thentos-core-0.0.1.1: The swiss army knife of privacy-preserving identity management

Safe HaskellNone
LanguageHaskell2010

Thentos.Types

Synopsis

Documentation

data User

Constructors

User 

Fields

_userName :: !UserName
 
_userPassword :: !(HashedSecret UserPass)
 
_userEmail :: !UserEmail
 

Instances

data ServiceAccount

the data a user maintains about a service they are signed up with.

Constructors

ServiceAccount 

Fields

_serviceAnonymous :: !Bool

Do not give out any information about user beyond session token validity bit. (not implemented.)

Instances

newServiceAccount :: ServiceAccount

newtype UserId

Constructors

UserId 

Fields

fromUserId :: Integer
 

Instances

Enum UserId 
Eq UserId 
Ord UserId 
Read UserId 
Show UserId 
Generic UserId 
FromHttpApiData UserId 
ToJSON UserId 
FromJSON UserId 
FromField UserId 
ToField UserId 
Random UserId 
type Rep UserId 

newtype UserName

Constructors

UserName 

Fields

fromUserName :: ST
 

Instances

newtype UserPass

FIXME: ToJSON instance should go away in order to avoid accidental leakage of cleartext passwords. but for the experimentation phase this is too much of a headache. (Under no circumstances render to something like "[password hidden]". Causes a lot of confusion.)

Constructors

UserPass 

Fields

fromUserPass :: ST
 

Instances

newtype HashedSecret a

Constructors

HashedSecret 

Fields

fromHashedSecret :: EncryptedPass
 

Instances

Eq (HashedSecret a) 
Show (HashedSecret a) 
Generic (HashedSecret a) 
FromField (HashedSecret a) 
ToField (HashedSecret a) 
type Rep (HashedSecret a) 

newtype UserEmail

Constructors

UserEmail 

Fields

userEmailAddress :: EmailAddress
 

Instances

parseUserEmail :: ST -> Maybe UserEmail

fromUserEmail :: UserEmail -> ST

newtype ConfirmationToken

Constructors

ConfirmationToken 

Fields

fromConfirmationToken :: ST
 

Instances

newtype PasswordResetToken

Constructors

PasswordResetToken 

Fields

fromPasswordResetToken :: ST
 

Instances

data UserFormData

Information required to create a new User

Constructors

UserFormData 

Fields

udName :: !UserName
 
udPassword :: !UserPass
 
udEmail :: !UserEmail
 

Instances

data LoginFormData

Constructors

LoginFormData 

Fields

ldName :: !UserName
 
ldPassword :: !UserPass
 

Instances

data Service

(Service owner is an Agent, not a User, so that services can (but do not have to) be owned by their parent services in a service hierarchy.)

Constructors

Service 

Fields

_serviceKey :: !(HashedSecret ServiceKey)
 
_serviceOwner :: !UserId
 
_serviceThentosSession :: !(Maybe ThentosSessionToken)

Used by the service to authenticate in communication with thentos.

_serviceName :: !ServiceName
 
_serviceDescription :: !ServiceDescription
 

Instances

newtype ServiceId

Constructors

ServiceId 

Fields

fromServiceId :: ST
 

Instances

newtype ServiceKey

Constructors

ServiceKey 

Fields

fromServiceKey :: ST
 

Instances

newtype ServiceName

Constructors

ServiceName 

Fields

fromServiceName :: ST
 

Instances

newtype ServiceDescription

Constructors

ServiceDescription 

Fields

fromServiceDescription :: ST
 

Instances

newtype Group

Service-side authoriziation classes. (For thentos-internal authorization classes, see Role.)

Groups are opaque strings that services can use to manage authorizations for their users in thentos. One reason why thentos offers this (rather than leaving the groups-to-users mapping to the internals of the service) is that this puts us in a position to do anonymized authentication: we can assert a request is issued by a user member in a certain group, but not leak the name of the user.

Constructors

Group 

Fields

fromGroup :: ST
 

Instances

Eq Group 
Ord Group 
Read Group 
Show Group 
IsString Group 
Generic Group 
ToJSON Group 
FromJSON Group 
FromField Group 
ToField Group 
type Rep Group 

newtype PersonaId

Constructors

PersonaId 

Fields

fromPersonaId :: Integer
 

Instances

newtype PersonaName

Constructors

PersonaName 

Fields

fromPersonaName :: ST
 

Instances

data Persona

  • Note on the external url field:* Since personas are exposed to the service, it sometimes makes sense for a service to maintain its own data item for each persona in thentos. The persona's external url can be used to point to that data item's rest url.

