From 064b2879adc8e49da49960320ee46095e55cf736 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Thu, 16 May 2024 17:01:25 +0200 Subject: [PATCH 01/20] fix(oauth2): use azureadv2 instead of v1 plugin --- src/Application.hs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Application.hs b/src/Application.hs index fbf55b8aa..e9874d3c1 100644 --- a/src/Application.hs +++ b/src/Application.hs @@ -101,7 +101,7 @@ import UnliftIO.Pool import qualified Web.ServerSession.Backend.Acid as Acid import Web.ServerSession.Core (StorageException(..)) -import Yesod.Auth.OAuth2.AzureAD (oauth2AzureADScoped) +import Yesod.Auth.OAuth2.AzureADv2 (oauth2AzureADv2Scoped) import Yesod.Auth.Util.PasswordStore import qualified Yesod.Core.Types as Yesod (Logger(..)) @@ -328,7 +328,7 @@ makeFoundation appSettings''@AppSettings{..} = do #ifdef DEVELOPMENT oauth2Plugins <- liftIO $ sequence [ (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT" - , return $ oauth2AzureADScoped ["openid", "profile", "offline_access"] "42" "shhh" + , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "shhh" ] #else let -- Auth Plugins @@ -345,7 +345,7 @@ makeFoundation appSettings''@AppSettings{..} = do -- -> error "Tenant ID missing!" oauth2Plugins | UserAuthConfSingleSource (AuthSourceConfAzureAdV2 AzureConf{..}) <- appUserAuthConf - = singleton $ oauth2AzureADScoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret + = singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret | otherwise = mempty #endif -- 2.39.2 From 037f4644186ca2ac6dc7570c4b87a8a03e7c75f3 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Thu, 16 May 2024 17:13:38 +0200 Subject: [PATCH 02/20] chore(oauth2): add debug output on azure auth plugin initialization --- src/Application.hs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/Application.hs b/src/Application.hs index e9874d3c1..df53e5a24 100644 --- a/src/Application.hs +++ b/src/Application.hs @@ -331,7 +331,7 @@ makeFoundation appSettings''@AppSettings{..} = do , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "shhh" ] #else - let -- Auth Plugins + -- let -- Auth Plugins -- loadPlugin p prefix = do -- Loads given YesodAuthPlugin -- mID <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzureAdV2 . _azureConfClientId -- mSecret <- fmap Text.pack <$> appUserAuthConf ^? _UserAuthConfSingleSource . _AuthSourceConfAzureAdV2 . _azureConfClientSecret @@ -343,11 +343,17 @@ makeFoundation appSettings''@AppSettings{..} = do -- -> tshow azureConfTenantId -- _other -- -> error "Tenant ID missing!" - oauth2Plugins - | UserAuthConfSingleSource (AuthSourceConfAzureAdV2 AzureConf{..}) <- appUserAuthConf - = singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret - | otherwise - = mempty + oauth2Plugins <- if + | UserAuthConfSingleSource (AuthSourceConfAzureAdV2 AzureConf{..}) <- appUserAuthConf -> do + $logInfoS "OAuth2" "Successfully parsed OAuth2 config from AppSettings" + return . singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret + | otherwise -> do + when appSingleSignOn $ do + $logErrorS "OAuth2" "SingleSignOn via AzureADv2 is enabled, but user-auth config could not be parsed!" + when appAutoSignOn $ + $logErrorS "OAuth2" "SingleSignOn via AzureADv2 and AutoSignOn are enabled, but user-auth config could not be parsed! This will likely prevent the app from being accessible!" + $logInfoS "UserAuthConf" $ tshow appUserAuthConf + return mempty #endif let appAuthPlugins = oauth2Plugins -- 2.39.2 From cb7a00fbe0c5aa1fbeaf9e9bfa9b8f87b8101db8 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Thu, 16 May 2024 17:42:21 +0200 Subject: [PATCH 03/20] chore(oauth2): add debug logs to loginHandler --- src/Foundation/Instances.hs | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/Foundation/Instances.hs b/src/Foundation/Instances.hs index 39b8ee163..5513bc424 100644 --- a/src/Foundation/Instances.hs +++ b/src/Foundation/Instances.hs @@ -140,12 +140,17 @@ instance YesodAuth UniWorX where plugins <- getsYesod authPlugins AppSettings{..} <- getsYesod appSettings' - when appSingleSignOn $ do - let plugin = P.head $ P.filter ((`elem` [apAzureMock, apAzure]) . apName) plugins - pieces = case oauth2Url (apName plugin) of - PluginR _ p -> p - _ -> error "Unexpected OAuth2 AuthRoute" - void $ apDispatch plugin "GET" pieces + when appSingleSignOn $ + let azurePlugins = P.filter ((`elem` [apAzureMock, apAzure]) . apName) plugins + in if + | (plugin:_) <- azurePlugins + , PluginR _ p <- oauth2Url (apName plugin) -> do + $logInfoS "SSO" "Azure plugin with plugin url as expected. Calling apDispatch..." + void $ apDispatch plugin "GET" pieces + | not (null azurePlugins) -> do + $logErrorS "SSO" "Azure plugin initialized, but unexpected oauth2Url. Cannot apDispatch." + | otherwise -> do + $logErrorS "SSO" "No Azure plugin initialized despite SSO being enabled!" toParent <- getRouteToParent liftHandler . defaultLayout $ do -- 2.39.2 From c7d21b34c7cd0abaa83f9dc35d6e8d12bf798b48 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Thu, 16 May 2024 18:24:34 +0200 Subject: [PATCH 04/20] chore(settings): use correct (standard-compliant) azure scopes per default --- config/settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/settings.yml b/config/settings.yml index ed8743679..99d993f07 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -136,7 +136,7 @@ user-auth: client-id: "_env:AZURECLIENTID:00000000-0000-0000-0000-000000000000" client-secret: "_env:AZURECLIENTSECRET:''" tenant-id: "_env:AZURETENANTID:00000000-0000-0000-0000-000000000000" - scopes: "_env:AZURESCOPES:[ID,Profile]" + scopes: "_env:AZURESCOPES:[email,openid,profile,offline_access]" # protocol: "ldap" # config: # host: "_env:LDAPHOST:" -- 2.39.2 From 15195752d754b8283f07d084e5f025501b76b07b Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 17 May 2024 05:17:39 +0200 Subject: [PATCH 05/20] chore(oauth2): fix build --- src/Auth/OAuth2.hs | 21 +++++++++++---------- src/Foundation/Instances.hs | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/Auth/OAuth2.hs b/src/Auth/OAuth2.hs index 55c1997da..8450d71a9 100644 --- a/src/Auth/OAuth2.hs +++ b/src/Auth/OAuth2.hs @@ -19,6 +19,7 @@ module Auth.OAuth2 -- import qualified Data.CaseInsensitive as CI import Data.Maybe (fromJust) +import qualified Data.Set as Set import Data.Text import Import.NoFoundation hiding (pack, unpack) @@ -195,31 +196,31 @@ mkBaseUrls = do refreshOAuth2Token :: forall m. ( MonadHandler m + , HasAppSettings (HandlerSite m) , MonadThrow m ) => (Maybe AccessToken, Maybe RefreshToken) -> String -> Bool -> ExceptT UserDataException m OAuth2Token -refreshOAuth2Token (_, rToken) url secure - | isJust rToken = do +refreshOAuth2Token (_, Nothing) _ _ = throwE $ UserDataInternalException "Could not refresh access token. Refresh token is missing." +refreshOAuth2Token (_, Just rToken) url secure = getsYesod (view $ _appUserAuthConf . _userAuthConfSingleSource) >>= \case + AuthSourceConfAzureAdV2 AzureConf{..} -> do req <- parseRequest $ "POST " ++ url let body = [ ("grant_type", "refresh_token") - , ("refresh_token", encodeUtf8 . rtoken $ fromJust rToken) + , ("refresh_token", encodeUtf8 $ rtoken rToken) ] - body' <- if secure then do - clientID <- liftIO $ fromJust <$> lookupEnv "CLIENT_ID" - clientSecret <- liftIO $ fromJust <$> lookupEnv "CLIENT_SECRET" - return $ body ++ [("client_id", fromString clientID), ("client_secret", fromString clientSecret), scopeParam " " ["openid","profile"," offline_access"]] -- TODO read from config - else return $ scopeParam " " ["openid","profile","offline_access"] : body -- TODO read from config - $logDebugS "\27[31mAdmin Handler\27[0m" $ tshow (requestBody $ urlEncodedBody body' req{ secure = secure }) + body' + | secure = body ++ [("client_id", fromString $ show azureConfClientId), ("client_secret", fromString $ unpack azureConfClientSecret), scopeParam " " $ Set.toList azureConfScopes] + | otherwise = scopeParam " " (Set.toList azureConfScopes) : body + $logInfoS "\27[31mAdmin Handler\27[0m" $ tshow (requestBody $ urlEncodedBody body' req{ secure = secure }) eResult <- lift $ getResponseBody <$> httpJSONEither @m @OAuth2Token (urlEncodedBody body' req{ secure = secure }) case eResult of Left x -> throwE $ UserDataJSONException x Right x -> return x - | otherwise = throwE $ UserDataInternalException "Could not refresh access token. Refresh token is missing." + _other -> throwE $ UserDataInternalException "Could not refresh access token. Invalid/Conflicting auth source configuration." instance Show RequestBody where show (RequestBodyLBS x) = show x diff --git a/src/Foundation/Instances.hs b/src/Foundation/Instances.hs index 5513bc424..eebb2db19 100644 --- a/src/Foundation/Instances.hs +++ b/src/Foundation/Instances.hs @@ -144,7 +144,7 @@ instance YesodAuth UniWorX where let azurePlugins = P.filter ((`elem` [apAzureMock, apAzure]) . apName) plugins in if | (plugin:_) <- azurePlugins - , PluginR _ p <- oauth2Url (apName plugin) -> do + , PluginR _ pieces <- oauth2Url (apName plugin) -> do $logInfoS "SSO" "Azure plugin with plugin url as expected. Calling apDispatch..." void $ apDispatch plugin "GET" pieces | not (null azurePlugins) -> do -- 2.39.2 From 1ec2d434e715f8cddb81365c40b0dc4db1f6ac0e Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 17 May 2024 05:35:29 +0200 Subject: [PATCH 06/20] chore(oauth2): update yesod-auth-oauth2 dependency to support for v2 azure endpoints --- package.yaml | 2 +- stack.yaml | 2 +- stack.yaml.lock | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package.yaml b/package.yaml index 4e46ac23e..c546d95cb 100644 --- a/package.yaml +++ b/package.yaml @@ -6,7 +6,7 @@ dependencies: - yesod-core - yesod-persistent - yesod-auth - - yesod-auth-oauth2 + - yesod-auth-oauth2 >=0.7.1.0 - yesod-static - yesod-form - yesod-persistent diff --git a/stack.yaml b/stack.yaml index 7346e8392..ebda3ffb3 100644 --- a/stack.yaml +++ b/stack.yaml @@ -89,7 +89,7 @@ extra-deps: - yesod-websockets - git: https://github.com/freckle/yesod-auth-oauth2 - commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 + commit: acb69f8da40b9c91b4020296ce105119e76fdf1d - git: https://gitlab.uniworx.de/haskell/cryptonite.git commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f diff --git a/stack.yaml.lock b/stack.yaml.lock index 40712391d..1012009c5 100644 --- a/stack.yaml.lock +++ b/stack.yaml.lock @@ -416,15 +416,15 @@ packages: git: https://gitlab.uniworx.de/haskell/yesod.git subdir: yesod-websockets - completed: - commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 + commit: acb69f8da40b9c91b4020296ce105119e76fdf1d git: https://github.com/freckle/yesod-auth-oauth2 name: yesod-auth-oauth2 pantry-tree: - sha256: 22e8be5c8128e2f0fb976cb904ac93cefb49e6feef6bcadb7746641be11dcb13 - size: 3054 - version: 0.6.3.4 + sha256: 3b77facccc81387143b7d7344fd4adb3e779dd2b9aed75eb929c7d3f0916f296 + size: 4403 + version: 0.7.2.0 original: - commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 + commit: acb69f8da40b9c91b4020296ce105119e76fdf1d git: https://github.com/freckle/yesod-auth-oauth2 - completed: commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f -- 2.39.2 From 760299fd40531346d164be9c85ecaed036b7a3da Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 17 May 2024 