Lucu-0.4.2: Network/HTTP/Lucu/Authorization.hs
{-# OPTIONS_HADDOCK prune #-}
-- |Manipulation of WWW authorization.
module Network.HTTP.Lucu.Authorization
( AuthChallenge(..)
, AuthCredential(..)
, Realm
, UserID
, Password
, authCredentialP -- private
)
where
import qualified Codec.Binary.Base64 as B64
import Data.Maybe
import Network.HTTP.Lucu.Parser
import Network.HTTP.Lucu.Parser.Http
import Network.HTTP.Lucu.Utils
-- |Authorization challenge to be sent to client with
-- \"WWW-Authenticate\" header. See
-- 'Network.HTTP.Lucu.Resource.setWWWAuthenticate'.
data AuthChallenge
= BasicAuthChallenge Realm
deriving (Eq)
-- |'Realm' is just a string which must not contain any non-ASCII letters.
type Realm = String
-- |Authorization credential to be sent by client with
-- \"Authorization\" header. See
-- 'Network.HTTP.Lucu.Resource.getAuthorization'.
data AuthCredential
= BasicAuthCredential UserID Password
deriving (Show, Eq)
-- |'UserID' is just a string which must not contain colon and any
-- non-ASCII letters.
type UserID = String
-- |'Password' is just a string which must not contain any non-ASCII
-- letters.
type Password = String
instance Show AuthChallenge where
show (BasicAuthChallenge realm)
= "Basic realm=" ++ quoteStr realm
authCredentialP :: Parser AuthCredential
authCredentialP = allowEOF $!
do _ <- string "Basic"
_ <- many1 lws
b64 <- many1
$ satisfy (\ c -> (c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z') ||
(c >= '0' && c <= '9') ||
c == '+' ||
c == '/' ||
c == '=')
let decoded = map (toEnum . fromEnum) (fromJust $ B64.decode b64)
case break (== ':') decoded of
(uid, ':' : password)
-> return (BasicAuthCredential uid password)
_ -> failP