haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use nonce package in Auth.GoogleEmail2

Browse Source 
Generate CSRF tokens using `nonce` package
This commit is contained in:
Arthur Fayzrakhmanov (Артур Файзрахманов) 2015-06-12 19:17:48 +05:00
parent 4b05cd83f6
commit 1891e573fc
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
yesod-auth/Yesod/Auth/GoogleEmail2.hs
View File

@ -71,8 +71,6 @@ import Network.HTTP.Client (parseUrl, requestHeaders,
responseBody, urlEncodedBody, Manager) responseBody, urlEncodedBody, Manager)
import Network.HTTP.Conduit (http) import Network.HTTP.Conduit (http)
import Network.HTTP.Types (renderQueryText) import Network.HTTP.Types (renderQueryText)
import Network.Mail.Mime (randomString)
import System.Random (newStdGen)
import Yesod.Auth (Auth, AuthPlugin (AuthPlugin), import Yesod.Auth (Auth, AuthPlugin (AuthPlugin),
AuthRoute, Creds (Creds), AuthRoute, Creds (Creds),
Route (PluginR), YesodAuth, Route (PluginR), YesodAuth,
@ -85,6 +83,9 @@ import Yesod.Core (HandlerSite, MonadHandler,
lookupSession, notFound, redirect, lookupSession, notFound, redirect,
setSession, whamlet, (.:), setSession, whamlet, (.:),
TypedContent, HandlerT, liftIO) TypedContent, HandlerT, liftIO)
import qualified Crypto.Nonce as Nonce
import System.IO.Unsafe (unsafePerformIO)
pid :: Text pid :: Text
pid = "googleemail2" pid = "googleemail2"
@ -113,8 +114,7 @@ getCreateCsrfToken = do
case mtoken of case mtoken of
Just token -> return token Just token -> return token
Nothing -> do Nothing -> do
stdgen <- liftIO newStdGen token <- Nonce.nonce128urlT defaultNonceGen
let token = T.pack $ fst $ randomString 10 stdgen
setSession csrfKey token setSession csrfKey token
return token return token
@ -549,3 +549,8 @@ allPersonInfo (A.Object o) = map enc $ M.toList o
where enc (key, A.String s) = (key, s) where enc (key, A.String s) = (key, s)
enc (key, v) = (key, TL.toStrict $ TL.toLazyText $ A.encodeToTextBuilder v) enc (key, v) = (key, TL.toStrict $ TL.toLazyText $ A.encodeToTextBuilder v)
allPersonInfo _ = [] allPersonInfo _ = []
defaultNonceGen :: Nonce.Generator
defaultNonceGen = unsafePerformIO (Nonce.new)
{-# NOINLINE defaultNonceGen #-}