-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Authentication for Yesod.
--   
--   This package provides a pluggable mechanism for allowing users to
--   authenticate with your site. It comes with a number of common plugins,
--   such as OpenID, BrowserID (a.k.a., Mozilla Persona), and email. Other
--   packages are available from Hackage as well. If you've written such an
--   add-on, please notify me so that it can be added to this description.
--   
--   <ul>
--   <li><a>http://hackage.haskell.org/package/yesod-auth-account</a>: An
--   account authentication plugin for Yesod</li>
--   </ul>
@package yesod-auth
@version 1.2.0.2

module Yesod.Auth.Message
data AuthMessage
NoOpenID :: AuthMessage
LoginOpenID :: AuthMessage
LoginGoogle :: AuthMessage
LoginYahoo :: AuthMessage
Email :: AuthMessage
Password :: AuthMessage
Register :: AuthMessage
RegisterLong :: AuthMessage
EnterEmail :: AuthMessage
ConfirmationEmailSentTitle :: AuthMessage
ConfirmationEmailSent :: Text -> AuthMessage
AddressVerified :: AuthMessage
InvalidKeyTitle :: AuthMessage
InvalidKey :: AuthMessage
InvalidEmailPass :: AuthMessage
BadSetPass :: AuthMessage
SetPassTitle :: AuthMessage
SetPass :: AuthMessage
NewPass :: AuthMessage
ConfirmPass :: AuthMessage
PassMismatch :: AuthMessage
PassUpdated :: AuthMessage
Facebook :: AuthMessage
LoginViaEmail :: AuthMessage
InvalidLogin :: AuthMessage
NowLoggedIn :: AuthMessage
LoginTitle :: AuthMessage
PleaseProvideUsername :: AuthMessage
PleaseProvidePassword :: AuthMessage
NoIdentifierProvided :: AuthMessage
InvalidEmailAddress :: AuthMessage
PasswordResetTitle :: AuthMessage
ProvideIdentifier :: AuthMessage
SendPasswordResetEmail :: AuthMessage
PasswordResetPrompt :: AuthMessage
InvalidUsernamePass :: AuthMessage

-- | Defaults to <a>englishMessage</a>.
defaultMessage :: AuthMessage -> Text
englishMessage :: AuthMessage -> Text
portugueseMessage :: AuthMessage -> Text
swedishMessage :: AuthMessage -> Text
germanMessage :: AuthMessage -> Text
frenchMessage :: AuthMessage -> Text
norwegianBokmålMessage :: AuthMessage -> Text
japaneseMessage :: AuthMessage -> Text
finnishMessage :: AuthMessage -> Text
chineseMessage :: AuthMessage -> Text
spanishMessage :: AuthMessage -> Text

module Yesod.Auth
data Auth
type AuthRoute = Route Auth
data AuthPlugin master
AuthPlugin :: Text -> (Method -> [Piece] -> AuthHandler master ()) -> ((Route Auth -> Route master) -> WidgetT master IO ()) -> AuthPlugin master
apName :: AuthPlugin master -> Text
apDispatch :: AuthPlugin master -> Method -> [Piece] -> AuthHandler master ()
apLogin :: AuthPlugin master -> (Route Auth -> Route master) -> WidgetT master IO ()
getAuth :: a -> Auth
class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage) => YesodAuth master where type family AuthId master loginHandler = do { tp <- getRouteToParent; lift $ defaultLayout $ do { setTitleI LoginTitle; master <- getYesod; mapM_ (flip apLogin tp) (authPlugins master) } } renderAuthMessage _ _ = defaultMessage redirectToReferer _ = False onLogin = setMessageI NowLoggedIn onLogout = return () maybeAuthId = defaultMaybeAuthId
loginDest :: YesodAuth master => master -> Route master
logoutDest :: YesodAuth master => master -> Route master
getAuthId :: YesodAuth master => Creds master -> HandlerT master IO (Maybe (AuthId master))
authPlugins :: YesodAuth master => master -> [AuthPlugin master]
loginHandler :: YesodAuth master => AuthHandler master RepHtml
renderAuthMessage :: YesodAuth master => master -> [Text] -> AuthMessage -> Text
redirectToReferer :: YesodAuth master => master -> Bool
authHttpManager :: YesodAuth master => master -> Manager
onLogin :: YesodAuth master => HandlerT master IO ()
onLogout :: YesodAuth master => HandlerT master IO ()
maybeAuthId :: YesodAuth master => HandlerT master IO (Maybe (AuthId master))

