-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Authentication for Yesod.
--   
--   API docs and the README are available at
--   <a>http://www.stackage.org/package/yesod-auth</a>
@package yesod-auth
@version 1.6.11.3

module Yesod.Auth.Message
data AuthMessage
NoOpenID :: AuthMessage
LoginOpenID :: AuthMessage
LoginGoogle :: AuthMessage
LoginYahoo :: AuthMessage
Email :: AuthMessage
UserName :: AuthMessage
IdentifierNotFound :: Text -> AuthMessage
Password :: AuthMessage
Register :: AuthMessage
RegisterLong :: AuthMessage
EnterEmail :: AuthMessage
ConfirmationEmailSentTitle :: AuthMessage
ConfirmationEmailSent :: Text -> AuthMessage

-- | <i>Deprecated: Please, use EmailVerifiedChangePass instead.</i>
AddressVerified :: AuthMessage
EmailVerifiedChangePass :: AuthMessage
EmailVerified :: AuthMessage
InvalidKeyTitle :: AuthMessage
InvalidKey :: AuthMessage
InvalidEmailPass :: AuthMessage
BadSetPass :: AuthMessage
SetPassTitle :: AuthMessage
SetPass :: AuthMessage
NewPass :: AuthMessage
ConfirmPass :: AuthMessage
PassMismatch :: AuthMessage
PassUpdated :: AuthMessage
Facebook :: AuthMessage
LoginViaEmail :: AuthMessage
InvalidLogin :: AuthMessage
NowLoggedIn :: AuthMessage
LoginTitle :: AuthMessage
PleaseProvideUsername :: AuthMessage
PleaseProvidePassword :: AuthMessage
NoIdentifierProvided :: AuthMessage
InvalidEmailAddress :: AuthMessage
PasswordResetTitle :: AuthMessage
ProvideIdentifier :: AuthMessage
SendPasswordResetEmail :: AuthMessage
PasswordResetPrompt :: AuthMessage
CurrentPassword :: AuthMessage
InvalidUsernamePass :: AuthMessage

-- | <i>Deprecated: Please, use LogoutTitle instead.</i>
Logout :: AuthMessage
LogoutTitle :: AuthMessage
AuthError :: AuthMessage

-- | Defaults to <a>englishMessage</a>.
defaultMessage :: AuthMessage -> Text
englishMessage :: AuthMessage -> Text
portugueseMessage :: AuthMessage -> Text
swedishMessage :: AuthMessage -> Text
germanMessage :: AuthMessage -> Text
frenchMessage :: AuthMessage -> Text
norwegianBokmålMessage :: AuthMessage -> Text
japaneseMessage :: AuthMessage -> Text
finnishMessage :: AuthMessage -> Text
chineseMessage :: AuthMessage -> Text
croatianMessage :: AuthMessage -> Text
spanishMessage :: AuthMessage -> Text
czechMessage :: AuthMessage -> Text
russianMessage :: AuthMessage -> Text
dutchMessage :: AuthMessage -> Text
danishMessage :: AuthMessage -> Text
koreanMessage :: AuthMessage -> Text

-- | Romanian translation
romanianMessage :: AuthMessage -> Text

module Yesod.Auth
data Auth
type AuthRoute = Route Auth

-- | The <a>type-safe URLs</a> associated with a site argument.
data family Route a
data AuthPlugin master
AuthPlugin :: Text -> (Method -> [Piece] -> AuthHandler master TypedContent) -> ((Route Auth -> Route master) -> WidgetFor master ()) -> AuthPlugin master
[apName] :: AuthPlugin master -> Text
[apDispatch] :: AuthPlugin master -> Method -> [Piece] -> AuthHandler master TypedContent
[apLogin] :: AuthPlugin master -> (Route Auth -> Route master) -> WidgetFor master ()
getAuth :: a -> Auth
class (Yesod master, PathPiece AuthId master, RenderMessage master FormMessage) => YesodAuth master where {
    type AuthId master;
}

-- | specify the layout. Uses defaultLayout by default
authLayout :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => WidgetFor master () -> m Html

-- | Default destination on successful login, if no other destination
--   exists.
loginDest :: YesodAuth master => master -> Route master

-- | Default destination on successful logout, if no other destination
--   exists.
logoutDest :: YesodAuth master => master -> Route master

-- | Perform authentication based on the given credentials.
--   
--   Default implementation is in terms of <tt><a>getAuthId</a></tt>
--   
--   @since: 1.4.4
authenticate :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Creds master -> m (AuthenticationResult master)

-- | Determine the ID associated with the set of credentials.
--   
--   Default implementation is in terms of <tt><a>authenticate</a></tt>

-- | <i>Deprecated: Define <a>authenticate</a> instead; <a>getAuthId</a>
--   will be removed in the next major version</i>
getAuthId :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Creds master -> m (Maybe (AuthId master))

-- | Which authentication backends to use.
authPlugins :: YesodAuth master => master -> [AuthPlugin master]

-- | What to show on the login page.
--   
--   By default this calls <a>defaultLoginHandler</a>, which concatenates
--   plugin widgets and wraps the result in <a>authLayout</a>. Override if
--   you need fancy widget containers, additional functionality, or an
--   entirely custom page. For example, in some applications you may want
--   to prevent the login page being displayed for a user who is already
--   logged in, even if the URL is visited explicitly; this can be done by
--   overriding <a>loginHandler</a> in your instance declaration with
--   something like:
--   
--   <pre>
--   instance YesodAuth App where
--       ...
--       loginHandler = do
--           ma &lt;- lift maybeAuthId
--           when (isJust ma) $
--               lift $ redirect HomeR   -- or any other Handler code you want
--           defaultLoginHandler
--   </pre>
loginHandler :: YesodAuth master => AuthHandler master Html

-- | Used for i18n of messages provided by this package.
renderAuthMessage :: YesodAuth master => master -> [Text] -> AuthMessage -> Text

-- | After login and logout, redirect to the referring page, instead of
--   <a>loginDest</a> and <a>logoutDest</a>. Default is <a>False</a>.
redirectToReferer :: YesodAuth master => master -> Bool

-- | When being redirected to the login page should the current page be set
--   to redirect back to. Default is <a>True</a>.
redirectToCurrent :: YesodAuth master => master -> Bool

-- | Return an HTTP connection manager that is stored in the foundation
--   type. This allows backends to reuse persistent connections. If none of
--   the backends you're using use HTTP connections, you can safely return
--   <tt>error "authHttpManager"</tt> here.
authHttpManager :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => m Manager

-- | Called on a successful login. By default, calls <tt>addMessageI
--   "success" NowLoggedIn</tt>.
onLogin :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m ()

-- | Called on logout. By default, does nothing
onLogout :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m ()

