1. Luke Plant
  2. haskellblog

Commits

Luke Plant  committed 1443181

Removed redundant 'timestamp' cookie (it was flawed anyway, and now the cookie signing includes the expiration date)

  • Participants
  • Parent commits eba05d7
  • Branches default

Comments (0)

Files changed (3)

File src/Blog/Views.hs

View file
 
 -- | Delete auth cookies and redirect.
 logoutView req =
-    return $ Just $ (redirectResponse indexUrl) `with` [ deleteCookie "username"
-                                                       , deleteCookie "timestamp"
-                                                       ]
+    return $ Just $ deleteCookie "username" $ redirectResponse indexUrl
 
 --
 -- Admin views
 -- Authentication
 createLoginCookies loginData timestamp =
   let username = fromJust $ Map.lookup "username" loginData
-      password = fromJust $ Map.lookup "password" loginData
-      expires = Just $ toUTCTime $ TOD (toInteger timestamp + 3600*24*365) 0
+      expires = Just $ toUTCTime $ TOD (toInteger timestamp + Settings.login_session_length) 0
   in [ standardCookie { cookieName = "username"
                       , cookieValue = username
                       , cookieExpires = expires
                       }
-     , standardCookie { cookieName = "timestamp"
-                      , cookieValue = show timestamp
-                      , cookieExpires = expires
-                      }
      ]
 
 
 -- Relies on secure cookies middleware
 getCredentials :: Request -> IO Credentials
 getCredentials req = do
-  current_ts <- getTimestamp
-  return $ do
-    username <- getCookieVal req "username"
-    timestamp <- getCookieVal req "timestamp" >>= capture
-    if timestamp + timeout > current_ts
-      then Just username
-      else Nothing
-
+  return $ getCookieVal req "username"
 
 -- Decorators
 

File src/Blog/settingslive.hs

View file
 blog_author_name = "luke"
 reserved_names = [blog_author_name]
 admin_usernames = [blog_author_name]
+login_session_length = 3600 * 24 * 31 -- one month
 
 post_page_size = 20 :: Int
 comment_page_size = 30 :: Int

File src/Blog/settingslocal.hs

View file
 module Blog.Settings where
 
-import qualified Data.ByteString.Lazy.Char8 as LB
-
 cgi_root_path = "/home/luke/httpd/lukeplant.me.uk/web/cgi-bin"
 sqlite_path = cgi_root_path ++ "/data/blog.db"
 template_path = cgi_root_path ++ "/data/blogtemplates/"
 blog_author_name = "luke"
 reserved_names = [blog_author_name]
 admin_usernames = [blog_author_name]
+login_session_length = 3600 * 24 * 31 -- one month
 
 post_page_size = 20 :: Int
 comment_page_size = 30 :: Int