-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User subsystems: update identity #4172
base: develop
Are you sure you want to change the base?
Conversation
963936a
to
a610321
Compare
a610321 is interesting: validateTokens ::
(ZAuth.TokenPair u a) =>
List1 (ZAuth.Token u) ->
Maybe (ZAuth.Token a) ->
ExceptT ZAuth.Failure (AppT r) (UserId, Cookie (ZAuth.Token u))
validateTokens uts at = do
tokens <- forM uts $ \ut -> lift $ runExceptT (validateToken ut at)
getFirstSuccessOrFirstFail tokens
where
-- FUTUREWORK: There is surely a better way to do this
getFirstSuccessOrFirstFail ::
(Monad m) =>
List1 (Either ZAuth.Failure (UserId, Cookie (ZAuth.Token u))) ->
ExceptT ZAuth.Failure m (UserId, Cookie (ZAuth.Token u))
getFirstSuccessOrFirstFail tks = case (lefts $ NE.toList $ List1.toNonEmpty tks, rights $ NE.toList $ List1.toNonEmpty tks) of
(_, suc : _) -> pure suc
(e : _, _) -> throwE e
_ -> throwE ZAuth.Invalid -- Impossible turned into this: validateTokens ::
forall u a v.
(v ~ (UserId, Cookie (ZAuth.Token u))) =>
(ZAuthWrapper.TokenPair u a) =>
List1 (ZAuth.Token u) ->
Maybe (ZAuth.Token a) ->
Either ZAuthWrapper.Failure v
validateTokens uts at = ((`validateToken` at) `mapM` uts) & second List1.head |
also i'm a little proud of my commit discipline today! :) |
c65ec85
to
9168390
Compare
9168390
to
1201c40
Compare
-- | ||
-- TODO: Make this a proper subsystem and use polysemy for error handling rather than either? | ||
-- TODO: put every instance X of Authorize into a module Wire.Authorize.*. all those modules should re-export authorize. | ||
data Authorized op val = Authorized {runAuthorized :: val} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be called AuthorizedFor
?
-- You should have received a copy of the GNU Affero General Public License along | ||
-- with this program. If not, see <https://www.gnu.org/licenses/>. | ||
|
||
module Wire.Authorize |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems like all the extra authorization logic in changing email addresses is redunandant. we could just check for the z-user header, no? (thanks @akshaymankar)
| -- | The key/code was valid but already recently activated. | ||
ActivationPass | ||
|
||
-- | Outcome of an email address the procedure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-- | Outcome of an email address the procedure. | |
-- | Outcome of an email address activation. |
(this can be done later... and maybe go to the authentication subsystem?)
This reverts commit b2ff4a1.
ec93eab
to
64f5a37
Compare
WPB-8881
Checklist
changelog.d