-- | Constraint which states that the given site is an instance of
--   <tt>YesodAuth</tt> and that its <tt>AuthId</tt> is in fact a
--   persistent <tt>Key</tt> for the given value. This is the common case
--   in Yesod, and means that you can easily look up the full informatin on
--   a given user.
--   
--   Since 1.2.0
type YesodAuthPersist master = (YesodAuth master, PersistMonadBackend (YesodPersistBackend master (HandlerT master IO)) ~ PersistEntityBackend (AuthEntity master), Key (AuthEntity master) ~ AuthId master, PersistStore (YesodPersistBackend master (HandlerT master IO)), PersistEntity (AuthEntity master), YesodPersist master, Typeable (AuthEntity master))

-- | If the <tt>AuthId</tt> for a given site is a persistent ID, this will
--   give the value for that entity. E.g.:
--   
--   <pre>
--   type AuthId MySite = UserId
--   AuthEntity MySite ~ User
--   </pre>
--   
--   Since 1.2.0
type AuthEntity master = KeyEntity (AuthId master)

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
credsPlugin :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
credsIdent :: Creds master -> Text
credsExtra :: Creds master -> [(Text, Text)]

-- | Sets user credentials for the session after checking them with
--   authentication backends.
setCreds :: YesodAuth master => Bool -> Creds master -> HandlerT master IO ()

-- | Clears current user credentials for the session.
--   
--   Since 1.1.7
clearCreds :: YesodAuth master => Bool -> HandlerT master IO ()

-- | For HTML, set the message and redirect to the route. For JSON, send
--   the message and a 401 status
loginErrorMessage :: MonadResourceBase m => Route site -> Text -> HandlerT site m a
loginErrorMessageI :: (MonadResourceBase m, YesodAuth master) => Route child -> AuthMessage -> HandlerT child (HandlerT master m) a

-- | Retrieves user credentials from the session, if user is authenticated.
--   
--   This function does <i>not</i> confirm that the credentials are valid,
--   see <tt>maybeAuthIdRaw</tt> for more information.
--   
--   Since 1.1.2
defaultMaybeAuthId :: (YesodAuth master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val, b ~ YesodPersistBackend master, Key val ~ AuthId master, PersistStore (b (HandlerT master IO)), PersistEntity val, YesodPersist master, Typeable val) => HandlerT master IO (Maybe (AuthId master))
maybeAuth :: (YesodAuth master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend val, b ~ YesodPersistBackend master, Key val ~ AuthId master, PersistStore (b (HandlerT master IO)), PersistEntity val, YesodPersist master, Typeable val) => HandlerT master IO (Maybe (Entity val))

-- | Similar to <a>maybeAuthId</a>, but redirects to a login page if user
--   is not authenticated.
--   
--   Since 1.1.0
requireAuthId :: YesodAuthPersist master => HandlerT master IO (AuthId master)
requireAuth :: YesodAuthPersist master => HandlerT master IO (Entity (AuthEntity master))
data AuthException
InvalidFacebookResponse :: AuthException
type AuthHandler master a = YesodAuth master => HandlerT Auth (HandlerT master IO) a
instance Typeable1 CachedMaybeAuth
instance Typeable AuthException
instance Show AuthException
instance YesodAuth master => YesodSubDispatch Auth (HandlerT master IO)
instance Exception AuthException
instance YesodAuth master => RenderMessage master AuthMessage

module Yesod.Auth.BrowserId
authBrowserId :: YesodAuth m => BrowserIdSettings -> AuthPlugin m

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClick :: BrowserIdSettings -> (Route Auth -> Route master) -> WidgetT master IO Text

-- | The default value for this type.
def :: Default a => a

-- | A settings type for various configuration options relevant to
--   BrowserID.
--   
--   See: <a>http://www.yesodweb.com/book/settings-types</a>
--   
--   Since 1.2.0
data BrowserIdSettings

-- | BrowserID audience value. If <tt>Nothing</tt>, will be extracted based
--   on the approot.
--   
--   Default: <tt>Nothing</tt>
--   
--   Since 1.2.0
bisAudience :: BrowserIdSettings -> Maybe Text

-- | Use asynchronous Javascript loading for the BrowserID JS file.
--   
--   Default: <tt>True</tt>.
--   
--   Since 1.2.0
bisLazyLoad :: BrowserIdSettings -> Bool
instance Default BrowserIdSettings