-- | Retrieves user credentials, if user is authenticated.
--   
--   By default, this calls <a>defaultMaybeAuthId</a> to get the user ID
--   from the session. This can be overridden to allow authentication via
--   other means, such as checking for a special token in a request header.
--   This is especially useful for creating an API to be accessed via some
--   means other than a browser.
maybeAuthId :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m) => m (Maybe (AuthId master))
($dmmaybeAuthId) :: (YesodAuth master, MonadHandler m, master ~ HandlerSite m, YesodAuthPersist master, Typeable (AuthEntity master)) => m (Maybe (AuthId master))

-- | Called on login error for HTTP requests. By default, calls
--   <tt>addMessage</tt> with "error" as status and redirects to
--   <tt>dest</tt>.
onErrorHtml :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master) => Route master -> Text -> m Html

-- | runHttpRequest gives you a chance to handle an HttpException and retry
--   The default behavior is to simply execute the request which will throw
--   an exception on failure
--   
--   The HTTP <a>Request</a> is given in case it is useful to change
--   behavior based on inspecting the request. This is an experimental API
--   that is not broadly used throughout the yesod-auth code base
runHttpRequest :: (YesodAuth master, MonadHandler m, HandlerSite m ~ master, MonadUnliftIO m) => Request -> (Response BodyReader -> m a) -> m a

-- | Class which states that the given site is an instance of
--   <tt>YesodAuth</tt> and that its <tt>AuthId</tt> is a lookup key for
--   the full user information in a <tt>YesodPersist</tt> database.
--   
--   The default implementation of <tt>getAuthEntity</tt> assumes that the
--   <tt>AuthId</tt> for the <tt>YesodAuth</tt> superclass is in fact a
--   persistent <tt>Key</tt> for the given value. This is the common case
--   in Yesod, and means that you can easily look up the full information
--   on a given user.
class (YesodAuth master, YesodPersist master) => YesodAuthPersist master where {
    
    -- | If the <tt>AuthId</tt> for a given site is a persistent ID, this will
    --   give the value for that entity. E.g.:
    --   
    --   <pre>
    --   type AuthId MySite = UserId
    --   AuthEntity MySite ~ User
    --   </pre>
    type AuthEntity master;
    type AuthEntity master = KeyEntity AuthId master;
}
getAuthEntity :: (YesodAuthPersist master, MonadHandler m, HandlerSite m ~ master) => AuthId master -> m (Maybe (AuthEntity master))
($dmgetAuthEntity) :: (YesodAuthPersist master, YesodPersistBackend master ~ backend, PersistRecordBackend (AuthEntity master) backend, Key (AuthEntity master) ~ AuthId master, PersistStore backend, MonadHandler m, HandlerSite m ~ master) => AuthId master -> m (Maybe (AuthEntity master))

-- | User credentials
data Creds master
Creds :: Text -> Text -> [(Text, Text)] -> Creds master

-- | How the user was authenticated
[credsPlugin] :: Creds master -> Text

-- | Identifier. Exact meaning depends on plugin.
[credsIdent] :: Creds master -> Text
[credsExtra] :: Creds master -> [(Text, Text)]

-- | Sets user credentials for the session after checking them with
--   authentication backends.
setCreds :: (MonadHandler m, YesodAuth (HandlerSite m)) => Bool -> Creds (HandlerSite m) -> m ()
setCredsRedirect :: (MonadHandler m, YesodAuth (HandlerSite m)) => Creds (HandlerSite m) -> m TypedContent

-- | Clears current user credentials for the session.
clearCreds :: (MonadHandler m, YesodAuth (HandlerSite m)) => Bool -> m ()

-- | For HTML, set the message and redirect to the route. For JSON, send
--   the message and a 401 status
loginErrorMessage :: (MonadHandler m, YesodAuth (HandlerSite m)) => Route (HandlerSite m) -> Text -> m TypedContent
loginErrorMessageI :: Route Auth -> AuthMessage -> AuthHandler master TypedContent

-- | The result of an authentication based on credentials
data AuthenticationResult master

-- | Authenticated successfully
Authenticated :: AuthId master -> AuthenticationResult master

-- | Invalid credentials provided by user
UserError :: AuthMessage -> AuthenticationResult master

-- | Some other error
ServerError :: Text -> AuthenticationResult master

-- | Retrieves user credentials from the session, if user is authenticated.
--   
--   This function does <i>not</i> confirm that the credentials are valid,
--   see <tt>maybeAuthIdRaw</tt> for more information. The first call in a
--   request does a database request to make sure that the account is still
--   in the database.
defaultMaybeAuthId :: (MonadHandler m, HandlerSite m ~ master, YesodAuthPersist master, Typeable (AuthEntity master)) => m (Maybe (AuthId master))

-- | Default handler to show the login page.
--   
--   This is the default <a>loginHandler</a>. It concatenates plugin
--   widgets and wraps the result in <a>authLayout</a>. See
--   <a>loginHandler</a> for more details.
defaultLoginHandler :: MonadAuthHandler master m => m Html

-- | Similar to <a>maybeAuth</a>, but doesn’t assume that you are using a
--   Persistent database.
maybeAuthPair :: (YesodAuthPersist master, Typeable (AuthEntity master), MonadHandler m, HandlerSite m ~ master) => m (Maybe (AuthId master, AuthEntity master))

-- | Similar to <a>maybeAuthId</a>, but additionally look up the value
--   associated with the user's database identifier to get the value in the
--   database. This assumes that you are using a Persistent database.
maybeAuth :: (YesodAuthPersist master, val ~ AuthEntity master, Key val ~ AuthId master, PersistEntity val, Typeable val, MonadHandler m, HandlerSite m ~ master) => m (Maybe (Entity val))

-- | Similar to <a>maybeAuthId</a>, but redirects to a login page if user
--   is not authenticated or responds with error 401 if this is an API
--   client (expecting JSON).
requireAuthId :: (MonadHandler m, YesodAuth (HandlerSite m)) => m (AuthId (HandlerSite m))

-- | Similar to <a>requireAuth</a>, but not tied to Persistent's
--   <a>Entity</a> type. Instead, the <a>AuthId</a> and <a>AuthEntity</a>
--   are returned in a tuple.
requireAuthPair :: (YesodAuthPersist master, Typeable (AuthEntity master), MonadHandler m, HandlerSite m ~ master) => m (AuthId master, AuthEntity master)

-- | Similar to <a>maybeAuth</a>, but redirects to a login page if user is
--   not authenticated or responds with error 401 if this is an API client
--   (expecting JSON).
requireAuth :: (YesodAuthPersist master, val ~ AuthEntity master, Key val ~ AuthId master, PersistEntity val, Typeable val, MonadHandler m, HandlerSite m ~ master) => m (Entity val)
data AuthException
InvalidFacebookResponse :: AuthException
type MonadAuthHandler master (m :: Type -> Type) = (MonadHandler m, YesodAuth master, master ~ HandlerSite m, Auth ~ SubHandlerSite m, MonadUnliftIO m)
type AuthHandler master a = forall (m :: Type -> Type). MonadAuthHandler master m => m a

