Safe Haskell | None |
---|---|
Language | Haskell2010 |
- data User = User {
- _userName :: !UserName
- _userPassword :: !(HashedSecret UserPass)
- _userEmail :: !UserEmail
- data ServiceAccount = ServiceAccount {
- _serviceAnonymous :: !Bool
- newServiceAccount :: ServiceAccount
- newtype UserId = UserId {
- fromUserId :: Integer
- newtype UserName = UserName {
- fromUserName :: ST
- newtype UserPass = UserPass {
- fromUserPass :: ST
- newtype HashedSecret a = HashedSecret {
- fromHashedSecret :: EncryptedPass
- newtype UserEmail = UserEmail {
- userEmailAddress :: EmailAddress
- parseUserEmail :: ST -> Maybe UserEmail
- fromUserEmail :: UserEmail -> ST
- newtype ConfirmationToken = ConfirmationToken {
- fromConfirmationToken :: ST
- newtype PasswordResetToken = PasswordResetToken {
- fromPasswordResetToken :: ST
- data UserFormData = UserFormData {}
- data LoginFormData = LoginFormData {
- ldName :: !UserName
- ldPassword :: !UserPass
- data Service = Service {}
- newtype ServiceId = ServiceId {
- fromServiceId :: ST
- newtype ServiceKey = ServiceKey {
- fromServiceKey :: ST
- newtype ServiceName = ServiceName {
- fromServiceName :: ST
- newtype ServiceDescription = ServiceDescription {
- fromServiceDescription :: ST
- newtype Group = Group {
- fromGroup :: ST
- newtype PersonaId = PersonaId {
- fromPersonaId :: Integer
- newtype PersonaName = PersonaName {
- fromPersonaName :: ST
- data Persona = Persona {
- _personaId :: PersonaId
- _personaName :: PersonaName
- _personaUid :: UserId
- _personaExternalUrl :: Maybe Uri
- newtype ContextId = ContextId {
- fromContextId :: Integer
- newtype ContextName = ContextName {
- fromContextName :: ST
- newtype ContextDescription = ContextDescription {
- fromContextDescription :: ST
- data Context = Context {}
- newtype ThentosSessionToken = ThentosSessionToken {
- fromThentosSessionToken :: ST
- data ThentosSession = ThentosSession {}
- newtype ServiceSessionToken = ServiceSessionToken {
- fromServiceSessionToken :: ST
- data ServiceSession = ServiceSession {}
- data ServiceSessionMetadata = ServiceSessionMetadata {}
- data ByUserOrServiceId
- newtype Timestamp = Timestamp {
- fromTimestamp :: UTCTime
- newtype Timeout = Timeoutms {
- toMilliseconds :: Int
- toSeconds :: (Fractional a, Real a) => Timeout -> a
- fromMilliseconds :: Int -> Timeout
- fromSeconds :: Int -> Timeout
- fromMinutes :: Int -> Timeout
- fromHours :: Int -> Timeout
- fromDays :: Int -> Timeout
- timestampToString :: Timestamp -> String
- timestampFromString :: Monad m => String -> m Timestamp
- timeoutToString :: Timeout -> String
- timeoutFromString :: Monad m => String -> m Timeout
- secondsToString :: (Show a, Fractional a, Real a) => a -> String
- secondsFromString :: (Read a, Fractional a, Real a, Monad m) => String -> m a
- data Agent
- data Role
- newtype RelRef = RelRef {
- fromRelRef :: RelativeRef
- newtype Uri = Uri {
- fromUri :: URI
- parseUri :: SBS -> Either URIParseError Uri
- renderUri :: Uri -> SBS
- data ProxyUri = ProxyUri {}
- renderProxyUri :: ProxyUri -> ST
- parseProxyUri :: forall m. MonadError String m => ST -> m ProxyUri
- (<//>) :: (ConvertibleStrings s ST, ConvertibleStrings ST s) => s -> s -> s
- stripLeadingSlash :: ST -> ST
- stripTrailingSlash :: ST -> ST
- data Random20
- mkRandom20 :: SBS -> Maybe Random20
- fromRandom20 :: Random20 -> SBS
- newtype ImageData = ImageData {
- fromImageData :: SBS
- newtype CaptchaId = CaptchaId {
- fromCaptchaId :: ST
- data ThentosError e
- = NoSuchUser
- | NoSuchPendingUserConfirmation
- | MalformedConfirmationToken ST
- | ConfirmationTokenAlreadyExists
- | NoSuchService
- | NoSuchThentosSession
- | NoSuchServiceSession
- | NoSuchPersona
- | NoSuchContext
- | MultiplePersonasPerContext
- | GroupMembershipLoop Group Group
- | OperationNotPossibleInServiceSession
- | ServiceAlreadyExists
- | NotRegisteredWithService