Constructors

Persona 

Fields

_personaId :: PersonaId
 
_personaName :: PersonaName
 
_personaUid :: UserId
 
_personaExternalUrl :: Maybe Uri
 

Instances

newtype ContextId

Constructors

ContextId 

Fields

fromContextId :: Integer
 

Instances

newtype ContextName

Constructors

ContextName 

Fields

fromContextName :: ST
 

Instances

newtype ContextDescription

Constructors

ContextDescription 

Fields

fromContextDescription :: ST
 

Instances

data Context

Constructors

Context 

Fields

_contextId :: ContextId
 
_contextService :: ServiceId
 
_contextName :: ContextName
 
_contextDescription :: ContextDescription
 
_contextUrl :: Maybe ProxyUri
 

Instances

newtype ThentosSessionToken

Constructors

ThentosSessionToken 

Fields

fromThentosSessionToken :: ST
 

Instances

data ThentosSession

Constructors

ThentosSession 

Fields

_thSessAgent :: !Agent
 
_thSessStart :: !Timestamp
 
_thSessEnd :: !Timestamp
 
_thSessExpirePeriod :: !Timeout
 

Instances

newtype ServiceSessionToken

Constructors

ServiceSessionToken 

Fields

fromServiceSessionToken :: ST
 

Instances

data ServiceSession

Constructors

ServiceSession 

Fields

_srvSessService :: !ServiceId
 
_srvSessStart :: !Timestamp
 
_srvSessEnd :: !Timestamp
 
_srvSessExpirePeriod :: !Timeout
 
_srvSessThentosSession :: !ThentosSessionToken
 
_srvSessMetadata :: !ServiceSessionMetadata
 

Instances

data ServiceSessionMetadata

Constructors

ServiceSessionMetadata 

Fields

_srvSessMdUser :: !UserName
 

Instances

data ByUserOrServiceId

Constructors

ByUser (UserId, UserPass) 
ByService (ServiceId, ServiceKey) 

Instances

newtype Timestamp

Constructors

Timestamp 

Fields

fromTimestamp :: UTCTime
 

Instances

newtype Timeout

Constructors

Timeoutms 

Fields

toMilliseconds :: Int
 

Instances

Eq Timeout 
Ord Timeout 
Show Timeout 
ToJSON Timeout 
FromJSON Timeout 
FromField Timeout 
ToField Timeout 

toSeconds :: (Fractional a, Real a) => Timeout -> a

fromMilliseconds :: Int -> Timeout

fromSeconds :: Int -> Timeout

fromMinutes :: Int -> Timeout

fromHours :: Int -> Timeout

fromDays :: Int -> Timeout

timestampToString :: Timestamp -> String

timestampFromString :: Monad m => String -> m Timestamp

timeoutToString :: Timeout -> String

timeoutFromString :: Monad m => String -> m Timeout

secondsToString :: (Show a, Fractional a, Real a) => a -> String

secondsFromString :: (Read a, Fractional a, Real a, Monad m) => String -> m a

data Agent

Some thing or body that deals with (and can authenticate itself before) thentos. Examples: User or Service. (We could have called this Principal, but that name is in use by LIO already.)

Constructors

UserA !UserId 
ServiceA !ServiceId 

Instances

Eq Agent 
Ord Agent 
Read Agent 
Show Agent 
Generic Agent 
ToJSON Agent 
FromJSON Agent 
ToCNF Agent 
type Rep Agent 

data Role

Thentos-internal authorization classes. (See Group for service-side authorization classes.)

Constructors

RoleAdmin

Can do anything. (There may be no difference in behaviour from allowEverything resp. thentosPublic, but if we ever want to restrict privileges, it's easier if it is a Role.)

RoleUser

Can sign up with services

RoleUserAdmin

Can create (and manage her own) users

RoleServiceAdmin

Can create (and manage her own) services

RoleGroupAdmin

Can add personas and groups to groups and remove them

Instances

Bounded Role 
Enum Role 
Eq Role 
Ord Role 
Read Role 
Show Role 
Generic Role 
ToJSON Role 
FromJSON Role 
ToCNF Role 
FromField Role 
ToField Role 
type Rep Role 

newtype RelRef

Constructors

RelRef 

Fields

fromRelRef :: RelativeRef
 

Instances

Eq RelRef 
Ord RelRef 
FromHttpApiData RelRef 

newtype Uri

Wrapper around URI with additional instance definitions.