-- | Internal session key used to hold the authentication information.
credsKey :: Text
provideJsonMessage :: forall (m :: Type -> Type). Monad m => Text -> Writer (Endo [ProvidedRep m]) ()
messageJson401 :: MonadHandler m => Text -> m Html -> m TypedContent
asHtml :: Html -> Html
instance GHC.Internal.Exception.Type.Exception Yesod.Auth.AuthException
instance Yesod.Auth.YesodAuth master => Text.Shakespeare.I18N.RenderMessage master Yesod.Auth.Message.AuthMessage
instance GHC.Internal.Show.Show Yesod.Auth.AuthException
instance GHC.Internal.Show.Show (Yesod.Auth.Creds master)
instance Yesod.Auth.YesodAuth master => Yesod.Core.Class.Dispatch.YesodSubDispatch Yesod.Auth.Routes.Auth master

module Yesod.Auth.OpenId
authOpenId :: YesodAuth master => IdentifierType -> [(Text, Text)] -> AuthPlugin master
forwardUrl :: AuthRoute

-- | The main identifier provided by the OpenID authentication plugin is
--   the "OP-local identifier". There is also sometimes a "claimed"
--   identifier available.
--   
--   In the <a>credsExtra</a> field of the <a>Creds</a> datatype, you can
--   lookup this key to find the claimed identifier, if available.
--   
--   <pre>
--   let finalID = fromMaybe (credsIdent creds)
--               $ lookup claimedKey (credsExtra creds)
--   </pre>
--   
--   Since 1.0.2
claimedKey :: Text
opLocalKey :: Text

-- | A helper function which will get the claimed identifier, if available,
--   falling back to the OP local identifier.
--   
--   See <a>claimedKey</a>.
--   
--   Since 1.0.2
credsIdentClaimed :: Creds m -> Text
data IdentifierType
Claimed :: IdentifierType
OPLocal :: IdentifierType


-- | Sometimes you may want to have some hardcoded set of users (e.g. site
--   managers) that allowed to log in and visit some specific sections of
--   your website without ability to register new managers. This simple
--   plugin is designed exactly for this purpose.
--   
--   Here is a quick usage example.
--   
--   <h2>Define hardcoded users representation</h2>
--   
--   Let's assume, that we want to have some hardcoded managers with normal
--   site users. Let's define hardcoded user representation:
--   
--   <pre>
--   data SiteManager = SiteManager
--     { manUserName :: Text
--     , manPassWord :: Text }
--     deriving Show
--   
--   siteManagers :: [SiteManager]
--   siteManagers = [SiteManager "content editor" "top secret"]
--   </pre>
--   
--   <h2>Describe <a>YesodAuth</a> instance</h2>
--   
--   Now we need to have some convenient <tt>AuthId</tt> type representing
--   both cases:
--   
--   <pre>
--   instance YesodAuth App where
--     type AuthId App = Either UserId Text
--   </pre>
--   
--   Here, right <tt>Text</tt> value will present hardcoded user name
--   (which obviously must be unique).
--   
--   <tt>AuthId</tt> must have an instance of <a>PathPiece</a> class, this
--   is needed to store user identifier in session (this happens in
--   <tt>setCreds</tt> and <a>setCredsRedirect</a> actions) and to read
--   that identifier from session (this happens in
--   <tt>defaultMaybeAuthId</tt> action). So we have to define it:
--   
--   <pre>
--   import Text.Read (readMaybe)
--   
--   instance PathPiece (Either UserId Text) where
--     fromPathPiece = readMaybe . unpack
--     toPathPiece = pack . show
--   </pre>
--   
--   Quiet simple so far. Now let's add plugin to <tt>authPlugins</tt>
--   list, and define <tt>authenticate</tt> method, it should return user
--   identifier for given credentials, for normal users it is usually
--   persistent key, for hardcoded users we will return user name again.
--   
--   <pre>
--   instance YesodAuth App where
--     -- ..
--     authPlugins _ = [authHardcoded]
--   
--     authenticate Creds{..} =
--       return
--         (case credsPlugin of
--            "hardcoded" -&gt;
--              case lookupUser credsIdent of
--                Nothing -&gt; UserError InvalidLogin
--                Just m  -&gt; Authenticated (Right (manUserName m)))
--   </pre>
--   
--   Here <tt>lookupUser</tt> is just a helper function to lookup hardcoded
--   users by name:
--   
--   <pre>
--   lookupUser :: Text -&gt; Maybe SiteManager
--   lookupUser username = find (\m -&gt; manUserName m == username) siteManagers
--   </pre>
--   
--   <h2>Describe an <tt>YesodAuthPersist</tt> instance</h2>
--   
--   Now we need to manually define <tt>YesodAuthPersist</tt> instance.
--   
--   <pre>
--   instance YesodAuthPersist App where
--     type AuthEntity App = Either User SiteManager
--   
--     getAuthEntity (Left uid) =
--       do x &lt;- runDB (get uid)
--          return (Left &lt;$&gt; x)
--     getAuthEntity (Right username) = return (Right &lt;$&gt; lookupUser username)
--   </pre>
--   
--   <h2>Define <a>YesodAuthHardcoded</a> instance</h2>
--   
--   Finally, let's define an plugin instance
--   
--   <pre>
--   instance YesodAuthHardcoded App where
--     validatePassword u = return . validPassword u
--     doesUserNameExist  = return . isJust . lookupUser
--   
--   validPassword :: Text -&gt; Text -&gt; Bool
--   validPassword u p =
--     case find (\m -&gt; manUserName m == u &amp;&amp; manPassWord m == p) siteManagers of
--       Just _ -&gt; True
--       _      -&gt; False
--   </pre>
--   
--   <h2>Conclusion</h2>
--   
--   Now we can use <tt>maybeAuthId</tt>, <tt>maybeAuthPair</tt>,
--   <tt>requireAuthId</tt>, and <tt>requireAuthPair</tt>, moreover, the
--   returned value makes possible to distinguish normal users and site
--   managers.
module Yesod.Auth.Hardcoded
class YesodAuth site => YesodAuthHardcoded site

-- | Check whether given user name exists among hardcoded names.
doesUserNameExist :: YesodAuthHardcoded site => Text -> AuthHandler site Bool

-- | Validate given user name with given password.
validatePassword :: YesodAuthHardcoded site => Text -> Text -> AuthHandler site Bool
authHardcoded :: YesodAuthHardcoded m => AuthPlugin m
loginR :: AuthRoute


