diff --git a/yesod-auth/Yesod/Auth/Email.hs b/yesod-auth/Yesod/Auth/Email.hs index 3829bb1e..3fcf8021 100644 --- a/yesod-auth/Yesod/Auth/Email.hs +++ b/yesod-auth/Yesod/Auth/Email.hs @@ -49,13 +49,12 @@ module Yesod.Auth.Email , defaultSetPasswordHandler ) where -import Network.Mail.Mime (randomString) import Yesod.Auth -import System.Random import qualified Data.Text as TS import qualified Data.Text as T import qualified Data.Text.Encoding as TE import qualified Crypto.Hash.MD5 as H +import qualified Crypto.Nonce as Nonce import Data.ByteString.Base16 as B16 import Data.Text.Encoding (encodeUtf8, decodeUtf8With) import Data.Text.Encoding.Error (lenientDecode) @@ -69,6 +68,8 @@ import Control.Monad (void) import Yesod.Form import Data.Time (getCurrentTime, addUTCTime) import Safe (readMay) +import System.IO.Unsafe (unsafePerformIO) + loginR, registerR, forgotPasswordR, setpassR :: AuthRoute loginR = PluginR "email" ["login"] @@ -163,9 +164,7 @@ class ( YesodAuth site -- -- Since 1.1.0 randomKey :: site -> IO Text - randomKey _ = do - stdgen <- newStdGen - return $ TS.pack $ fst $ randomString 10 stdgen + randomKey _ = Nonce.nonce128urlT defaultNonceGen -- | Route to send user to after password has been set correctly. -- @@ -586,3 +585,8 @@ setLoginLinkKey :: (YesodAuthEmail site, MonadHandler m, HandlerSite m ~ site) = setLoginLinkKey aid = do now <- liftIO getCurrentTime setSession loginLinkKey $ TS.pack $ show (toPathPiece aid, now) + + +defaultNonceGen :: Nonce.Generator +defaultNonceGen = unsafePerformIO (Nonce.new) +{-# NOINLINE defaultNonceGen #-} diff --git a/yesod-auth/yesod-auth.cabal b/yesod-auth/yesod-auth.cabal index e5fd1804..cf2d3dde 100644 --- a/yesod-auth/yesod-auth.cabal +++ b/yesod-auth/yesod-auth.cabal @@ -58,6 +58,7 @@ library , blaze-builder , conduit , conduit-extra + , nonce >= 1.0.2 && < 1.1 if flag(network-uri) build-depends: network-uri >= 2.6