diff options
author | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2015-10-15 21:19:39 -0400 |
---|---|---|
committer | Kjetil Orbekk <kjetil.orbekk@gmail.com> | 2015-10-15 21:19:39 -0400 |
commit | c32c97d6907d8b69e5d651bc44831001fffcfda0 (patch) | |
tree | 1142230e4eac6891b9afa381d3d0ef9686627077 /src/Authentication.hs | |
parent | b9959e5a3da72e97f5c51ba07a76e252e1e39f25 (diff) |
Verify client id in Authentication.
Diffstat (limited to 'src/Authentication.hs')
-rw-r--r-- | src/Authentication.hs | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/Authentication.hs b/src/Authentication.hs index bc00863..a0d3d8c 100644 --- a/src/Authentication.hs +++ b/src/Authentication.hs @@ -23,8 +23,8 @@ type Token = String data User = User { email :: String , name :: String + , aud :: String } deriving (Eq, Show, Generic) - instance FromJSON User queryUser :: Token -> IO (Maybe User) @@ -36,15 +36,18 @@ queryUser' token = do response <- simpleHttp (makeUrl token) return (decode response) -isAuthenticated :: [String] -> MVar [Token] -> Token -> IO Bool -isAuthenticated allowedUsers tokenCache token = runEitherT runner >>= return . fromEither +isAuthenticated :: [String] -> [String] -> MVar [Token] -> Token -> IO Bool +isAuthenticated clientIds allowedUsers tokenCache token = runEitherT runner >>= return . fromEither where runner :: EitherT Bool IO Bool runner = do ts <- lift $ readMVar tokenCache _ <- leftIf (token `elem` ts) True user <- lift $ queryUser token email' <- return $ fromMaybe "" (user >>= return . email) + aud' <- return $ fromMaybe "" (user >>= return . aud) + liftIO $ putStrLn $ "Trying to authenticate user: " ++ show user _ <- leftIf (not (email' `elem` allowedUsers)) False + _ <- leftIf (not (aud' `elem` clientIds)) False tokens <- lift $ takeMVar tokenCache lift $ putMVar tokenCache (token:tokens) return True |