From 51d1ff2273315ad1270794499d0c49e8fb99aba5 Mon Sep 17 00:00:00 2001 From: Joris Date: Sun, 1 Nov 2015 19:47:24 +0100 Subject: Store the sign in token instead of the login in the session cookie --- src/server/Controller/Payment.hs | 11 ++++------- src/server/Controller/SignIn.hs | 22 ++++++++-------------- 2 files changed, 12 insertions(+), 21 deletions(-) (limited to 'src/server/Controller') diff --git a/src/server/Controller/Payment.hs b/src/server/Controller/Payment.hs index ffb575c..d233aa2 100644 --- a/src/server/Controller/Payment.hs +++ b/src/server/Controller/Payment.hs @@ -10,22 +10,20 @@ module Controller.Payment import Web.Scotty -import Network.HTTP.Types.Status (ok200, badRequest400) +import Network.HTTP.Types.Status (ok200) import Database.Persist import Control.Monad.IO.Class (liftIO) import Data.Text (Text) -import qualified Data.Aeson.Types as Json import qualified Secure -import Json (jsonObject) +import Json (jsonError) import Model.Database import qualified Model.Payment as P -import qualified Model.Payer as Payer import Model.Frequency import Model.Json.Number import qualified Model.Json.PaymentId as JP @@ -58,9 +56,8 @@ deletePayment paymentId = if deleted then status ok200 - else do - status badRequest400 - jsonObject [("error", Json.String $ getMessage PaymentNotDeleted)] + else + jsonError (getMessage PaymentNotDeleted) ) getPaymentsCount :: ActionM () diff --git a/src/server/Controller/SignIn.hs b/src/server/Controller/SignIn.hs index 3bbb9ff..5306ee1 100644 --- a/src/server/Controller/SignIn.hs +++ b/src/server/Controller/SignIn.hs @@ -7,7 +7,7 @@ module Controller.SignIn import Web.Scotty -import Network.HTTP.Types.Status (ok200, badRequest400) +import Network.HTTP.Types.Status (ok200) import Database.Persist @@ -18,7 +18,6 @@ import qualified Data.Text as T import qualified Data.Text.Lazy as TL import qualified Data.Text.Encoding as TE import Data.Time.Clock (getCurrentTime, diffUTCTime) -import qualified Data.Aeson.Types as Json import qualified LoginSession @@ -26,7 +25,7 @@ import Config import SendMail -import Text.Email.Validate (isValid) +import Text.Email.Validate as Email import Model.Database import Model.User @@ -34,13 +33,13 @@ import Model.SignIn import Model.Message.Key import Model.Message (getMessage) -import Json (jsonObject) +import Json (jsonError) import qualified View.Mail.SignIn as SignIn signIn :: Config -> Text -> ActionM () signIn config login = - if isValid (TE.encodeUtf8 login) + if Email.isValid (TE.encodeUtf8 login) then do maybeUser <- liftIO . runDb $ getUser login case maybeUser of @@ -52,16 +51,11 @@ signIn config login = Right _ -> status ok200 Left _ -> - errorResponse (getMessage SendEmailFail) + jsonError (getMessage SendEmailFail) Nothing -> - errorResponse (getMessage Unauthorized) + jsonError (getMessage Unauthorized) else - errorResponse (getMessage EnterValidEmail) - -errorResponse :: Text -> ActionM () -errorResponse msg = do - status badRequest400 - jsonObject [("error", Json.String msg)] + jsonError (getMessage EnterValidEmail) validateSignIn :: Config -> Text -> ActionM () validateSignIn config textToken = do @@ -78,7 +72,7 @@ validateSignIn config textToken = do then redirectError (getMessage SignInExpired) else do - LoginSession.put (signInEmail . entityVal $ token) + LoginSession.put (signInToken . entityVal $ token) liftIO . runDb . signInTokenToUsed . entityKey $ token redirect "/" Nothing -> -- cgit v1.2.3