-- | Provides a dummy authentication module that simply lets a user specify
--   his/her identifier. This is not intended for real world use, just for
--   testing.
module Yesod.Auth.Dummy
authDummy :: YesodAuth m => AuthPlugin m

module Yesod.Auth.Email
authEmail :: YesodAuthEmail m => AuthPlugin m
class (YesodAuth site, PathPiece (AuthEmailId site)) => YesodAuthEmail site where type family AuthEmailId site randomKey _ = do { stdgen <- newStdGen; return $ pack $ fst $ randomString 10 stdgen }
addUnverified :: YesodAuthEmail site => Email -> VerKey -> HandlerT site IO (AuthEmailId site)
sendVerifyEmail :: YesodAuthEmail site => Email -> VerKey -> VerUrl -> HandlerT site IO ()
getVerifyKey :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe VerKey)
setVerifyKey :: YesodAuthEmail site => AuthEmailId site -> VerKey -> HandlerT site IO ()
verifyAccount :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe (AuthId site))
getPassword :: YesodAuthEmail site => AuthId site -> HandlerT site IO (Maybe SaltedPass)
setPassword :: YesodAuthEmail site => AuthId site -> SaltedPass -> HandlerT site IO ()
getEmailCreds :: YesodAuthEmail site => Identifier -> HandlerT site IO (Maybe (EmailCreds site))
getEmail :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe Email)
randomKey :: YesodAuthEmail site => site -> IO Text
afterPasswordRoute :: YesodAuthEmail site => site -> Route site

-- | Data stored in a database for each e-mail address.
data EmailCreds site
EmailCreds :: AuthEmailId site -> Maybe (AuthId site) -> VerStatus -> Maybe VerKey -> Email -> EmailCreds site
emailCredsId :: EmailCreds site -> AuthEmailId site
emailCredsAuthId :: EmailCreds site -> Maybe (AuthId site)
emailCredsStatus :: EmailCreds site -> VerStatus
emailCredsVerkey :: EmailCreds site -> Maybe VerKey
emailCredsEmail :: EmailCreds site -> Email

-- | Salt a password with a randomly generated salt.
saltPass :: Text -> IO Text
loginR :: AuthRoute
registerR :: AuthRoute
forgotPasswordR :: AuthRoute
setpassR :: AuthRoute
isValidPass :: Text -> SaltedPass -> Bool
type Email = Text
type VerKey = Text
type VerUrl = Text
type SaltedPass = Text
type VerStatus = Bool

-- | An Identifier generalizes an email address to allow users to log in
--   with some other form of credentials (e.g., username).
--   
--   Note that any of these other identifiers must not be valid email
--   addresses.
--   
--   Since 1.2.0
type Identifier = Text

module Yesod.Auth.OpenId
authOpenId :: YesodAuth master => IdentifierType -> [(Text, Text)] -> AuthPlugin master
forwardUrl :: AuthRoute

-- | The main identifier provided by the OpenID authentication plugin is
--   the "OP-local identifier". There is also sometimes a "claimed"
--   identifier available.
--   
--   In the <a>credsExtra</a> field of the <a>Creds</a> datatype, you can
--   lookup this key to find the claimed identifier, if available.
--   
--   <pre>
--   let finalID = fromMaybe (credsIdent creds)
--               $ lookup claimedKey (credsExtra creds)
--   </pre>
--   
--   Since 1.0.2
claimedKey :: Text
opLocalKey :: Text

-- | A helper function which will get the claimed identifier, if available,
--   falling back to the OP local identifier.
--   
--   See <a>claimedKey</a>.
--   
--   Since 1.0.2
credsIdentClaimed :: Creds m -> Text
data IdentifierType
Claimed :: IdentifierType
OPLocal :: IdentifierType

module Yesod.Auth.Rpxnow
authRpxnow :: YesodAuth m => String -> String -> AuthPlugin m


