servant-auth-server 0.4.0.1 → 0.4.0.2
raw patch · 6 files changed
+97/−24 lines, 6 filesdep ~basedep ~http-api-dataPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependency ranges changed: base, http-api-data
API changes (from Hackage documentation)
- Servant.Auth.Server.SetCookieOrphan: instance Data.ByteString.Conversion.To.ToByteString Web.Cookie.SetCookie
- Servant.Auth.Server.SetCookieOrphan: instance Web.Internal.HttpApiData.FromHttpApiData Web.Cookie.SetCookie
- Servant.Auth.Server.SetCookieOrphan: instance Web.Internal.HttpApiData.ToHttpApiData Web.Cookie.SetCookie
+ Servant.Auth.Server: [cookieDomain] :: CookieSettings -> !(Maybe ByteString)
+ Servant.Auth.Server.Internal.ConfigTypes: [cookieDomain] :: CookieSettings -> !(Maybe ByteString)
- Servant.Auth.Server: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
+ Servant.Auth.Server: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
- Servant.Auth.Server.Internal.ConfigTypes: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
+ Servant.Auth.Server.Internal.ConfigTypes: CookieSettings :: !IsSecure -> !(Maybe DiffTime) -> !(Maybe UTCTime) -> !(Maybe ByteString) -> !(Maybe ByteString) -> !SameSite -> !ByteString -> !(Maybe XsrfCookieSettings) -> CookieSettings
Files
- CHANGELOG.md +84/−0
- servant-auth-server.cabal +4/−2
- src/Servant/Auth/Server.hs +0/−1
- src/Servant/Auth/Server/Internal/ConfigTypes.hs +5/−2
- src/Servant/Auth/Server/Internal/Cookie.hs +1/−0
- src/Servant/Auth/Server/SetCookieOrphan.hs +3/−19
+ CHANGELOG.md view
@@ -0,0 +1,84 @@+# Changelog++All notable changes to this project will be documented in this file.++The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).++## [Unreleased]++## [0.4.0.2] - 2018-10-05++### Added+- #125 Allow setting domain name for a cookie [@domenkozar]++## Changed+- bump http-api-data to 0.3.10 that includes Cookie orphan instances previously located in servant-auth-server [@phadej]+- #114 Export `HasSecurity` typeclass [@rockbmb]++## [0.4.0.1] - 2018-09-23++### Security+- #123 Session cookie did not apply SameSite attribute [@domenkozar]++### Added+- #112 HasLink instance for Auth combinator [@adetokunbo]+- #111 Documentation for using hoistServer [@mschristiansen]+- #107 Add utility functions for reading and writing a key to a file [@mschristiansen]++## [0.4.0.0] - 2018-06-17++### Added+- Support GHC 8.4 by @phadej and @domenkozar+- Support for servant-0.14 by @phadej+- #96 Support for jose-0.7 by @xaviershay+- #92 add `clearSession` for logout by @plredmond and @3noch+- #95 makeJWT: allow setting Alg via defaultJWTSettings by @domenkozar+- #89 Validate JWT against a JWKSet instead of JWK by @sopvop++### Changed+- #92 Rename CSRF to XSRF by @plredmond and @3noch+- #92 extract 'XsrfCookieSettings' from 'CookieSettings' and make XSRF checking optional+ by @plredmond and @3noch+- #69 export SameSite by @domenkozar+- #102 Reuse Servant.Api.IsSecure instead of duplicating ADT by @domenkozar++### Deprecated+- #92 Renamed 'makeCsrfCookie' to 'makeXsrfCookie' and marked the former as deprecated+ by @plredmond and @3noc+- #92 Made several changes to the structure of 'CookieSettings' which will require+ attention by users who have modified the XSRF settings by @plredmond and @3noch++### Security+- #94 Force cookie expiration on serverside by @karshan++## [0.3.2.0] - 2018-02-21++### Added+- #76 Export wwwAuthenticatedErr and elaborate its annotation by @defanor+- Support for servant-0.14 by @phadej++### Changed+- Disable the readme executable for ghcjs builds by @hamishmack+- #84 Make AddSetCookieApi type family open by @qnikst+- #79 Make CSRF checks optional for GET requests by @harendra-kumar++## [0.3.1.0] - 2017-11-08++### Added+- Support for servant-0.12 by @phadej++## [0.3.0.0] - 2017-11-07++### Changed+- #47 'cookiePath' and 'xsrfCookiePath' added to 'CookieSettings' by @mchaver++## [0.2.8.0] - 2017-05-26++### Added+- #45 Support for servant-0.11 by @phadej++## [0.2.7.0] - 2017-02-11++### Changed+- #27 #41 'acceptLogin' and 'makeCsrfCookie' functions by @bts
