Merge branch 'freckle:main' into main

2026-01-11 19:58:28 +01:00 · 2024-11-03 18:08:02 +01:00 · 2024-11-03 18:08:02 +01:00 · d0606fb8cd
commit d0606fb8cd
parent a36d17f7a5 50cc0ea49b
26 changed files with 161 additions and 58 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -10,32 +10,31 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  test:
+  generate:
    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - id: generate
+        uses: freckle/stack-action/generate-matrix@v5
+    outputs:
+      stack-yamls: ${{ steps.generate.outputs.stack-yamls }}

+  test:
+    needs: generate
    strategy:
      matrix:
-        stack-yaml:
-          - stack-nightly.yaml     # ghc-9.8
-          - stack.yaml             # ghc-9.6
-          - stack-lts-21.25.yaml   # ghc-9.4
-          - stack-lts-20.26.yaml   # ghc-9.2
-          - stack-lts-19.33.yaml   # ghc-9.0
-          - stack-lts-18.28.yaml   # ghc-8.10
-          - stack-lts-16.31.yaml   # ghc-8.8
-          - stack-lts-14.27.yaml   # ghc-8.6 + hoauth2-1.14.0
-          - stack-hoauth2-2.6.yaml # ghc-9.4 (nightly-2022-12-09)
-          - stack-hoauth2-2.3.yaml # ghc-9.0 (nightly-2022-02-25)
-          - stack-hoauth2-2.2.yaml # ghc-9.0 (nightly-2022-02-25)
-          - stack-hoauth2-2.0.yaml # ghc-8.10
+        stack-yaml: ${{ fromJSON(needs.generate.outputs.stack-yamls) }}
      fail-fast: false

+    runs-on: ubuntu-latest
+
    steps:
      - uses: actions/checkout@v4
      - uses: freckle/stack-action@v5
        with:
-          stack-yaml: ${{ matrix.stack-yaml }}
          stack-build-arguments: --flag yesod-auth-oauth2:example
+        env:
+          STACK_YAML: ${{ matrix.stack-yaml }}

  lint:
    runs-on: ubuntu-latest
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -14,9 +14,9 @@ jobs:
        uses: freckle/haskell-tag-action@v1

      - if: steps.tag.outputs.tag
-        run: stack upload --pvp-bounds lower
+        run: stack upload --pvp-bounds lower .
        env:
          HACKAGE_KEY: ${{ secrets.HACKAGE_UPLOAD_API_KEY }}

          # Use minimum LTS to set lowest lower bounds
-          STACK_YAML: stack-lts-14.27.yaml
+          STACK_YAML: stack-lts-16.31.yaml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,15 @@
-## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.3...main)
+## [_Unreleased_](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.3.0...main)
+
+## [v0.7.3.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.2.0...v0.7.3.0)
+
+- Add ORCID provider
+- Drop support for LTS-12 / GHC-8.6
+- Replace `cryptonite` with `crypton`
+
+## [v0.7.2.0](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.3...v0.7.2.0)
+
+- Add `oauth2GitHubWidget` and `oauth2GitHubScopedWidget`
+  [@jaanisfehling](https://github.com/freckle/yesod-auth-oauth2/pull/181)

 ## [v0.7.1.3](https://github.com/thoughtbot/yesod-auth-oauth2/compare/v0.7.1.2...v0.7.1.3)

--- a/example/Main.hs
+++ b/example/Main.hs
@ -34,6 +34,7 @@ import Yesod.Auth.OAuth2.GitHub
 import Yesod.Auth.OAuth2.GitLab
 import Yesod.Auth.OAuth2.Google
 import Yesod.Auth.OAuth2.Nylas
+import Yesod.Auth.OAuth2.ORCID
 import Yesod.Auth.OAuth2.Salesforce
 import Yesod.Auth.OAuth2.Slack
 import Yesod.Auth.OAuth2.Spotify
@ -149,6 +150,7 @@ mkFoundation = do
      , loadPlugin (oauth2Spotify []) "SPOTIFY"
      , loadPlugin oauth2Twitch "TWITCH"
      , loadPlugin oauth2WordPressDotCom "WORDPRESS_DOT_COM"
+      , loadPlugin oauth2ORCID "ORCID"
      , loadPlugin oauth2Upcase "UPCASE"
      ]