-- | Use an email address as an identifier via Google's login system.
--   
--   Note that this is a replacement for <a>Yesod.Auth.GoogleEmail</a>,
--   which depends on Google's now deprecated OpenID system. For more
--   information, see
--   <a>https://developers.google.com/+/api/auth-migration</a>.
--   
--   By using this plugin, you are trusting Google to validate an email
--   address, and requiring users to have a Google account. On the plus
--   side, you get to use email addresses as the identifier, many users
--   have existing Google accounts, the login system has been long tested
--   (as opposed to BrowserID), and it requires no credential managing or
--   setup (as opposed to Email).
--   
--   In order to use this plugin:
--   
--   <ul>
--   <li>Create an application on the Google Developer Console
--   <a>https://console.developers.google.com/</a></li>
--   <li>Create OAuth credentials. The redirect URI will be
--   <a>http://yourdomain/auth/page/googleemail2/complete</a>. (If you have
--   your authentication subsite at a different root than /auth/, please
--   adjust accordingly.)</li>
--   <li>Enable the Google+ API.</li>
--   </ul>

-- | <i>Deprecated: Google+ is being shut down, please migrate to Google
--   Sign-in
--   <a>https://pbrisbin.com/posts/googleemail2_deprecation/</a></i>
module Yesod.Auth.GoogleEmail2
authGoogleEmail :: YesodAuth m => Text -> Text -> AuthPlugin m

-- | An alternative version which stores user access token in the session
--   variable. Use it if you want to request user's profile from your app.
authGoogleEmailSaveToken :: YesodAuth m => Text -> Text -> AuthPlugin m
forwardUrl :: AuthRoute

-- | An authentication token which was acquired from OAuth callback. The
--   token gets saved into the session storage only if you use
--   <a>authGoogleEmailSaveToken</a>. You can acquire saved token with
--   <a>getUserAccessToken</a>.
data Token
Token :: Text -> Text -> Token
[accessToken] :: Token -> Text
[tokenType] :: Token -> Text

-- | Get user's access token from the session. Returns Nothing if it's not
--   found (probably because the user is not logged in via
--   <a>GoogleEmail2</a> or you are not using
--   <a>authGoogleEmailSaveToken</a>)
getUserAccessToken :: MonadHandler m => m (Maybe Token)

-- | Allows to fetch information about a user from Google's API. In case of
--   parsing error returns <a>Nothing</a>. Will throw
--   <tt>HttpException</tt> in case of network problems or error response
--   code.
getPerson :: MonadHandler m => Manager -> Token -> m (Maybe Person)

-- | Information about the user Full description of the resource
--   <a>https://developers.google.com/+/api/latest/people</a>
data Person
Person :: Text -> Maybe Text -> Maybe Name -> Maybe Text -> Maybe Text -> Maybe Gender -> Maybe Text -> Maybe PersonImage -> Maybe Text -> Maybe RelationshipStatus -> [PersonURI] -> [Organization] -> [Place] -> Maybe Text -> Maybe Bool -> Maybe Text -> Maybe Int -> Maybe Int -> Maybe Bool -> Maybe Text -> [Email] -> Maybe Text -> Maybe Text -> Maybe Text -> Person
[personId] :: Person -> Text

-- | The name of this person, which is suitable for display
[personDisplayName] :: Person -> Maybe Text
[personName] :: Person -> Maybe Name
[personNickname] :: Person -> Maybe Text

-- | Birthday formatted as YYYY-MM-DD
[personBirthday] :: Person -> Maybe Text
[personGender] :: Person -> Maybe Gender

-- | The URI of this person's profile
[personProfileUri] :: Person -> Maybe Text
[personImage] :: Person -> Maybe PersonImage

-- | A short biography for this person
[personAboutMe] :: Person -> Maybe Text
[personRelationshipStatus] :: Person -> Maybe RelationshipStatus
[personUris] :: Person -> [PersonURI]
[personOrganizations] :: Person -> [Organization]
[personPlacesLived] :: Person -> [Place]

-- | The brief description of this person
[personTagline] :: Person -> Maybe Text

-- | Whether this user has signed up for Google+
[personIsPlusUser] :: Person -> Maybe Bool

-- | The "bragging rights" line of this person
[personBraggingRights] :: Person -> Maybe Text

-- | if a Google+ page, the number of people who have +1'd this page
[personPlusOneCount] :: Person -> Maybe Int

-- | For followers who are visible, the number of people who have added
--   this person or page to a circle.
[personCircledByCount] :: Person -> Maybe Int

-- | Whether the person or Google+ Page has been verified. This is used
--   only for pages with a higher risk of being impersonated or similar.
--   This flag will not be present on most profiles.
[personVerified] :: Person -> Maybe Bool

-- | The user's preferred language for rendering.
[personLanguage] :: Person -> Maybe Text
[personEmails] :: Person -> [Email]
[personDomain] :: Person -> Maybe Text

-- | The occupation of this person
[personOccupation] :: Person -> Maybe Text

-- | The person's skills
[personSkills] :: Person -> Maybe Text

-- | Individual components of a name
data Name
Name :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Name

-- | The full name of this person, including middle names, suffixes, etc
[nameFormatted] :: Name -> Maybe Text

-- | The family name (last name) of this person
[nameFamily] :: Name -> Maybe Text

-- | The given name (first name) of this person
[nameGiven] :: Name -> Maybe Text

-- | The middle name of this person.
[nameMiddle] :: Name -> Maybe Text

-- | The honorific prefixes (such as "Dr." or "Mrs.") for this person
[nameHonorificPrefix] :: Name -> Maybe Text

-- | The honorific suffixes (such as "Jr.") for this person
[nameHonorificSuffix] :: Name -> Maybe Text

-- | Gender of the person
data Gender
Male :: Gender
Female :: Gender
OtherGender :: Gender

-- | The URI of the person's profile photo.
newtype PersonImage
PersonImage :: Text -> PersonImage
[imageUri] :: PersonImage -> Text

-- | <tt>resizePersonImage img 30</tt> would set query part to
--   <tt>?sz=30</tt> which would resize the image under the URI. If for
--   some reason you need to modify the query part, you should do it after
--   resizing.
resizePersonImage :: PersonImage -> Int -> PersonImage

-- | The person's relationship status.
data RelationshipStatus

-- | Person is single
Single :: RelationshipStatus

-- | Person is in a relationship
InRelationship :: RelationshipStatus

-- | Person is engaged
Engaged :: RelationshipStatus

-- | Person is married
Married :: RelationshipStatus

-- | The relationship is complicated
Complicated :: RelationshipStatus

-- | Person is in an open relationship
OpenRelationship :: RelationshipStatus

-- | Person is widowed
Widowed :: RelationshipStatus

-- | Person is in a domestic partnership
DomesticPartnership :: RelationshipStatus

-- | Person is in a civil union
CivilUnion :: RelationshipStatus

-- | Something else
RelationshipStatus :: Text -> RelationshipStatus

-- | URIs specified in the person's profile
data PersonURI
PersonURI :: Maybe Text -> Maybe Text -> Maybe PersonURIType -> PersonURI
[uriLabel] :: PersonURI -> Maybe Text
[uriValue] :: PersonURI -> Maybe Text
[uriType] :: PersonURI -> Maybe PersonURIType

