yesod-auth-hashdb 1.4.1 → 1.4.1.1
raw patch · 3 files changed
+48/−22 lines, 3 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
Files
- Yesod/Auth/HashDB.hs +26/−15
- test/NonDBTests.hs +6/−5
- yesod-auth-hashdb.cabal +16/−2
Yesod/Auth/HashDB.hs view
@@ -20,7 +20,7 @@ -- Portability : Portable -- -- A yesod-auth AuthPlugin designed to look users up in a Persistent--- database where their user id and a hash of their password is stored.+-- database where the hash of their password is stored. -- -- This module was removed from @yesod-auth-1.3.0.0@ and is now -- maintained separately.@@ -51,24 +51,29 @@ -- and can ignore the salt. -- -- In a system which has been migrated from the old format, passwords--- which are reset using the new format will have an empty salt field.+-- which are reset will use the new format and will have an empty salt field. -- Once all the entries are of this form, it is safe to change the model -- to remove the salt, and change the 'HashDBUser' instance accordingly. ----- To use this in a Yesod application, it must be an instance of--- YesodPersist, and the username and hashed-passwords should be added--- to the database. The followng steps give an outline of what is required.+-- To use this in a Yesod application, the foundation data type must be an+-- instance of YesodPersist, and the username and hashed passwords should+-- be added to the database. The following steps give an outline of what+-- is required. -- -- You need a database table to store user records: in a scaffolded site it -- might look like: -- -- > User--- > name Text -- user name used by HashDB+-- > name Text -- user name used to uniquely identify users -- > password Text Maybe -- password hash for HashDB -- > UniqueUser name ----- Create an instance of 'HashDBUser' for this data type:+-- Create an instance of 'HashDBUser' for this data type. For historical+-- reasons "Yesod.Auth.HashDB" exports some names which are quite likely to+-- clash with your own, so it is a good idea to import just the ones you need: --+-- > import Yesod.Auth.HashDB (HashDBUser(..))+-- > .... -- > instance HashDBUser User where -- > userPasswordHash = userPassword -- > setPasswordHash h u = u { userPassword = Just h }@@ -76,20 +81,25 @@ -- In the YesodAuth instance declaration for your app, include 'authHashDB' -- like so: --+-- > import Yesod.Auth.HashDB (authHashDB, getAuthIdHashDB)+-- > .... -- > instance YesodAuth App where -- > .... -- > authPlugins _ = [ authHashDB (Just . UniqueUser), .... ]--- > getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser)+-- > getAuthId = getAuthIdHashDB AuthR (Just . UniqueUser) -- Optional, see below -- -- @AuthR@ should be your authentication route, and the function -- @(Just . UniqueUser)@ supplied to both 'authHashDB' and -- 'getAuthIdHashDB' takes a 'Text' and produces a 'Unique' value to--- look up in the User table. 'getAuthIdHashDB' is just a convenience--- for the case when 'HashDB' is the only plugin, and something else--- would be needed when other plugins are used as well.+-- look up in the User table. In a scaffolded site you may not need to+-- change the definition of @getAuthId@ at all, or you may prefer to modify+-- the function which the scaffolding defines: 'getAuthIdHashDB' is just a+-- convenience for the case when 'HashDB' is the only plugin. ----- You can create password hashes manually as follows, if you need to--- initialise the database:+-- The application developer should provide an interface for setting passwords;+-- it needs to call 'setPassword' and save the result in the database.+-- You can also create password hashes manually as follows, if you need to+-- initialise the database by hand: -- -- > ghci -XOverloadedStrings -- > > import Crypto.PasswordStore@@ -165,8 +175,9 @@ defaultStrength :: Int defaultStrength = 14 --- | Interface for data type which holds user info. It's just a--- collection of getters and setters+-- | The type representing user information stored in the database should+-- be an instance of this class. It just provides the getters and setters+-- used by the functions in this module. class HashDBUser user where -- | Retrieve password hash from user data userPasswordHash :: user -> Maybe Text
test/NonDBTests.hs view
@@ -53,11 +53,12 @@ valid `shouldBe` Just True it "still works after a second upgrade to a stronger setting" $ do newuser <- upgradePasswordHash defaultStrength oldStyleValidUser- neweruser <- case newuser of- Just u -> upgradePasswordHash stronger u- Nothing -> return $ Just oldStyleBadUser1 -- failure- let valid = neweruser >>= flip validatePass mypassword- valid `shouldBe` Just True+ case newuser of+ Just u -> do+ neweruser <- upgradePasswordHash stronger u+ let valid = neweruser >>= flip validatePass mypassword+ valid `shouldBe` Just True+ Nothing -> expectationFailure "Failed to upgrade user!" it "is Nothing if there is no password hash" $ do newuser <- upgradePasswordHash defaultStrength oldStyleBadUser1 newuser `shouldBe` Nothing
yesod-auth-hashdb.cabal view
@@ -1,5 +1,5 @@ name: yesod-auth-hashdb-version: 1.4.1+version: 1.4.1.1 license: MIT license-file: LICENSE author: Patrick Brisbin, later changes Paul Rouse@@ -11,7 +11,21 @@ build-type: Simple homepage: https://github.com/paul-rouse/yesod-auth-hashdb bug-reports: https://github.com/paul-rouse/yesod-auth-hashdb/issues-description: This package is the Yesod.Auth.HashDB plugin, originally included in yesod-auth, but now modified to be more secure and placed in a separate package.+description:+ This package is the Yesod.Auth.HashDB plugin, originally included as part+ of yesod-auth, but now modified to be more secure and placed in a separate+ package.+ .+ It provides authentication using hashed passwords stored in a database,+ and works best in situations where an administrator is involved in+ setting up a user with an initial password.+ .+ The complete login process, including a default form, is implemented by+ this plugin, but the application developer must design the interfaces+ for setting up users and allowing them to change their own passwords,+ since only the low-level password-setting functions are provided by this+ package. (Note that other authentication plugins may be more appropriate+ if you wish to use email verification to set up accounts). library build-depends: base >= 4 && < 5