servant-auth-token 0.1.2.0 → 0.2.0.0
raw patch · 3 files changed
+41/−26 lines, 3 filesdep ~aeson-injectordep ~servant-auth-token-apiPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: aeson-injector, servant-auth-token-api
API changes (from Hackage documentation)
- Servant.Server.Auth.Token: authGroupDelete :: AuthMonad m => UserGroupId -> MToken '["auth-delete"] -> m ()
+ Servant.Server.Auth.Token: authGroupDelete :: AuthMonad m => UserGroupId -> MToken' '["auth-delete"] -> m Unit
- Servant.Server.Auth.Token: authGroupGet :: AuthMonad m => UserGroupId -> MToken '["auth-info"] -> m UserGroup
+ Servant.Server.Auth.Token: authGroupGet :: AuthMonad m => UserGroupId -> MToken' '["auth-info"] -> m UserGroup
- Servant.Server.Auth.Token: authGroupList :: AuthMonad m => Maybe Page -> Maybe PageSize -> MToken '["auth-info"] -> m (PagedList UserGroupId UserGroup)
+ Servant.Server.Auth.Token: authGroupList :: AuthMonad m => Maybe Page -> Maybe PageSize -> MToken' '["auth-info"] -> m (PagedList UserGroupId UserGroup)
- Servant.Server.Auth.Token: authGroupPatch :: AuthMonad m => UserGroupId -> PatchUserGroup -> MToken '["auth-update"] -> m ()
+ Servant.Server.Auth.Token: authGroupPatch :: AuthMonad m => UserGroupId -> PatchUserGroup -> MToken' '["auth-update"] -> m Unit
- Servant.Server.Auth.Token: authGroupPost :: AuthMonad m => UserGroup -> MToken '["auth-update"] -> m (OnlyId UserGroupId)
+ Servant.Server.Auth.Token: authGroupPost :: AuthMonad m => UserGroup -> MToken' '["auth-update"] -> m (OnlyId UserGroupId)
- Servant.Server.Auth.Token: authGroupPut :: AuthMonad m => UserGroupId -> UserGroup -> MToken '["auth-update"] -> m ()
+ Servant.Server.Auth.Token: authGroupPut :: AuthMonad m => UserGroupId -> UserGroup -> MToken' '["auth-update"] -> m Unit
- Servant.Server.Auth.Token: authRestore :: AuthMonad m => UserId -> Maybe RestoreCode -> Maybe Password -> m ()
+ Servant.Server.Auth.Token: authRestore :: AuthMonad m => UserId -> Maybe RestoreCode -> Maybe Password -> m Unit
- Servant.Server.Auth.Token: authSignout :: AuthMonad m => Maybe (Token '[]) -> m ()
+ Servant.Server.Auth.Token: authSignout :: AuthMonad m => Maybe (Token '[]) -> m Unit
- Servant.Server.Auth.Token: authSignup :: AuthMonad m => ReqRegister -> MToken '["auth-register"] -> m (OnlyField "user" UserId)
+ Servant.Server.Auth.Token: authSignup :: AuthMonad m => ReqRegister -> MToken' '["auth-register"] -> m (OnlyField "user" UserId)
- Servant.Server.Auth.Token: authTouch :: AuthMonad m => Maybe Seconds -> MToken '[] -> m ()
+ Servant.Server.Auth.Token: authTouch :: AuthMonad m => Maybe Seconds -> MToken '[] -> m Unit
- Servant.Server.Auth.Token: authUserDelete :: AuthMonad m => UserId -> MToken '["auth-delete"] -> m ()
+ Servant.Server.Auth.Token: authUserDelete :: AuthMonad m => UserId -> MToken' '["auth-delete"] -> m Unit
- Servant.Server.Auth.Token: authUserInfo :: AuthMonad m => UserId -> MToken '["auth-info"] -> m RespUserInfo
+ Servant.Server.Auth.Token: authUserInfo :: AuthMonad m => UserId -> MToken' '["auth-info"] -> m RespUserInfo
- Servant.Server.Auth.Token: authUserPatch :: AuthMonad m => UserId -> PatchUser -> MToken '["auth-update"] -> m ()
+ Servant.Server.Auth.Token: authUserPatch :: AuthMonad m => UserId -> PatchUser -> MToken' '["auth-update"] -> m Unit
- Servant.Server.Auth.Token: authUserPut :: AuthMonad m => UserId -> ReqRegister -> MToken '["auth-update"] -> m ()
+ Servant.Server.Auth.Token: authUserPut :: AuthMonad m => UserId -> ReqRegister -> MToken' '["auth-update"] -> m Unit
- Servant.Server.Auth.Token: authUsersInfo :: AuthMonad m => Maybe Page -> Maybe PageSize -> MToken '["auth-info"] -> m RespUsersInfo
+ Servant.Server.Auth.Token: authUsersInfo :: AuthMonad m => Maybe Page -> Maybe PageSize -> MToken' '["auth-info"] -> m RespUsersInfo
Files
- CHANGELOG.md +5/−0