21:45:48 +0200 Subject: [PATCH 07/20] fix(oauth2): use oauth2 records for new dependency --- src/Auth/OAuth2.hs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/Auth/OAuth2.hs b/src/Auth/OAuth2.hs index 8450d71a9..d7cddca2b 100644 --- a/src/Auth/OAuth2.hs +++ b/src/Auth/OAuth2.hs @@ -26,7 +26,9 @@ import Import.NoFoundation hiding (pack, unpack) import Network.HTTP.Simple (httpJSONEither, getResponseBody, JSONException) +# ifdef DEVELOPMENT import System.Environment (lookupEnv) +# endif import Yesod.Auth.OAuth2 import Yesod.Auth.OAuth2.Prelude hiding (encodeUtf8) @@ -120,15 +122,15 @@ instance FromJSON UserID where azureMockServer :: YesodAuth m => String -> AuthPlugin m azureMockServer port = let oa = OAuth2 - { oauthClientId = "42" - , oauthClientSecret = Just "shhh" - , oauthOAuthorizeEndpoint = fromString (mockServerURL <> "/auth") + { oauth2ClientId = "42" + , oauth2ClientSecret = Just "shhh" + , oauth2AuthorizeEndpoint = fromString (mockServerURL <> "/auth") `withQuery` [ scopeParam " " ["openid", "profile", "email", "offline_access"] -- TODO read scopes from config , ("response_type", "code id_token") , ("nonce", "Foo") -- TODO generate meaningful value ] - , oauthAccessTokenEndpoint = fromString $ mockServerURL <> "/token" - , oauthCallback = Nothing + , oauth2TokenEndpoint = fromString $ mockServerURL <> "/token" + , oauth2RedirectUri = Nothing -- TODO use approot as redirect uri? } mockServerURL = "http://localhost:" <> fromString port profileSrc = fromString $ mockServerURL <> "/users/me" -- 2.39.2 From 00cb5310ed4cac1bfb96b7090bf9b94078afe0c3 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 17 May 2024 21:56:07 +0200 Subject: [PATCH 08/20] fix(oauth2): fix build --- src/Application.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Application.hs b/src/Application.hs index df53e5a24..61adb291f 100644 --- a/src/Application.hs +++ b/src/Application.hs @@ -328,7 +328,7 @@ makeFoundation appSettings''@AppSettings{..} = do #ifdef DEVELOPMENT oauth2Plugins <- liftIO $ sequence [ (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT" - , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "shhh" + , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "42" "shhh" ] #else -- let -- Auth Plugins -- 2.39.2 From 6cb775959c40f4a787707d6ae7fe7feb6a265de8 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Mon, 27 May 2024 23:03:19 +0200 Subject: [PATCH 09/20] chore: update flake inputs for haskell packages (forks) --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- flake.nix | 28 +++++++++---------- 2 files changed, 54 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index 427561469..01ac3b175 100644 --- a/flake.lock +++ b/flake.lock @@ -25,12 +25,12 @@ "rev": "40393c938111ac78232dc2c7eec5edb4a22d03e8", "revCount": 62, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/HaskellNet-SSL.git" + "url": "https://gitlab.uniworx.de/haskell/HaskellNet-SSL.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/HaskellNet-SSL.git" + "url": "https://gitlab.uniworx.de/haskell/HaskellNet-SSL.git" } }, "cabal-32": { @@ -92,12 +92,12 @@ "rev": "f8170266ab25b533576e96715bedffc5aa4f19fa", "revCount": 153, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/colonnade.git" + "url": "https://gitlab.uniworx.de/haskell/colonnade.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/colonnade.git" + "url": "https://gitlab.uniworx.de/haskell/colonnade.git" } }, "conduit-resumablesink": { @@ -109,12 +109,12 @@ "rev": "cbea6159c2975d42f948525e03e12fc390da53c5", "revCount": 10, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/conduit-resumablesink.git" + "url": "https://gitlab.uniworx.de/haskell/conduit-resumablesink.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/conduit-resumablesink.git" + "url": "https://gitlab.uniworx.de/haskell/conduit-resumablesink.git" } }, "cryptoids": { @@ -126,29 +126,29 @@ "rev": "130b0dcbf2b09ccdf387b50262f1efbbbf1819e3", "revCount": 44, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/cryptoids.git" + "url": "https://gitlab.uniworx.de/haskell/cryptoids.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/cryptoids.git" + "url": "https://gitlab.uniworx.de/haskell/cryptoids.git" } }, "cryptonite": { "flake": false, "locked": { - "lastModified": 1624444174, - "narHash": "sha256-sDMA4ej1NIModAt7PQvcgIknI3KwfzcAp9YQUSe4CWw=", + "lastModified": 1704764911, + "narHash": "sha256-VuEWT2Bd4aSJyRcXpB+lsGDqxrTHB/uRvILzYWLNfxk=", "ref": "uni2work", - "rev": "71a630edaf5f22c464e24fac8d9d310f4055ea1f", - "revCount": 1202, + "rev": "f78fca2504bb767d632a3bac8dbbc23367eff0e9", + "revCount": 1220, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/cryptonite.git" + "url": "https://gitlab.uniworx.de/haskell/cryptonite.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/cryptonite.git" + "url": "https://gitlab.uniworx.de/haskell/cryptonite.git" } }, "encoding": { @@ -160,12 +160,12 @@ "rev": "22fc3bb14841d8d50997aa47f1be3852e666f787", "revCount": 162, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/encoding.git" + "url": "https://gitlab.uniworx.de/haskell/encoding.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/encoding.git" + "url": "https://gitlab.uniworx.de/haskell/encoding.git" } }, "esqueleto": { @@ -177,12 +177,12 @@ "rev": "e18dd125c5ea26fa4e88bed079b61d8c1365ee37", "revCount": 708, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/esqueleto.git" + "url": "https://gitlab.uniworx.de/haskell/esqueleto.