- | UserEmailAlreadyExists
- | UserNameAlreadyExists
- | UserIdAlreadyExists
- | PersonaNameAlreadyExists
- | ContextNameAlreadyExists
- | CaptchaIdAlreadyExists
- | NoSuchCaptchaId
- | BadCredentials
- | BadAuthenticationHeaders
- | ProxyNotAvailable
- | MissingServiceHeader
- | ProxyNotConfiguredForService ServiceId
- | NoSuchToken
- | NeedUserA ThentosSessionToken ServiceId
- | MalformedUserPath ST
- | OtherError e
- personaId :: Lens' Persona PersonaId
- personaName :: Lens' Persona PersonaName
- personaUid :: Lens' Persona UserId
- personaExternalUrl :: Lens' Persona (Maybe Uri)
- contextDescription :: Lens' Context ContextDescription
- contextId :: Lens' Context ContextId
- contextName :: Lens' Context ContextName
- contextService :: Lens' Context ServiceId
- contextUrl :: Lens' Context (Maybe ProxyUri)
- serviceDescription :: Lens' Service ServiceDescription
- serviceKey :: Lens' Service (HashedSecret ServiceKey)
- serviceName :: Lens' Service ServiceName
- serviceOwner :: Lens' Service UserId
- serviceThentosSession :: Lens' Service (Maybe ThentosSessionToken)
- serviceAnonymous :: Iso' ServiceAccount Bool
- srvSessEnd :: Lens' ServiceSession Timestamp
- srvSessExpirePeriod :: Lens' ServiceSession Timeout
- srvSessMetadata :: Lens' ServiceSession ServiceSessionMetadata
- srvSessService :: Lens' ServiceSession ServiceId
- srvSessStart :: Lens' ServiceSession Timestamp
- srvSessThentosSession :: Lens' ServiceSession ThentosSessionToken
- thSessAgent :: Lens' ThentosSession Agent
- thSessEnd :: Lens' ThentosSession Timestamp
- thSessExpirePeriod :: Lens' ThentosSession Timeout
- thSessStart :: Lens' ThentosSession Timestamp
- userEmail :: Lens' User UserEmail
- userName :: Lens' User UserName
- userPassword :: Lens' User (HashedSecret UserPass)
Documentation
data User
User | |
|
data ServiceAccount
the data a user maintains about a service they are signed up with.
ServiceAccount | |
|
Eq ServiceAccount | |
Show ServiceAccount | |
Generic ServiceAccount | |
type Rep ServiceAccount |
newtype UserId
UserId | |
|
newtype UserName
UserName | |
|
newtype UserPass
FIXME: ToJSON instance should go away in order to avoid accidental leakage of cleartext passwords. but for the experimentation phase this is too much of a headache. (Under no circumstances render to something like "[password hidden]". Causes a lot of confusion.)
UserPass | |
|
newtype HashedSecret a
HashedSecret | |
|
Eq (HashedSecret a) | |
Show (HashedSecret a) | |
Generic (HashedSecret a) | |
FromField (HashedSecret a) | |
ToField (HashedSecret a) | |
type Rep (HashedSecret a) |
newtype UserEmail
UserEmail | |
|
parseUserEmail :: ST -> Maybe UserEmail
fromUserEmail :: UserEmail -> ST
newtype ConfirmationToken
Eq ConfirmationToken | |
Ord ConfirmationToken | |
Read ConfirmationToken | |
Show ConfirmationToken | |
IsString ConfirmationToken | |
Generic ConfirmationToken | |
FromHttpApiData ConfirmationToken | |
FromField ConfirmationToken | |
ToField ConfirmationToken | |
type Rep ConfirmationToken |
newtype PasswordResetToken
Eq PasswordResetToken | |
Ord PasswordResetToken | |
Read PasswordResetToken | |
Show PasswordResetToken | |
IsString PasswordResetToken | |
Generic PasswordResetToken | |
FromHttpApiData PasswordResetToken | |
FromField PasswordResetToken | |
ToField PasswordResetToken | |
type Rep PasswordResetToken |
data UserFormData
Information required to create a new User
Eq UserFormData | |
Generic UserFormData | |
ToJSON UserFormData | |
FromJSON UserFormData | |
type Rep UserFormData |
data LoginFormData
LoginFormData | |
|
Eq LoginFormData | |
Generic LoginFormData | |
ToJSON LoginFormData | |
FromJSON LoginFormData | |
type Rep LoginFormData |
data Service
(Service owner is an Agent
, not a User
, so that services can (but do not have to) be owned
by their parent services in a service hierarchy.)