- servant-auth-token.cabal +3/−3
- src/Servant/Server/Auth/Token.hs +33/−23
CHANGELOG.md view
@@ -1,3 +1,8 @@+0.2.0.0+=======++* Implement `servant-auth-token-0.2.0.0` API.+ 0.1.2.0 =======
servant-auth-token.cabal view
@@ -1,5 +1,5 @@ name: servant-auth-token-version: 0.1.2.0+version: 0.2.0.0 synopsis: Servant based API and server for token based authorisation description: Please see README.md homepage: https://github.com/ncrashed/servant-auth-token#readme@@ -29,7 +29,7 @@ Servant.Server.Auth.Token build-depends: base >= 4.7 && < 5- , aeson-injector >= 1.0.2 && < 1.1+ , aeson-injector >= 1.0.4 && < 1.1 , bytestring >= 0.10 && < 0.11 , containers >= 0.5 && < 0.6 , mtl >= 2.2 && < 2.3@@ -37,7 +37,7 @@ , persistent-postgresql >= 2.2 && < 2.3 , persistent-template >= 2.1 && < 2.2 , pwstore-fast >= 2.4 && < 2.5- , servant-auth-token-api >= 0.1.2 && < 0.2+ , servant-auth-token-api >= 0.2.0 && < 0.3 , servant-server >= 0.7 && < 0.9 , text >= 1.2 && < 1.3 , time >= 1.5 && < 1.7
src/Servant/Server/Auth/Token.hs view
@@ -50,7 +50,7 @@ @ -- | Read a single customer from DB customerGet :: CustomerId -- ^ Customer unique id- -> MToken '["customer-read"] -- ^ Required permissions for auth token+ -> MToken' '["customer-read"] -- ^ Required permissions for auth token -> App Customer -- ^ Customer data customerGet i token = do guardAuthToken token @@ -92,6 +92,7 @@ import Control.Monad.Except import Control.Monad.Reader import Crypto.PasswordStore+import Data.Aeson.Unit import Data.Aeson.WithField import Data.Maybe import Data.Monoid@@ -218,11 +219,12 @@ authTouch :: AuthMonad m => Maybe Seconds -- ^ Expire query parameter, how many seconds the token should be valid by now. 'Nothing' means default value defined in server config. -> MToken '[] -- ^ Authorisation header with token - -> m ()+ -> m Unit authTouch mexpire token = runAuth $ do Entity i mt <- guardAuthToken' (fmap unToken token) [] expire <- calcExpire mexpire runDB $ replace i mt { authTokenExpire = expire }+ return Unit -- | Implementation of "token" method, return -- info about user binded to the token@@ -242,12 +244,13 @@ -- | Implementation of "signout" method authSignout :: AuthMonad m => Maybe (Token '[]) -- ^ Authorisation header with token - -> m ()+ -> m Unit authSignout token = runAuth $ do Entity i mt <- guardAuthToken' (fmap unToken token) [] expire <- liftIO getCurrentTime runDB $ replace i mt { authTokenExpire = expire }-+ return Unit + -- | Checks given password and if it is invalid in terms of config -- password validator, throws 400 error. guardPassword :: Password -> AuthHandler ()@@ -258,7 +261,7 @@ -- | Implementation of "signup" method authSignup :: AuthMonad m => ReqRegister -- ^ Registration info- -> MToken '["auth-register"] -- ^ Authorisation header with token + -> MToken' '["auth-register"] -- ^ Authorisation header with token -> m (OnlyField "user" UserId) authSignup ReqRegister{..} token = runAuth $ do guardAuthToken token@@ -279,7 +282,7 @@ authUsersInfo :: AuthMonad m => Maybe Page -- ^ Page num parameter -> Maybe PageSize -- ^ Page size parameter- -> MToken '["auth-info"] -- ^ Authorisation header with token+ -> MToken' '["auth-info"] -- ^ Authorisation header with token -> m RespUsersInfo authUsersInfo mp msize token = runAuth $ do guardAuthToken token@@ -299,7 +302,7 @@ -- | Implementation of get "user" method authUserInfo :: AuthMonad m => UserId -- ^ User id - -> MToken '["auth-info"] -- ^ Authorisation header with token+ -> MToken' '["auth-info"] -- ^ Authorisation header with token -> m RespUserInfo authUserInfo uid' token = runAuth $ do guardAuthToken token@@ -309,8 +312,8 @@ authUserPatch :: AuthMonad m => UserId -- ^ User id -> PatchUser -- ^ JSON with fields for patching- -> MToken '["auth-update"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-update"] -- ^ Authorisation header