wordpress-auth 1.0.0.0 → 1.0.0.1
raw patch · 3 files changed
+38/−34 lines, 3 filesdep ~base16-bytestringdep ~textPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: base16-bytestring, text
API changes (from Hackage documentation)
Files
- CHANGELOG.md +4/−0
- src/Wordpress/Auth.hs +22/−22
- wordpress-auth.cabal +12/−12
CHANGELOG.md view
@@ -1,5 +1,9 @@ # ChangeLog +## v1.0.0.1++Support 1.0 release of `base16-bytestring`.+ ## v1.0.0.0 Initial Release
src/Wordpress/Auth.hs view
@@ -22,9 +22,9 @@ Then you'll want to pull the specific cookie's text out of the Cookie header(see 'findCookie') & use then 'parseWordpressCookie' to build-a 'WPCookie'. You should then use the `username` field of the cookie to+a 'WPCookie'. You should then use the 'username' field of the cookie to query your Wordpress database for the User's @ID@('WordpressUserId')-& @user_pass@('WordpresUserPass') fields as well as the @session_tokens@+& @user_pass@('WordpressUserPass') fields as well as the @session_tokens@ User Meta('SessionToken'). Equiped with these and the current time(via@@ -214,7 +214,7 @@ { getCookieName :: m CookieName -- ^ A monadic action that generates a `CookieName`. You can simply -- return a constant value, or do something more complex like- -- querying your database for the `siteurl` option.+ -- querying your database for the @siteurl@ option. , loggedInScheme :: AuthScheme -- ^ The @LOGGED_IN_KEY@ & @LOGGED_IN_SALT@ from your -- @wp-config.php@.@@ -261,7 +261,7 @@ | UserDataNotFound -- ^ The `getUserData` function returned `Nothing`. | NoNonce- -- ^ The `Request` has no @X-WP-Nonce@ header.+ -- ^ The @Request@ has no @X-WP-Nonce@ header. | InvalidNonce -- ^ The nonce couldn't be validated. deriving (Show, Eq)@@ -300,7 +300,7 @@ -- headers. data CookieHeaderError = NoCookieHeader- -- ^ The `Request` has no `Cookie` header.+ -- ^ The Request has no @Cookie@ header. | NoCookieMatches -- ^ No Cookie matched the expected `CookieName`. deriving (Show, Eq)@@ -316,11 +316,11 @@ -- Cookies -- | This represents a Cookie set by a Wordpress authentication scheme--- (`auth`, `auth_sec`, & `logged_in`).+-- (@auth@, @auth_sec@, & @logged_in@). data WPCookie = WPCookie { username :: Text- -- ^ The `user_login` column for the Wordpress User.+ -- ^ The @user_login@ column for the Wordpress User. , expiration :: POSIXTime -- ^ The expiration time of the Cookie. , token :: CookieToken@@ -338,13 +338,13 @@ -- | Potential errors we may encounter while parsing a `WPCookie`. data CookieParseError = MalformedCookie- -- ^ The cookie did not have 4 fields separated by `|` characters.+ -- ^ The cookie did not have 4 fields separated by @|@ characters. | InvalidExpiration -- ^ The `expiration` field of the cookie is not an Integer. deriving (Show, Eq) --- | Parse a `WPCookie` from the body text of an `auth`, `auth_sec`, or--- `logged_in` cookie.+-- | Parse a `WPCookie` from the body text of an @auth@, @auth_sec@, or+-- @logged_in@ cookie. parseWordpressCookie :: Text -> Either CookieParseError WPCookie parseWordpressCookie rawCookie = case T.splitOn "|" rawCookie of [username, expiration_, token_, hmac] ->@@ -424,7 +424,7 @@ -- Hashing / Salting --- | A port of the `wp_hash` function. This performs an 'MD5.hmac' hash on+-- | A port of the @wp_hash@ function. This performs an 'MD5.hmac' hash on -- some text using a secret derived from the authentication scheme's key -- & salt constants. wordpressHash :: AuthScheme -> Text -> Text@@ -432,7 +432,7 @@ let secret = HashSecret $ wordpressSalt scheme in hmacText MD5.hmac secret $ HashMessage textToHash --- | A port of the `wp_salt` function. Builds a secret key for a hashing+-- | A port of the @wp_salt@ function. Builds a secret key for a hashing -- function using the auth scheme's key & salt. wordpressSalt :: AuthScheme -> Text wordpressSalt AuthScheme { schemeKey, schemeSalt } =@@ -442,7 +442,7 @@ -- Tokens --- | A User Session's Token. These can be found in the `usermeta` Wordpress+-- | A User Session's Token. These can be found in the @usermeta@ Wordpress -- table for rows where @meta_key="session_token"@. -- -- You'll probably want to use `decodeSessionTokens` to parse the tables's@@ -455,7 +455,7 @@ deriving (Show, Eq) -- | Decode a serialized PHP array containing a User's Session Tokens.