: Proxy String+ context "when session is encrypted and decrypted" $ do it "is not distorted in any way (1)" $- property $ \session ->- let f = sessionHelper def :: Tree Int -> IO (Tree Int)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfInt def session `shouldReturn` session it "is not distored in any way (2)" $- property $ \session ->- let f = sessionHelper def :: Tree String -> IO (Tree String)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfString def session `shouldReturn` session context "when session is encrypted and decrypted (CBC mode)" $ do- let sts =- case def of- AuthCookieSettings {..} -> AuthCookieSettings- { acsEncryptAlgorithm = cbcEncrypt- , acsDecryptAlgorithm = cbcDecrypt- , .. }+ let sts = case def of+ AuthCookieSettings{..} -> AuthCookieSettings+ { acsEncryptAlgorithm = cbcEncrypt+ , acsDecryptAlgorithm = cbcDecrypt+ , .. } it "is not distorted in any way (1)" $- property $ \session ->- let f = sessionHelper sts :: Tree Int -> IO (Tree Int)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfInt sts session `shouldReturn` session it "is not distored in any way (2)" $- property $ \session ->- let f = sessionHelper sts :: Tree String -> IO (Tree String)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfString sts session `shouldReturn` session context "when session is encrypted and decrypted (CFB mode)" $ do let sts = case def of AuthCookieSettings {..} -> AuthCookieSettings- { acsEncryptAlgorithm = cfbEncrypt- , acsDecryptAlgorithm = cfbDecrypt- , .. }+ { acsEncryptAlgorithm = cfbEncrypt+ , acsDecryptAlgorithm = cfbDecrypt+ , .. } it "is not distorted in any way (1)" $- property $ \session ->- let f = sessionHelper sts :: Tree Int -> IO (Tree Int)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfInt sts session `shouldReturn` session it "is not distored in any way (2)" $- property $ \session ->- let f = sessionHelper sts :: Tree String -> IO (Tree String)- in f session `shouldReturn` session+ property $ \session -> encryptThenDecrypt treesOfString sts session `shouldReturn` session -sessionHelper :: Serialize a- => AuthCookieSettings+encryptThenDecrypt :: Serialize a+ => Proxy a+ -> AuthCookieSettings -> Tree a -> IO (Tree a)-sessionHelper settings x = do+encryptThenDecrypt _ settings x = do rs <- mkRandomSource drgNew 1000 sk <- mkServerKey 16 Nothing encryptSession settings rs sk x >>= decryptSession settings sk