Safe Haskell | None |
---|---|
Language | Haskell2010 |
- type UserRegisterH = "register" :> FormH UserFormData
- type UserRegisterConfirmH = "register_confirm" :> (QueryParam "token" ConfirmationToken :> Get)
- type UserLoginH = "login" :> FormH (UserName, UserPass)
- type ResetPasswordRequestH = "reset_password_request" :> FormH UserEmail
- type ResetPasswordH = "reset_password" :> (QueryParam "token" PasswordResetToken :> FormH UserPass)
- type UserLogoutH = "logout" :> (Get :<|> Post)
- type EmailUpdateH = "update_email" :> FormH UserEmail
- type EmailUpdateConfirmH = "update_email_confirm" :> (QueryParam "token" ConfirmationToken :> Get)
- type PasswordUpdateH = "update_password" :> FormH (UserPass, UserPass)
- type DashboardH = Get :<|> (("details" :> Get) :<|> (("services" :> Get) :<|> (("ownservices" :> Get) :<|> ("users" :> Get))))
- type ServiceCreateH = "create" :> FormH (ServiceName, ServiceDescription)
- type ServiceRegisterH = "register" :> FormH ()
- type ServiceLoginH = "login" :> (QueryParam "serviceId" ServiceId :> (QueryParam "redirect" RelRef :> Get))
- userRegisterH :: ServerT UserRegisterH FAction
- userRegisterConfirmH :: ServerT UserRegisterConfirmH FAction
- userLoginH :: ServerT UserLoginH FAction
- resetPasswordRequestH :: ServerT ResetPasswordRequestH FAction
- resetPasswordH :: ServerT ResetPasswordH FAction
- userLogoutH :: ServerT UserLogoutH FAction
- emailUpdateH :: ServerT EmailUpdateH FAction
- emailUpdateConfirmH :: ServerT EmailUpdateConfirmH FAction
- passwordUpdateH :: ServerT PasswordUpdateH FAction
- dashboardH :: ServerT DashboardH FAction
- serviceCreateH :: ServerT ServiceCreateH FAction
- serviceRegisterH :: ServerT ServiceRegisterH FAction
- serviceLoginH :: Maybe ServiceId -> Maybe RelRef -> FAction a
- disableCaching :: Middleware
Documentation
type UserRegisterH = "register" :> FormH UserFormData
type UserRegisterConfirmH = "register_confirm" :> (QueryParam "token" ConfirmationToken :> Get)
type UserLoginH = "login" :> FormH (UserName, UserPass)
type ResetPasswordRequestH = "reset_password_request" :> FormH UserEmail
type ResetPasswordH = "reset_password" :> (QueryParam "token" PasswordResetToken :> FormH UserPass)
type UserLogoutH = "logout" :> (Get :<|> Post)
type EmailUpdateH = "update_email" :> FormH UserEmail
type EmailUpdateConfirmH = "update_email_confirm" :> (QueryParam "token" ConfirmationToken :> Get)
type PasswordUpdateH = "update_password" :> FormH (UserPass, UserPass)
type DashboardH = Get :<|> (("details" :> Get) :<|> (("services" :> Get) :<|> (("ownservices" :> Get) :<|> ("users" :> Get))))
type ServiceCreateH = "create" :> FormH (ServiceName, ServiceDescription)
type ServiceRegisterH = "register" :> FormH ()
type ServiceLoginH = "login" :> (QueryParam "serviceId" ServiceId :> (QueryParam "redirect" RelRef :> Get))
serviceLoginH :: Maybe ServiceId -> Maybe RelRef -> FAction a
Coming from a service site, handle the authentication and redirect to service with valid
session token. This may happen in a series of redirects through the thentos frontend; the state
of this series is stored in fsdServiceLoginState
. The control flow in detail:
- case A:* user is not logged into thentos. we have stored service login callback already at this point, so just redirect to login page.
- case B:* user is logged into thentos and registered with service. clean up the
ServiceLoginState
stack, inject the service session token just created into the redirect uri, and redirect. - case C:* user is logged into thentos, but not registered with service. redirect to service registration page.
FIXME: Sönke Hahn: "The session token seems to be contained in the url. So if people copy the url from the address bar and send it to someone, they will get the same session. The session token should be in a cookie, shouldn't it?" (We will use some SSO protocol here that is not home cooked later; for prototype operations, this is not serious.)
disableCaching :: Middleware
Disable response caching. The wrapped handler can overwrite this by setting its own cache control headers.
Cache-control headers are only added to GET and HEAD responses since other request methods are considered uncachable by default.
According to the HTTP 1.1 Spec, GET/HEAD responses with the following error codes (>= 400) may be cached unless forbidded by cache-control headers:
- 404 Not Found
- 405 Method Not Allowed
- 410 Gone
- 414 Request-URI Too Long
- 501 Not Implemented