with token+ -> m Unit authUserPatch uid' body token = runAuth $ do guardAuthToken token whenJust (patchUserPassword body) guardPassword @@ -319,13 +322,14 @@ strength <- getsConfig passwordsStrength Entity _ user' <- runDB $ patchUser strength body $ Entity uid user runDB $ replace uid user'+ return Unit -- | Implementation of put "user" method authUserPut :: AuthMonad m => UserId -- ^ User id -> ReqRegister -- ^ New user- -> MToken '["auth-update"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-update"] -- ^ Authorisation header with token+ -> m Unit authUserPut uid' ReqRegister{..} token = runAuth $ do guardAuthToken token guardPassword reqRegPassword@@ -340,15 +344,17 @@ replace uid user' setUserPermissions uid reqRegPermissions whenJust reqRegGroups $ setUserGroups uid+ return Unit -- | Implementation of patch "user" method authUserDelete :: AuthMonad m => UserId -- ^ User id - -> MToken '["auth-delete"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-delete"] -- ^ Authorisation header with token+ -> m Unit authUserDelete uid' token = runAuth $ do guardAuthToken token runDB $ deleteCascade (toKey uid' :: UserImplId)+ return Unit -- Generate new password for user. There is two phases, first, the method -- is called without 'code' parameter. The system sends email with a restore code@@ -358,7 +364,7 @@ => UserId -- ^ User id -> Maybe RestoreCode -> Maybe Password- -> m ()+ -> m Unit authRestore uid' mcode mpass = runAuth $ do let uid = toKey uid' user <- guardUser uid @@ -376,6 +382,7 @@ guardRestoreCode uid code user' <- setUserPassword pass user runDB $ replace uid user'+ return Unit -- | Getting user by id, throw 404 response if not found guardUser :: UserImplId -> AuthHandler UserImpl@@ -419,7 +426,7 @@ -- | Getting info about user group, requires 'authInfoPerm' for token authGroupGet :: AuthMonad m => UserGroupId- -> MToken '["auth-info"] -- ^ Authorisation header with token+ -> MToken' '["auth-info"] -- ^ Authorisation header with token -> m UserGroup authGroupGet i token = runAuth $ do guardAuthToken token@@ -428,7 +435,7 @@ -- | Inserting new user group, requires 'authUpdatePerm' for token authGroupPost :: AuthMonad m => UserGroup- -> MToken '["auth-update"] -- ^ Authorisation header with token+ -> MToken' '["auth-update"] -- ^ Authorisation header with token -> m (OnlyId UserGroupId) authGroupPost ug token = runAuth $ do guardAuthToken token@@ -438,36 +445,39 @@ authGroupPut :: AuthMonad m => UserGroupId -> UserGroup- -> MToken '["auth-update"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-update"] -- ^ Authorisation header with token+ -> m Unit authGroupPut i ug token = runAuth $ do guardAuthToken token runDB $ updateUserGroup i ug + return Unit -- | Patch info about given user group, requires 'authUpdatePerm' for token authGroupPatch :: AuthMonad m => UserGroupId -> PatchUserGroup- -> MToken '["auth-update"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-update"] -- ^ Authorisation header with token+ -> m Unit authGroupPatch i up token = runAuth $ do guardAuthToken token runDB $ patchUserGroup i up + return Unit -- | Delete all info about given user group, requires 'authDeletePerm' for token authGroupDelete :: AuthMonad m => UserGroupId- -> MToken '["auth-delete"] -- ^ Authorisation header with token- -> m ()+ -> MToken' '["auth-delete"] -- ^ Authorisation header with token+ -> m Unit authGroupDelete i token = runAuth $ do guardAuthToken token runDB $ deleteUserGroup i + return Unit -- | Get list of user groups, requires 'authInfoPerm' for token authGroupList :: AuthMonad m => Maybe Page -> Maybe PageSize- -> MToken '["auth-info"] -- ^ Authorisation header with token+ -> MToken' '["auth-info"] -- ^ Authorisation header with token -> m (PagedList UserGroupId UserGroup) authGroupList mp msize token = runAuth $ do guardAuthToken token