-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Authentication for Yesod.
--   
--   API docs and the README are available at
--   <a>http://www.stackage.org/package/yesod-auth</a>
@package yesod-auth
@version 1.4.13.5

module Yesod.Auth.Message
data AuthMessage
NoOpenID :: AuthMessage
LoginOpenID :: AuthMessage
LoginGoogle :: AuthMessage
LoginYahoo :: AuthMessage
Email :: AuthMessage
UserName :: AuthMessage
IdentifierNotFound :: Text -> AuthMessage
Password :: AuthMessage
Register :: AuthMessage
RegisterLong :: AuthMessage
EnterEmail :: AuthMessage
ConfirmationEmailSentTitle :: AuthMessage
ConfirmationEmailSent :: Text -> AuthMessage
AddressVerified :: AuthMessage
InvalidKeyTitle :: AuthMessage
InvalidKey :: AuthMessage
InvalidEmailPass :: AuthMessage
BadSetPass :: AuthMessage
SetPassTitle :: AuthMessage
SetPass :: AuthMessage
NewPass :: AuthMessage
ConfirmPass :: AuthMessage
PassMismatch :: AuthMessage
PassUpdated :: AuthMessage
Facebook :: AuthMessage
LoginViaEmail :: AuthMessage
InvalidLogin :: AuthMessage
NowLoggedIn :: AuthMessage
LoginTitle :: AuthMessage
PleaseProvideUsername :: AuthMessage
PleaseProvidePassword :: AuthMessage
NoIdentifierProvided :: AuthMessage
InvalidEmailAddress :: AuthMessage
PasswordResetTitle :: AuthMessage
ProvideIdentifier :: AuthMessage
SendPasswordResetEmail :: AuthMessage
PasswordResetPrompt :: AuthMessage
CurrentPassword :: AuthMessage
InvalidUsernamePass :: AuthMessage

-- | <i>Deprecated: Please, use LogoutTitle instead.</i>
Logout :: AuthMessage
LogoutTitle :: AuthMessage
AuthError :: AuthMessage

-- | Defaults to <a>englishMessage</a>.
defaultMessage :: AuthMessage -> Text
englishMessage :: AuthMessage -> Text
portugueseMessage :: AuthMessage -> Text
swedishMessage :: AuthMessage -> Text
germanMessage :: AuthMessage -> Text
frenchMessage :: AuthMessage -> Text
norwegianBokmålMessage :: AuthMessage -> Text
japaneseMessage :: AuthMessage -> Text
finnishMessage :: AuthMessage -> Text
chineseMessage :: AuthMessage -> Text
spanishMessage :: AuthMessage -> Text
czechMessage :: AuthMessage -> Text
russianMessage :: AuthMessage -> Text
dutchMessage :: AuthMessage -> Text
danishMessage :: AuthMessage -> Text

module Yesod.Auth
data Auth
type AuthRoute = Route Auth

-- | The <a>type-safe URLs</a> associated with a site argument.
data AuthPlugin master
AuthPlugin :: Text -> (Method -> [Piece] -> AuthHandler master TypedContent) -> ((Route Auth -> Route master) -> WidgetT master IO ()) -> AuthPlugin master
[apName] :: AuthPlugin master -> Text
[apDispatch] :: AuthPlugin master -> Method -> [Piece] -> AuthHandler master TypedContent
[apLogin] :: AuthPlugin master -> (Route Auth -> Route master) -> WidgetT master IO ()
getAuth :: a -> Auth
class (Yesod master, PathPiece (AuthId master), RenderMessage master FormMessage) => YesodAuth master where type AuthId master authLayout = defaultLayout authenticate creds = do { muid <- getAuthId creds; return $ maybe (UserError InvalidLogin) Authenticated muid } getAuthId creds = do { auth <- authenticate creds; return $ case auth of { Authenticated auid -> Just auid _ -> Nothing } } loginHandler = defaultLoginHandler renderAuthMessage _ _ = defaultMessage redirectToReferer _ = False onLogin = addMessageI "success" NowLoggedIn onLogout = return () maybeAuthId = defaultMaybeAuthId onErrorHtml dest msg = do { addMessage "error" $ toHtml msg; fmap asHtml $ redirect dest } runHttpRequest req inner = do { man <- authHttpManager <$> getYesod; HandlerT $ \ t -> withResponse req man $ \ res -> unHandlerT (inner res) t } where {
    type family AuthId master;
}

-- | specify the layout. Uses defaultLayout by default
authLayout :: YesodAuth master => WidgetT master IO () -> HandlerT master IO Html

-- | Default destination on successful login, if no other destination
--   exists.
loginDest :: YesodAuth master => master -> Route master

-- | Default destination on successful logout, if no other destination
--   exists.
logoutDest :: YesodAuth master => master -> Route master

-- | Perform authentication based on the given credentials.
--   
--   Default implementation is in terms of <tt><a>getAuthId</a></tt>
--   
--   Since: 1.4.4
authenticate :: YesodAuth master => Creds master -> HandlerT master IO (AuthenticationResult master)

-- | Determine the ID associated with the set of credentials.
--   
--   Default implementation is in terms of <tt><a>authenticate</a></tt>

