packages feed

servant-auth-token-api 0.4.2.2 → 0.5.4.0

raw patch · 3 files changed

Files

CHANGELOG.md view
@@ -1,3 +1,28 @@+0.5.4.0+=======++* Bump versions for `servant-0.16` and `swagger-2.4`.++0.5.3.0+=======++* Bump versions to `lts-12.9`.++0.5.2.0+=======++* Push version bounds.++0.5.1.0+=======++* Push version bounds.++0.5.0.0+=======++* Add `AuthSigninPostMethod` to substitute security weak `AuthSigninMethod`.+ 0.4.2.1 ======= 
servant-auth-token-api.cabal view
@@ -1,7 +1,8 @@ name:                servant-auth-token-api-version:             0.4.2.2+version:             0.5.4.0 synopsis:            Servant based API for token based authorisation-description:         Please see README.md+description:         The package provides cross compiler API (for GHC and GHCJS) for+                     <http://hackage.haskell.org/package/servant-auth-token servant-auth-token>. Please see README.md homepage:            https://github.com/ncrashed/servant-auth-token-api#readme license:             BSD3 license-file:        LICENSE@@ -14,6 +15,7 @@   README.md   CHANGELOG.md cabal-version:       >=1.10+tested-with:         GHC ==8.6.5, GHC ==8.4.4  Flag flat-perm-symbols   Description: Use flat Symbols for token tags, improve compilation time.@@ -28,14 +30,14 @@     Servant.API.Auth.Token.Internal.Schema   build-depends:       base            >= 4.7    && < 5-    , aeson           >= 0.11   && < 1.3-    , aeson-injector  >= 1.0.4  && < 1.1+    , aeson           >= 0.11   && < 1.5+    , aeson-injector  >= 1.0.4  && < 1.2     , lens            >= 4.13   && < 5     , raw-strings-qq  >= 1.1    && < 1.2-    , servant         >= 0.9    && < 0.13-    , servant-docs    >= 0.9    && < 0.13+    , servant         >= 0.9    && < 0.17+    , servant-docs    >= 0.9    && < 0.15     , servant-swagger >= 1.1    && < 1.2-    , swagger2        >= 2.1    && < 2.2+    , swagger2        >= 2.4    && < 2.5     , text            >= 1.2    && < 2    default-language:    Haskell2010
src/Servant/API/Auth/Token.hs view
@@ -22,6 +22,7 @@   -- * API specs     AuthAPI   , AuthSigninMethod+  , AuthSigninPostMethod   , AuthSigninGetCodeMethod   , AuthSigninPostCodeMethod   , AuthTouchMethod@@ -77,6 +78,7 @@   , RespUserInfo(..)   , PatchUser(..)   , RespUsersInfo(..)+  , AuthSigninPostBody(..)   -- ** User groups   , UserGroupId   , UserGroup(..)@@ -173,7 +175,7 @@ type Token' (perms :: [Symbol]) = Token (PlainPerms perms)  instance ToParamSchema (Token perms) where-  toParamSchema _ = mempty { _paramSchemaType = SwaggerString }+  toParamSchema _ = mempty { _paramSchemaType = Just SwaggerString }  instance FromHttpApiData (Token perms) where   parseUrlPiece = fmap Token . parseUrlPiece@@ -406,6 +408,37 @@       , patchUserGroupNoParent = Just True       } +-- | Body for 'AuthSigninPostMethod'+data AuthSigninPostBody = AuthSigninPostBody {+  authSigninBodyLogin    :: !Login+, authSigninBodyPassword :: !Password+, authSigninBodySeconds  :: !(Maybe Seconds) -- ^ Nothing is default server value+} deriving (Generic, Show)+$(deriveJSON (derivePrefix "authSigninBody") ''AuthSigninPostBody)++instance ToSchema AuthSigninPostBody where+  declareNamedSchema = genericDeclareNamedSchema $+    schemaOptionsDropPrefix "authSigninBody"++instance ToSample AuthSigninPostBody where+  toSamples _ = samples [s1, s2, s3]+    where+    s1 = AuthSigninPostBody {+        authSigninBodyLogin = "admin"+      , authSigninBodyPassword = "123456"+      , authSigninBodySeconds = Nothing+      }+    s2 = AuthSigninPostBody {+        authSigninBodyLogin = "sviborg"+      , authSigninBodyPassword = "qwerty"+      , authSigninBodySeconds = Just 360+      }+    s3 = AuthSigninPostBody {+        authSigninBodyLogin = "schoolgirl"+      , authSigninBodyPassword = "ilovepony"+      , authSigninBodySeconds = Just 42+      }+ instance ToParam (QueryParam "login" Login) where   toParam _ = DocQueryParam "login" ["ncrashed", "buddy"] "Any valid login for user" Normal instance ToParam (QueryParam "password" Password) where@@ -425,6 +458,7 @@ -- | Generic authorization API type AuthAPI =        AuthSigninMethod+  :<|> AuthSigninPostMethod   :<|> AuthSigninGetCodeMethod   :<|> AuthSigninPostCodeMethod   :<|> AuthTouchMethod@@ -472,6 +506,30 @@   :> QueryParam "password" Password   :> QueryParam "expire" Seconds   :> Get '[JSON] (OnlyField "token" SimpleToken)+{-# DEPRECATED AuthSigninMethod "AuthSigninPostMethod is more secure" #-}++-- | How to get a token, expire of 'Nothing' means+-- some default value (server config).+--+-- Logic of authorisation via this method is:+--+-- * Client sends POST request to the endpoint with+-- user specified login and password and optional expire+--+-- * Server responds with token or error+--+-- * Client uses the token with other requests as authorisation+-- header+--+-- * Client can extend lifetime of token by periodically pinging+-- of 'AuthTouchMethod' endpoint+--+-- * Client can invalidate token instantly by 'AuthSignoutMethod'+--+-- * Client can get info about user with 'AuthTokenInfoMethod' endpoint.+type AuthSigninPostMethod = "auth" :> "signin"+  :> ReqBody '[JSON] AuthSigninPostBody+  :> Post '[JSON] (OnlyField "token" SimpleToken)  -- | Authorisation via code of single usage. --