packages feed

servant-auth-server 0.4.0.1 → 0.4.0.2

raw patch · 6 files changed

+97/−24 lines, 6 filesdep ~basedep ~http-api-dataPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

Dependency ranges changed: base, http-api-data

API changes (from Hackage documentation)

- Servant.Auth.Server.SetCookieOrphan: instance Data.ByteString.Conversion.To.ToByteString Web.Cookie.SetCookie
- Servant.Auth.Server.SetCookieOrphan: instance Web.Internal.HttpApiData.FromHttpApiData Web.Cookie.SetCookie
- Servant.Auth.Server.SetCookieOrphan: instance Web.Internal.HttpApiData.ToHttpApiData Web.Cookie.SetCookie
+ Servant.Auth.Server: [cookieDomain] :: CookieSettings -> !(Maybe ByteString)
+ Servant.Auth.Server.Internal.ConfigTypes: [cookieDomain] :: CookieSettings -> !(Maybe ByteString)
- Servant.Auth.Server: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
+ Servant.Auth.Server: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
- Servant.Auth.Server.Internal.ConfigTypes: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
+ Servant.Auth.Server.Internal.ConfigTypes: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings

Files

+ CHANGELOG.md view
@@ -0,0 +1,84 @@+# Changelog++All notable changes to this project will be documented in this file.++The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).++## [Unreleased]++## [0.4.0.2] - 2018-10-05++### Added+- #125 Allow setting domain name for a cookie [@domenkozar]++## Changed+- bump http-api-data to 0.3.10 that includes Cookie orphan instances previously located in servant-auth-server [@phadej]+- #114 Export `HasSecurity` typeclass [@rockbmb]++## [0.4.0.1] - 2018-09-23++### Security+- #123 Session cookie did not apply SameSite attribute [@domenkozar]++### Added+- #112 HasLink instance for Auth combinator [@adetokunbo]+- #111 Documentation for using hoistServer [@mschristiansen]+- #107 Add utility functions for reading and writing a key to a file [@mschristiansen]++## [0.4.0.0] - 2018-06-17++### Added+- Support GHC 8.4 by @phadej and @domenkozar+- Support for servant-0.14 by @phadej+- #96 Support for jose-0.7 by @xaviershay+- #92 add `clearSession` for logout by @plredmond and @3noch+- #95 makeJWT: allow setting Alg via defaultJWTSettings by @domenkozar+- #89 Validate JWT against a JWKSet instead of JWK by @sopvop++### Changed+- #92 Rename CSRF to XSRF by @plredmond and @3noch+- #92 extract 'XsrfCookieSettings' from 'CookieSettings' and make XSRF checking optional+  by @plredmond and @3noch+- #69 export SameSite by @domenkozar+- #102 Reuse Servant.Api.IsSecure instead of duplicating ADT by @domenkozar++### Deprecated+- #92 Renamed 'makeCsrfCookie' to 'makeXsrfCookie' and marked the former as deprecated+  by @plredmond and @3noc+- #92 Made several changes to the structure of 'CookieSettings' which will require+  attention by users who have modified the XSRF settings by @plredmond and @3noch++### Security+- #94 Force cookie expiration on serverside by @karshan++## [0.3.2.0] - 2018-02-21++### Added+- #76 Export wwwAuthenticatedErr and elaborate its annotation by @defanor+- Support for servant-0.14 by @phadej++### Changed+- Disable the readme executable for ghcjs builds by @hamishmack+- #84 Make AddSetCookieApi type family open by @qnikst+- #79 Make CSRF checks optional for GET requests by @harendra-kumar++## [0.3.1.0] - 2017-11-08++### Added+- Support for servant-0.12 by @phadej++## [0.3.0.0] - 2017-11-07++### Changed+- #47 'cookiePath' and 'xsrfCookiePath' added to 'CookieSettings' by @mchaver++## [0.2.8.0] - 2017-05-26++### Added+- #45 Support for servant-0.11 by @phadej++## [0.2.7.0] - 2017-02-11++### Changed+- #27 #41 'acceptLogin' and 'makeCsrfCookie' functions by @bts
servant-auth-server.cabal view