servant-auth-server.cabal view
@@ -1,5 +1,5 @@ name: servant-auth-server-version: 0.4.0.1+version: 0.4.0.2 synopsis: servant-server/servant-auth compatibility description: This package provides the required instances for using the @Auth@ combinator in your 'servant' server.@@ -18,6 +18,8 @@ tested-with: GHC == 7.10.3, GHC == 8.0.2, GHC == 8.2.2, GHC == 8.4.3 build-type: Simple cabal-version: >= 1.10+extra-source-files:+ CHANGELOG.md source-repository head type: git@@ -40,7 +42,7 @@ , crypto-api >= 0.13 && < 0.14 , data-default-class >= 0.0 && < 0.2 , entropy >= 0.3 && < 0.5- , http-api-data >= 0.3.7 && < 0.4+ , http-api-data >= 0.3.10 && < 0.4 , http-types >= 0.9 && < 0.13 , jose >= 0.6 && < 0.8 , lens >= 4 && < 5
src/Servant/Auth/Server.hs view
@@ -150,7 +150,6 @@ import Servant.Auth.Server.Internal.JWT import Servant.Auth.Server.Internal.ThrowAll import Servant.Auth.Server.Internal.Types-import Servant.Auth.Server.SetCookieOrphan () import Crypto.JOSE as Jose import Servant (BasicAuthData (..))
src/Servant/Auth/Server/Internal/ConfigTypes.hs view
@@ -64,13 +64,15 @@ , cookieMaxAge :: !(Maybe DiffTime) -- | At what time the cookie expires. Default: @Nothing@. , cookieExpires :: !(Maybe UTCTime)- -- | The URL path and sub-paths for which this cookie is used. Default @Just "/"@.+ -- | The URL path and sub-paths for which this cookie is used. Default: @Just "/"@. , cookiePath :: !(Maybe BS.ByteString)+ -- | Domain name, if set cookie also allows subdomains. Default: @Nothing@.+ , cookieDomain :: !(Maybe BS.ByteString) -- | 'SameSite' settings. Default: @SameSiteLax@. , cookieSameSite :: !SameSite -- | What name to use for the cookie used for the session. , sessionCookieName :: !BS.ByteString- -- | The optional settings to use for XSRF protection. Default @Just def@.+ -- | The optional settings to use for XSRF protection. Default: @Just def@. , cookieXsrfSetting :: !(Maybe XsrfCookieSettings) } deriving (Eq, Show, Generic) @@ -83,6 +85,7 @@ , cookieMaxAge = Nothing , cookieExpires = Nothing , cookiePath = Just "/"+ , cookieDomain = Nothing , cookieSameSite = SameSiteLax , sessionCookieName = "JWT-Cookie" , cookieXsrfSetting = Just def
src/Servant/Auth/Server/Internal/Cookie.hs view
@@ -101,6 +101,7 @@ { setCookieMaxAge = cookieMaxAge cookieSettings , setCookieExpires = cookieExpires cookieSettings , setCookiePath = cookiePath cookieSettings+ , setCookieDomain = cookieDomain cookieSettings , setCookieSecure = case cookieIsSecure cookieSettings of Secure -> True NotSecure -> False
src/Servant/Auth/Server/SetCookieOrphan.hs view
@@ -1,19 +1,3 @@-{-# OPTIONS_GHC -fno-warn-orphans #-}-module Servant.Auth.Server.SetCookieOrphan () where--import Blaze.ByteString.Builder (toByteString)-import Data.Text.Encoding (decodeUtf8, encodeUtf8)-import Web.Cookie (SetCookie, parseSetCookie, renderSetCookie)-import Web.HttpApiData (FromHttpApiData (..), ToHttpApiData (..))-import Data.ByteString.Conversion (ToByteString(..))--instance FromHttpApiData SetCookie where- parseUrlPiece = parseHeader . encodeUtf8- parseHeader = Right . parseSetCookie--instance ToHttpApiData SetCookie where- toUrlPiece = decodeUtf8 . toHeader- toHeader = toByteString . renderSetCookie--instance ToByteString SetCookie where- builder = renderSetCookie+module Servant.Auth.Server.SetCookieOrphan+ {-# DEPRECATED "instance exists in http-api-data-0.3.9. This module will be removed in next major release." #-}+ () where