Service | |
|
newtype ServiceId
ServiceId | |
|
newtype ServiceKey
ServiceKey | |
|
Eq ServiceKey | |
Ord ServiceKey | |
Read ServiceKey | |
Show ServiceKey | |
IsString ServiceKey | |
Generic ServiceKey | |
ToJSON ServiceKey | |
FromJSON ServiceKey | |
type Rep ServiceKey |
newtype ServiceName
ServiceName | |
|
Eq ServiceName | |
Ord ServiceName | |
Read ServiceName | |
Show ServiceName | |
IsString ServiceName | |
Generic ServiceName | |
FromHttpApiData ServiceName | |
ToJSON ServiceName | |
FromJSON ServiceName | |
FromField ServiceName | |
ToField ServiceName | |
type Rep ServiceName |
newtype ServiceDescription
Eq ServiceDescription | |
Ord ServiceDescription | |
Read ServiceDescription | |
Show ServiceDescription | |
IsString ServiceDescription | |
Generic ServiceDescription | |
FromHttpApiData ServiceDescription | |
ToJSON ServiceDescription | |
FromJSON ServiceDescription | |
FromField ServiceDescription | |
ToField ServiceDescription | |
type Rep ServiceDescription |
newtype Group
Service-side authoriziation classes. (For thentos-internal authorization classes, see Role
.)
Groups are opaque strings that services can use to manage authorizations for their users in thentos. One reason why thentos offers this (rather than leaving the groups-to-users mapping to the internals of the service) is that this puts us in a position to do anonymized authentication: we can assert a request is issued by a user member in a certain group, but not leak the name of the user.
newtype PersonaId
PersonaId | |
|
newtype PersonaName
PersonaName | |
|
Eq PersonaName | |
Ord PersonaName | |
Read PersonaName | |
Show PersonaName | |
IsString PersonaName | |
Generic PersonaName | |
ToJSON PersonaName | |
FromJSON PersonaName | |
FromField PersonaName | |
ToField PersonaName | |
type Rep PersonaName |
data Persona
- Note on the external url field:* Since personas are exposed to the service, it sometimes makes sense for a service to maintain its own data item for each persona in thentos. The persona's external url can be used to point to that data item's rest url.
Persona | |
|
newtype ContextId
ContextId | |
|
newtype ContextName
ContextName | |
|
Eq ContextName | |
Ord ContextName | |
Read ContextName | |
Show ContextName | |
IsString ContextName | |
Generic ContextName | |
ToJSON ContextName | |
FromJSON ContextName | |
FromField ContextName | |
ToField ContextName | |
type Rep ContextName |
newtype ContextDescription
Eq ContextDescription | |
Ord ContextDescription | |
Read ContextDescription | |
Show ContextDescription | |
IsString ContextDescription | |
Generic ContextDescription | |
ToJSON ContextDescription | |
FromJSON ContextDescription | |
FromField ContextDescription | |
ToField ContextDescription | |
type Rep ContextDescription |
newtype ThentosSessionToken
Eq ThentosSessionToken | |
Ord ThentosSessionToken | |
Read ThentosSessionToken | |
Show ThentosSessionToken | |
IsString ThentosSessionToken | |
Generic ThentosSessionToken | |
FromHttpApiData ThentosSessionToken | |
ToJSON ThentosSessionToken | |
FromJSON ThentosSessionToken | |
FromField ThentosSessionToken | |
ToField ThentosSessionToken | |
type Rep ThentosSessionToken |
data ThentosSession
ThentosSession | |
|
Eq ThentosSession | |
Ord ThentosSession | |
Show ThentosSession | |
Generic ThentosSession | |
type Rep ThentosSession |
newtype ServiceSessionToken
Eq ServiceSessionToken | |
Ord ServiceSessionToken | |
Read ServiceSessionToken | |
Show ServiceSessionToken | |
IsString ServiceSessionToken | |
Generic ServiceSessionToken | |
FromHttpApiData ServiceSessionToken | |
ToJSON ServiceSessionToken | |
FromJSON ServiceSessionToken | |
FromField ServiceSessionToken | |
ToField ServiceSessionToken | |
type Rep ServiceSessionToken |
data ServiceSession
Eq ServiceSession | |
Ord ServiceSession | |