@@ -1,5 +1,5 @@ name:           servant-auth-server-version:        0.4.0.1+version:        0.4.0.2 synopsis:       servant-server/servant-auth compatibility description:    This package provides the required instances for using the @Auth@ combinator                 in your 'servant' server.@@ -18,6 +18,8 @@ tested-with:    GHC == 7.10.3, GHC == 8.0.2, GHC == 8.2.2, GHC == 8.4.3 build-type:     Simple cabal-version:  >= 1.10+extra-source-files:+    CHANGELOG.md  source-repository head   type: git@@ -40,7 +42,7 @@     , crypto-api              >= 0.13 && < 0.14     , data-default-class      >= 0.0  && < 0.2     , entropy                 >= 0.3  && < 0.5-    , http-api-data           >= 0.3.7 && < 0.4+    , http-api-data           >= 0.3.10 && < 0.4     , http-types              >= 0.9  && < 0.13     , jose                    >= 0.6  && < 0.8     , lens                    >= 4    && < 5
src/Servant/Auth/Server.hs view
@@ -150,7 +150,6 @@ import Servant.Auth.Server.Internal.JWT import Servant.Auth.Server.Internal.ThrowAll import Servant.Auth.Server.Internal.Types-import Servant.Auth.Server.SetCookieOrphan      ()  import Crypto.JOSE as Jose import Servant     (BasicAuthData (..))
src/Servant/Auth/Server/Internal/ConfigTypes.hs view
@@ -64,13 +64,15 @@   , cookieMaxAge      :: !(Maybe DiffTime)   -- | At what time the cookie expires. Default: @Nothing@.   , cookieExpires     :: !(Maybe UTCTime)-  -- | The URL path and sub-paths for which this cookie is used. Default @Just "/"@.+  -- | The URL path and sub-paths for which this cookie is used. Default: @Just "/"@.   , cookiePath        :: !(Maybe BS.ByteString)+  -- | Domain name, if set cookie also allows subdomains. Default: @Nothing@.+  , cookieDomain      :: !(Maybe BS.ByteString)   -- | 'SameSite' settings. Default: @SameSiteLax@.   , cookieSameSite    :: !SameSite   -- | What name to use for the cookie used for the session.   , sessionCookieName :: !BS.ByteString-  -- | The optional settings to use for XSRF protection. Default @Just def@.+  -- | The optional settings to use for XSRF protection. Default: @Just def@.   , cookieXsrfSetting :: !(Maybe XsrfCookieSettings)   } deriving (Eq, Show, Generic) @@ -83,6 +85,7 @@     , cookieMaxAge      = Nothing     , cookieExpires     = Nothing     , cookiePath        = Just "/"+    , cookieDomain      = Nothing     , cookieSameSite    = SameSiteLax     , sessionCookieName = "JWT-Cookie"     , cookieXsrfSetting = Just def
src/Servant/Auth/Server/Internal/Cookie.hs view
@@ -101,6 +101,7 @@   { setCookieMaxAge = cookieMaxAge cookieSettings   , setCookieExpires = cookieExpires cookieSettings   , setCookiePath = cookiePath cookieSettings+  , setCookieDomain = cookieDomain cookieSettings   , setCookieSecure = case cookieIsSecure cookieSettings of       Secure -> True       NotSecure -> False
src/Servant/Auth/Server/SetCookieOrphan.hs view
@@ -1,19 +1,3 @@-{-# OPTIONS_GHC -fno-warn-orphans #-}-module Servant.Auth.Server.SetCookieOrphan () where--import Blaze.ByteString.Builder (toByteString)-import Data.Text.Encoding       (decodeUtf8, encodeUtf8)-import Web.Cookie               (SetCookie, parseSetCookie, renderSetCookie)-import Web.HttpApiData          (FromHttpApiData (..), ToHttpApiData (..))-import Data.ByteString.Conversion (ToByteString(..))--instance FromHttpApiData SetCookie where-    parseUrlPiece = parseHeader . encodeUtf8-    parseHeader = Right . parseSetCookie--instance ToHttpApiData SetCookie where-    toUrlPiece = decodeUtf8 . toHeader-    toHeader = toByteString . renderSetCookie--instance ToByteString SetCookie where-    builder = renderSetCookie+module Servant.Auth.Server.SetCookieOrphan+    {-# DEPRECATED "instance exists in http-api-data-0.3.9. This module will be removed in next major release." #-}+    () where