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/esqueleto.git" + "url": "https://gitlab.uniworx.de/haskell/esqueleto.git" } }, "flake-utils": { @@ -310,12 +310,12 @@ "rev": "01afaf599ba6f8a9d804c269e91d3190b249d3f0", "revCount": 61, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/ldap-client.git" + "url": "https://gitlab.uniworx.de/haskell/ldap-client.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/ldap-client.git" + "url": "https://gitlab.uniworx.de/haskell/ldap-client.git" } }, "memcached-binary": { @@ -327,29 +327,29 @@ "rev": "b7071df50bad3a251a544b984e4bf98fa09b8fae", "revCount": 28, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/memcached-binary.git" + "url": "https://gitlab.uniworx.de/haskell/memcached-binary.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/memcached-binary.git" + "url": "https://gitlab.uniworx.de/haskell/memcached-binary.git" } }, "minio-hs": { "flake": false, "locked": { - "lastModified": 1597069863, - "narHash": "sha256-JmMajaLT4+zt+w2koDkaloFL8ugmrQBlcYKj+78qn9M=", + "lastModified": 1711841413, + "narHash": "sha256-9IdjU1/Mzi4ZGhX7tFJhqliratSVRvDwe9AesD0lkt8=", "ref": "uni2work", - "rev": "42103ab247057c04c8ce7a83d9d4c160713a3df1", - "revCount": 197, + "rev": "cb25dd23c4cf62a956caad722d45ad6cf3cc5e3a", + "revCount": 224, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/minio-hs.git" + "url": "https://gitlab.uniworx.de/haskell/minio-hs.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/minio-hs.git" + "url": "https://gitlab.uniworx.de/haskell/minio-hs.git" } }, "nix-tools": { @@ -528,12 +528,12 @@ "rev": "b9d76def10da1260c7f6aa82bda32111f37a952b", "revCount": 174, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/serversession.git" + "url": "https://gitlab.uniworx.de/haskell/serversession.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/serversession.git" + "url": "https://gitlab.uniworx.de/haskell/serversession.git" } }, "stackage": { @@ -576,29 +576,29 @@ "rev": "dc928c3a456074b8777603bea20e81937321777f", "revCount": 114, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/xss-sanitize.git" + "url": "https://gitlab.uniworx.de/haskell/xss-sanitize.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/xss-sanitize.git" + "url": "https://gitlab.uniworx.de/haskell/xss-sanitize.git" } }, "yesod": { "flake": false, "locked": { - "lastModified": 1625061191, - "narHash": "sha256-K0X2MwUStChml1DlJ7t4yBMDwrMe6j/780nJtSy9Hss=", + "lastModified": 1705542497, + "narHash": "sha256-DYri6G3LeL3Gu11K0gAcUOxMwyKrLVkNnb5oTjHKRro=", "ref": "uni2work", - "rev": "a59f63e0336ee61f7a90b8778e9147305d3127bb", - "revCount": 5053, + "rev": "9f8d26371d4760f8985e7bbe00c3ac16be1301bc", + "revCount": 5208, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/yesod.git" + "url": "https://gitlab.uniworx.de/haskell/yesod.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/yesod.git" + "url": "https://gitlab.uniworx.de/haskell/yesod.git" } }, "zip-stream": { @@ -610,12 +610,12 @@ "rev": "843683d024f767de236f74d24a3348f69181a720", "revCount": 39, "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/zip-stream.git" + "url": "https://gitlab.uniworx.de/haskell/zip-stream.git" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.ifi.lmu.de/uni2work/haskell/zip-stream.git" + "url": "https://gitlab.uniworx.de/haskell/zip-stream.git" } } }, diff --git a/flake.nix b/flake.nix index 2ecc482e0..3202c7087 100644 --- a/flake.nix +++ b/flake.nix @@ -29,59 +29,59 @@ }; encoding = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/encoding.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/encoding.git?ref=uni2work"; flake = false; }; memcached-binary = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/memcached-binary.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/memcached-binary.git?ref=uni2work"; flake = false; }; conduit-resumablesink = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/conduit-resumablesink.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/conduit-resumablesink.git?ref=uni2work"; flake = false; }; HaskellNet-SSL = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/HaskellNet-SSL.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/HaskellNet-SSL.git?ref=uni2work"; flake = false; }; ldap-client = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/ldap-client.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/ldap-client.git?ref=uni2work"; flake = false; }; serversession = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/serversession.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/serversession.git?ref=uni2work"; flake = false; }; xss-sanitize = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/xss-sanitize.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/xss-sanitize.git?ref=uni2work"; flake = false; }; colonnade = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/colonnade.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/colonnade.git?ref=uni2work"; flake = false; }; minio-hs = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/minio-hs.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/minio-hs.git?ref=uni2work"; flake = false; }; cryptoids = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptoids.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/cryptoids.git?ref=uni2work"; flake = false; }; zip-stream = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/zip-stream.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/zip-stream.git?ref=uni2work"; flake = false; }; yesod = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/yesod.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work"; flake = false; }; cryptonite = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptonite.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/cryptonite.git?ref=uni2work"; flake = false; }; esqueleto = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/esqueleto.