-- | The type of URI
data PersonURIType

-- | URI for another profile
OtherProfile :: PersonURIType

-- | URI to a site for which this person is a contributor
Contributor :: PersonURIType

-- | URI for this Google+ Page's primary website
Website :: PersonURIType

-- | Other URL
OtherURI :: PersonURIType

-- | Something else
PersonURIType :: Text -> PersonURIType

-- | Current or past organizations with which this person is associated
data Organization
Organization :: Maybe Text -> Maybe Text -> Maybe OrganizationType -> Maybe Text -> Maybe Text -> Maybe Bool -> Organization

-- | The person's job title or role within the organization
[orgName] :: Organization -> Maybe Text
[orgTitle] :: Organization -> Maybe Text

-- | The date that the person joined this organization.
[orgType] :: Organization -> Maybe OrganizationType

-- | The date that the person left this organization.
[orgStartDate] :: Organization -> Maybe Text

-- | If <tt>True</tt>, indicates this organization is the person's ^
--   primary one, which is typically interpreted as the current one.
[orgEndDate] :: Organization -> Maybe Text
[orgPrimary] :: Organization -> Maybe Bool

-- | The type of an organization
data OrganizationType
Work :: OrganizationType
School :: OrganizationType

-- | Something else
OrganizationType :: Text -> OrganizationType

-- | A place where the person has lived or is living at the moment.
data Place
Place :: Maybe Text -> Maybe Bool -> Place

-- | A place where this person has lived. For example: "Seattle, WA", "Near
--   Toronto".
[placeValue] :: Place -> Maybe Text

-- | If <tt>True</tt>, this place of residence is this person's primary
--   residence.
[placePrimary] :: Place -> Maybe Bool

-- | Person's email
data Email
Email :: Text -> EmailType -> Email
[emailValue] :: Email -> Text
[emailType] :: Email -> EmailType

-- | Type of email
data EmailType

-- | Google account email address
EmailAccount :: EmailType

-- | Home email address
EmailHome :: EmailType

-- | Work email adress
EmailWork :: EmailType

-- | Other email address
EmailOther :: EmailType

-- | Something else
EmailType :: Text -> EmailType

-- | Plugin identifier. This is used to identify the plugin used for
--   authentication. The <tt>credsPlugin</tt> will contain this value when
--   this plugin is used for authentication. @since 1.4.17
pid :: Text
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Email
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.EmailType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Gender
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Name
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Organization
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.OrganizationType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Person
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonImage
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonURI
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.PersonURIType
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Place
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.RelationshipStatus
instance GHC.Classes.Eq Yesod.Auth.GoogleEmail2.Token
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Email
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.EmailType
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Gender
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Name
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Organization
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.OrganizationType
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Person
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.PersonImage
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.PersonURI
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.PersonURIType
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Place
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.RelationshipStatus
instance Data.Aeson.Types.FromJSON.FromJSON Yesod.Auth.GoogleEmail2.Token
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Email
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.EmailType
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Gender
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Name
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Organization
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.OrganizationType
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Person
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.PersonImage
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.PersonURI
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.PersonURIType
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Place
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.RelationshipStatus
instance GHC.Internal.Show.Show Yesod.Auth.GoogleEmail2.Token


-- | Provides a dummy authentication module that simply lets a user specify
--   their identifier. This is not intended for real world use, just for
--   testing. This plugin supports form submissions via JSON (since 1.6.8).
--   
--   <h1>Using the JSON Login Endpoint</h1>
--   
--   We are assuming that you have declared <a>authRoute</a> as follows
--   
--   <pre>
--   Just $ AuthR LoginR
--   </pre>
--   
--   If you are using a different one, then you have to adjust the endpoint
--   accordingly.
--   
--   <pre>
--   Endpoint: /auth/page/dummy
--   Method: POST
--   JSON Data: {
--                  "ident": "my identifier"
--              }
--   </pre>
--   
--   Remember to add the following headers:
--   
--   <ul>
--   <li>Accept: application/json</li>
--   <li>Content-Type: application/json</li>
--   </ul>
module Yesod.Auth.Dummy
authDummy :: YesodAuth m => AuthPlugin m


-- | module is no longer recommended for use.

-- | <i>Deprecated: Mozilla Persona will be shut down by the end of
--   2016</i>
module Yesod.Auth.BrowserId
authBrowserId :: YesodAuth m => BrowserIdSettings -> AuthPlugin m

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClick :: BrowserIdSettings -> (Route Auth -> Route master) -> WidgetFor master Text

-- | Generates a function to handle on-click events, and returns that
--   function name.
createOnClickOverride :: BrowserIdSettings -> (Route Auth -> Route master) -> Maybe (Route master) -> WidgetFor master Text
def :: Default a => a

-- | A settings type for various configuration options relevant to
--   BrowserID.
--   
--   See: <a>http://www.yesodweb.com/book/settings-types</a>
--   
--   Since 1.2.0
data BrowserIdSettings

-- | BrowserID audience value. If <tt>Nothing</tt>, will be extracted based
--   on the approot.
--   
--   Default: <tt>Nothing</tt>
--   
--   Since 1.2.0
bisAudience :: BrowserIdSettings -> Maybe Text

-- | Use asynchronous Javascript loading for the BrowserID JS file.
--   
--   Default: <tt>True</tt>.
--   
--   Since 1.2.0
bisLazyLoad :: BrowserIdSettings -> Bool
forwardUrl :: AuthRoute
instance Data.Default.Internal.Default Yesod.Auth.BrowserId.BrowserIdSettings

module Yesod.Auth.Rpxnow
authRpxnow :: YesodAuth master => String -> String -> AuthPlugin master