Show ServiceSession | |
Generic ServiceSession | |
ToJSON ServiceSession | |
FromJSON ServiceSession | |
type Rep ServiceSession |
Eq ServiceSessionMetadata | |
Ord ServiceSessionMetadata | |
Read ServiceSessionMetadata | |
Show ServiceSessionMetadata | |
Generic ServiceSessionMetadata | |
ToJSON ServiceSessionMetadata | |
FromJSON ServiceSessionMetadata | |
FromField ServiceSessionMetadata | |
type Rep ServiceSessionMetadata |
data ByUserOrServiceId
Eq ByUserOrServiceId | |
Generic ByUserOrServiceId | |
ToJSON ByUserOrServiceId | |
FromJSON ByUserOrServiceId | |
type Rep ByUserOrServiceId |
newtype Timestamp
Timestamp | |
|
newtype Timeout
Timeoutms | |
|
fromMilliseconds :: Int -> Timeout
fromSeconds :: Int -> Timeout
fromMinutes :: Int -> Timeout
timestampToString :: Timestamp -> String
timestampFromString :: Monad m => String -> m Timestamp
timeoutToString :: Timeout -> String
timeoutFromString :: Monad m => String -> m Timeout
secondsToString :: (Show a, Fractional a, Real a) => a -> String
secondsFromString :: (Read a, Fractional a, Real a, Monad m) => String -> m a
data Agent
data Role
Thentos-internal authorization classes. (See Group
for service-side authorization classes.)
RoleAdmin | Can do anything. (There may be no difference in behaviour from |
RoleUser | Can sign up with services |
RoleUserAdmin | Can create (and manage her own) users |
RoleServiceAdmin | Can create (and manage her own) services |
RoleGroupAdmin | Can add personas and groups to groups and remove them |
newtype Uri
Wrapper around URI
with additional instance definitions.
data ProxyUri
renderProxyUri :: ProxyUri -> ST
parseProxyUri :: forall m. MonadError String m => ST -> m ProxyUri
(<//>) :: (ConvertibleStrings s ST, ConvertibleStrings ST s) => s -> s -> s
stripLeadingSlash :: ST -> ST
Strip an optional slash from the start of a text. If the text doesn't start with a slash, it is returned unchanged.
stripTrailingSlash :: ST -> ST
Strip an optional slash from the end of a text. If the text doesn't end in a slash, it is returned unchanged.
data Random20
20 bytes of randomness. For comparison: an UUID has 16 bytes, so that should be enough for all practical purposes.
mkRandom20 :: SBS -> Maybe Random20
Construct a Random20
from a bytestring. Returns Just
a Random20 wrapping the input
if its length is 20, Nothing
otherwise.
fromRandom20 :: Random20 -> SBS
Extract the wrapped 20 bytes from a Random20
.
newtype ImageData
ImageData | |
|
newtype CaptchaId
CaptchaId | |
|
data ThentosError e
Eq e => Eq (ThentosError e) | |
Read e => Read (ThentosError e) | |
Show e => Show (ThentosError e) | |
(Show e, Typeable * e) => Exception (ThentosError e) | |
MonadError (ThentosError e) (Action e s) | |
MonadError (ThentosError e) (UnsafeAction e s) |
personaName :: Lens' Persona PersonaName
personaUid :: Lens' Persona UserId
personaExternalUrl :: Lens' Persona (Maybe Uri)
contextDescription :: Lens' Context ContextDescription
contextName :: Lens' Context ContextName
contextService :: Lens' Context ServiceId
contextUrl :: Lens' Context (Maybe ProxyUri)
serviceDescription :: Lens' Service ServiceDescription
serviceKey :: Lens' Service (HashedSecret ServiceKey)
serviceName :: Lens' Service ServiceName
serviceOwner :: Lens' Service UserId
serviceThentosSession :: Lens' Service (Maybe ThentosSessionToken)
serviceAnonymous :: Iso' ServiceAccount Bool
srvSessEnd :: Lens' ServiceSession Timestamp
srvSessExpirePeriod :: Lens' ServiceSession Timeout
srvSessService :: Lens' ServiceSession ServiceId
srvSessStart :: Lens' ServiceSession Timestamp
thSessAgent :: Lens' ThentosSession Agent
thSessEnd :: Lens' ThentosSession Timestamp
thSessExpirePeriod :: Lens' ThentosSession Timeout
thSessStart :: Lens' ThentosSession Timestamp
userPassword :: Lens' User (HashedSecret UserPass)