haskell/yesod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,060 Commits 42 Branches 853 Tags 10 MiB
67f846d324
Commit Graph

525 Commits

Author SHA1 Message Date
Sibi Prabakaran
ff043db45b
Update changelog 2018-03-04 13:39:31 +05:30
Sibi Prabakaran
c04d6f9ac7
Remove MINIMAL pragma for authHttpManager 
We now have a default implementation for it. See this for more
information:
https://github.com/yesodweb/yesod/issues/1489#issuecomment-370200663

Helps in preventing warnings like this:

```
serverside.hs:40:10: warning: [-Wmissing-methods]
    • No explicit implementation for
        ‘authHttpManager’
    • In the instance declaration for ‘YesodAuth App’
   |
40 | instance YesodAuth App where
   |          ^^^^^^^^^^^^^
```
 2018-03-04 13:20:21 +05:30
Michael Snoyman
a3f130233b
Relax a number of type signatures #1488 2018-02-20 13:51:36 +02:00
Michael Snoyman
fa8e1ac00f
Switch to SubHandlerFor 
This is much more consistent than suddenly using a ReaderT for subsites.
Thanks to @jprider63 for the inspiration for this, I think it cleans
things up a lot!
 2018-01-24 13:01:26 +02:00
Michael Snoyman
6830a9840c
Merge branch 'better-monads' into no-transformers 2018-01-17 06:43:52 +02:00
Michael Snoyman
2047efd00a
Bump persistent version 2018-01-16 20:21:48 +02:00
Michael Snoyman
25acc5799b
Version bumps and changelog updates 2018-01-15 15:57:36 +02:00
Michael Snoyman
60f65ed267
Cleanup warnings 2018-01-15 15:09:07 +02:00
Michael Snoyman
3bb654857c
Ditch ResumableSource 2018-01-12 00:09:54 +02:00
Michael Snoyman
3e06942449
Simplify YesodSubDispatch 2018-01-11 23:13:32 +02:00
Michael Snoyman
fbccfe2306
Merge branch 'better-monads' into no-transformers 2018-01-11 22:49:02 +02:00
Michael Snoyman
103c098cf8
Catch up with Data.Conduit.Combinators 2018-01-10 12:16:31 -08:00
Michael Snoyman
a16e75249a
More moving over to unliftio 2017-12-31 09:20:02 +02:00
Michael Snoyman
1b22e6a908
Further transformer cleanup 2017-12-18 17:06:46 +02:00
Michael Snoyman
8e265f6ebc
It all compiles 2017-12-18 15:04:45 +02:00
Michael Snoyman
aed10fc84a
WIP 2017-12-13 14:39:59 +02:00
Michael Snoyman
61c887f501
Start converting yesod-auth over 2017-12-13 13:44:59 +02:00
Sibi Prabakaran
aff72a7365
Fix since markup 2017-12-08 15:33:15 +05:30
Sibi Prabakaran
663220f334
Fix exposed version number and also haddock syntax 2017-12-08 15:30:32 +05:30
Casey Allred
e40178a854 adding link to the PR in changelog.md 2017-12-07 14:24:48 -07:00
Casey Allred
108c0c3984 merged master 2017-12-07 14:22:28 -07:00
Casey Allred
30ccfc8089 didn't mean to change this signature 2017-12-07 14:01:36 -07:00
Casey Allred
f82d08b32a add a way to control redirection to current location when redirectLogin is called 2017-12-07 13:56:53 -07:00
Alex Greif
2c59cb7dcd extend docs of defaultMaybeAuthId (#1453) 
* extend docs of defaultMaybeAuthId

make more explicite that on each call a database access is done. This can be of relevance and sometimes redundant with other Handler functionality