--- a/package.yaml
+++ b/package.yaml
@ -1,6 +1,6 @@
 ---
 name: yesod-auth-oauth2
-version: 0.7.1.3
+version: 0.7.3.0
 synopsis: OAuth 2.0 authentication plugins
 description: Library to authenticate with OAuth 2.0 for Yesod web applications.
 category: Web
@ -27,7 +27,7 @@ library:
  dependencies:
    - aeson >=0.6
    - bytestring >=0.9.1.4
-    - cryptonite >=0.25
+    - crypton
    - errors
    - hoauth2 >=1.11.0
    - http-client >=0.4.0
--- a/src/Yesod/Auth/OAuth2/Google.hs
+++ b/src/Yesod/Auth/OAuth2/Google.hs
@ -39,9 +39,8 @@ newtype User = User Text
 instance FromJSON User where
  parseJSON =
    withObject "User" $ \o ->
-      User
-        -- Required for data backwards-compatibility
-        <$> (("google-uid:" <>) <$> o .: "sub")
+      -- Required for data backwards-compatibility
+      User . ("google-uid:" <>) <$> o .: "sub"

 pluginName :: Text
 pluginName = "google"
--- a/src/Yesod/Auth/OAuth2/ORCID.hs
+++ b/src/Yesod/Auth/OAuth2/ORCID.hs
@ -0,0 +1,50 @@
+{-# LANGUAGE OverloadedStrings #-}
+
+module Yesod.Auth.OAuth2.ORCID
+  ( oauth2ORCID
+  ) where
+
+import qualified Data.Text as T
+import Yesod.Auth.OAuth2.Prelude
+
+pluginName :: Text
+pluginName = "orcid"
+
+newtype User = User Text
+
+instance FromJSON User where
+  parseJSON = withObject "User" $ \o -> User <$> o .: "sub"
+
+oauth2ORCID
+  :: YesodAuth m
+  => Text
+  -- ^ Client Id
+  -> Text
+  -- ^ Client Secret
+  -> AuthPlugin m
+oauth2ORCID clientId clientSecret =
+  authOAuth2 pluginName oauth2 $ \manager token -> do
+    (User userId, userResponse) <-
+      authGetProfile
+        pluginName
+        manager
+        token
+        "https://orcid.org/oauth/userinfo"
+
+    pure
+      Creds
+        { credsPlugin = pluginName
+        , credsIdent = T.pack $ show userId
+        , credsExtra = setExtra token userResponse
+        }
+ where
+  oauth2 =
+    OAuth2
+      { oauth2ClientId = clientId
+      , oauth2ClientSecret = Just clientSecret
+      , oauth2AuthorizeEndpoint =
+          "https://orcid.org/oauth/authorize"
+            `withQuery` [scopeParam " " ["openid"]]
+      , oauth2TokenEndpoint = "https://orcid.org/oauth/token"
+      , oauth2RedirectUri = Nothing
+      }
--- a/stack-hoauth2-2.0.yaml
+++ b/stack-hoauth2-2.0.yaml
@ -1,3 +1,4 @@
 resolver: lts-18.28
 extra-deps:
+  - crypton-1.0.0
  - hoauth2-2.0.0
--- a/stack-hoauth2-2.0.yaml.lock
+++ b/stack-hoauth2-2.0.yaml.lock
@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files

 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
    hackage: hoauth2-2.0.0@sha256:4686d776272d4c57d3c8dbeb9e58b04afe4d2b410382011bd78a3d2bfb08a3fe,5662
    pantry-tree:
--- a/stack-hoauth2-2.2.yaml
+++ b/stack-hoauth2-2.2.yaml
@ -1,3 +1,4 @@
 resolver: nightly-2022-02-25
 extra-deps:
+  - crypton-1.0.0
  - hoauth2-2.2.0
--- a/stack-hoauth2-2.2.yaml.lock
+++ b/stack-hoauth2-2.2.yaml.lock
@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files

 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
    hackage: hoauth2-2.2.0@sha256:83a96156717d9e2c93394b35bef4151f82b90dc88b83d0e35c0bf1158bd41c6c,2801
    pantry-tree:
--- a/stack-hoauth2-2.3.yaml
+++ b/stack-hoauth2-2.3.yaml
@ -1,3 +1,4 @@
 resolver: nightly-2022-02-25
 extra-deps:
+  - crypton-1.0.0
  - hoauth2-2.3.0
--- a/stack-hoauth2-2.3.yaml.lock
+++ b/stack-hoauth2-2.3.yaml.lock
@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files

 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
    hackage: hoauth2-2.3.0@sha256:213744356007a4686ff3bb72105843d478bc0ba6229659429cbe241a99f55095,2816
    pantry-tree:
--- a/stack-hoauth2-2.6.yaml
+++ b/stack-hoauth2-2.6.yaml
@ -1,11 +1,7 @@
 resolver: nightly-2022-12-09
 extra-deps:
+  - crypton-1.0.0
  - hoauth2-2.6.0
 allow-newer: true
 allow-newer-deps:
-  - hoauth2 # specifying the package itself is not necessary in the newest
-            # stack, and in fact doens't make conceptual sense. But it is
-            # required on the version of stack on GHA or you get a warning about
-            # ignoreing the bounds (as desired) but it still fails on them...
-  - memory
-  - text
+  - hoauth2 # allow newer memory and text
--- a/stack-hoauth2-2.6.yaml.lock
+++ b/stack-hoauth2-2.6.yaml.lock
@ -4,6 +4,13 @@
 #   https://docs.haskellstack.org/en/stable/lock_files

 packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 - completed:
    hackage: hoauth2-2.6.0@sha256:168321df73bf75dc7cdda8e72725e9f3f624a9776b1fe59ae46c29c45029dc5d,2262
    pantry-tree:
--- a/stack-lts-14.27.yaml
+++ b/stack-lts-14.27.yaml
@ -1,3 +0,0 @@
-resolver: lts-14.27
-extra-deps:
-  - hoauth2-1.14.0
--- a/stack-lts-14.27.yaml.lock
+++ b/stack-lts-14.27.yaml.lock
@ -1,19 +0,0 @@
-# This file was autogenerated by Stack.
-# You should not edit this file by hand.
-# For more information, please see the documentation at:
-#   https://docs.haskellstack.org/en/stable/lock_files
-
-packages:
- completed:
-    hackage: hoauth2-1.14.0@sha256:fcb4284fc78950c91d5b548317c51bd99a5ced84f4bb9e6153624b5783e4215f,5628
-    pantry-tree:
-      sha256: f25e2c2c101312196159dad5a3e2a4c8f549ed2d036d9566b66786d758db7dba
-      size: 2046
-  original:
-    hackage: hoauth2-1.14.0
-snapshots:
- completed:
-    sha256: 7ea31a280c56bf36ff591a7397cc384d0dff622e7f9e4225b47d8980f019a0f0
-    size: 524996
-    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/14/27.yaml
-  original: lts-14.27
--- a/stack-lts-16.31.yaml
+++ b/stack-lts-16.31.yaml
@ -1 +1,3 @@
 resolver: lts-16.31
+extra-deps:
+  - crypton-1.0.0
--- a/stack-lts-16.31.yaml.lock
+++ b/stack-lts-16.31.yaml.lock
@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files

-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
    sha256: 637fb77049b25560622a224845b7acfe81a09fdb6a96a3c75997a10b651667f6
--- a/stack-lts-18.28.yaml
+++ b/stack-lts-18.28.yaml
@ -1 +1,3 @@
 resolver: lts-18.28
+extra-deps:
+  - crypton-1.0.0
--- a/stack-lts-18.28.yaml.lock
+++ b/stack-lts-18.28.yaml.lock
@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files

-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
    sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
--- a/stack-lts-19.33.yaml
+++ b/stack-lts-19.33.yaml
@ -1 +1,3 @@
 resolver: lts-19.33
+extra-deps:
+  - crypton-1.0.0
--- a/stack-lts-19.33.yaml.lock
+++ b/stack-lts-19.33.yaml.lock
@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files

-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
    sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
--- a/stack-lts-20.26.yaml
+++ b/stack-lts-20.26.yaml
@ -1 +1,3 @@
 resolver: lts-20.26
+extra-deps:
+  - crypton-1.0.0
--- a/stack-lts-20.26.yaml.lock
+++ b/stack-lts-20.26.yaml.lock
@ -3,7 +3,14 @@
 # For more information, please see the documentation at:
 #   https://docs.haskellstack.org/en/stable/lock_files

-packages: []
+packages:
+- completed:
+    hackage: crypton-1.0.0@sha256:637e58581978c84ef1288d14fa9cac1d2905ef60e319924293bc11250aca882d,14527
+    pantry-tree:
+      sha256: 4b5e5511567c0fe735a224cb8b2b278e1caa79344f2940d030d169e69b1b81e1
+      size: 23275
+  original:
+    hackage: crypton-1.0.0
 snapshots:
 - completed:
    sha256: 5a59b2a405b3aba3c00188453be172b85893cab8ebc352b1ef58b0eae5d248a2
--- a/yesod-auth-oauth2.cabal
+++ b/yesod-auth-oauth2.cabal
@ -4,10 +4,10 @@ cabal-version: 1.18
 --
 -- see: https://github.com/sol/hpack
 --
-- hash: 207152c226dff43499a366c34fa97543df920deaad084999e3942ae0dc32a30f
+-- hash: 148c53a7824b23fa36ce45e0641e643edec0da339f201937f076327d06b2054a

 name:           yesod-auth-oauth2
-version:        0.7.1.3
+version:        0.7.3.0
 synopsis:       OAuth 2.0 authentication plugins
 description:    Library to authenticate with OAuth 2.0 for Yesod web applications.
 category:       Web
@ -54,6 +54,7 @@ library
      Yesod.Auth.OAuth2.GitLab
      Yesod.Auth.OAuth2.Google
      Yesod.Auth.OAuth2.Nylas
+      Yesod.Auth.OAuth2.ORCID
      Yesod.Auth.OAuth2.Prelude
      Yesod.Auth.OAuth2.Random
      Yesod.Auth.OAuth2.Salesforce
@ -71,7 +72,7 @@ library
      aeson >=0.6
    , base >=4.9.0.0 && <5
    , bytestring >=0.9.1.4
-    , cryptonite >=0.25
+    , crypton
    , errors
    , hoauth2 >=1.11.0
    , http-client >=0.4.0