Constructors

Uri 

Fields

fromUri :: URI
 

Instances

Eq Uri 
Ord Uri 
Show Uri 
ToJSON Uri 
FromJSON Uri 
FromField Uri 
ToField Uri 

parseUri :: SBS -> Either URIParseError Uri

renderUri :: Uri -> SBS

data ProxyUri

Constructors

ProxyUri 

Fields

proxyHost :: SBS
 
proxyPort :: Int
 
proxyPath :: SBS
 

Instances

Eq ProxyUri 
Show ProxyUri 
Generic ProxyUri 
ToJSON ProxyUri 
FromJSON ProxyUri 
FromField ProxyUri 
ToField ProxyUri 
type Rep ProxyUri 

renderProxyUri :: ProxyUri -> ST

parseProxyUri :: forall m. MonadError String m => ST -> m ProxyUri

(<//>) :: (ConvertibleStrings s ST, ConvertibleStrings ST s) => s -> s -> s

Path concatenation for avoiding double slashes in paths. One optional / trailing left side / leading right side is removed, and one / is inserted.

stripLeadingSlash :: ST -> ST

Strip an optional slash from the start of a text. If the text doesn't start with a slash, it is returned unchanged.

stripTrailingSlash :: ST -> ST

Strip an optional slash from the end of a text. If the text doesn't end in a slash, it is returned unchanged.

data Random20

20 bytes of randomness. For comparison: an UUID has 16 bytes, so that should be enough for all practical purposes.

Instances

mkRandom20 :: SBS -> Maybe Random20

Construct a Random20 from a bytestring. Returns Just a Random20 wrapping the input if its length is 20, Nothing otherwise.

fromRandom20 :: Random20 -> SBS

Extract the wrapped 20 bytes from a Random20.

newtype ImageData

Constructors

ImageData 

Fields

fromImageData :: SBS
 

Instances

newtype CaptchaId

Constructors

CaptchaId 

Fields

fromCaptchaId :: ST
 

Instances

data ThentosError e

Constructors

NoSuchUser 
NoSuchPendingUserConfirmation 
MalformedConfirmationToken ST 
ConfirmationTokenAlreadyExists 
NoSuchService 
NoSuchThentosSession 
NoSuchServiceSession 
NoSuchPersona 
NoSuchContext 
MultiplePersonasPerContext 
GroupMembershipLoop Group Group 
OperationNotPossibleInServiceSession 
ServiceAlreadyExists 
NotRegisteredWithService 
UserEmailAlreadyExists 
UserNameAlreadyExists 
UserIdAlreadyExists 
PersonaNameAlreadyExists 
ContextNameAlreadyExists 
CaptchaIdAlreadyExists 
NoSuchCaptchaId 
BadCredentials 
BadAuthenticationHeaders 
ProxyNotAvailable 
MissingServiceHeader 
ProxyNotConfiguredForService ServiceId 
NoSuchToken 
NeedUserA ThentosSessionToken ServiceId 
MalformedUserPath ST 
OtherError e 

Instances

Eq e => Eq (ThentosError e) 
Read e => Read (ThentosError e) 
Show e => Show (ThentosError e) 
(Show e, Typeable * e) => Exception (ThentosError e) 
MonadError (ThentosError e) (Action e s) 
MonadError (ThentosError e) (UnsafeAction e s) 

personaId :: Lens' Persona PersonaId

personaName :: Lens' Persona PersonaName

personaUid :: Lens' Persona UserId

personaExternalUrl :: Lens' Persona (Maybe Uri)

contextDescription :: Lens' Context ContextDescription

contextId :: Lens' Context ContextId

contextName :: Lens' Context ContextName

contextService :: Lens' Context ServiceId

contextUrl :: Lens' Context (Maybe ProxyUri)

serviceDescription :: Lens' Service ServiceDescription

serviceKey :: Lens' Service (HashedSecret ServiceKey)

serviceName :: Lens' Service ServiceName

serviceOwner :: Lens' Service UserId

serviceThentosSession :: Lens' Service (Maybe ThentosSessionToken)

serviceAnonymous :: Iso' ServiceAccount Bool

srvSessEnd :: Lens' ServiceSession Timestamp

srvSessExpirePeriod :: Lens' ServiceSession Timeout

srvSessMetadata :: Lens' ServiceSession ServiceSessionMetadata

srvSessService :: Lens' ServiceSession ServiceId

srvSessStart :: Lens' ServiceSession Timestamp

srvSessThentosSession :: Lens' ServiceSession ThentosSessionToken

thSessAgent :: Lens' ThentosSession Agent

thSessEnd :: Lens' ThentosSession Timestamp

thSessExpirePeriod :: Lens' ThentosSession Timeout

thSessStart :: Lens' ThentosSession Timestamp

userEmail :: Lens' User UserEmail

userName :: Lens' User UserName

userPassword :: Lens' User (HashedSecret UserPass)