* Update Auth.hs
 2017-11-08 12:36:39 +00:00
Cole Brown
600d307310 Extend YesodAuthEmail to support extensible password hashing. 
This change introduces `hashAndSaltPassword` and `verifyPassword` to the
`YesodAuthEmail` type class, allowing users to implement their own hashing
schemes (i.e. to provide compatibility with an existing database). It also
updates the default handlers to use these new functions when appropriate. The
functions have default implementation such that behavior for legacy applications
should not change.
 2017-09-28 14:37:21 -04:00
Jesse Kempf
9edca8e3b5 Correct Yesod-Auth's usage of "log in" vs "login" in English. 
"Log in" (two words) is a verb, indicating the action of, well, logging
in. "Login" (one word) is a noun, indicating the credentials used to log
in.
 2017-08-30 20:40:29 -07:00
Paul Rouse
3c53acdad8 Add "@since" comments for newly exposed Yesod.Auth.Util.PasswordStore 2017-08-29 18:49:21 +01:00
Paul Rouse
464b055568 Expose Yesod.Auth.Util.PasswordStore 2017-08-29 13:40:32 +01:00
Paul Rouse
59f073a41f Pure move of Yesod.PasswordStore to Yesod.Auth.Util.PasswordStore 2017-08-29 13:34:20 +01:00
GyuYong Jung
1569af55c7 Add Korean translation 2017-08-26 05:27:53 +09:00
Michael Snoyman
1e9427baee
Version bump 2017-08-22 11:24:35 +03:00
Daniel Campoverde
e3041aa17b Fix auth messages Spanish translation 2017-08-08 11:03:09 -05:00
Michael Snoyman
4b34fe9c72
Fix deprecation warning for LTS 8 2017-07-23 12:25:29 +03:00
Sibi Prabakaran
8f5b0bc238
Do version bump and add Changelog 
Partially addresses #1397
 2017-05-18 08:43:29 +05:30
Sibi Prabakaran
f1fb571427
Make relevant changes to cabal file for yesod-auth 2017-05-18 08:18:53 +05:30
Sibi Prabakaran
92849d863c
Port to cryptonite 2017-05-18 08:18:39 +05:30
Michael Snoyman
5721f65ebf
Version bumps 2017-05-14 00:24:12 +03:00
Michael Snoyman
3229b7ad93
persistent 2.7 2017-04-12 11:02:27 +03:00
Sibi
5a37a52080 Merge pull request #1371 from dfordivam/master 
Japanese message for Current password
 2017-04-05 07:34:47 +05:30
Divam
c1fa2645c0 Japanese message for Current password 2017-04-05 10:07:09 +09:00
mingyu guo
757514c536 Completed chineseMessage in Yesod.Auth.Message. Previously, most of the 
messages are using simplified characters, but the google translated parts are
using traditional characters. I have fixed this as well.
 2017-03-28 20:40:05 +10:30
Daniel Campoverde [alx741]
9014192c66 Update changelog 2017-02-18 18:31:05 -05:00
Daniel Campoverde [alx741]
ea5e1cca26 Update emailLoginHandler 'since' version 2017-02-18 18:28:53 -05:00
Daniel Campoverde [alx741]
c5ddf55937 Update emailLoginHandler 'since' version 2017-02-18 15:14:45 -05:00
Daniel Campoverde [alx741]
c78ae95b3a Fix email auth module 2017-02-18 15:14:45 -05:00
Daniel Campoverde [alx741]
311f7927bb Merge branch 'master' of https://github.com/yesodweb/yesod 2017-02-18 15:14:31 -05:00
Michael Snoyman
cdc6c8ae04 Version bumps/changelog updates 2017-02-08 11:20:31 +02:00
Daniel Campoverde [alx741]
276a9f1321 Add and export defaultEmailLoginHandler 2017-02-06 16:15:38 -05:00
Sibi Prabakaran
d1ec382fc6
Better haddock rendering: Since -> @since 2017-02-07 01:01:05 +05:30
Sibi Prabakaran
854e0e45e7
Update relevant changelog 2017-02-07 01:00:19 +05:30
Sibi Prabakaran
dddae24786
Export plugin identifier for GoogleEmail2 module 2017-02-07 01:00:00 +05:30
Sibi Prabakaran
6f1356f2a1
Update changelog 2017-02-05 20:27:00 +05:30
Sibi Prabakaran
0c3e1d2299
Derive Show for Creds type 
Useful for doing liftIO $ print inside Yesod handlers like
authenticate.
 2017-02-05 20:25:23 +05:30
Michael Snoyman
aefd074efa Cleanup GHC 8 redundant constraints 2017-02-05 13:35:12 +02:00
Michael Snoyman
3dc2d10b30 Compile with -Wall -Werror 2017-02-05 12:09:18 +02:00
Michael Snoyman
64ed0792bc Check mime-type for JSON bodies #1330 2017-02-02 08:10:19 +02:00
Michael Snoyman
db883f19b8 Fix some whitespace 2017-02-02 07:43:55 +02:00
Sibi Prabakaran
4330461033
Change the type signature from Text to Verkey 
Since the other type signatures of the typeclass has VerKey instead of
Text, it would be better to use VerKey here also to maintain
consistency. Also, IMO this signature is more easy to follow ( I had to
look at source to see how the verification key was generated. )
 2016-12-30 18:06:40 +05:30
Sibi Prabakaran
08f994103a
Add documentation for JSON endpoints for Yesod.Auth.Email module 2016-12-08 14:25:08 +05:30
Michael Snoyman
98854b4de3 Version bump for #1317 2016-12-07 09:23:53 -05:00
Sibi Prabakaran
60f66b4c3a
Add relevant changelog 2016-12-07 14:09:01 +05:30
Sibi Prabakaran
8f8c99db88
Do parseJsonBody only when form data is not found 2016-12-07 14:08:37 +05:30
Sibi Prabakaran
0255f93c22
Export croatianMessage 2016-12-06 18:44:46 +05:30
Sibi Prabakaran
47b2877c79
More Haddock fixes 2016-12-06 18:44:38 +05:30
Sibi Prabakaran
75df4e0468
Use @since for proper haddock rendering 2016-12-06 18:21:36 +05:30
Sibi Prabakaran
83575e92a0
Fix typo: /s/interoprate/interoperate 2016-12-06 18:20:18 +05:30
Sibi Prabakaran
85bd15d109
Add json support for postPasswordR 2016-12-06 18:17:19 +05:30
Sibi Prabakaran
b6cd72f49f
Implement Login via JSON endpoint 
Add additional handling of JSON endpoint in addition to the HTML form
method.
 2016-12-06 15:20:51 +05:30
Sibi Prabakaran
19840cdc89
Add json support for postRegisterR 2016-12-05 19:32:23 +05:30
Michael Snoyman
2c4e19e0b6 Version bump for #1309 2016-11-29 13:48:42 +02:00
Filip Gralinski
a3929aa9bb remove invalid Google OpenID link 2016-11-26 19:39:24 +01:00
Sibi Prabakaran
696faa3fd0
req is not needed. 2016-11-20 13:43:01 +05:30
Sibi Prabakaran
10850f5cee
Use checkCsrfHeaderOrParam instead of manual check 2016-11-20 13:32:15 +05:30
Sibi Prabakaran
7f17d829b3
Fix CSRF security vulnerability in registerHelper function 
Return a 403 status code if the csrf tokens are matched. This currently
affects two endpoints: During registration and during password reset
forms.

