Skip to content
This repository
tree: ea0be278ff
Fetching contributors…

Cannot retrieve contributors at this time

file 251 lines (229 sloc) 9.688 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExistentialQuantification #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE FlexibleContexts #-}


module Snap.Snaplet.Auth.Backends.Hdbc where

import Control.Monad.State
import Data.Convertible.Base
import qualified Data.HashMap.Strict as HM
import Data.Lens.Lazy
import Data.List
import qualified Data.Map as DM
import Data.Pool
import Database.HDBC
import Snap.Snaplet
import Snap.Snaplet.Auth
import Snap.Snaplet.Session
import Web.ClientSession

initHdbcAuthManager
  :: IConnection conn
  => AuthSettings
  -> Lens b (Snaplet SessionManager)
  -> IO conn
  -> AuthTable
  -> Queries
  -> SnapletInit b (AuthManager b)
initHdbcAuthManager s l conn tbl qs = initHdbcAuthManager' s l pool tbl qs
  where pool = createPool conn disconnect 1 300 1

initHdbcAuthManager'
  :: IConnection conn
  => AuthSettings
  -> Lens b (Snaplet SessionManager)
  -> IO (Pool conn)
  -> AuthTable
  -> Queries
  -> SnapletInit b (AuthManager b)
initHdbcAuthManager' s l pool tbl qs =
  makeSnaplet "HdbcAuthManager"
               "A snaplet providing user authentication using an HDBC backend"
               Nothing $ liftIO $ do
  key <- getKey (asSiteKey s)
  pl <- pool
  return AuthManager {
      backend = HdbcAuthManager pl tbl qs
    , session = l
    , activeUser = Nothing
    , minPasswdLen = asMinPasswdLen s
    , rememberCookieName = asRememberCookieName s
    , rememberPeriod = asRememberPeriod s
    , siteKey = key
    , lockout = asLockout s
  }

data HdbcAuthManager = forall conn. IConnection conn => HdbcAuthManager {
     authDBPool :: Pool conn
  , table :: AuthTable
  , qries :: Queries
}

data AuthTable = AuthTable {
     tblName :: String
  , colId :: String
  , colLogin :: String
  , colPassword :: String
  , colActivatedAt :: String
  , colSuspendedAt :: String
  , colRememberToken :: String
  , colLoginCount :: String
  , colFailedLoginCount :: String
  , colLockedOutUntil :: String
  , colCurrentLoginAt :: String
  , colLastLoginAt :: String
  , colCurrentLoginIp :: String
  , colLastLoginIp :: String
  , colCreatedAt :: String
  , colUpdatedAt :: String
  , colRoles :: String
  , colMeta :: String }

defAuthTable :: AuthTable
defAuthTable = AuthTable {
     tblName = "users"
  , colId = "uid"
  , colLogin = "email"
  , colPassword = "password"
  , colActivatedAt = "activated_at"
  , colSuspendedAt = "suspended_at"
  , colRememberToken = "remember_token"
  , colLoginCount = "login_count"
  , colFailedLoginCount = "failed_login_count"
  , colLockedOutUntil = "locked_out_until"
  , colCurrentLoginAt = "current_login_at"
  , colLastLoginAt = "last_login_at"
  , colCurrentLoginIp = "current_login_ip"
  , colLastLoginIp = "last_login_ip"
  , colCreatedAt = "created_at"
  , colUpdatedAt = "updated_at"
  , colRoles = "roles"
  , colMeta = "meta" }

colLst :: [AuthTable -> String]
colLst = [ colLogin
          , colPassword
          , colActivatedAt
          , colSuspendedAt
          , colRememberToken
          , colLoginCount
          , colFailedLoginCount
          , colLockedOutUntil
          , colCurrentLoginAt
          , colLastLoginAt
          , colCurrentLoginIp
          , colLastLoginIp
          , colCreatedAt
          , colUpdatedAt
          , colRoles
          , colMeta ]

data LookupQuery = ByUserId | ByLogin | ByRememberToken

type QueryAndVals = (String, [SqlValue])
type SelectQuery = AuthTable -> LookupQuery -> [SqlValue] -> QueryAndVals
type ModifyQuery = AuthTable -> AuthUser -> QueryAndVals

data Queries = Queries {
     selectQuery :: SelectQuery
  , saveQuery :: ModifyQuery
  , deleteQuery :: ModifyQuery
}

defQueries :: Queries
defQueries = Queries {
     selectQuery = defSelectQuery
  , saveQuery = defSaveQuery
  , deleteQuery = defDeleteQuery }

defSelectQuery :: SelectQuery
defSelectQuery tbl luq sqlVals = case luq of
            ByUserId -> (mkSelect colId, sqlVals)
            ByLogin -> (mkSelect colLogin, sqlVals)
            ByRememberToken -> (mkSelect colRememberToken, sqlVals)
  where mkSelect whr = "SELECT * FROM " ++ tblName tbl ++ " WHERE " ++
                          whr tbl ++ " = ? "