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/esqueleto.git?ref=uni2work"; flake = false; }; }; -- 2.39.2 From db1c0a08f28241cee87a3986bdb554bc3e480dc1 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Tue, 28 May 2024 23:25:20 +0200 Subject: [PATCH 10/20] fix(stack): add yesod-auth-oauth2 extra-dep to stack-flake --- stack-flake.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/stack-flake.yaml b/stack-flake.yaml index 09e2dd321..9345fa9b3 100644 --- a/stack-flake.yaml +++ b/stack-flake.yaml @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022 Gregor Kleen ,Sarah Vaupel +# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen ,Sarah Vaupel # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -55,6 +55,8 @@ extra-deps: subdirs: - gearhash - fastcdc + - git: https://github.com/freckle/yesod-auth-oauth2 + commit: acb69f8da40b9c91b4020296ce105119e76fdf1d - classy-prelude-yesod-1.5.0@sha256:8f7e183bdfd6d2ea9674284c4f285294ab086aff60d9be4e5d7d2f3c1a2b05b7,1330 - acid-state-0.16.0.1@sha256:d43f6ee0b23338758156c500290c4405d769abefeb98e9bc112780dae09ece6f,6207 -- 2.39.2 From 0cda8ff0ee2605224fc1d773fd52afbb036aebaa Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Wed, 29 May 2024 00:57:41 +0200 Subject: [PATCH 11/20] fix(stack): add missing dependencies --- stack-flake.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/stack-flake.yaml b/stack-flake.yaml index 9345fa9b3..b93e71a01 100644 --- a/stack-flake.yaml +++ b/stack-flake.yaml @@ -58,6 +58,13 @@ extra-deps: - git: https://github.com/freckle/yesod-auth-oauth2 commit: acb69f8da40b9c91b4020296ce105119e76fdf1d + - git: https://github.com/haskell/aeson.git + commit: fc5f5bb067613a273de358f09760b635d6f78c82 + subdirs: + - attoparsec-aeson + - git: https://github.com/phadej/integer-conversion.git + commit: 63debf04ee147815ced227ab8c2a8409b2a14431 + - classy-prelude-yesod-1.5.0@sha256:8f7e183bdfd6d2ea9674284c4f285294ab086aff60d9be4e5d7d2f3c1a2b05b7,1330 - acid-state-0.16.0.1@sha256:d43f6ee0b23338758156c500290c4405d769abefeb98e9bc112780dae09ece6f,6207 # - commonmark-0.1.1.2@sha256:c06ab05f0f224ab7982502a96e17952823a9b6dae8505fb35194b0baa9e2a975,3278 -- 2.39.2 From 4e31be988b84020c558c3e25a39fd4c3e02060a4 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 31 May 2024 21:16:37 +0200 Subject: [PATCH 12/20] chore(flake): add yesod-auth-oauth2 fork to flake inputs --- flake.lock | 18 ++++++++++++++++++ flake.nix | 6 +++++- stack-flake.yaml | 10 +--------- stack.yaml | 4 ++-- 4 files changed, 26 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 01ac3b175..b0296f5f3 100644 --- a/flake.lock +++ b/flake.lock @@ -516,6 +516,7 @@ "serversession": "serversession", "xss-sanitize": "xss-sanitize", "yesod": "yesod", + "yesod-auth-oauth2": "yesod-auth-oauth2", "zip-stream": "zip-stream" } }, @@ -601,6 +602,23 @@ "url": "https://gitlab.uniworx.de/haskell/yesod.git" } }, + "yesod-auth-oauth2": { + "flake": false, + "locked": { + "lastModified": 1717165233, + "narHash": "sha256-j12y/Tjqv6aqQDqjlXElECmormeAgnjZ8WIfnEGZHvU=", + "ref": "ghc-8.10.4", + "rev": "1a67089e5c075ca9474a647bbf26c3354c49036a", + "revCount": 416, + "type": "git", + "url": "https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git" + }, + "original": { + "ref": "ghc-8.10.4", + "type": "git", + "url": "https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git" + } + }, "zip-stream": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 3202c7087..ba356dbe0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel , Gregor Kleen +# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -76,6 +76,10 @@ url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work"; flake = false; }; + yesod-auth-oauth2 = { + url = "git+https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git?ref=ghc-8.10.4"; + flake = false; + }; cryptonite = { url = "git+https://gitlab.uniworx.de/haskell/cryptonite.git?ref=uni2work"; flake = false; diff --git a/stack-flake.yaml b/stack-flake.yaml index b93e71a01..38c9f3c75 100644 --- a/stack-flake.yaml +++ b/stack-flake.yaml @@ -45,6 +45,7 @@ extra-deps: - @yesod@/yesod-auth - @yesod@/yesod-test - @yesod@/yesod + - @yesod-auth-oauth2@ - @cryptonite@ - @esqueleto@ @@ -55,15 +56,6 @@ extra-deps: subdirs: - gearhash - fastcdc - - git: https://github.com/freckle/yesod-auth-oauth2 - commit: acb69f8da40b9c91b4020296ce105119e76fdf1d - - - git: https://github.com/haskell/aeson.git - commit: fc5f5bb067613a273de358f09760b635d6f78c82 - subdirs: - - attoparsec-aeson - - git: https://github.com/phadej/integer-conversion.git - commit: 63debf04ee147815ced227ab8c2a8409b2a14431 - classy-prelude-yesod-1.5.0@sha256:8f7e183bdfd6d2ea9674284c4f285294ab086aff60d9be4e5d7d2f3c1a2b05b7,1330 - acid-state-0.16.0.1@sha256:d43f6ee0b23338758156c500290c4405d769abefeb98e9bc112780dae09ece6f,6207 diff --git a/stack.yaml b/stack.yaml index ebda3ffb3..177e24924 100644 --- a/stack.yaml +++ b/stack.yaml @@ -88,8 +88,8 @@ extra-deps: - yesod-eventsource - yesod-websockets - - git: https://github.com/freckle/yesod-auth-oauth2 - commit: acb69f8da40b9c91b4020296ce105119e76fdf1d + - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git + commit: 1a67089e5c075ca9474a647bbf26c3354c49036a - git: https://gitlab.uniworx.de/haskell/cryptonite.git commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f -- 2.39.2 From 234a877252fe802e63ecec4de7bbc333e514da2c Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Sun, 2 Jun 2024 03:39:41 +0200 Subject: [PATCH 13/20] chore(stack.yaml): downgrade yesod-auth-oauth2 dep for ghc-8.10.4 compatibility --- stack.yaml | 2 +- stack.yaml.lock | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stack.yaml b/stack.yaml index 177e24924..ce0416d7a 100644 --- a/stack.yaml +++ b/stack.yaml @@ -89,7 +89,7 @@ extra-deps: - yesod-websockets - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git - commit: 1a67089e5c075ca9474a647bbf26c3354c49036a + commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e - git: https://gitlab.uniworx.de/haskell/cryptonite.git commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f diff --git a/stack.yaml.lock b/stack.yaml.lock index 1012009c5..59e5ac133 100644 --- a/stack.yaml.lock +++ b/stack.yaml.lock @@ -416,16 +416,16 @@ packages: git: https://gitlab.uniworx.de/haskell/yesod.git subdir: yesod-websockets - completed: - commit: acb69f8da40b9c91b4020296ce105119e76fdf1d - git: https://github.com/freckle/yesod-auth-oauth2 + commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e + git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git name: yesod-auth-oauth2 pantry-tree: - sha256: 3b77facccc81387143b7d7344fd4adb3e779dd2b9aed75eb929c7d3f0916f296 - size: 4403 + sha256: d77bf2c9c161daedeae9de92315f4ab62af1ff66b0813f4bef3648aa628eeac0 + size: 4651 version: 0.7.2.0 original: - commit: acb69f8da40b9c91b4020296ce105119e76fdf1d - git: https://github.com/freckle/yesod-auth-oauth2 + commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e + git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git - completed: commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f git: https://gitlab.uniworx.de/haskell/cryptonite.git -- 2.39.2 From 98a207bf9b3ff905cea7ba1ed17f5cd1748ab2b0 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 7 Jun 2024 17:43:44 +0200 Subject: [PATCH 14/20] chore(stackage.nix): update lts --- stackage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackage.nix b/stackage.nix index 3f04c00bb..397b68058 100644 --- a/stackage.nix +++ b/stackage.nix @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-or-later { nixpkgs ? import ./nixpkgs.nix -, snapshot ? "lts-13.21" +, snapshot ? "lts-18.0" }: let -- 2.39.2 From 7feabd1a0aea98d0f06e50df7991de619716e370 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 7 Jun 2024 17:44:45 +0200 Subject: [PATCH 15/20] chore(nix): add yesod-auth-oauth2 flake input --- nix/uniworx/backend.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nix/uniworx/backend.nix b/nix/uniworx/backend.nix index 03fdb8431..fdd129cd9 100644 --- a/nix/uniworx/backend.nix +++ b/nix/uniworx/backend.nix @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2022-2023 Gregor Kleen , Steffen Jost +# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel , Gregor Kleen , Steffen Jost # # SPDX-License-Identifier: AGPL-3.0-or-later @@ -7,7 +7,7 @@ with prev.lib; let - haskellInputs = ["encoding" "memcached-binary" "conduit-resumablesink" "HaskellNet-SSL" "ldap-client" "serversession" "xss-sanitize" "colonnade" "minio-hs" "cryptoids" "zip-stream" "yesod" "cryptonite" "esqueleto"]; + haskellInputs = ["encoding" "memcached-binary" "conduit-resumablesink" "HaskellNet-SSL" "ldap-client" "serversession" "xss-sanitize" "colonnade" "minio-hs" "cryptoids" "zip-stream" "yesod" "cryptonite" "esqueleto" "yesod-auth-oauth2"]; in { uniworx = final.haskell-nix.stackProject { src = prev.stdenv.mkDerivation { @@ -54,6 +54,7 @@ in { yesod-form.src = "${inputs.yesod}/yesod-form"; yesod-auth.src = "${inputs.yesod}/yesod-auth"; yesod-test.src = "${inputs.yesod}/yesod-test"; + yesod-auth-oauth2.src = inputs.yesod-auth-oauth2; cryptonite.src = inputs.cryptonite; esqueleto.src = inputs.esqueleto; }; -- 2.39.2 From 4e755c3c7878577fa31ec09e8237df5c72f2bf3b Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 7 Jun 2024 17:45:22 +0200 Subject: [PATCH 16/20] chore(stack.yaml): update yesod-auth-oauth2 dep --- stack.yaml | 4 ++-- stack.yaml.lock | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stack.yaml b/stack.yaml index ce0416d7a..ae115f3a8 100644 --- a/stack.yaml +++ b/stack.yaml @@ -18,7 +18,7 @@ nix: packages: [] pure: false shell-file: ./stack.nix - add-gc-roots: true + add-gc-roots: false extra-package-dbs: [] @@ -89,7 +89,7 @@ extra-deps: - yesod-websockets - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git - commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e + commit: da676b530887306b645d0170f82e7dd0611d9601 - git: https://gitlab.uniworx.de/haskell/cryptonite.git commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f diff --git a/stack.yaml.lock b/stack.yaml.lock index 59e5ac133..790fa625f 100644 --- a/stack.yaml.lock +++ b/stack.yaml.lock @@ -416,15 +416,15 @@ packages: git: https://gitlab.uniworx.de/haskell/yesod.git subdir: yesod-websockets - completed: - commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e + commit: da676b530887306b645d0170f82e7dd0611d9601 git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git name: yesod-auth-oauth2 pantry-tree: - sha256: d77bf2c9c161daedeae9de92315f4ab62af1ff66b0813f4bef3648aa628eeac0 - size: 4651 - version: 0.7.2.0 + sha256: cac5ec87651ea76e9052742b0a05598f7133ce405a8052c813c81741b3b2d667 + size: 4652 + version: 0.7.3.0 original: - commit: 2cd927c5c48cdeb7fac062b593acfbcf0607ea6e + commit: da676b530887306b645d0170f82e7dd0611d9601 git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git - completed: commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f -- 2.39.2 From 71772cc73a48728ddd0c46fca7671a1c730e6afd Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Fri, 7 Jun 2024 17:45:58 +0200 Subject: [PATCH 17/20] chore(package.yaml): update yesod-auth-oauth2 to downgraded fork --- package.