-- | <i>Deprecated: Define <a>authenticate</a> instead; <a>getAuthId</a>
--   will be removed in the next major version</i>
getAuthId :: YesodAuth master => Creds master -> HandlerT master IO (Maybe (AuthId master))

-- | Which authentication backends to use.
authPlugins :: YesodAuth master => master -> [AuthPlugin master]

-- | What to show on the login page.
--   
--   By default this calls <a>defaultLoginHandler</a>, which concatenates
--   plugin widgets and wraps the result in <a>authLayout</a>. Override if
--   you need fancy widget containers, additional functionality, or an
--   entirely custom page. For example, in some applications you may want
--   to prevent the login page being displayed for a user who is already
--   logged in, even if the URL is visited explicitly; this can be done by
--   overriding <a>loginHandler</a> in your instance declaration with
--   something like:
--   
--   <pre>
--   instance YesodAuth App where
--       ...
--       loginHandler = do
--           ma &lt;- lift maybeAuthId
--           when (isJust ma) $
--               lift $ redirect HomeR   -- or any other Handler code you want
--           defaultLoginHandler
--   </pre>
loginHandler :: YesodAuth master => AuthHandler master Html

-- | Used for i18n of messages provided by this package.
renderAuthMessage :: YesodAuth master => master -> [Text] -> AuthMessage -> Text

-- | After login and logout, redirect to the referring page, instead of
--   <a>loginDest</a> and <a>logoutDest</a>. Default is <a>False</a>.
redirectToReferer :: YesodAuth master => master -> Bool

-- | Return an HTTP connection manager that is stored in the foundation
--   type. This allows backends to reuse persistent connections. If none of
--   the backends you're using use HTTP connections, you can safely return
--   <tt>error "authHttpManager"</tt> here.
authHttpManager :: YesodAuth master => master -> Manager

-- | Called on a successful login. By default, calls <tt>addMessageI
--   "success" NowLoggedIn</tt>.
onLogin :: YesodAuth master => HandlerT master IO ()

-- | Called on logout. By default, does nothing
onLogout :: YesodAuth master => HandlerT master IO ()

-- | Retrieves user credentials, if user is authenticated.
--   
--   By default, this calls <a>defaultMaybeAuthId</a> to get the user ID
--   from the session. This can be overridden to allow authentication via
--   other means, such as checking for a special token in a request header.
--   This is especially useful for creating an API to be accessed via some
--   means other than a browser.
--   
--   Since 1.2.0
maybeAuthId :: YesodAuth master => HandlerT master IO (Maybe (AuthId master))

-- | Retrieves user credentials, if user is authenticated.
--   
--   By default, this calls <a>defaultMaybeAuthId</a> to get the user ID
--   from the session. This can be overridden to allow authentication via
--   other means, such as checking for a special token in a request header.
--   This is especially useful for creating an API to be accessed via some
--   means other than a browser.
--   
--   Since 1.2.0
maybeAuthId :: (YesodAuth master, YesodAuthPersist master, Typeable (AuthEntity master)) => HandlerT master IO (Maybe (AuthId master))

-- | Called on login error for HTTP requests. By default, calls
--   <tt>addMessage</tt> with "error" as status and redirects to
--   <tt>dest</tt>.
onErrorHtml :: (YesodAuth master, MonadResourceBase m) => Route master -> Text -> HandlerT master m Html

-- | runHttpRequest gives you a chance to handle an HttpException and retry
--   The default behavior is to simply execute the request which will throw
--   an exception on failure
--   
--   The HTTP <a>Request</a> is given in case it is useful to change
--   behavior based on inspecting the request. This is an experimental API
--   that is not broadly used throughout the yesod-auth code base
runHttpRequest :: YesodAuth master => Request -> (Response BodyReader -> HandlerT master IO a) -> HandlerT master IO a

-- | Class which states that the given site is an instance of
--   <tt>YesodAuth</tt> and that its <tt>AuthId</tt> is a lookup key for
--   the full user information in a <tt>YesodPersist</tt> database.
--   
--   The default implementation of <tt>getAuthEntity</tt> assumes that the
--   <tt>AuthId</tt> for the <tt>YesodAuth</tt> superclass is in fact a
--   persistent <tt>Key</tt> for the given value. This is the common case
--   in Yesod, and means that you can easily look up the full information
--   on a given user.
--   
--   Since 1.4.0
class (YesodAuth master, YesodPersist master) => YesodAuthPersist master where type AuthEntity master :: * type AuthEntity master = KeyEntity (AuthId master) getAuthEntity = runDB . get where {
    type family AuthEntity master :: *;
    type AuthEntity master = KeyEntity (AuthId master);
}
getAuthEntity :: YesodAuthPersist master => AuthId master -> HandlerT master IO (Maybe (AuthEntity master))
getAuthEntity :: (YesodAuthPersist master, YesodPersistBackend master ~ backend, PersistRecordBackend (AuthEntity master) backend, Key (AuthEntity master) ~ AuthId master, PersistStore backend) => AuthId master -> HandlerT master IO (Maybe (AuthEntity master))

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
[credsPlugin] :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
[credsIdent] :: Creds master -> Text
[credsExtra] :: Creds master -> [(Text, Text)]

-- | Sets user credentials for the session after checking them with
--   authentication backends.
setCreds :: YesodAuth master => Bool -> Creds master -> HandlerT master IO ()
setCredsRedirect :: YesodAuth master => Creds master -> HandlerT master IO TypedContent