defSaveQuery :: ModifyQuery
defSaveQuery tbl au = (mkQry uid, mkVals uid)
  where uid = userId au
         mkQry Nothing = "INSERT INTO " ++ tblName tbl ++ " (" ++
                            intercalate "," (map (\f -> f tbl) colLst)
                            ++ ") VALUES (" ++
                            intercalate "," (map (const "?") colLst)
                            ++ ")"
         mkQry (Just _) = "UPDATE " ++ tblName tbl ++ " SET " ++
                            intercalate "," (map (\f -> f tbl ++ " = ?") colLst)
                            ++ " WHERE " ++ colId tbl ++ " = ?"
         mkVals Nothing = mkVals'
         mkVals (Just i) = mkVals' ++ [toSql i]
         mkVals' = [ toSql $ userLogin au
                    , toSql $ userPassword au
                    , toSql $ userActivatedAt au
                    , toSql $ userSuspendedAt au
                    , toSql $ userRememberToken au
                    , toSql $ userLoginCount au
                    , toSql $ userFailedLoginCount au
                    , toSql $ userLockedOutUntil au
                    , toSql $ userCurrentLoginAt au
                    , toSql $ userLastLoginAt au
                    , toSql $ userCurrentLoginIp au
                    , toSql $ userLastLoginIp au
                    , toSql $ userCreatedAt au
                    , toSql $ userUpdatedAt au
                    , SqlNull -- userRoles au TODO: Implement when ACL system is live
                    , SqlNull -- userMeta au TODO: What should we store here?
                    ]

defDeleteQuery :: ModifyQuery
defDeleteQuery tbl ausr =
  case userId ausr of
    Nothing -> error "Cannot delete user without unique ID"
    Just uid -> ( "DELETE FROM " ++ tblName tbl ++ " WHERE " ++
                     colId tbl ++ " = ? "
                  , [toSql uid])

instance Convertible Password SqlValue where
  safeConvert (ClearText bs) = Right $ toSql bs
  safeConvert (Encrypted bs) = Right $ toSql bs

instance Convertible UserId SqlValue where
  safeConvert (UserId uid) = Right $ toSql uid

instance IAuthBackend HdbcAuthManager where
  destroy (HdbcAuthManager pool tbl qs) au = withResource pool $
    \conn -> withTransaction conn $ \conn' -> do
      let (qry, vals) = deleteQuery qs tbl au
      stmt <- prepare conn' qry
      _ <- execute stmt vals
      return ()

  save (HdbcAuthManager pool tbl qs) au = withResource pool $
    \conn -> withTransaction conn $ \conn' -> do
      let (qry, vals) = saveQuery qs tbl au
      stmt <- prepare conn' qry
      _ <- execute stmt vals
      -- TODO: Retrieve row to populate ID field after an INSERT... by username? By all fields
      return au

  lookupByUserId mgr@(HdbcAuthManager _ tbl qs) uid = authQuery mgr $
    selectQuery qs tbl ByUserId [toSql uid]
  lookupByLogin mgr@(HdbcAuthManager _ tbl qs) lgn = authQuery mgr $
    selectQuery qs tbl ByLogin [toSql lgn]
  lookupByRememberToken mgr@(HdbcAuthManager _ tbl qs) rmb = authQuery mgr $
    selectQuery qs tbl ByRememberToken [toSql rmb]

authQuery :: HdbcAuthManager -> QueryAndVals -> IO (Maybe AuthUser)
authQuery (HdbcAuthManager pool tbl _) (qry, vals) = withResource pool $ \conn -> withTransaction conn $
  \conn' -> do
    stmt <- prepare conn' qry
    _ <- execute stmt vals
    res <- fetchRowMap stmt
    case res of
      Nothing -> return Nothing
      Just mp -> return $ Just mkUser
                   where colLU col' = mp DM.! col' tbl
                          rdSql con col' = case colLU col' of
                                              SqlNull -> Nothing
                                              x -> Just . con $ fromSql x
                          rdInt col = case colLU col of
                                         SqlNull -> 0
                                         x -> fromSql x
                          mkUser = AuthUser {
                                       userId = rdSql UserId colId
                                    , userLogin = fromSql $ colLU colLogin
                                    , userPassword = rdSql Encrypted colPassword
                                    , userActivatedAt = rdSql id colActivatedAt
                                    , userSuspendedAt = rdSql id colSuspendedAt
                                    , userRememberToken = rdSql id colRememberToken
                                    , userLoginCount = rdInt colLoginCount
                                    , userFailedLoginCount = rdInt colFailedLoginCount
                                    , userLockedOutUntil = rdSql id colLockedOutUntil
                                    , userCurrentLoginAt = rdSql id colCurrentLoginAt
                                    , userLastLoginAt = rdSql id colLastLoginAt
                                    , userCurrentLoginIp = rdSql id colCurrentLoginIp
                                    , userLastLoginIp = rdSql id colLastLoginIp
                                    , userCreatedAt = rdSql id colCreatedAt
                                    , userUpdatedAt = rdSql id colUpdatedAt
                                    , userRoles = [] -- :: [Role] TODO
                                    , userMeta = HM.empty } -- :: HashMap Text Value TODO
Something went wrong with that request. Please try again.