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.yaml b/package.yaml index c546d95cb..d1190ffb5 100644 --- a/package.yaml +++ b/package.yaml @@ -6,7 +6,7 @@ dependencies: - yesod-core - yesod-persistent - yesod-auth - - yesod-auth-oauth2 >=0.7.1.0 + - yesod-auth-oauth2 >=0.7.3.0 - yesod-static - yesod-form - yesod-persistent -- 2.39.2 From 7b0234e60ca5cea16d6b3c88515182ae82223e03 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Mon, 10 Jun 2024 00:33:18 +0200 Subject: [PATCH 18/20] chore(flake.nix): pin yesod to specific commit for snapshot compatibility --- flake.lock | 4 ++-- flake.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index b0296f5f3..faa79accc 100644 --- a/flake.lock +++ b/flake.lock @@ -594,12 +594,12 @@ "rev": "9f8d26371d4760f8985e7bbe00c3ac16be1301bc", "revCount": 5208, "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod.git" + "url": "https://gitlab.uniworx.de/haskell/yesod.git?commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7" }, "original": { "ref": "uni2work", "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod.git" + "url": "https://gitlab.uniworx.de/haskell/yesod.git?commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7" } }, "yesod-auth-oauth2": { diff --git a/flake.nix b/flake.nix index ba356dbe0..2490b59e4 100644 --- a/flake.nix +++ b/flake.nix @@ -73,7 +73,7 @@ flake = false; }; yesod = { - url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work"; + url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work&commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7"; flake = false; }; yesod-auth-oauth2 = { -- 2.39.2 From 065588904593f08a6b801a9d5c9909c7eec47b34 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Sun, 23 Jun 2024 04:32:19 +0200 Subject: [PATCH 19/20] chore: undo nix build changes (use old oauth2 dep checkout) --- flake.lock | 18 ------------------ flake.nix | 9 +++++---- nix/uniworx/backend.nix | 3 +-- src/Application.hs | 6 +++--- src/Auth/OAuth2.hs | 10 +++++----- stack-flake.yaml | 3 ++- stack.yaml | 4 ++-- stack.yaml.lock | 14 +++++++------- 8 files changed, 25 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index b0296f5f3..01ac3b175 100644 --- a/flake.lock +++ b/flake.lock @@ -516,7 +516,6 @@ "serversession": "serversession", "xss-sanitize": "xss-sanitize", "yesod": "yesod", - "yesod-auth-oauth2": "yesod-auth-oauth2", "zip-stream": "zip-stream" } }, @@ -602,23 +601,6 @@ "url": "https://gitlab.uniworx.de/haskell/yesod.git" } }, - "yesod-auth-oauth2": { - "flake": false, - "locked": { - "lastModified": 1717165233, - "narHash": "sha256-j12y/Tjqv6aqQDqjlXElECmormeAgnjZ8WIfnEGZHvU=", - "ref": "ghc-8.10.4", - "rev": "1a67089e5c075ca9474a647bbf26c3354c49036a", - "revCount": 416, - "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git" - }, - "original": { - "ref": "ghc-8.10.4", - "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git" - } - }, "zip-stream": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index ba356dbe0..96d62d5ae 100644 --- a/flake.nix +++ b/flake.nix @@ -76,10 +76,11 @@ url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work"; flake = false; }; - yesod-auth-oauth2 = { - url = "git+https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git?ref=ghc-8.10.4"; - flake = false; - }; + # TODO: does not function due to missing dependencies in snapshot + # yesod-auth-oauth2 = { + # url = "git+https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git?ref=ghc-8.10.4"; + # flake = false; + # }; cryptonite = { url = "git+https://gitlab.uniworx.de/haskell/cryptonite.git?ref=uni2work"; flake = false; diff --git a/nix/uniworx/backend.nix b/nix/uniworx/backend.nix index fdd129cd9..722f912a8 100644 --- a/nix/uniworx/backend.nix +++ b/nix/uniworx/backend.nix @@ -7,7 +7,7 @@ with prev.lib; let - haskellInputs = ["encoding" "memcached-binary" "conduit-resumablesink" "HaskellNet-SSL" "ldap-client" "serversession" "xss-sanitize" "colonnade" "minio-hs" "cryptoids" "zip-stream" "yesod" "cryptonite" "esqueleto" "yesod-auth-oauth2"]; + haskellInputs = ["encoding" "memcached-binary" "conduit-resumablesink" "HaskellNet-SSL" "ldap-client" "serversession" "xss-sanitize" "colonnade" "minio-hs" "cryptoids" "zip-stream" "yesod" "cryptonite" "esqueleto"]; in { uniworx = final.haskell-nix.stackProject { src = prev.stdenv.mkDerivation { @@ -54,7 +54,6 @@ in { yesod-form.src = "${inputs.yesod}/yesod-form"; yesod-auth.src = "${inputs.yesod}/yesod-auth"; yesod-test.src = "${inputs.yesod}/yesod-test"; - yesod-auth-oauth2.src = inputs.yesod-auth-oauth2; cryptonite.src = inputs.cryptonite; esqueleto.src = inputs.esqueleto; }; diff --git a/src/Application.hs b/src/Application.hs index 61adb291f..225957aa7 100644 --- a/src/Application.hs +++ b/src/Application.hs @@ -101,7 +101,7 @@ import UnliftIO.Pool import qualified Web.ServerSession.Backend.Acid as Acid import Web.ServerSession.Core (StorageException(..)) -import Yesod.Auth.OAuth2.AzureADv2 (oauth2AzureADv2Scoped) +import Yesod.Auth.OAuth2.AzureAD (oauth2AzureADScoped) import Yesod.Auth.Util.PasswordStore import qualified Yesod.Core.Types as Yesod (Logger(..)) @@ -328,7 +328,7 @@ makeFoundation appSettings''@AppSettings{..} = do #ifdef DEVELOPMENT oauth2Plugins <- liftIO $ sequence [ (azureMockServer . fromJust) <$> lookupEnv "OAUTH2_SERVER_PORT" - , return $ oauth2AzureADv2Scoped ["openid", "profile", "offline_access"] "42" "42" "shhh" + , return $ oauth2AzureADScoped ["openid", "profile", "offline_access"] "42" "shhh" ] #else -- let -- Auth Plugins @@ -346,7 +346,7 @@ makeFoundation appSettings''@AppSettings{..} = do oauth2Plugins <- if | UserAuthConfSingleSource (AuthSourceConfAzureAdV2 AzureConf{..