-- | Clears current user credentials for the session.
--   
--   Since 1.1.7
clearCreds :: YesodAuth master => Bool -> HandlerT master IO ()

-- | For HTML, set the message and redirect to the route. For JSON, send
--   the message and a 401 status
loginErrorMessage :: (YesodAuth master, MonadResourceBase m) => Route master -> Text -> HandlerT master m TypedContent
loginErrorMessageI :: (MonadResourceBase m, YesodAuth master) => Route child -> AuthMessage -> HandlerT child (HandlerT master m) TypedContent

-- | The result of an authentication based on credentials
--   
--   Since 1.4.4
data AuthenticationResult master

-- | Authenticated successfully
Authenticated :: (AuthId master) -> AuthenticationResult master

-- | Invalid credentials provided by user
UserError :: AuthMessage -> AuthenticationResult master

-- | Some other error
ServerError :: Text -> AuthenticationResult master

-- | Retrieves user credentials from the session, if user is authenticated.
--   
--   This function does <i>not</i> confirm that the credentials are valid,
--   see <tt>maybeAuthIdRaw</tt> for more information.
--   
--   Since 1.1.2
defaultMaybeAuthId :: (YesodAuthPersist master, Typeable (AuthEntity master)) => HandlerT master IO (Maybe (AuthId master))

-- | Default handler to show the login page.
--   
--   This is the default <a>loginHandler</a>. It concatenates plugin
--   widgets and wraps the result in <a>authLayout</a>. See
--   <a>loginHandler</a> for more details.
--   
--   Since 1.4.9
defaultLoginHandler :: AuthHandler master Html

-- | Similar to <a>maybeAuth</a>, but doesn’t assume that you are using a
--   Persistent database.
--   
--   Since 1.4.0
maybeAuthPair :: (YesodAuthPersist master, Typeable (AuthEntity master)) => HandlerT master IO (Maybe (AuthId master, AuthEntity master))

-- | Similar to <a>maybeAuthId</a>, but additionally look up the value
--   associated with the user's database identifier to get the value in the
--   database. This assumes that you are using a Persistent database.
--   
--   Since 1.1.0
maybeAuth :: (YesodAuthPersist master, val ~ AuthEntity master, Key val ~ AuthId master, PersistEntity val, Typeable val) => HandlerT master IO (Maybe (Entity val))

-- | Similar to <a>maybeAuthId</a>, but redirects to a login page if user
--   is not authenticated or responds with error 401 if this is an API
--   client (expecting JSON).
--   
--   Since 1.1.0
requireAuthId :: YesodAuth master => HandlerT master IO (AuthId master)

-- | Similar to <a>requireAuth</a>, but not tied to Persistent's
--   <a>Entity</a> type. Instead, the <a>AuthId</a> and <a>AuthEntity</a>
--   are returned in a tuple.
--   
--   Since 1.4.0
requireAuthPair :: (YesodAuthPersist master, Typeable (AuthEntity master)) => HandlerT master IO (AuthId master, AuthEntity master)

-- | Similar to <a>maybeAuth</a>, but redirects to a login page if user is
--   not authenticated or responds with error 401 if this is an API client
--   (expecting JSON).
--   
--   Since 1.1.0
requireAuth :: (YesodAuthPersist master, val ~ AuthEntity master, Key val ~ AuthId master, PersistEntity val, Typeable val) => HandlerT master IO (Entity val)
data AuthException
InvalidFacebookResponse :: AuthException
type AuthHandler master a = YesodAuth master => HandlerT Auth (HandlerT master IO) a

-- | Internal session key used to hold the authentication information.
--   
--   Since 1.2.3
credsKey :: Text
provideJsonMessage :: Monad m => Text -> Writer (Endo [ProvidedRep m]) ()
messageJson401 :: MonadResourceBase m => Text -> HandlerT master m Html -> HandlerT master m TypedContent
asHtml :: Html -> Html
instance GHC.Show.Show Yesod.Auth.AuthException
instance Yesod.Auth.YesodAuth master => Text.Shakespeare.I18N.RenderMessage master Yesod.Auth.Message.AuthMessage
instance GHC.Exception.Exception Yesod.Auth.AuthException
instance Yesod.Auth.YesodAuth master => Yesod.Core.Class.Dispatch.YesodSubDispatch Yesod.Auth.Routes.Auth (Yesod.Core.Types.HandlerT master GHC.Types.IO)


-- | NOTE: Mozilla Persona will be shut down by the end of 2016, therefore
--   this module is no longer recommended for use.

