packages feed

yesod-auth-ldap-native 0.1.0.2 → 0.2.0.0

raw patch · 2 files changed

+29/−24 lines, 2 filesPVP ok

version bump matches the API change (PVP)

API changes (from Hackage documentation)

+ Yesod.Auth.LdapNative: LdapCreds :: Dn -> Password -> LdapCreds
+ Yesod.Auth.LdapNative: [lcDn] :: LdapCreds -> Dn
+ Yesod.Auth.LdapNative: [lcPw] :: LdapCreds -> Password
+ Yesod.Auth.LdapNative: data LdapCreds
- Yesod.Auth.LdapNative: mkLdapConf :: Text -> Text -> Text -> LdapAuthConf
+ Yesod.Auth.LdapNative: mkLdapConf :: Maybe (Text, Text) -> Text -> LdapAuthConf

Files

src/Yesod/Auth/LdapNative.hs view
@@ -17,17 +17,18 @@ ----------------------------------------------------------------------------  module Yesod.Auth.LdapNative-  ( +  (   -- * Usage   -- $use    -- * Plugin Configuration     authLdap   , authLdapWithForm-  +   -- * LDAP Configuration   , LdapAuthConf   , LdapAuthQuery (..)+  , LdapCreds (..)   , mkLdapConf   , mkGroupQuery   , setHost@@ -61,16 +62,15 @@ loginRoute = PluginR pluginName ["login"]  -- | LDAP configuration.--- +-- -- Details hidden on purpose. -- Use 'mkLdapConf' to create default config and functions below to adjust to taste. data LdapAuthConf = LdapAuthConf   -- connection   { host   :: L.Host   , port   :: L.PortNumber-  , bindDn :: L.Dn-  , bindPw :: L.Password-  +  , bindCreds :: Maybe LdapCreds+   -- queries   , userQuery  :: LdapAuthQuery   , groupQuery :: Maybe LdapAuthQuery@@ -79,6 +79,12 @@   , debug  :: Int   } +-- | LDAP dn and password+data LdapCreds = LdapCreds+  { lcDn :: L.Dn+  , lcPw :: L.Password+  }+ -- | Query parameters. -- -- Standard LDAP query parameters except filter is a function of the username.@@ -86,21 +92,19 @@  -- | Default LDAP configuration. mkLdapConf-  :: Text     -- ^ bindDn-  -> Text     -- ^ bindPw+  :: Maybe (Text, Text)     -- ^ bindDn and bindPw   -> Text     -- ^ user query baseDn   -> LdapAuthConf-mkLdapConf bindDn bindPw baseDn = LdapAuthConf+mkLdapConf mbindc baseDn = LdapAuthConf   { host   = L.Secure "localhost"   , port   = 636-  , bindDn = L.Dn bindDn-  , bindPw = L.Password (T.encodeUtf8 bindPw)-+  , bindCreds = (\(dn,p) -> LdapCreds (L.Dn dn) (L.Password $ T.encodeUtf8 p)) <$> mbindc   , userQuery  = mkUserQuery baseDn   , groupQuery = Nothing    , debug = 0   }+-- (Just (bindDn,bindPw))  -- | Default LDAP user query. mkUserQuery@@ -147,8 +151,8 @@ -- Do not use in production. setDebug :: Int -> LdapAuthConf -> LdapAuthConf setDebug level conf = conf { debug = level }-   + authLdap :: YesodAuth m => LdapAuthConf -> AuthPlugin m authLdap conf = authLdapWithForm conf defaultForm @@ -185,7 +189,7 @@     Right (L.SearchEntry _ attrs) -> do       let extra = map f attrs       lift $ setCredsRedirect $ Creds pluginName username extra-  +   where     f (L.Attr k, x : _) = (k, T.decodeUtf8 x)     f (L.Attr k, _)     = (k, "")@@ -216,10 +220,12 @@ ldapLogin :: LdapAuthConf -> Text -> Text -> IO (Either LdapAuthError L.SearchEntry) ldapLogin conf user pw = do   res <- L.with (host conf) (port conf) $ \l ->-    +     runEitherT $ do       -- service bind-      esb <- lift $ L.bindEither l (bindDn conf) (bindPw conf)+      esb <- case bindCreds conf of+              Just c -> lift $ L.bindEither l (lcDn c) (lcPw c)+              Nothing -> return $ Right ()       case esb of         Right _ -> return ()         Left _ -> left ServiceBindError@@ -239,7 +245,7 @@               Nothing -> return $ Right []       case eg of         -- either becase groupQuery was not provided or returned nothing-        Right [] -> case mg of +        Right [] -> case mg of                       Just _  -> left GroupMembershipError                       Nothing -> return ()         Right _  -> return ()@@ -252,7 +258,6 @@         Left _  -> left UserBindError        return se-   case res of     Left err -> return $ Left $ LdapError err     Right x -> return x@@ -286,9 +291,9 @@ -- Basic configuration in Foundation.hs: -- -- > ldapConf :: LdapAuthConf--- > ldapConf = +-- > ldapConf = -- >     setHost (Secure "127.0.0.1") $ setPort 636--- >   $ mkLdapConf "cn=Manager,dc=example,dc=com" "v3ryS33kret" "ou=people,dc=example,dc=com"+-- >   $ mkLdapConf (Just ("cn=Manager,dc=example,dc=com", "v3ryS33kret")) "ou=people,dc=example,dc=com" -- -- And add __authLdap ldapConf__ to your __authPlugins__. --@@ -299,10 +304,10 @@ -- For additional group authentication use 'setGroupQuery': -- -- > ldapConf :: LdapAuthConf--- > ldapConf = +-- > ldapConf = -- >     setGroupQuery (Just $ mkGroupQuery "ou=group,dc=example,dc=com" "cn" "it" "memberUid") -- >   $ setHost (Secure "127.0.0.1") $ setPort 636--- >   $ mkLdapConf "cn=yourapp,ou=services,dc=example,dc=com" "v3ryS33kret" "ou=people,dc=example,dc=com"+-- >   $ mkLdapConf (Just ("cn=yourapp,ou=services,dc=example,dc=com", "v3ryS33kret")) "ou=people,dc=example,dc=com" -- -- In the example above user jdoe will only be successfully authenticated when: --@@ -315,5 +320,5 @@ -- When testing or during initial configuration consider using 'setDebug' - set to 1 to enable. This will -- give you exact error condition instead of "That is all we know". Never use it in production though as it -- may reveal sensitive information.--- +-- -- Refer to 'ldap-client' documentation for details.
yesod-auth-ldap-native.cabal view
@@ -1,5 +1,5 @@ name:                yesod-auth-ldap-native-version:             0.1.0.2+version:             0.2.0.0 synopsis:            Yesod LDAP authentication plugin description:         This package provides an LDAP authentication plugin for Yesod. homepage:            http://github.com/mulderr/yesod-auth-ldap-native