}) <- appUserAuthConf -> do $logInfoS "OAuth2" "Successfully parsed OAuth2 config from AppSettings" - return . singleton $ oauth2AzureADv2Scoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret + return . singleton $ oauth2AzureADScoped (Set.toList azureConfScopes) (tshow azureConfClientId) azureConfClientSecret | otherwise -> do when appSingleSignOn $ do $logErrorS "OAuth2" "SingleSignOn via AzureADv2 is enabled, but user-auth config could not be parsed!" diff --git a/src/Auth/OAuth2.hs b/src/Auth/OAuth2.hs index d7cddca2b..765fe7636 100644 --- a/src/Auth/OAuth2.hs +++ b/src/Auth/OAuth2.hs @@ -122,15 +122,15 @@ instance FromJSON UserID where azureMockServer :: YesodAuth m => String -> AuthPlugin m azureMockServer port = let oa = OAuth2 - { oauth2ClientId = "42" - , oauth2ClientSecret = Just "shhh" - , oauth2AuthorizeEndpoint = fromString (mockServerURL <> "/auth") + { oauthClientId = "42" + , oauthClientSecret = Just "shhh" + , oauthOAuthorizeEndpoint = fromString (mockServerURL <> "/auth") `withQuery` [ scopeParam " " ["openid", "profile", "email", "offline_access"] -- TODO read scopes from config , ("response_type", "code id_token") , ("nonce", "Foo") -- TODO generate meaningful value ] - , oauth2TokenEndpoint = fromString $ mockServerURL <> "/token" - , oauth2RedirectUri = Nothing -- TODO use approot as redirect uri? + , oauthAccessTokenEndpoint = fromString $ mockServerURL <> "/token" + , oauthCallback = Nothing -- TODO use approot as redirect uri? } mockServerURL = "http://localhost:" <> fromString port profileSrc = fromString $ mockServerURL <> "/users/me" diff --git a/stack-flake.yaml b/stack-flake.yaml index 38c9f3c75..dfd2ddefb 100644 --- a/stack-flake.yaml +++ b/stack-flake.yaml @@ -45,7 +45,6 @@ extra-deps: - @yesod@/yesod-auth - @yesod@/yesod-test - @yesod@/yesod - - @yesod-auth-oauth2@ - @cryptonite@ - @esqueleto@ @@ -56,6 +55,8 @@ extra-deps: subdirs: - gearhash - fastcdc + - git: https://github.com/freckle/yesod-auth-oauth2.git + commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 - classy-prelude-yesod-1.5.0@sha256:8f7e183bdfd6d2ea9674284c4f285294ab086aff60d9be4e5d7d2f3c1a2b05b7,1330 - acid-state-0.16.0.1@sha256:d43f6ee0b23338758156c500290c4405d769abefeb98e9bc112780dae09ece6f,6207 diff --git a/stack.yaml b/stack.yaml index ae115f3a8..dc195001f 100644 --- a/stack.yaml +++ b/stack.yaml @@ -88,8 +88,8 @@ extra-deps: - yesod-eventsource - yesod-websockets - - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git - commit: da676b530887306b645d0170f82e7dd0611d9601 + - git: https://github.com/freckle/yesod-auth-oauth2 + commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 - git: https://gitlab.uniworx.de/haskell/cryptonite.git commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f diff --git a/stack.yaml.lock b/stack.yaml.lock index 790fa625f..40712391d 100644 --- a/stack.yaml.lock +++ b/stack.yaml.lock @@ -416,16 +416,16 @@ packages: git: https://gitlab.uniworx.de/haskell/yesod.git subdir: yesod-websockets - completed: - commit: da676b530887306b645d0170f82e7dd0611d9601 - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git + commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 + git: https://github.com/freckle/yesod-auth-oauth2 name: yesod-auth-oauth2 pantry-tree: - sha256: cac5ec87651ea76e9052742b0a05598f7133ce405a8052c813c81741b3b2d667 - size: 4652 - version: 0.7.3.0 + sha256: 22e8be5c8128e2f0fb976cb904ac93cefb49e6feef6bcadb7746641be11dcb13 + size: 3054 + version: 0.6.3.4 original: - commit: da676b530887306b645d0170f82e7dd0611d9601 - git: https://gitlab.uniworx.de/haskell/yesod-auth-oauth2.git + commit: 342dac80e40b10f07694a7e9aa8bab6d03ed6d66 + git: https://github.com/freckle/yesod-auth-oauth2 - completed: commit: 71a630edaf5f22c464e24fac8d9d310f4055ea1f git: https://gitlab.uniworx.de/haskell/cryptonite.git -- 2.39.2 From a916304ce8ac4fbd5f989152c0ffaec33d19f380 Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Wed, 17 Jul 2024 13:59:28 +0200 Subject: [PATCH 20/20] chore(flake.nix): switch to ref --- flake.lock | 22 ++++++++++++---------- flake.nix | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 47001a88e..6c0c35c28 100644 --- a/flake.lock +++ b/flake.lock @@ -587,18 +587,20 @@ "yesod": { "flake": false, "locked": { - "lastModified": 1705542497, - "narHash": "sha256-DYri6G3LeL3Gu11K0gAcUOxMwyKrLVkNnb5oTjHKRro=", - "ref": "uni2work", - "rev": "9f8d26371d4760f8985e7bbe00c3ac16be1301bc", - "revCount": 5208, - "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod.git?commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7" + "host": "gitlab.uniworx.de", + "lastModified": 1681915610, + "narHash": "sha256-HtJhPHDC7FTc7kyI3OtBKjgeUyEslIGpQiZJwO4PUec=", + "owner": "haskell", + "repo": "yesod", + "rev": "aa671eb41fdad360f2f7cb844f8de03479efe3f7", + "type": "gitlab" }, "original": { - "ref": "uni2work", - "type": "git", - "url": "https://gitlab.uniworx.de/haskell/yesod.git?commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7" + "host": "gitlab.uniworx.de", + "owner": "haskell", + "repo": "yesod", + "rev": "aa671eb41fdad360f2f7cb844f8de03479efe3f7", + "type": "gitlab" } }, "zip-stream": { diff --git a/flake.nix b/flake.nix index 010ae27f5..56ca15e67 100644 --- a/flake.nix +++ b/flake.nix @@ -73,7 +73,7 @@ flake = false; }; yesod = { - url = "git+https://gitlab.uniworx.de/haskell/yesod.git?ref=uni2work&commit=aa671eb41fdad360f2f7cb844f8de03479efe3f7"; + url = "gitlab:haskell/yesod?host=gitlab.uniworx.de&rev=aa671eb41fdad360f2f7cb844f8de03479efe3f7"; flake = false; }; # TODO: does not function due to missing dependencies in snapshot -- 2.39.2