-- | <i>Deprecated: Mozilla Persona will be shut down by the end of
--   2016</i>
module Yesod.Auth.BrowserId
authBrowserId :: YesodAuth m => BrowserIdSettings -> AuthPlugin m

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClick :: BrowserIdSettings -> (Route Auth -> Route master) -> WidgetT master IO Text

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClickOverride :: BrowserIdSettings -> (Route Auth -> Route master) -> Maybe (Route master) -> WidgetT master IO Text

-- | The default value for this type.
def :: Default a => a

-- | A settings type for various configuration options relevant to
--   BrowserID.
--   
--   See: <a>http://www.yesodweb.com/book/settings-types</a>
--   
--   Since 1.2.0
data BrowserIdSettings

-- | BrowserID audience value. If <tt>Nothing</tt>, will be extracted based
--   on the approot.
--   
--   Default: <tt>Nothing</tt>
--   
--   Since 1.2.0
bisAudience :: BrowserIdSettings -> Maybe Text

-- | Use asynchronous Javascript loading for the BrowserID JS file.
--   
--   Default: <tt>True</tt>.
--   
--   Since 1.2.0
bisLazyLoad :: BrowserIdSettings -> Bool
forwardUrl :: AuthRoute
instance Data.Default.Class.Default Yesod.Auth.BrowserId.BrowserIdSettings


-- | Provides a dummy authentication module that simply lets a user specify
--   his/her identifier. This is not intended for real world use, just for
--   testing.
module Yesod.Auth.Dummy
authDummy :: YesodAuth m => AuthPlugin m


-- | A Yesod plugin for Authentication via e-mail
--   
--   This plugin works out of the box by only setting a few methods on the
--   type class that tell the plugin how to interoprate with your user data
--   storage (your database). However, almost everything is customizeable
--   by setting more methods on the type class. In addition, you can send
--   all the form submissions via JSON and completely control the user's
--   flow. This is a standard registration e-mail flow
--   
--   1) A user registers a new e-mail address, and an e-mail is sent there
--   2) The user clicks on the registration link in the e-mail Note that at
--   this point they are actually logged in (without a password) That means
--   that when they log out they will need to reset their password 3) The
--   user sets their password and is redirected to the site. 4) The user
--   can now * logout and sign in * reset their password
module Yesod.Auth.Email
authEmail :: (YesodAuthEmail m) => AuthPlugin m
class (YesodAuth site, PathPiece (AuthEmailId site), RenderMessage site AuthMessage) => YesodAuthEmail site where type AuthEmailId site randomKey _ = nonce128urlT defaultNonceGen needOldPassword aid' = do { mkey <- lookupSession loginLinkKey; case mkey >>= readMay . unpack of { Just (aidT, time) | Just aid <- fromPathPiece aidT, toPathPiece (aid `asTypeOf` aid') == toPathPiece aid' -> do { now <- liftIO getCurrentTime; return $ addUTCTime (60 * 30) time <= now } _ -> return True } } checkPasswordSecurity _ x | length x >= 3 = return $ Right () | otherwise = return $ Left "Password must be at least three characters" confirmationEmailSentResponse identifier = do { mr <- getMessageRender; selectRep $ do { provideJsonMessage (mr msg); provideRep $ authLayout $ do { setTitleI ConfirmationEmailSentTitle; (do { (asWidgetT . toWidget) ((preEscapedText . pack) "<p>"); ((fmap (toHtml .) getMessageRender) >>= (\ urender_a2tv7 -> (asWidgetT . toWidget) (urender_a2tv7 msg))); (asWidgetT . toWidget) ((preEscapedText . pack) "</p>\n") }) } } } where msg = ConfirmationEmailSent identifier normalizeEmailAddress _ = toLower registerHandler = defaultRegisterHandler forgotPasswordHandler = defaultForgotPasswordHandler setPasswordHandler = defaultSetPasswordHandler where {
    type family AuthEmailId site;
}

-- | Add a new email address to the database, but indicate that the address
--   has not yet been verified.
--   
--   Since 1.1.0
addUnverified :: YesodAuthEmail site => Email -> VerKey -> HandlerT site IO (AuthEmailId site)

-- | Send an email to the given address to verify ownership.
--   
--   Since 1.1.0
sendVerifyEmail :: YesodAuthEmail site => Email -> VerKey -> VerUrl -> HandlerT site IO ()

-- | Get the verification key for the given email ID.
--   
--   Since 1.1.0
getVerifyKey :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe VerKey)

-- | Set the verification key for the given email ID.
--   
--   Since 1.1.0
setVerifyKey :: YesodAuthEmail site => AuthEmailId site -> VerKey -> HandlerT site IO ()

-- | Verify the email address on the given account.
--   
--   <b><i>Warning!</i></b> If you have persisted the
--   <tt><a>AuthEmailId</a> site</tt> somewhere, this method should delete
--   that key, or make it unusable in some fashion. Otherwise, the same key
--   can be used multiple times!
--   
--   See <a>https://github.com/yesodweb/yesod/issues/1222</a>.
--   
--   Since 1.1.0
verifyAccount :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe (AuthId site))

-- | Get the salted password for the given account.
--   
--   Since 1.1.0
getPassword :: YesodAuthEmail site => AuthId site -> HandlerT site IO (Maybe SaltedPass)

-- | Set the salted password for the given account.
--   
--   Since 1.1.0
setPassword :: YesodAuthEmail site => AuthId site -> SaltedPass -> HandlerT site IO ()

-- | Get the credentials for the given <tt>Identifier</tt>, which may be
--   either an email address or some other identification (e.g., username).
--   
--   Since 1.2.0
getEmailCreds :: YesodAuthEmail site => Identifier -> HandlerT site IO (Maybe (EmailCreds site))

-- | Get the email address for the given email ID.
--   
--   Since 1.1.0
getEmail :: YesodAuthEmail site => AuthEmailId site -> HandlerT site IO (Maybe Email)

