-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Authentication for Yesod.
--   
--   This package provides a pluggable mechanism for allowing users to
--   authenticate with your site. It comes with a number of common plugins,
--   such as OpenID, BrowserID (a.k.a., Mozilla Persona), and email. Other
--   packages are available from Hackage as well. If you've written such an
--   add-on, please notify me so that it can be added to this description.
--   
--   <ul>
--   <li><a>http://hackage.haskell.org/package/yesod-auth-account</a>: An
--   account authentication plugin for Yesod</li>
--   <li><a>http://hackage.haskell.org/package/yesod-auth-hashdb</a>: The
--   HashDB module previously packaged in yesod-auth, now with stronger,
--   but compatible, security.</li>
--   <li><a>https://github.com/ollieh/yesod-auth-bcrypt/</a>: An
--   alternative to the HashDB module.</li>
--   </ul>
@package yesod-auth
@version 1.3.4

module Yesod.Auth.Message
data AuthMessage
NoOpenID :: AuthMessage
LoginOpenID :: AuthMessage
LoginGoogle :: AuthMessage
LoginYahoo :: AuthMessage
Email :: AuthMessage
IdentifierNotFound :: Text -> AuthMessage
Password :: AuthMessage
Register :: AuthMessage
RegisterLong :: AuthMessage
EnterEmail :: AuthMessage
ConfirmationEmailSentTitle :: AuthMessage
ConfirmationEmailSent :: Text -> AuthMessage
AddressVerified :: AuthMessage
InvalidKeyTitle :: AuthMessage
InvalidKey :: AuthMessage
InvalidEmailPass :: AuthMessage
BadSetPass :: AuthMessage
SetPassTitle :: AuthMessage
SetPass :: AuthMessage
NewPass :: AuthMessage
ConfirmPass :: AuthMessage
PassMismatch :: AuthMessage
PassUpdated :: AuthMessage
Facebook :: AuthMessage
LoginViaEmail :: AuthMessage
InvalidLogin :: AuthMessage
NowLoggedIn :: AuthMessage
LoginTitle :: AuthMessage
PleaseProvideUsername :: AuthMessage
PleaseProvidePassword :: AuthMessage
NoIdentifierProvided :: AuthMessage
InvalidEmailAddress :: AuthMessage
PasswordResetTitle :: AuthMessage
ProvideIdentifier :: AuthMessage
SendPasswordResetEmail :: AuthMessage
PasswordResetPrompt :: AuthMessage
InvalidUsernamePass :: AuthMessage

-- | Defaults to <a>englishMessage</a>.
defaultMessage :: AuthMessage -> Text
englishMessage :: AuthMessage -> Text
portugueseMessage :: AuthMessage -> Text
swedishMessage :: AuthMessage -> Text
germanMessage :: AuthMessage -> Text
frenchMessage :: AuthMessage -> Text
norwegianBokmålMessage :: AuthMessage -> Text
japaneseMessage :: AuthMessage -> Text
finnishMessage :: AuthMessage -> Text
chineseMessage :: AuthMessage -> Text
spanishMessage :: AuthMessage -> Text
czechMessage :: AuthMessage -> Text
russianMessage :: AuthMessage -> Text

module Yesod.Auth
data Auth
type AuthRoute = Route Auth
data AuthPlugin master
AuthPlugin :: Text -> (Method -> [Piece] -> AuthHandler master TypedContent) -> ((Route Auth -> Route master) -> WidgetT master IO ()) -> AuthPlugin master
apName :: AuthPlugin master -> Text
apDispatch :: AuthPlugin master -> Method -> [Piece] -> AuthHandler master TypedContent
apLogin :: AuthPlugin master -> (Route Auth -> Route master) -> WidgetT master IO ()
getAuth :: a -> Auth
class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage) => YesodAuth master where type family AuthId master authLayout = defaultLayout loginHandler = do { tp <- getRouteToParent; lift $ authLayout $ do { setTitleI LoginTitle; master <- getYesod; mapM_ (flip apLogin tp) (authPlugins master) } } renderAuthMessage _ _ = defaultMessage redirectToReferer _ = False onLogin = setMessageI NowLoggedIn onLogout = return () maybeAuthId = defaultMaybeAuthId onErrorHtml dest msg = do { setMessage $ toHtml msg; fmap asHtml $ redirect dest }
authLayout :: YesodAuth master => WidgetT master IO () -> HandlerT master IO Html
loginDest :: YesodAuth master => master -> Route master
logoutDest :: YesodAuth master => master -> Route master
getAuthId :: YesodAuth master => Creds master -> HandlerT master IO (Maybe (AuthId master))
authPlugins :: YesodAuth master => master -> [AuthPlugin master]
loginHandler :: YesodAuth master => AuthHandler master Html
renderAuthMessage :: YesodAuth master => master -> [Text] -> AuthMessage -> Text
redirectToReferer :: YesodAuth master => master -> Bool
authHttpManager :: YesodAuth master => master -> Manager
onLogin :: YesodAuth master => HandlerT master IO ()
onLogout :: YesodAuth master => HandlerT master IO ()
maybeAuthId :: YesodAuth master => HandlerT master IO (Maybe (AuthId master))
onErrorHtml :: (YesodAuth master, MonadResourceBase m) => Route master -> Text -> HandlerT master m Html

