From 8596bbc10e7ef82cac60f0d2e7de76453cd62396 Mon Sep 17 00:00:00 2001 From: Michael Snoyman Date: Mon, 24 Jan 2011 06:01:38 +0200 Subject: [PATCH] nonce is a Maybe --- Yesod/Core.hs | 8 ++++---- Yesod/Request.hs | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Yesod/Core.hs b/Yesod/Core.hs index f702a2a3..3771a54e 100644 --- a/Yesod/Core.hs +++ b/Yesod/Core.hs @@ -283,7 +283,7 @@ defaultYesodRunner y mkey murl handler req = do let sessionMap = Map.fromList $ filter (\(x, _) -> x /= nonceKey) session' yar <- handlerToYAR y (yesodRender y) errorHandler rr murl sessionMap h - let mnonce = Just $ reqNonce rr -- FIXME + let mnonce = reqNonce rr return $ yarToResponse (hr mnonce getExpires host exp') yar where hr mnonce getExpires host exp' hs ct sm = @@ -599,11 +599,11 @@ parseWaiRequest env session' key' = do Nothing -> langs'' Just x -> x : langs'' nonce <- case (key', lookup nonceKey session') of - (Nothing, _) -> return $ error "You have attempted to use the nonce, but sessions are disabled." -- FIXME maybe this should be handled without an error? - (_, Just x) -> return x + (Nothing, _) -> return Nothing + (_, Just x) -> return $ Just x (_, Nothing) -> do g <- newStdGen - return $ fst $ randomString 10 g + return $ Just $ fst $ randomString 10 g return $ Request gets' cookies' env langs''' nonce where randomString len = diff --git a/Yesod/Request.hs b/Yesod/Request.hs index 17b2f8d0..9856d2fe 100644 --- a/Yesod/Request.hs +++ b/Yesod/Request.hs @@ -101,7 +101,7 @@ data Request = Request -- | Languages which the client supports. , reqLangs :: [String] -- | A random, session-specific nonce used to prevent CSRF attacks. - , reqNonce :: String + , reqNonce :: Maybe String } lookup' :: Eq a => a -> [(a, b)] -> [b]