-- | This is a fork of pwstore-fast, originally copyright (c) Peter Scott,
--   2011, and released under a BSD-style licence.
--   
--   Securely store hashed, salted passwords. If you need to store and
--   verify passwords, there are many wrong ways to do it, most of them all
--   too common. Some people store users' passwords in plain text. Then,
--   when an attacker manages to get their hands on this file, they have
--   the passwords for every user's account. One step up, but still wrong,
--   is to simply hash all passwords with SHA1 or something. This is
--   vulnerable to rainbow table and dictionary attacks. One step up from
--   that is to hash the password along with a unique salt value. This is
--   vulnerable to dictionary attacks, since guessing a password is very
--   fast. The right thing to do is to use a slow hash function, to add
--   some small but significant delay, that will be negligible for
--   legitimate users but prohibitively expensive for someone trying to
--   guess passwords by brute force. That is what this library does. It
--   iterates a SHA256 hash, with a random salt, a few thousand times. This
--   scheme is known as PBKDF1, and is generally considered secure; there
--   is nothing innovative happening here.
--   
--   The API here is very simple. What you store are called <i>password
--   hashes</i>. They are strings (technically, ByteStrings) that look like
--   this:
--   
--   <pre>
--   "sha256|14|jEWU94phx4QzNyH94Qp4CQ==|5GEw+jxP/4WLgzt9VS3Ee3nhqBlDsrKiB+rq7JfMckU="
--   </pre>
--   
--   Each password hash shows the algorithm, the strength (more on that
--   later), the salt, and the hashed-and-salted password. You store these
--   on your server, in a database, for when you need to verify a password.
--   You make a password hash with the <a>makePassword</a> function. Here's
--   an example:
--   
--   <pre>
--   &gt;&gt;&gt; makePassword "hunter2" 14
--   "sha256|14|Zo4LdZGrv/HYNAUG3q8WcA==|zKjbHZoTpuPLp1lh6ATolWGIKjhXvY4TysuKvqtNFyk="
--   </pre>
--   
--   This will hash the password <tt>"hunter2"</tt>, with strength 14,
--   which is a good default value. The strength here determines how long
--   the hashing will take. When doing the hashing, we iterate the SHA256
--   hash function <tt>2^strength</tt> times, so increasing the strength by
--   1 makes the hashing take twice as long. When computers get faster, you
--   can bump up the strength a little bit to compensate. You can
--   strengthen existing password hashes with the <a>strengthenPassword</a>
--   function. Note that <a>makePassword</a> needs to generate random
--   numbers, so its return type is <a>IO</a> <a>ByteString</a>. If you
--   want to avoid the <a>IO</a> monad, you can generate your own salt and
--   pass it to <a>makePasswordSalt</a>.
--   
--   Your strength value should not be less than 12, and 14 is a good
--   default value at the time of this writing, in 2013.
--   
--   Once you've got your password hashes, the second big thing you need to
--   do with them is verify passwords against them. When a user gives you a
--   password, you compare it with a password hash using the
--   <a>verifyPassword</a> function:
--   
--   <pre>
--   &gt;&gt;&gt; verifyPassword "wrong guess" passwordHash
--   False
--   &gt;&gt;&gt; verifyPassword "hunter2" passwordHash
--   True
--   </pre>
--   
--   These two functions are really all you need. If you want to make
--   existing password hashes stronger, you can use
--   <a>strengthenPassword</a>. Just pass it an existing password hash and
--   a new strength value, and it will return a new password hash with that
--   strength value, which will match the same password as the old password
--   hash.
--   
--   Note that, as of version 2.4, you can also use PBKDF2, and specify the
--   exact iteration count. This does not have a significant effect on
--   security, but can be handy for compatibility with other code.
module Yesod.Auth.Util.PasswordStore

-- | PBKDF1 key-derivation function. Takes a password, a <a>Salt</a>, and a
--   number of iterations. The number of iterations should be at least
--   1000, and probably more. 5000 is a reasonable number, computing almost
--   instantaneously. This will give a 32-byte <a>ByteString</a> as output.
--   Both the salt and this 32-byte key should be stored in the password
--   file. When a user wishes to authenticate a password, just pass it and
--   the salt to this function, and see if the output matches.
pbkdf1 :: ByteString -> Salt -> Int -> ByteString

-- | PBKDF2 key-derivation function. For details see
--   <tt><a>http://tools.ietf.org/html/rfc2898</a></tt>. <tt>32</tt> is the
--   most common digest size for <tt>SHA256</tt>, and is what the algorithm
--   internally uses. <tt>HMAC+SHA256</tt> is used as <tt>PRF</tt>, because
--   <tt>HMAC+SHA1</tt> is considered too weak.
pbkdf2 :: ByteString -> Salt -> Int -> ByteString

-- | Hash a password with a given strength (14 is a good default). The
--   output of this function can be written directly to a password file or
--   database. Generates a salt using high-quality randomness from
--   <tt>/dev/urandom</tt> or (if that is not available, for example on
--   Windows) <a>Random</a>, which is included in the hashed output.
makePassword :: ByteString -> Int -> IO ByteString

-- | A generic version of <a>makePassword</a>, which allow the user to
--   choose the algorithm to use.
--   
--   <pre>
--   &gt;&gt;&gt; makePasswordWith pbkdf1 "password" 14
--   </pre>
makePasswordWith :: (ByteString -> Salt -> Int -> ByteString) -> ByteString -> Int -> IO ByteString

-- | Hash a password with a given strength (14 is a good default), using a
--   given salt. The output of this function can be written directly to a
--   password file or database. Example:
--   
--   <pre>
--   &gt;&gt;&gt; makePasswordSalt "hunter2" (makeSalt "72cd18b5ebfe6e96") 14
--   "sha256|14|NzJjZDE4YjVlYmZlNmU5Ng==|yuiNrZW3KHX+pd0sWy9NTTsy5Yopmtx4UYscItSsoxc="
--   </pre>
makePasswordSalt :: ByteString -> Salt -> Int -> ByteString

-- | A generic version of <a>makePasswordSalt</a>, meant to give the user
--   the maximum control over the generation parameters. Note that, unlike
--   <a>makePasswordWith</a>, this function takes the <tt>raw</tt> number
--   of iterations. This means the user will need to specify a sensible
--   value, typically <tt>10000</tt> or <tt>20000</tt>.
makePasswordSaltWith :: (ByteString -> Salt -> Int -> ByteString) -> (Int -> Int) -> ByteString -> Salt -> Int -> ByteString

-- | Like <a>verifyPasswordWith</a>, but uses <a>pbkdf1</a> as algorithm.
verifyPassword :: ByteString -> ByteString -> Bool

-- | <a>verifyPasswordWith</a> <tt>algorithm userInput pwHash</tt> verifies
--   the password <tt>userInput</tt> given by the user against the stored
--   password hash <tt>pwHash</tt>, with the hashing algorithm
--   <tt>algorithm</tt>. Returns <a>True</a> if the given password is
--   correct, and <a>False</a> if it is not. This function allows the
--   programmer to specify the algorithm to use, e.g. <a>pbkdf1</a> or
--   <a>pbkdf2</a>. Note: If you want to verify a password previously
--   generated with <a>makePasswordSaltWith</a>, but without modifying the
--   number of iterations, you can do:
--   
--   <pre>
--   &gt;&gt;&gt; verifyPasswordWith pbkdf2 id "hunter2" "sha256..."
--   True
--   </pre>
verifyPasswordWith :: (ByteString -> Salt -> Int -> ByteString) -> (Int -> Int) -> ByteString -> ByteString -> Bool

-- | Try to strengthen a password hash, by hashing it some more times.
--   <tt><a>strengthenPassword</a> pwHash new_strength</tt> will return a
--   new password hash with strength at least <tt>new_strength</tt>. If the
--   password hash already has strength greater than or equal to
--   <tt>new_strength</tt>, then it is returned unmodified. If the password
--   hash is invalid and does not parse, it will be returned without
--   comment.
--   
--   This function can be used to periodically update your password
--   database when computers get faster, in order to keep up with Moore's
--   law. This isn't hugely important, but it's a good idea.
strengthenPassword :: ByteString -> Int -> ByteString