-- | Generate a random alphanumeric string.
--   
--   Since 1.1.0
randomKey :: YesodAuthEmail site => site -> IO Text

-- | Route to send user to after password has been set correctly.
--   
--   Since 1.2.0
afterPasswordRoute :: YesodAuthEmail site => site -> Route site

-- | Does the user need to provide the current password in order to set a
--   new password?
--   
--   Default: if the user logged in via an email link do not require a
--   password.
--   
--   Since 1.2.1
needOldPassword :: YesodAuthEmail site => AuthId site -> HandlerT site IO Bool

-- | Check that the given plain-text password meets minimum security
--   standards.
--   
--   Default: password is at least three characters.
checkPasswordSecurity :: YesodAuthEmail site => AuthId site -> Text -> HandlerT site IO (Either Text ())

-- | Response after sending a confirmation email.
--   
--   Since 1.2.2
confirmationEmailSentResponse :: YesodAuthEmail site => Text -> HandlerT site IO TypedContent

-- | Additional normalization of email addresses, besides standard
--   canonicalization.
--   
--   Default: Lower case the email address.
--   
--   Since 1.2.3
normalizeEmailAddress :: YesodAuthEmail site => site -> Text -> Text

-- | Handler called to render the registration page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultRegisterHandler</a>.
--   
--   Since: 1.2.6.
registerHandler :: YesodAuthEmail site => AuthHandler site Html

-- | Handler called to render the "forgot password" page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultForgotPasswordHandler</a>.
--   
--   Since: 1.2.6.
forgotPasswordHandler :: YesodAuthEmail site => AuthHandler site Html

-- | Handler called to render the "set password" page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultSetPasswordHandler</a>.
--   
--   Since: 1.2.6.
setPasswordHandler :: YesodAuthEmail site => Bool -> AuthHandler site TypedContent

-- | Data stored in a database for each e-mail address.
data EmailCreds site
EmailCreds :: AuthEmailId site -> Maybe (AuthId site) -> VerStatus -> Maybe VerKey -> Email -> EmailCreds site
[emailCredsId] :: EmailCreds site -> AuthEmailId site
[emailCredsAuthId] :: EmailCreds site -> Maybe (AuthId site)
[emailCredsStatus] :: EmailCreds site -> VerStatus
[emailCredsVerkey] :: EmailCreds site -> Maybe VerKey
[emailCredsEmail] :: EmailCreds site -> Email

-- | Salt a password with a randomly generated salt.
saltPass :: Text -> IO Text
loginR :: AuthRoute
registerR :: AuthRoute
forgotPasswordR :: AuthRoute
setpassR :: AuthRoute

-- | Since 1.4.5
verifyR :: Text -> Text -> AuthRoute
isValidPass :: Text -> SaltedPass -> Bool
type Email = Text
type VerKey = Text
type VerUrl = Text
type SaltedPass = Text
type VerStatus = Bool

-- | An Identifier generalizes an email address to allow users to log in
--   with some other form of credentials (e.g., username).
--   
--   Note that any of these other identifiers must not be valid email
--   addresses.
--   
--   Since 1.2.0
type Identifier = Text

-- | Session variable set when user logged in via a login link. See
--   <a>needOldPassword</a>.
--   
--   Since 1.2.1
loginLinkKey :: Text

-- | Set <a>loginLinkKey</a> to the current time.
--   
--   Since 1.2.1
setLoginLinkKey :: (YesodAuthEmail site, MonadHandler m, HandlerSite m ~ site) => AuthId site -> m ()

-- | Default implementation of <a>registerHandler</a>.
--   
--   Since: 1.2.6
defaultRegisterHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>forgotPasswordHandler</a>.
--   
--   Since: 1.2.6
defaultForgotPasswordHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>setPasswordHandler</a>.
--   
--   Since: 1.2.6
defaultSetPasswordHandler :: YesodAuthEmail master => Bool -> AuthHandler master TypedContent

module Yesod.Auth.OpenId
authOpenId :: YesodAuth master => IdentifierType -> [(Text, Text)] -> AuthPlugin master
forwardUrl :: AuthRoute

-- | The main identifier provided by the OpenID authentication plugin is
--   the "OP-local identifier". There is also sometimes a "claimed"
--   identifier available.
--   
--   In the <a>credsExtra</a> field of the <a>Creds</a> datatype, you can
--   lookup this key to find the claimed identifier, if available.
--   
--   <pre>
--   let finalID = fromMaybe (credsIdent creds)
--               $ lookup claimedKey (credsExtra creds)
--   </pre>
--   
--   Since 1.0.2
claimedKey :: Text
opLocalKey :: Text

-- | A helper function which will get the claimed identifier, if available,
--   falling back to the OP local identifier.
--   
--   See <a>claimedKey</a>.
--   
--   Since 1.0.2
credsIdentClaimed :: Creds m -> Text
data IdentifierType
Claimed :: IdentifierType
OPLocal :: IdentifierType

module Yesod.Auth.Rpxnow
authRpxnow :: YesodAuth m => String -> String -> AuthPlugin m


-- | Use an email address as an identifier via Google's OpenID login
--   system.
--   
--   This backend will not use the OpenID identifier at all. It only uses
--   OpenID as a login system. By using this plugin, you are trusting
--   Google to validate an email address, and requiring users to have a
--   Google account. On the plus side, you get to use email addresses as
--   the identifier, many users have existing Google accounts, the login
--   system has been long tested (as opposed to BrowserID), and it requires
--   no credential managing or setup (as opposed to Email).

