From 01e4ce0fa7c369996ec4ef3a033d16d6fa0eb715 Mon Sep 17 00:00:00 2001 From: Joris Date: Thu, 31 Mar 2016 18:45:36 +0200 Subject: Use https link and secure cookie when activated --- src/server/Controller/Index.hs | 8 +++----- src/server/Controller/SignIn.hs | 10 ++++++++-- 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'src/server/Controller') diff --git a/src/server/Controller/Index.hs b/src/server/Controller/Index.hs index f84f945..1e1f942 100644 --- a/src/server/Controller/Index.hs +++ b/src/server/Controller/Index.hs @@ -69,7 +69,7 @@ validateSignIn conf textToken = do then return . Left $ SignInExpired else do - LoginSession.put (signInToken . entityVal $ signInValue) + LoginSession.put conf (signInToken . entityVal $ signInValue) mbUser <- liftIO . runDb $ do signInTokenToUsed . entityKey $ signInValue getUser . signInEmail . entityVal $ signInValue @@ -86,7 +86,5 @@ getLoggedUser = do Just token -> do liftIO . runDb . getUserFromToken $ token -signOut :: ActionM () -signOut = do - LoginSession.delete - status ok200 +signOut :: Conf -> ActionM () +signOut conf = LoginSession.delete conf >> status ok200 diff --git a/src/server/Controller/SignIn.hs b/src/server/Controller/SignIn.hs index f6804e1..0fbe7c5 100644 --- a/src/server/Controller/SignIn.hs +++ b/src/server/Controller/SignIn.hs @@ -17,7 +17,8 @@ import qualified Data.Text as T import qualified Data.Text.Lazy as TL import qualified Data.Text.Encoding as TE -import Conf +import Conf (Conf) +import qualified Conf import SendMail @@ -38,7 +39,12 @@ signIn conf login = case maybeUser of Just user -> do token <- liftIO . runDb $ createSignInToken login - let url = T.concat ["http://", hostname conf, "?signInToken=", token] + let url = T.concat [ + if Conf.https conf then "https://" else "http://", + Conf.hostname conf, + "?signInToken=", + token + ] maybeSentMail <- liftIO . sendMail $ SignIn.getMail conf (entityVal user) url [login] case maybeSentMail of Right _ -> -- cgit v1.2.3