thentos-core-0.0.1.1: The swiss army knife of privacy-preserving identity management

Safe HaskellNone
LanguageHaskell2010

Thentos.Frontend.Handlers

Synopsis

Documentation

type UserRegisterH = "register" :> FormH UserFormData

type UserRegisterConfirmH = "register_confirm" :> (QueryParam "token" ConfirmationToken :> Get)

type UserLoginH = "login" :> FormH (UserName, UserPass)

type ResetPasswordRequestH = "reset_password_request" :> FormH UserEmail

type ResetPasswordH = "reset_password" :> (QueryParam "token" PasswordResetToken :> FormH UserPass)

type UserLogoutH = "logout" :> (Get :<|> Post)

type EmailUpdateH = "update_email" :> FormH UserEmail

type EmailUpdateConfirmH = "update_email_confirm" :> (QueryParam "token" ConfirmationToken :> Get)

type PasswordUpdateH = "update_password" :> FormH (UserPass, UserPass)

type DashboardH = Get :<|> (("details" :> Get) :<|> (("services" :> Get) :<|> (("ownservices" :> Get) :<|> ("users" :> Get))))

type ServiceCreateH = "create" :> FormH (ServiceName, ServiceDescription)

type ServiceRegisterH = "register" :> FormH ()

type ServiceLoginH = "login" :> (QueryParam "serviceId" ServiceId :> (QueryParam "redirect" RelRef :> Get))

userRegisterH :: ServerT UserRegisterH FAction

userRegisterConfirmH :: ServerT UserRegisterConfirmH FAction

userLoginH :: ServerT UserLoginH FAction

resetPasswordRequestH :: ServerT ResetPasswordRequestH FAction

resetPasswordH :: ServerT ResetPasswordH FAction

userLogoutH :: ServerT UserLogoutH FAction

emailUpdateH :: ServerT EmailUpdateH FAction

emailUpdateConfirmH :: ServerT EmailUpdateConfirmH FAction

passwordUpdateH :: ServerT PasswordUpdateH FAction

dashboardH :: ServerT DashboardH FAction

serviceCreateH :: ServerT ServiceCreateH FAction

serviceRegisterH :: ServerT ServiceRegisterH FAction

serviceLoginH :: Maybe ServiceId -> Maybe RelRef -> FAction a

Coming from a service site, handle the authentication and redirect to service with valid session token. This may happen in a series of redirects through the thentos frontend; the state of this series is stored in fsdServiceLoginState. The control flow in detail:

  • case A:* user is not logged into thentos. we have stored service login callback already at this point, so just redirect to login page.
  • case B:* user is logged into thentos and registered with service. clean up the ServiceLoginState stack, inject the service session token just created into the redirect uri, and redirect.
  • case C:* user is logged into thentos, but not registered with service. redirect to service registration page.

FIXME: Sönke Hahn: "The session token seems to be contained in the url. So if people copy the url from the address bar and send it to someone, they will get the same session. The session token should be in a cookie, shouldn't it?" (We will use some SSO protocol here that is not home cooked later; for prototype operations, this is not serious.)

disableCaching :: Middleware

Disable response caching. The wrapped handler can overwrite this by setting its own cache control headers.

Cache-control headers are only added to GET and HEAD responses since other request methods are considered uncachable by default.

According to the HTTP 1.1 Spec, GET/HEAD responses with the following error codes (>= 400) may be cached unless forbidded by cache-control headers:

  • 404 Not Found
  • 405 Method Not Allowed
  • 410 Gone
  • 414 Request-URI Too Long
  • 501 Not Implemented