-- | Return the strength of a password hash.
passwordStrength :: ByteString -> Int

-- | A salt is a unique random value which is stored as part of the
--   password hash. You can generate a salt with <a>genSaltIO</a> or
--   <a>genSaltRandom</a>, or if you really know what you're doing, you can
--   create them from your own ByteString values with <a>makeSalt</a>.
data Salt

-- | Is the format of a password hash valid? Attempts to parse a given
--   password hash. Returns <a>True</a> if it parses correctly, and
--   <a>False</a> otherwise.
isPasswordFormatValid :: ByteString -> Bool

-- | Generate a <a>Salt</a> from 128 bits of data from
--   <tt>/dev/urandom</tt>, with the system RNG as a fallback. This is the
--   function used to generate salts by <a>makePassword</a>.
genSaltIO :: IO Salt

-- | Generate a <a>Salt</a> with 128 bits of data taken from a given random
--   number generator. Returns the salt and the updated random number
--   generator. This is meant to be used with <a>makePasswordSalt</a> by
--   people who would prefer to either use their own random number
--   generator or avoid the <a>IO</a> monad.
genSaltRandom :: RandomGen b => b -> (Salt, b)

-- | Create a <a>Salt</a> from a <a>ByteString</a>. The input must be at
--   least 8 characters, and can contain arbitrary bytes. Most users will
--   not need to use this function.
makeSalt :: ByteString -> Salt

-- | Convert a <a>Salt</a> into a <a>ByteString</a>. The resulting
--   <a>ByteString</a> will be base64-encoded. Most users will not need to
--   use this function.
exportSalt :: Salt -> ByteString

-- | Convert a raw <a>ByteString</a> into a <a>Salt</a>. Use this function
--   with caution, since using a weak salt will result in a weak password.
importSalt :: ByteString -> Salt
instance GHC.Classes.Eq Yesod.Auth.Util.PasswordStore.Salt
instance GHC.Classes.Ord Yesod.Auth.Util.PasswordStore.Salt
instance GHC.Internal.Show.Show Yesod.Auth.Util.PasswordStore.Salt


-- | A Yesod plugin for Authentication via e-mail
--   
--   This plugin works out of the box by only setting a few methods on the
--   type class that tell the plugin how to interoperate with your user
--   data storage (your database). However, almost everything is
--   customizeable by setting more methods on the type class. In addition,
--   you can send all the form submissions via JSON and completely control
--   the user's flow.
--   
--   This is a standard registration e-mail flow
--   
--   <ol>
--   <li>A user registers a new e-mail address, and an e-mail is sent
--   there</li>
--   <li>The user clicks on the registration link in the e-mail. Note that
--   at this point they are actually logged in (without a password). That
--   means that when they log out they will need to reset their
--   password.</li>
--   <li>The user sets their password and is redirected to the site.</li>
--   <li>The user can now<ul><li>logout and sign in</li><li>reset their
--   password</li></ul></li>
--   </ol>
--   
--   <h1>Using JSON Endpoints</h1>
--   
--   We are assuming that you have declared auth route as follows
--   
--   <pre>
--   /auth AuthR Auth getAuth
--   </pre>
--   
--   If you are using a different route, then you have to adjust the
--   endpoints accordingly.
--   
--   <ul>
--   <li>Registration</li>
--   </ul>
--   
--   <pre>
--   Endpoint: /auth/page/email/register
--   Method: POST
--   JSON Data: {
--                  "email": "myemail@domain.com",
--                  "password": "myStrongPassword" (optional)
--              }
--   </pre>
--   
--   <ul>
--   <li>Forgot password</li>
--   </ul>
--   
--   <pre>
--   Endpoint: /auth/page/email/forgot-password
--   Method: POST
--   JSON Data: { "email": "myemail@domain.com" }
--   </pre>
--   
--   <ul>
--   <li>Login</li>
--   </ul>
--   
--   <pre>
--   Endpoint: /auth/page/email/login
--   Method: POST
--   JSON Data: {
--                  "email": "myemail@domain.com",
--                  "password": "myStrongPassword"
--              }
--   </pre>
--   
--   <ul>
--   <li>Set new password</li>
--   </ul>
--   
--   <pre>
--   Endpoint: /auth/page/email/set-password
--   Method: POST
--   JSON Data: {
--                   "new": "newPassword",
--                   "confirm": "newPassword",
--                   "current": "currentPassword"
--              }
--   </pre>
--   
--   Note that in the set password endpoint, the presence of the key
--   "current" is dependent on how the <a>needOldPassword</a> is defined in
--   the instance for <a>YesodAuthEmail</a>.
module Yesod.Auth.Email
authEmail :: YesodAuthEmail m => AuthPlugin m
class (YesodAuth site, PathPiece AuthEmailId site, RenderMessage site AuthMessage) => YesodAuthEmail site where {
    type AuthEmailId site;
}

-- | Add a new email address to the database, but indicate that the address
--   has not yet been verified.
addUnverified :: YesodAuthEmail site => Email -> VerKey -> AuthHandler site (AuthEmailId site)

-- | Similar to <a>addUnverified</a>, but comes with the registered
--   password.
--   
--   The default implementation is just <a>addUnverified</a>, which ignores
--   the password.
--   
--   You may override this to save the salted password to your database.
addUnverifiedWithPass :: YesodAuthEmail site => Email -> VerKey -> SaltedPass -> AuthHandler site (AuthEmailId site)

-- | Send an email to the given address to verify ownership.
sendVerifyEmail :: YesodAuthEmail site => Email -> VerKey -> VerUrl -> AuthHandler site ()

-- | Send an email to the given address to re-verify ownership in the case
--   of a password reset. This can be used to send a different email when a
--   user goes through the 'forgot password' flow as opposed to the
--   'account registration' flow.
--   
--   Default: Will call <a>sendVerifyEmail</a>, resulting in the same email
--   getting sent for both registrations and password resets.
sendForgotPasswordEmail :: YesodAuthEmail site => Email -> VerKey -> VerUrl -> AuthHandler site ()

-- | Get the verification key for the given email ID.
getVerifyKey :: YesodAuthEmail site => AuthEmailId site -> AuthHandler site (Maybe VerKey)

-- | Set the verification key for the given email ID.
setVerifyKey :: YesodAuthEmail site => AuthEmailId site -> VerKey -> AuthHandler site ()

-- | Hash and salt a password
--   
--   Default: <a>saltPass</a>.
hashAndSaltPassword :: YesodAuthEmail site => Text -> AuthHandler site SaltedPass

-- | Verify a password matches the stored password for the given account.
--   
--   Default: Fetch a password with <a>getPassword</a> and match using
--   <a>verifyPassword</a>.
verifyPassword :: YesodAuthEmail site => Text -> SaltedPass -> AuthHandler site Bool