-- | <i>Deprecated: Google no longer provides OpenID support, please use
--   Yesod.Auth.GoogleEmail2</i>
module Yesod.Auth.GoogleEmail
authGoogleEmail :: YesodAuth m => AuthPlugin m
forwardUrl :: AuthRoute


-- | Use an email address as an identifier via Google's login system.
--   
--   Note that this is a replacement for <a>Yesod.Auth.GoogleEmail</a>,
--   which depends on Google's now deprecated OpenID system. For more
--   information, see
--   <a>https://developers.google.com/+/api/auth-migration</a>.
--   
--   By using this plugin, you are trusting Google to validate an email
--   address, and requiring users to have a Google account. On the plus
--   side, you get to use email addresses as the identifier, many users
--   have existing Google accounts, the login system has been long tested
--   (as opposed to BrowserID), and it requires no credential managing or
--   setup (as opposed to Email).
--   
--   In order to use this plugin:
--   
--   <ul>
--   <li>Create an application on the Google Developer Console
--   <a>https://console.developers.google.com/</a></li>
--   <li>Create OAuth credentials. The redirect URI will be
--   <a>http://yourdomain/auth/page/googleemail2/complete</a>. (If you have
--   your authentication subsite at a different root than /auth/, please
--   adjust accordingly.)</li>
--   <li>Enable the Google+ API.</li>
--   </ul>
--   
--   Since 1.3.1
module Yesod.Auth.GoogleEmail2
authGoogleEmail :: YesodAuth m => Text -> Text -> AuthPlugin m

-- | An alternative version which stores user access token in the session
--   variable. Use it if you want to request user's profile from your app.
--   
--   Since 1.4.3
authGoogleEmailSaveToken :: YesodAuth m => Text -> Text -> AuthPlugin m
forwardUrl :: AuthRoute

-- | An authentication token which was acquired from OAuth callback. The
--   token gets saved into the session storage only if you use
--   <a>authGoogleEmailSaveToken</a>. You can acquire saved token with
--   <a>getUserAccessToken</a>.
--   
--   Since 1.4.3
data Token
Token :: Text -> Text -> Token
[accessToken] :: Token -> Text
[tokenType] :: Token -> Text

-- | Get user's access token from the session. Returns Nothing if it's not
--   found (probably because the user is not logged in via
--   <a>GoogleEmail2</a> or you are not using
--   <a>authGoogleEmailSaveToken</a>)
getUserAccessToken :: MonadHandler m => m (Maybe Token)

-- | Allows to fetch information about a user from Google's API. In case of
--   parsing error returns <a>Nothing</a>. Will throw
--   <tt>HttpException</tt> in case of network problems or error response
--   code.
--   
--   Since 1.4.3
getPerson :: Manager -> Token -> HandlerT site IO (Maybe Person)

-- | Information about the user Full description of the resource
--   <a>https://developers.google.com/+/api/latest/people</a>
--   
--   Since 1.4.3
data Person
Person :: Text -> Maybe Text -> Maybe Name -> Maybe Text -> Maybe Text -> Maybe Gender -> Maybe Text -> Maybe PersonImage -> Maybe Text -> Maybe RelationshipStatus -> [PersonURI] -> [Organization] -> [Place] -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Int -> Maybe Int -> Maybe Bool -> Maybe Text -> [Email] -> Maybe Text -> Maybe Text -> Maybe Text -> Person
[personId] :: Person -> Text

-- | The name of this person, which is suitable for display
[personDisplayName] :: Person -> Maybe Text
[personName] :: Person -> Maybe Name
[personNickname] :: Person -> Maybe Text

-- | Birthday formatted as YYYY-MM-DD
[personBirthday] :: Person -> Maybe Text
[personGender] :: Person -> Maybe Gender

-- | The URI of this person's profile
[personProfileUri] :: Person -> Maybe Text
[personImage] :: Person -> Maybe PersonImage

-- | A short biography for this person
[personAboutMe] :: Person -> Maybe Text
[personRelationshipStatus] :: Person -> Maybe RelationshipStatus
[personUris] :: Person -> [PersonURI]
[personOrganizations] :: Person -> [Organization]
[personPlacesLived] :: Person -> [Place]

-- | The brief description of this person
[personTagline] :: Person -> Maybe Text

-- | Whether this user has signed up for Google+
[personIsPlusUser] :: Person -> Maybe Bool

-- | The "bragging rights" line of this person
[personBraggingRights] :: Person -> Maybe Text

-- | if a Google+ page, the number of people who have +1'd this page
[personPlusOneCount] :: Person -> Maybe Int

-- | For followers who are visible, the number of people who have added
--   this person or page to a circle.
[personCircledByCount] :: Person -> Maybe Int

-- | Whether the person or Google+ Page has been verified. This is used
--   only for pages with a higher risk of being impersonated or similar.
--   This flag will not be present on most profiles.
[personVerified] :: Person -> Maybe Bool