-- | Constraint which states that the given site is an instance of
--   <tt>YesodAuth</tt> and that its <tt>AuthId</tt> is in fact a
--   persistent <tt>Key</tt> for the given value. This is the common case
--   in Yesod, and means that you can easily look up the full informatin on
--   a given user.
--   
--   Since 1.2.0
type YesodAuthPersist master = (YesodAuth master, PersistMonadBackend (YesodPersistBackend master (HandlerT master IO)) ~ PersistEntityBackend (AuthEntity master), Key (AuthEntity master) ~ AuthId master, PersistStore (YesodPersistBackend master (HandlerT master IO)), PersistEntity (AuthEntity master), YesodPersist master, Typeable (AuthEntity master))

-- | If the <tt>AuthId</tt> for a given site is a persistent ID, this will
--   give the value for that entity. E.g.:
--   
--   <pre>
--   type AuthId MySite = UserId
--   AuthEntity MySite ~ User
--   </pre>
--   
--   Since 1.2.0
type AuthEntity master = KeyEntity (AuthId master)

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
credsPlugin :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
credsIdent :: Creds master -> Text
credsExtra :: Creds master -> [(Text, Text)]

-- | Sets user credentials for the session after checking them with
--   authentication backends.
setCreds :: YesodAuth master => Bool -> Creds master -> HandlerT master IO ()
setCredsRedirect :: YesodAuth master => Creds master -> HandlerT master IO TypedContent

-- | Clears current user credentials for the session.
--   
--   Since 1.1.7
clearCreds :: YesodAuth master => Bool -> HandlerT master IO ()

-- | For HTML, set the message and redirect to the route. For JSON, send
--   the message and a 401 status
loginErrorMessage :: (YesodAuth master, MonadResourceBase m) => Route master -> Text -> HandlerT master m TypedContent
loginErrorMessageI :: (MonadResourceBase m, YesodAuth master) => Route child -> AuthMessage -> HandlerT child (HandlerT master m) TypedContent

-- | Retrieves user credentials from the session, if user is authenticated.
--   
--   This function does <i>not</i> confirm that the credentials are valid,
--   see <tt>maybeAuthIdRaw</tt> for more information.
--   
--   Since 1.1.2
defaultMaybeAuthId :: (YesodAuth master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val, b ~ YesodPersistBackend master, Key val ~ AuthId master, PersistStore (b (HandlerT master IO)), PersistEntity val, YesodPersist master, Typeable val) => HandlerT master IO (Maybe (AuthId master))

-- | Similar to <a>maybeAuthId</a>, but additionally look up the value
--   associated with the user's database identifier to get the value in the
--   database. This assumes that you are using a Persistent database.
--   
--   Since 1.1.0
maybeAuth :: (YesodAuth master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val, b ~ YesodPersistBackend master, Key val ~ AuthId master, PersistStore (b (HandlerT master IO)), PersistEntity val, YesodPersist master, Typeable val) => HandlerT master IO (Maybe (Entity val))

-- | Similar to <a>maybeAuthId</a>, but redirects to a login page if user
--   is not authenticated.
--   
--   Since 1.1.0
requireAuthId :: YesodAuth master => HandlerT master IO (AuthId master)

-- | Similar to <a>maybeAuth</a>, but redirects to a login page if user is
--   not authenticated.
--   
--   Since 1.1.0
requireAuth :: YesodAuthPersist master => HandlerT master IO (Entity (AuthEntity master))
data AuthException
InvalidFacebookResponse :: AuthException
type AuthHandler master a = YesodAuth master => HandlerT Auth (HandlerT master IO) a

-- | Internal session key used to hold the authentication information.
--   
--   Since 1.2.3
credsKey :: Text
provideJsonMessage :: Monad m => Text -> Writer (Endo [ProvidedRep m]) ()
messageJson401 :: MonadResourceBase m => Text -> HandlerT master m Html -> HandlerT master m TypedContent
asHtml :: Html -> Html
instance Typeable1 CachedMaybeAuth
instance Typeable AuthException
instance Show AuthException
instance YesodAuth master => YesodSubDispatch Auth (HandlerT master IO)
instance Exception AuthException
instance YesodAuth master => RenderMessage master AuthMessage

module Yesod.Auth.BrowserId
authBrowserId :: YesodAuth m => BrowserIdSettings -> AuthPlugin m