-- | A yesod-auth AuthPlugin designed to look users up in Persist where
--   their user id's and a salted SHA1 hash of their password is stored.
--   
--   Example usage:
--   
--   <pre>
--   -- import the function
--   import Auth.HashDB
--   
--   -- make sure you have an auth route
--   mkYesodData "MyApp" [$parseRoutes|
--   / RootR GET
--   /auth AuthR Auth getAuth
--   |]
--   
--   
--   -- make your app an instance of YesodAuth using this plugin
--   instance YesodAuth MyApp where
--      type AuthId MyApp = UserId
--   
--      loginDest _  = RootR
--      logoutDest _ = RootR
--      getAuthId    = getAuthIdHashDB AuthR (Just . UniqueUser)
--      authPlugins  = [authHashDB (Just . UniqueUser)]
--   
--   
--   -- include the migration function in site startup
--   withServer :: (Application -&gt; IO a) -&gt; IO a
--   withServer f = withConnectionPool $ \p -&gt; do
--       runSqlPool (runMigration migrateUsers) p
--       let h = DevSite p
--   </pre>
--   
--   Note that function which converts username to unique identifier must
--   be same.
--   
--   Your app must be an instance of YesodPersist. and the username, salt
--   and hashed-passwords should be added to the database.
--   
--   <pre>
--   echo -n 'MySaltMyPassword' | sha1sum
--   </pre>
--   
--   can be used to get the hash from the commandline.
module Yesod.Auth.HashDB

-- | Interface for data type which holds user info. It's just a collection
--   of getters and setters
class HashDBUser user where setUserHashAndSalt = setSaltAndPasswordHash setSaltAndPasswordHash = setUserHashAndSalt
userPasswordHash :: HashDBUser user => user -> Maybe Text
userPasswordSalt :: HashDBUser user => user -> Maybe Text
setUserHashAndSalt :: HashDBUser user => Text -> Text -> user -> user
setSaltAndPasswordHash :: HashDBUser user => Text -> Text -> user -> user

-- | Unique keys in existence on this entity.

-- | Set password for user. This function should be used for setting
--   passwords. It generates random salt and calculates proper hashes.
setPassword :: (MonadIO m, HashDBUser user) => Text -> user -> m user

-- | Given a user ID and password in plaintext, validate them against the
--   database values.
validateUser :: (YesodPersist yesod, b ~ YesodPersistBackend yesod, PersistMonadBackend (b (HandlerT yesod IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT yesod IO)), PersistEntity user, HashDBUser user) => Unique user -> Text -> HandlerT yesod IO Bool

-- | Prompt for username and password, validate that against a database
--   which holds the username and a hash of the password
authHashDB :: (YesodAuth m, YesodPersist m, HashDBUser user, PersistEntity user, b ~ YesodPersistBackend m, PersistMonadBackend (b (HandlerT m IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT m IO))) => (Text -> Maybe (Unique user)) -> AuthPlugin m

-- | A drop in for the getAuthId method of your YesodAuth instance which
--   can be used if authHashDB is the only plugin in use.
getAuthIdHashDB :: (YesodAuth master, YesodPersist master, HashDBUser user, PersistEntity user, Key user ~ AuthId master, b ~ YesodPersistBackend master, PersistMonadBackend (b (HandlerT master IO)) ~ PersistEntityBackend user, PersistUnique (b (HandlerT master IO))) => (AuthRoute -> Route master) -> (Text -> Maybe (Unique user)) -> Creds master -> HandlerT master IO (Maybe (AuthId master))
type User = UserGeneric SqlBackend

-- | Generate data base instances for a valid user
data UserGeneric backend
User :: !Text -> !Text -> !Text -> UserGeneric backend
userUsername :: UserGeneric backend -> !Text
userPassword :: UserGeneric backend -> !Text
userSalt :: UserGeneric backend -> !Text
type UserId = KeyBackend SqlBackend User

-- | Parameters: val and datatype of the field
migrateUsers :: (MonadBaseControl IO m, MonadIO m, MonadLogger m) => Migration (SqlPersistT m)
instance HashDBUser (UserGeneric backend)
instance PersistEntity (UserGeneric backend)
instance PersistFieldSql (UserGeneric backend)
instance PersistField (UserGeneric backend)


-- | Use an email address as an identifier via Google's OpenID login
--   system.
--   
--   This backend will not use the OpenID identifier at all. It only uses
--   OpenID as a login system. By using this plugin, you are trusting
--   Google to validate an email address, and requiring users to have a
--   Google account. On the plus side, you get to use email addresses as
--   the identifier, many users have existing Google accounts, the login
--   system has been long tested (as opposed to BrowserID), and it requires
--   no credential managing or setup (as opposed to Email).
module Yesod.Auth.GoogleEmail
authGoogleEmail :: YesodAuth m => AuthPlugin m
forwardUrl :: AuthRoute