-- | The user's preferred language for rendering.
[personLanguage] :: Person -> Maybe Text
[personEmails] :: Person -> [Email]
[personDomain] :: Person -> Maybe Text

-- | The occupation of this person
[personOccupation] :: Person -> Maybe Text

-- | The person's skills
[personSkills] :: Person -> Maybe Text

-- | Individual components of a name
--   
--   Since 1.4.3
data Name
Name :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Name

-- | The full name of this person, including middle names, suffixes, etc
[nameFormatted] :: Name -> Maybe Text

-- | The family name (last name) of this person
[nameFamily] :: Name -> Maybe Text

-- | The given name (first name) of this person
[nameGiven] :: Name -> Maybe Text

-- | The middle name of this person.
[nameMiddle] :: Name -> Maybe Text

-- | The honorific prefixes (such as "Dr." or "Mrs.") for this person
[nameHonorificPrefix] :: Name -> Maybe Text

-- | The honorific suffixes (such as "Jr.") for this person
[nameHonorificSuffix] :: Name -> Maybe Text

-- | Gender of the person
--   
--   Since 1.4.3
data Gender
Male :: Gender
Female :: Gender
OtherGender :: Gender

-- | The URI of the person's profile photo.
--   
--   Since 1.4.3
newtype PersonImage
PersonImage :: Text -> PersonImage
[imageUri] :: PersonImage -> Text

-- | <tt>resizePersonImage img 30</tt> would set query part to
--   <tt>?sz=30</tt> which would resize the image under the URI. If for
--   some reason you need to modify the query part, you should do it after
--   resizing.
--   
--   Since 1.4.3
resizePersonImage :: PersonImage -> Int -> PersonImage

-- | The person's relationship status.
--   
--   Since 1.4.3
data RelationshipStatus

-- | Person is single
Single :: RelationshipStatus

-- | Person is in a relationship
InRelationship :: RelationshipStatus

-- | Person is engaged
Engaged :: RelationshipStatus

-- | Person is married
Married :: RelationshipStatus

-- | The relationship is complicated
Complicated :: RelationshipStatus

-- | Person is in an open relationship
OpenRelationship :: RelationshipStatus

-- | Person is widowed
Widowed :: RelationshipStatus

-- | Person is in a domestic partnership
DomesticPartnership :: RelationshipStatus

-- | Person is in a civil union
CivilUnion :: RelationshipStatus

-- | Something else
RelationshipStatus :: Text -> RelationshipStatus

-- | URIs specified in the person's profile
--   
--   Since 1.4.3
data PersonURI
PersonURI :: Maybe Text -> Maybe Text -> Maybe PersonURIType -> PersonURI
[uriLabel] :: PersonURI -> Maybe Text
[uriValue] :: PersonURI -> Maybe Text
[uriType] :: PersonURI -> Maybe PersonURIType

-- | The type of URI
--   
--   Since 1.4.3
data PersonURIType

-- | URI for another profile
OtherProfile :: PersonURIType

-- | URI to a site for which this person is a contributor
Contributor :: PersonURIType

-- | URI for this Google+ Page's primary website
Website :: PersonURIType

-- | Other URL
OtherURI :: PersonURIType

-- | Something else
PersonURIType :: Text -> PersonURIType

-- | Current or past organizations with which this person is associated
--   
--   Since 1.4.3
data Organization
Organization :: Maybe Text -> Maybe Text -> Maybe OrganizationType -> Maybe Text -> Maybe Text -> Maybe Bool -> Organization

-- | The person's job title or role within the organization
[orgName] :: Organization -> Maybe Text
[orgTitle] :: Organization -> Maybe Text

-- | The date that the person joined this organization.
[orgType] :: Organization -> Maybe OrganizationType

-- | The date that the person left this organization.
[orgStartDate] :: Organization -> Maybe Text

-- | If <tt>True</tt>, indicates this organization is the person's ^
--   primary one, which is typically interpreted as the current one.
[orgEndDate] :: Organization -> Maybe Text
[orgPrimary] :: Organization -> Maybe Bool

-- | The type of an organization
--   
--   Since 1.4.3
data OrganizationType
Work :: OrganizationType
School :: OrganizationType

-- | Something else
OrganizationType :: Text -> OrganizationType

-- | A place where the person has lived or is living at the moment.
--   
--   Since 1.4.3
data Place
Place :: Maybe Text -> Maybe Bool -> Place

-- | A place where this person has lived. For example: "Seattle, WA", "Near
--   Toronto".
[placeValue] :: Place -> Maybe Text

-- | If <tt>True</tt>, this place of residence is this person's primary
--   residence.
[placePrimary] :: Place -> Maybe Bool

-- | Person's email
--   
--   Since 1.4.3
data Email
Email :: Text -> EmailType -> Email
[emailValue] :: Email -> Text
[emailType] :: Email -> EmailType