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClick :: BrowserIdSettings -> (Route Auth -> Route master) -> WidgetT master IO Text

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClickOverride :: BrowserIdSettings -> (Route Auth -> Route master) -> Maybe (Route master) -> WidgetT master IO Text
def :: Default a => a

-- | A settings type for various configuration options relevant to
--   BrowserID.
--   
--   See: <a>http://www.yesodweb.com/book/settings-types</a>
--   
--   Since 1.2.0
data BrowserIdSettings

-- | BrowserID audience value. If <tt>Nothing</tt>, will be extracted based
--   on the approot.
--   
--   Default: <tt>Nothing</tt>
--   
--   Since 1.2.0
bisAudience :: BrowserIdSettings -> Maybe Text

-- | Use asynchronous Javascript loading for the BrowserID JS file.
--   
--   Default: <tt>True</tt>.
--   
--   Since 1.2.0
bisLazyLoad :: BrowserIdSettings -> Bool
forwardUrl :: AuthRoute
instance Default BrowserIdSettings


-- | Provides a dummy authentication module that simply lets a user specify
--   his/her identifier. This is not intended for real world use, just for
--   testing.
module Yesod.Auth.Dummy
authDummy :: YesodAuth m => AuthPlugin m

module Yesod.Auth.Email
authEmail :: YesodAuthEmail m => AuthPlugin m
class (YesodAuth site, PathPiece (AuthEmailId site), RenderMessage site AuthMessage) => YesodAuthEmail site where type family AuthEmailId site randomKey _ = do { stdgen <- newStdGen; return $ pack $ fst $ randomString 10 stdgen } needOldPassword aid' = do { mkey <- lookupSession loginLinkKey; case mkey >>= readMay . unpack of { Just (aidT, time) | Just aid <- fromPathPiece aidT, toPathPiece (aid `asTypeOf` aid') == toPathPiece aid' -> do { now <- liftIO getCurrentTime; return $ addUTCTime (60 * 30) time <= now } _ -> return True } } checkPasswordSecurity _ x | length x >= 3 = return $ Right () | otherwise = return $ Left "Password must be at least three characters" confirmationEmailSentResponse identifier = do { mr <- getMessageRender; messageJson401 (mr msg) $ authLayout $ do { setTitleI ConfirmationEmailSentTitle; do { (asWidgetT . toWidget) ((preEscapedText . pack) "<p>"); ((liftM (toHtml .) getMessageRender) >>= (\ urender_aTtX -> (asWidgetT . toWidget) (urender_aTtX msg))); (asWidgetT . toWidget) ((preEscapedText . pack) "</p>") } } } where msg = ConfirmationEmailSent identifier normalizeEmailAddress _ = toLower registerHandler = defaultRegisterHandler forgotPasswordHandler = defaultForgotPasswordHandler setPasswordHandler = defaultSetPasswordHandler
addUnverified :: YesodAuthEmail site => Email -> VerKey -> HandlerT site IO (AuthEmailId site)
sendVerifyEmail :: YesodAuthEmail site => Email -> VerKey -> VerUrl -> HandlerT site IO ()
getVerifyKey :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe VerKey)
setVerifyKey :: YesodAuthEmail site => AuthEmailId site -> VerKey -> HandlerT site IO ()
verifyAccount :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe (AuthId site))
getPassword :: YesodAuthEmail site => AuthId site -> HandlerT site IO (Maybe SaltedPass)
setPassword :: YesodAuthEmail site => AuthId site -> SaltedPass -> HandlerT site IO ()
getEmailCreds :: YesodAuthEmail site => Identifier -> HandlerT site IO (Maybe (EmailCreds site))
getEmail :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe Email)
randomKey :: YesodAuthEmail site => site -> IO Text
afterPasswordRoute :: YesodAuthEmail site => site -> Route site
needOldPassword :: YesodAuthEmail site => AuthId site -> HandlerT site IO Bool
checkPasswordSecurity :: YesodAuthEmail site => AuthId site -> Text -> HandlerT site IO (Either Text ())
confirmationEmailSentResponse :: YesodAuthEmail site => Text -> HandlerT site IO TypedContent
normalizeEmailAddress :: YesodAuthEmail site => site -> Text -> Text
registerHandler :: YesodAuthEmail site => AuthHandler site Html
forgotPasswordHandler :: YesodAuthEmail site => AuthHandler site Html
setPasswordHandler :: YesodAuthEmail site => Bool -> AuthHandler site TypedContent

-- | Data stored in a database for each e-mail address.
data EmailCreds site
EmailCreds :: AuthEmailId site -> Maybe (AuthId site) -> VerStatus -> Maybe VerKey -> Email -> EmailCreds site
emailCredsId :: EmailCreds site -> AuthEmailId site
emailCredsAuthId :: EmailCreds site -> Maybe (AuthId site)
emailCredsStatus :: EmailCreds site -> VerStatus
emailCredsVerkey :: EmailCreds site -> Maybe VerKey
emailCredsEmail :: EmailCreds site -> Email