This curl request demonstrates how this can be exploited to register new
email:

curl -i --header "Accept: application/json" --request POST -F
"email=sibi@psibi.in" http://localhost:3005/auth/page/email/register

With the patch applied, it will respond with this:

{"message":"Permission Denied. A valid CSRF token wasn't present in HTTP
headers or POST parameters. Because the request could have been forged,
it's been rejected altogether. Check the Yesod.Core.Handler docs of the
yesod-core package for details on CSRF protection."}
 2016-11-20 03:59:32 +05:30
Bryan Richter
add9d4393a
Comment on unsafePerformIO, close #1245 2016-10-03 09:08:22 -07:00
Michael Snoyman
a04d2b25ba Version bump 2016-09-02 12:39:01 +03:00
kevin147147
e27cebb8a5 Translation bug in german message 
missing space
 2016-09-01 11:55:44 +02:00
Michael Snoyman
d2482bf178 Version bump 2016-08-14 15:44:53 +03:00
Michael Snoyman
25cb163e11 Relax upper bounds for persistent 2.6 2016-08-14 15:41:17 +03:00
Felix Paulusma
76726063e4 Updated some Dutch translations. 2016-07-12 17:19:09 +02:00
Michael Snoyman
6595a707d0 Version bump 2016-06-27 10:46:19 +03:00
Bryan Richter
5342f891f3 Add key reuse warning (#1222) (#1233) 2016-05-14 15:40:07 -07:00
Michael Snoyman
bd1ea59cbd Version bump 2016-04-25 18:17:13 +03:00
Erik de Castro Lopo
34e0c8b638 yesod-auth: Fixes for persistent 2.5 2016-04-19 15:18:46 +10:00
Eric Easley
d99de61554 Use CPP to maintain backward compat 2016-04-18 10:03:39 -07:00
Eric Easley
8e71f766b5 Use PersistRecordBackend constraint synonym 2016-04-15 21:25:40 -07:00
Eric Easley
bf3a9c9dd4 Switch to released persistent-2.5 2016-04-14 15:14:56 -07:00
Eric Easley
f7494260b0 Merge remote-tracking branch 'upstream/master' 2016-04-11 09:16:06 -07:00
Christopher League
85a62ab074 Bump yesod-auth version for CSRF support (#1205) 2016-04-03 12:43:15 -04:00
Christopher League
fd870c95f9 Provide CSRF token in Dummy login form 2016-04-02 23:04:58 -04:00
Eric Easley
02dcb99cad Merge remote-tracking branch 'upstream/master' 2016-03-31 13:03:47 -07:00
Arthur Fayzrakhmanov (Артур Файзрахманов)
ecdee7f51a Tidy up imports 2016-03-29 19:14:40 +05:00
Arthur Fayzrakhmanov (Артур Файзрахманов)
5febecf812 Improve Russian translation for ConfirmPass message 2016-03-29 19:14:27 +05:00
Michael Snoyman
aa6714e4b0 Undo minor bump that was not needed 2016-03-29 09:16:33 +03:00
Michael Snoyman
31d07481f1 Version bump 2016-03-29 09:15:57 +03:00
Sebastien Canart
36bc175f50 Add French translation for CurrentPassword 2016-03-23 08:26:44 +01:00
Adam Sjøgren
04a7c12b65 Add translation to Danish. 2016-03-20 21:16:14 +01:00
Murray
a15070709d allow more than one session message and add statuses 2016-03-16 18:14:40 +00:00
Michael Snoyman
27a9faa91f Merge pull request #1183 from lethjakman/auth_forgot_password_csrf 
Fixed forgot password CSRF with form helper
 2016-03-13 08:11:16 +02:00
Alex Kardos
d76aa1a16e Converted runFormPosts to generateFormPost 
This is a cleaner way to generate forms without ignoring one of the
variables.
 2016-03-12 18:29:05 -07:00