-- | Type of email
--   
--   Since 1.4.3
data EmailType

-- | Google account email address
EmailAccount :: EmailType

-- | Home email address
EmailHome :: EmailType

-- | Work email adress
EmailWork :: EmailType

-- | Other email address
EmailOther :: EmailType

-- | Something else
EmailType :: Text -> EmailType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Person
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Person
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Email
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Email
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.EmailType
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.EmailType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonImage
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.PersonImage
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.RelationshipStatus
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.RelationshipStatus
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Name
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Name
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Place
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Place
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Organization
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Organization
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.OrganizationType
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.OrganizationType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonURI
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.PersonURI
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonURIType
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.PersonURIType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Gender
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Gender
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Token
instance GHC.Show.Show Yesod.Auth.GoogleEmail2.Token
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Token
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Gender
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.PersonURI
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.PersonURIType
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Organization
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.OrganizationType
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Place
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Name
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.RelationshipStatus
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.PersonImage
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Person
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.Email
instance Data.Aeson.Types.Class.FromJSON Yesod.Auth.GoogleEmail2.EmailType


-- | Sometimes you may want to have some hardcoded set of users (e.g. site
--   managers) that allowed to log in and visit some specific sections of
--   your website without ability to register new managers. This simple
--   plugin is designed exactly for this purpose.
--   
--   Here is a quick usage example.
--   
--   <h2>Define hardcoded users representation</h2>
--   
--   Let's assume, that we want to have some hardcoded managers with normal
--   site users. Let's define hardcoded user representation:
--   
--   <pre>
--   data SiteManager = SiteManager
--     { manUserName :: Text
--     , manPassWord :: Text }
--     deriving Show
--   
--   siteManagers :: [SiteManager]
--   siteManagers = [SiteManager "content editor" "top secret"]
--   </pre>
--   
--   <h2>Describe <a>YesodAuth</a> instance</h2>
--   
--   Now we need to have some convenient <tt>AuthId</tt> type representing
--   both cases:
--   
--   <pre>
--   instance YesodAuth App where
--     type AuthId App = Either UserId Text
--   </pre>
--   
--   Here, right <tt>Text</tt> value will present hardcoded user name
--   (which obviously must be unique).
--   
--   <tt>AuthId</tt> must have an instance of <a>PathPiece</a> class, this
--   is needed to store user identifier in session (this happens in
--   <tt>setCreds</tt> and <a>setCredsRedirect</a> actions) and to read
--   that identifier from session (this happens in
--   <tt>dafaultMaybeAuthId</tt> action). So we have to define it:
--   
--   <pre>
--   import Text.Read (readMaybe)
--   
--   instance PathPiece (Either UserId Text) where
--     fromPathPiece = readMaybe . unpack
--     toPathPiece = pack . show
--   </pre>
--   
--   Quiet simple so far. Now let's add plugin to <tt>authPlugins</tt>
--   list, and define <tt>authenticate</tt> method, it should return user
--   identifier for given credentials, for normal users it is usually
--   persistent key, for hardcoded users we will return user name again.
--   
--   <pre>
--   instance YesodAuth App where
--     -- ..
--     authPlugins _ = [authHardcoded]
--   
--     authenticate Creds{..} =
--       return
--         (case credsPlugin of
--            "hardcoded" -&gt;
--              case lookupUser credsIdent of
--                Nothing -&gt; UserError InvalidLogin
--                Just m  -&gt; Authenticated (Right (manUserName m)))
--   </pre>
--   
--   Here <tt>lookupUser</tt> is just a helper function to lookup hardcoded
--   users by name:
--   
--   <pre>
--   lookupUser :: Text -&gt; Maybe SiteManager
--   lookupUser username = find (m -&gt; manUserName m == username) siteManagers
--   </pre>
--   
--   <h2>Describe an <tt>YesodAuthPersist</tt> instance</h2>
--   
--   Now we need to manually define <tt>YesodAuthPersist</tt> instance.
--   
--   <pre>
--   instance YesodAuthPersist App where
--     type AuthEntity App = Either User SiteManager
--   
--     getAuthEntity (Left uid) =
--       do x &lt;- runDB (get uid)
--          return (Left &lt;$&gt; x)
--     getAuthEntity (Right username) = return (Right &lt;$&gt; lookupUser username)
--   </pre>
--   
--   <h2>Define <a>YesodAuthHardcoded</a> instance</h2>
--   
--   Finally, let's define an plugin instance
--   
--   <pre>
--   instance YesodAuthHardcoded App where
--     validatePassword u = return . validPassword u
--     doesUserNameExist  = return . isJust . lookupUser
--   
--   validPassword :: Text -&gt; Text -&gt; Bool
--   validPassword u p =
--     case find (m -&gt; manUserName m == u &amp;&amp; manPassWord m == p) siteManagers of
--       Just _ -&gt; True
--       _      -&gt; False
--   </pre>
--   
--   <h2>Conclusion</h2>
--   
--   Now we can use <tt>maybeAuthId</tt>, <tt>maybeAuthPair</tt>,
--   <tt>requireAuthId</tt>, and <tt>requireAuthPair</tt>, moreover, the
--   returned value makes possible to distinguish normal users and site
--   managers.
module Yesod.Auth.Hardcoded
class (YesodAuth site) => YesodAuthHardcoded site

-- | Check whether given user name exists among hardcoded names.
doesUserNameExist :: YesodAuthHardcoded site => Text -> HandlerT site IO Bool

-- | Validate given user name with given password.
validatePassword :: YesodAuthHardcoded site => Text -> Text -> HandlerT site IO Bool
authHardcoded :: YesodAuthHardcoded m => AuthPlugin m
loginR :: AuthRoute