-- | Salt a password with a randomly generated salt.
saltPass :: Text -> IO Text
loginR :: AuthRoute
registerR :: AuthRoute
forgotPasswordR :: AuthRoute
setpassR :: AuthRoute
isValidPass :: Text -> SaltedPass -> Bool
type Email = Text
type VerKey = Text
type VerUrl = Text
type SaltedPass = Text
type VerStatus = Bool

-- | An Identifier generalizes an email address to allow users to log in
--   with some other form of credentials (e.g., username).
--   
--   Note that any of these other identifiers must not be valid email
--   addresses.
--   
--   Since 1.2.0
type Identifier = Text

-- | Session variable set when user logged in via a login link. See
--   <a>needOldPassword</a>.
--   
--   Since 1.2.1
loginLinkKey :: Text

-- | Set <a>loginLinkKey</a> to the current time.
--   
--   Since 1.2.1
setLoginLinkKey :: (YesodAuthEmail site, MonadHandler m, HandlerSite m ~ site) => AuthId site -> m ()

-- | Default implementation of <a>registerHandler</a>.
--   
--   Since: 1.2.6
defaultRegisterHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>forgotPasswordHandler</a>.
--   
--   Since: 1.2.6
defaultForgotPasswordHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>setPasswordHandler</a>.
--   
--   Since: 1.2.6
defaultSetPasswordHandler :: YesodAuthEmail master => Bool -> AuthHandler master TypedContent

module Yesod.Auth.OpenId
authOpenId :: YesodAuth master => IdentifierType -> [(Text, Text)] -> AuthPlugin master
forwardUrl :: AuthRoute

-- | The main identifier provided by the OpenID authentication plugin is
--   the "OP-local identifier". There is also sometimes a "claimed"
--   identifier available.
--   
--   In the <a>credsExtra</a> field of the <a>Creds</a> datatype, you can
--   lookup this key to find the claimed identifier, if available.
--   
--   <pre>
--   let finalID = fromMaybe (credsIdent creds)
--               $ lookup claimedKey (credsExtra creds)
--   </pre>
--   
--   Since 1.0.2
claimedKey :: Text
opLocalKey :: Text

-- | A helper function which will get the claimed identifier, if available,
--   falling back to the OP local identifier.
--   
--   See <a>claimedKey</a>.
--   
--   Since 1.0.2
credsIdentClaimed :: Creds m -> Text
data IdentifierType
Claimed :: IdentifierType
OPLocal :: IdentifierType

module Yesod.Auth.Rpxnow
authRpxnow :: YesodAuth m => String -> String -> AuthPlugin m


-- | Use an email address as an identifier via Google's OpenID login
--   system.
--   
--   This backend will not use the OpenID identifier at all. It only uses
--   OpenID as a login system. By using this plugin, you are trusting
--   Google to validate an email address, and requiring users to have a
--   Google account. On the plus side, you get to use email addresses as
--   the identifier, many users have existing Google accounts, the login
--   system has been long tested (as opposed to BrowserID), and it requires
--   no credential managing or setup (as opposed to Email).
module Yesod.Auth.GoogleEmail
authGoogleEmail :: YesodAuth m => AuthPlugin m
forwardUrl :: AuthRoute


-- | Use an email address as an identifier via Google's login system.
--   
--   Note that this is a replacement for <a>Yesod.Auth.GoogleEmail</a>,
--   which depends on Google's now deprecated OpenID system. For more
--   information, see
--   <a>https://developers.google.com/+/api/auth-migration</a>.
--   
--   By using this plugin, you are trusting Google to validate an email
--   address, and requiring users to have a Google account. On the plus
--   side, you get to use email addresses as the identifier, many users
--   have existing Google accounts, the login system has been long tested
--   (as opposed to BrowserID), and it requires no credential managing or
--   setup (as opposed to Email).
--   
--   In order to use this plugin:
--   
--   <ul>
--   <li>Create an application on the Google Developer Console
--   <a>https://console.developers.google.com/</a></li>
--   <li>Create OAuth credentials. The redirect URI will be
--   <a>http://yourdomain/auth/page/googleemail2/complete</a>. (If you have
--   your authentication subsite at a different root than /auth/, please
--   adjust accordingly.)</li>
--   <li>Enable the Google+ API.</li>
--   </ul>
--   
--   Since 1.3.1
module Yesod.Auth.GoogleEmail2
authGoogleEmail :: YesodAuth m => Text -> Text -> AuthPlugin m
forwardUrl :: AuthRoute
instance Show Email
instance FromJSON Email
instance FromJSON Person
instance FromJSON Tokens