--- These are usually stored as the `session_tokens` usermeta.+-- These are usually stored as the @session_tokens@ usermeta. -- -- It may be an associative array of tokens to expiration times, or tokens -- to an associative array of sub-fields:@@ -542,7 +542,7 @@ -- hash of the current or previous tick. validateNonce :: AuthScheme -- ^ The Wordpress site's @nonce@ scheme constants - @NONCE_KEY@ & @NONCE_SALT@.- -> Maybe CookieToken -- ^ A token from the `logged_in` cookie.+ -> Maybe CookieToken -- ^ A token from the @logged_in@ cookie. -> NonceTick -- ^ The current tick number. -> Maybe WordpressUserId -- ^ The ID of the currently logged in User. -> Text -- ^ The @action@ of the nonce (e.g., @"wp_rest"@ for API requests).@@ -584,22 +584,22 @@ } deriving (Show, Eq) --- | An auth scheme's `_KEY` constant, usually defined in your Wordpress--- site's @wp-config.php@. E.g., `LOGGED_IN_KEY`+-- | An auth scheme's @_KEY@ constant, usually defined in your Wordpress+-- site's @wp-config.php@. E.g., @LOGGED_IN_KEY@ newtype WordpressKey = WordpressKey { unKey :: Text } deriving (Show, Eq)--- | An auth scheme's `_SALT` constant, usually defined in your Wordpress--- site's @wp-config.php@. E.g., `LOGGED_IN_SALT`+-- | An auth scheme's @_SALT@ constant, usually defined in your Wordpress+-- site's @wp-config.php@. E.g., @LOGGED_IN_SALT@ newtype WordpressSalt = WordpressSalt { unSalt :: Text } deriving (Show, Eq) --- | Build the `_KEY` value for an authentiation scheme.+-- | Build the @_KEY@ value for an authentiation scheme. wpConfigKey :: Text -> WordpressKey wpConfigKey = WordpressKey --- | Build the `_SALT` value for an authentiation scheme.+-- | Build the @_SALT@ value for an authentiation scheme. wpConfigSalt :: Text -> WordpressSalt wpConfigSalt = WordpressSalt @@ -629,6 +629,6 @@ hashText hasher = decodeUtf8 . Base16.encode . hasher . encodeUtf8 . hashMessage --- Join the different text to hash together by `|` like Wordpress expects.+-- Join the different text to hash together by @|@ like Wordpress expects. joinHashParts :: [Text] -> Text joinHashParts = T.intercalate "|"
wordpress-auth.cabal view
@@ -1,13 +1,13 @@ cabal-version: 1.12 --- This file has been generated from package.yaml by hpack version 0.31.1.+-- This file has been generated from package.yaml by hpack version 0.34.4. -- -- see: https://github.com/sol/hpack ----- hash: c33e1a894c3fedf7883654d7bd9f0199378cdece3892f962cd629ba877ddaba9+-- hash: 82c4605ae4faddea533a20c6753a62d06b98d4f614812c8df4dbf45f001774d6 name: wordpress-auth-version: 1.0.0.0+version: 1.0.0.1 synopsis: Validate Wordpress Cookies & Nonces; Build Wordpress Hashes & Salts description: This package is used for validating Cookie data & Nonces from Wordpress. .@@ -38,15 +38,15 @@ ghc-options: -Wall -Wcompat -Wincomplete-record-updates -Wincomplete-uni-patterns -Wredundant-constraints build-depends: base >=4.7 && <5- , base16-bytestring >=0.1 && <0.2+ , base16-bytestring <1.1 , bytestring >=0.10 && <0.12- , cookie >=0.4 && <0.5- , cryptohash-md5 >=0.11 && <0.12- , cryptohash-sha256 >=0.11 && <0.12+ , cookie ==0.4.*+ , cryptohash-md5 ==0.11.*+ , cryptohash-sha256 ==0.11.* , hs-php-session >=0.0.9 && <0.1- , http-types >=0.12 && <0.13- , mtl >=2 && <3- , text >=1 && <2- , time >=1 && <2- , uri-encode >=1.5 && <1.6+ , http-types ==0.12.*+ , mtl ==2.*+ , text ==1.*+ , time ==1.*+ , uri-encode ==1.5.* default-language: Haskell2010