-- | Verify the email address on the given account.
--   
--   <b><i>Warning!</i></b> If you have persisted the
--   <tt><a>AuthEmailId</a> site</tt> somewhere, this method should delete
--   that key, or make it unusable in some fashion. Otherwise, the same key
--   can be used multiple times!
--   
--   See <a>https://github.com/yesodweb/yesod/issues/1222</a>.
verifyAccount :: YesodAuthEmail site => AuthEmailId site -> AuthHandler site (Maybe (AuthId site))

-- | Get the salted password for the given account.
getPassword :: YesodAuthEmail site => AuthId site -> AuthHandler site (Maybe SaltedPass)

-- | Set the salted password for the given account.
setPassword :: YesodAuthEmail site => AuthId site -> SaltedPass -> AuthHandler site ()

-- | Get the credentials for the given <tt>Identifier</tt>, which may be
--   either an email address or some other identification (e.g., username).
getEmailCreds :: YesodAuthEmail site => Identifier -> AuthHandler site (Maybe (EmailCreds site))

-- | Get the email address for the given email ID.
getEmail :: YesodAuthEmail site => AuthEmailId site -> AuthHandler site (Maybe Email)

-- | Generate a random alphanumeric string.
randomKey :: YesodAuthEmail site => site -> IO VerKey

-- | Route to send user to after password has been set correctly.
afterPasswordRoute :: YesodAuthEmail site => site -> Route site

-- | Route to send user to after verification with a password
afterVerificationWithPass :: YesodAuthEmail site => site -> Route site

-- | Does the user need to provide the current password in order to set a
--   new password?
--   
--   Default: if the user logged in via an email link do not require a
--   password.
needOldPassword :: YesodAuthEmail site => AuthId site -> AuthHandler site Bool

-- | Check that the given plain-text password meets minimum security
--   standards.
--   
--   Default: password is at least three characters.
checkPasswordSecurity :: YesodAuthEmail site => AuthId site -> Text -> AuthHandler site (Either Text ())

-- | Response after sending a confirmation email.
confirmationEmailSentResponse :: YesodAuthEmail site => Text -> AuthHandler site TypedContent

-- | If a response is set, it will be used when an already-verified email
--   tries to re-register. Otherwise, <a>confirmationEmailSentResponse</a>
--   will be used.
emailPreviouslyRegisteredResponse :: (YesodAuthEmail site, MonadAuthHandler site m) => Text -> Maybe (m TypedContent)

-- | Additional normalization of email addresses, besides standard
--   canonicalization.
--   
--   Default: Lower case the email address.
normalizeEmailAddress :: YesodAuthEmail site => site -> Text -> Text

-- | Handler called to render the login page. The default works fine, but
--   you may want to override it in order to have a different DOM.
--   
--   Default: <a>defaultEmailLoginHandler</a>.
emailLoginHandler :: YesodAuthEmail site => (Route Auth -> Route site) -> WidgetFor site ()

-- | Handler called to render the registration page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultRegisterHandler</a>.
--   
--   @since: 1.2.6
registerHandler :: YesodAuthEmail site => AuthHandler site Html

-- | Handler called to render the "forgot password" page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultForgotPasswordHandler</a>.
--   
--   @since: 1.2.6
forgotPasswordHandler :: YesodAuthEmail site => AuthHandler site Html

-- | Handler called to render the "set password" page. The default works
--   fine, but you may want to override it in order to have a different
--   DOM.
--   
--   Default: <a>defaultSetPasswordHandler</a>.
--   
--   @since: 1.2.6
setPasswordHandler :: YesodAuthEmail site => Bool -> AuthHandler site TypedContent

-- | Helper that controls what happens after a user registration request is
--   submitted. This method can be overridden to completely customize what
--   happens during the user registration process, such as for handling
--   additional fields in the registration form.
--   
--   The default implementation is in terms of
--   <a>defaultRegisterHelper</a>.
--   
--   @since: 1.6.9
registerHelper :: YesodAuthEmail site => Route Auth -> AuthHandler site TypedContent

-- | Helper that controls what happens after a forgot password request is
--   submitted. As with <a>registerHelper</a>, this method can be
--   overridden to customize the behavior when a user attempts to recover
--   their password.
--   
--   The default implementation is in terms of
--   <a>defaultRegisterHelper</a>.
--   
--   @since: 1.6.9
passwordResetHelper :: YesodAuthEmail site => Route Auth -> AuthHandler site TypedContent

-- | Data stored in a database for each e-mail address.
data EmailCreds site
EmailCreds :: AuthEmailId site -> Maybe (AuthId site) -> VerStatus -> Maybe VerKey -> Email -> EmailCreds site
[emailCredsId] :: EmailCreds site -> AuthEmailId site
[emailCredsAuthId] :: EmailCreds site -> Maybe (AuthId site)
[emailCredsStatus] :: EmailCreds site -> VerStatus
[emailCredsVerkey] :: EmailCreds site -> Maybe VerKey
[emailCredsEmail] :: EmailCreds site -> Email

-- | Salt a password with a randomly generated salt.
saltPass :: Text -> IO Text
loginR :: AuthRoute
registerR :: AuthRoute
forgotPasswordR :: AuthRoute
setpassR :: AuthRoute

verifyR :: Text -> Text -> Bool -> AuthRoute
isValidPass :: Text -> SaltedPass -> Bool
type Email = Text
type VerKey = Text
type VerUrl = Text
type SaltedPass = Text
type VerStatus = Bool

-- | An Identifier generalizes an email address to allow users to log in
--   with some other form of credentials (e.g., username).
--   
--   Note that any of these other identifiers must not be valid email
--   addresses.
type Identifier = Text

-- | Session variable set when user logged in via a login link. See
--   <a>needOldPassword</a>.
loginLinkKey :: Text

-- | Set <a>loginLinkKey</a> to the current time.
--   
--   setLoginLinkKey :: (MonadHandler m) =&gt; AuthId site -&gt; m ()
setLoginLinkKey :: (MonadHandler m, YesodAuthEmail (HandlerSite m)) => AuthId (HandlerSite m) -> m ()

-- | Default implementation of <a>emailLoginHandler</a>.
defaultEmailLoginHandler :: YesodAuthEmail master => (Route Auth -> Route master) -> WidgetFor master ()

-- | Default implementation of <a>registerHandler</a>.
defaultRegisterHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>forgotPasswordHandler</a>.
defaultForgotPasswordHandler :: YesodAuthEmail master => AuthHandler master Html

-- | Default implementation of <a>setPasswordHandler</a>.
defaultSetPasswordHandler :: YesodAuthEmail master => Bool -> AuthHandler master TypedContent
defaultRegisterHelper :: YesodAuthEmail master => Bool -> Bool -> Route Auth -> AuthHandler master TypedContent
