search

cdepillabout / password

datatypes and functions for easily working with passwords in Haskell
http://hackage.haskell.org/package/password
55 stars 16 forks source link

Documentation addition for working with JSON #28

Open Vlix opened 4 years ago

Vlix commented 4 years ago

After talking to someone who used password-instances, it's still somewhat annoying to have to make a field Text, just because you want to also use it with ToJSON to send between services. It might be a good idea to give an example to make this more convenient, because they did say they think it's a good idea not to allow Password to be turned into JSON for security's sake.

I think something in the documentation near the JSON instances like the following would make it easier for users to switch between Text and Password within other types:

Instead of:

data LoginForm = LoginForm
  { loginUsername :: UserName
  , loginPassword :: Text
  }

and then changing the loginPassword to Password just before hashing or checking, do the following:

data LoginForm a = LoginForm
  { loginUserName :: UserName
  , loginPassword :: a
  } deriving (Show, Functor)

This way, you can have a ToJSON instance for LoginForm while still using LoginForm Password everywhere in your code, while just doing:

unsafeShowPassword <$> loginForm :: LoginForm Text

just before sending it over the wire, and you can still just get the password straight from JSON because of the FromJSON instance.