wai-middleware-auth 0.2.3.0 → 0.2.3.1
raw patch · 6 files changed
+51/−45 lines, 6 filesPVP: minor bump suggested
API additions: PVP suggests at least a minor version bump
API changes (from Hackage documentation)
+ Network.Wai.Middleware.Auth.OIDC: discoverURI :: URI -> IO OpenIDConnect
Files
- CHANGELOG.md +36/−40
- src/Network/Wai/Auth/Internal.hs +2/−1
- src/Network/Wai/Middleware/Auth/OIDC.hs +10/−1
- test/Spec/Network/Wai/Middleware/Auth/OAuth2.hs +1/−1
- test/Spec/Network/Wai/Middleware/Auth/OIDC.hs +1/−1
- wai-middleware-auth.cabal +1/−1
CHANGELOG.md view
@@ -1,62 +1,58 @@-0.2.3.0-=======+# 0.2.3.1 -* Support `hoauth2-1.11.0`-* Drop support for `jose` versions < 0.8-* Expose `decodeKey`-* OAuth2 provider remove a session when an access token expires. It will use a+- Expose `discoverURI` in `Network.Wai.Middleware.Auth.OIDC`+- Fix bug with OAuth2 and OpenID Connect authentication where scopes were+ separated using comma's instead of spaces.++ # 0.2.3.0++- Support `hoauth2-1.11.0`+- Drop support for `jose` versions < 0.8+- Expose `decodeKey`+- OAuth2 provider remove a session when an access token expires. It will use a refresh token if one is available to create a new session. If no refresh token is available it will redirect the user to re-authenticate.-* Providers can define logic for refreshing a session without user intervention.-* Add an OpenID Connect provider.+- Providers can define logic for refreshing a session without user intervention.+- Add an OpenID Connect provider. -0.2.2.0-=======+ # 0.2.2.0 -* Add request logging to executable-* Newer multistage Docker build system+- Add request logging to executable+- Newer multistage Docker build system -0.2.1.0-=======+ # 0.2.1.0 -* Fix a bug in deserialization of `UserIdentity`+- Fix a bug in deserialization of `UserIdentity` -0.2.0.0-=======+ # 0.2.0.0 -* Drop compatiblity with hoauth2 versions <= 1.0.0.-* Add a function for getting the oauth2 token from an authenticated request.-* Modify encoding of oauth2 session cookies. As a consequence existing cookies will be invalid.+- Drop compatiblity with hoauth2 versions <= 1.0.0.+- Add a function for getting the oauth2 token from an authenticated request.+- Modify encoding of oauth2 session cookies. As a consequence existing cookies will be invalid. -0.1.2.1-=======+ # 0.1.2.1 -* Compatibility with hoauth2-1.3.0 - fixed: [#4](https://github.com/fpco/wai-middleware-auth/issues/4)+- Compatibility with hoauth2-1.3.0 - fixed: [#4](https://github.com/fpco/wai-middleware-auth/issues/4) -0.1.2.0-=======+ # 0.1.2.0 -* Implemented compatibility with hoauth2 >= 1.0.0 - fixed: [#3](https://github.com/fpco/wai-middleware-auth/issues/3)+- Implemented compatibility with hoauth2 >= 1.0.0 - fixed: [#3](https://github.com/fpco/wai-middleware-auth/issues/3) -0.1.1.2-=======+ # 0.1.1.2 -* Fixed [wai-middleware-auth-0.1.1.1 does not compile in 32 bit Linux](https://github.com/fpco/wai-middleware-auth/issues/2)+- Fixed [wai-middleware-auth-0.1.1.1 does not compile in 32 bit Linux](https://github.com/fpco/wai-middleware-auth/issues/2) -0.1.1.1-=======+ # 0.1.1.1 -* Disallow empty `userIdentity` to produce a successfull login.-* Produces a 404 on `/favicon.ico` page if not logged in: work around for issue+- Disallow empty `userIdentity` to produce a successfull login.+- Produces a 404 on `/favicon.ico` page if not logged in: work around for issue with Chrome requesting it first and messing up the redirect url.-* Added JQuery to the template, since it's bootstrap's requirement.+- Added JQuery to the template, since it's bootstrap's requirement. -0.1.1.0-=======+ # 0.1.1.0 -* Fixed whitelist email regex matching for Github and Google auth.+- Fixed whitelist email regex matching for Github and Google auth. -0.1.0.0-=======+ # 0.1.0.0 -* Initial implementation.+- Initial implementation.
src/Network/Wai/Auth/Internal.hs view
@@ -76,7 +76,8 @@ oauth2Login oauth2 man oa2Scope providerName req suffix onSuccess onFailure = case suffix of [] -> do- let scope = (encodeUtf8 . T.intercalate ",") <$> oa2Scope+ -- https://tools.ietf.org/html/rfc6749#section-3.3+ let scope = (encodeUtf8 . T.intercalate " ") <$> oa2Scope let redirectUrl = getRedirectURI $ appendQueryParams
src/Network/Wai/Middleware/Auth/OIDC.hs view
@@ -11,6 +11,7 @@ ( -- * Creating a provider OpenIDConnect , discover+ , discoverURI -- * Customizing a provider , oidcClientId , oidcClientSecret@@ -165,13 +166,21 @@ Just claims -> pure (Just (storeClaims claims req, user)) --- | Fetch configuration for a provider from its discovery endpoint.+-- | Fetch configuration for a provider from its discovery+-- endpoint. Sets the path to @/.well-known/..@. -- -- @since 0.2.3.0 discover :: T.Text -> IO OpenIDConnect discover urlText = do base <- parseAbsoluteURI urlText let uri = base { U.uriPath = "/.well-known/openid-configuration" }+ discoverURI uri++-- | Fetch configuration for a provider from an exact URI.+--+-- @since 0.2.3.1+discoverURI :: U.URI -> IO OpenIDConnect+discoverURI uri = do metadata <- fetchMetadata uri jwkset <- fetchJWKSet (jwksUri metadata) pure OpenIDConnect
test/Spec/Network/Wai/Middleware/Auth/OAuth2.hs view
@@ -42,7 +42,7 @@ assertStatus 303 redirect3 assertHeader "location"- (TE.encodeUtf8 host <> "/authorize?scope=scope1%2Cscope2&client_id=client-id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fprefix%2Foauth2%2Fcomplete")+ (TE.encodeUtf8 host <> "/authorize?scope=scope1%20scope2&client_id=client-id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fprefix%2Foauth2%2Fcomplete") redirect3 , testCase "when a request is made with a valid session then pass the request through" $
test/Spec/Network/Wai/Middleware/Auth/OIDC.hs view
@@ -43,7 +43,7 @@ assertStatus 303 redirect3 assertHeader "location"- (TE.encodeUtf8 host <> "/authorize?scope=openid%2Cscope1&client_id=client-id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fprefix%2Foidc%2Fcomplete")+ (TE.encodeUtf8 host <> "/authorize?scope=openid%20scope1&client_id=client-id&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fprefix%2Foidc%2Fcomplete") redirect3 , testCase "when a request is made with a valid session then pass the request through" $
wai-middleware-auth.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.18 name: wai-middleware-auth-version: 0.2.3.0+version: 0.2.3.1 synopsis: Authentication middleware that secures WAI application description: Please see the README and Haddocks at <https://www.stackage.org/package/wai-middleware-auth> license: MIT