notes

author: Andrew Cady <d@cryptonomic.net> 2022-12-02 09:41:22 -0500
committer: Andrew Cady <d@cryptonomic.net> 2022-12-02 09:41:26 -0500
commit: d7684e1b4c448f968d9e06d74c4e380a1ebc984f (patch)
tree: 103cc806f4703c38ac59494e965c25f2d06e2ff8
parent: 4c11cc6cf603e99dfb5d671fc9804eaaee40289c (diff)
1 files changed, 64 insertions, 12 deletions
diff --git a/types.hs b/types.hs
index bf2b4c4..0021599 100644
--- a/types.hs
+++ b/types.hs
@@ -8,12 +8,39 @@ createInvitation (CreateInvitation u e t) = do
 type Username = Text
 data User = User UserID Username
+-- These ID types use a type parameter "trick." The type parameter is
+-- instantiated twice; once with () for its id field type, and once with an
+-- actual data type there. This allows the "nulled" version to be used to
+-- represent database field inputs; and the "indexed" version to represent
+-- corresponding outputs.
+newtype UserAccountID   = UserAccountID   UserID
+newtype SheetID         = SheetID         (UserID, Integer)
+newtype SignupCodeID    = SignupCodeID    Text -- short code for typing
+newtype InvitationID    = InvitationID    UUID
+newtype PasswordResetID = PasswordResetID UUID
+data UserAccount' id = UserAccount'
+  { userAccountID           :: id
+  , userAccountInvitation   :: Invitation' InvitationID -- Contains inviter
+  , userAccountEmail        :: EmailAddress
+  , userAccountCreationTime :: UTCTime
+  }
+type CreateUserAccount = UserAccount' ()
+type UserAccount = UserAccount' UserID
+-- A Sheet contains a Set of SignupCodes.  SignupCode converts to
+-- an Invitation after user supplies Email address.  An Invitation
+-- submitted to the web server initiates a verification email which must
+-- be submitted with the InvitationID to initiate the password reset in
+-- the browser.
 data Provenance = ProvenanceSheet Sheet | ProvenanceUser User
 data Invitation' id = Invitation'
  { invitationID           :: id
  , invitationCreationTime :: UTCTime
  , invitationEmailAddress :: EmailAddress -- invited user
-  , invitationProvenance   :: Provenance     -- inviting user
+  , invitationProvenance   :: Provenance   -- inviting user
  }
 type CreateInvitation = Invitation' ()
 type       Invitation = Invitation' UUID
@@ -24,21 +51,25 @@ createInvitation (CreateInvitation () t e (ProvenanceUser  u) = do
  -- record invitation code and shared secret in database
  -- send email containing shared secret
-- preinvitations can be used to create invitations,
+-- signupcodes can be used to create self-invitations. the user must
-- when email addresses are added
+-- supply a signupcode and their email address. a secret code will be
-data PreInvitation' id = PreInvitation'
+-- sent to the email address.
-  { preInvitationID :: id
+data SignupCode' id = SignupCode'
-  , preInvitationSheetID :: Sheet
+  { signupCodeID      :: id
+  , signupCodeSheetID :: Sheet
  }
-type CreatePreInvitation = PreInvitation' ()
+type CreateSignupCode = SignupCode' ()
-type       PreInvitation = PreInvitation' PreInvitationCode
+type       SignupCode = SignupCode' SignupCodeCode
-createPreInvitation :: CreatePreInvitation -> PreInvitation
+createSignupCode :: CreateSignupCode -> SignupCode
-- A sheet containing preinvitations.
+-- A sheet containing signupcodes.
-- The preinvitations link up to their creating sheet.
+-- The signupcodes link up to their creating sheet. Since the real purpose is to
+-- get the Username, it is kept as a Sheet rather than SheetID. If the username
+-- changes for the UserID then we have retained a record of the inviting
+-- username at the time.
 data Sheet' id = Sheet'
  { sheetID           :: id
-  , sheetCreator      :: User
+  , sheetCreator      :: UserAccount' () -- Stores the data! Not the database record ID!
  , sheetCreationTime :: UTCTime
  }
 type CreateSheet = Sheet' ()
@@ -46,3 +77,24 @@ type Sheet       = Sheet' SheetID
 type SheetID     = UUID
 createSheet :: CreateSheet -> m Sheet
+-- The browser is expected to generate a secure password that will be
+-- stored within the browser. Do not re-use passwords! Password re-use
+-- causes a compromise at one site of password-collection to yield
+-- information compromising password-protected barriers at other sites.
author	Andrew Cady <d@cryptonomic.net>	2022-12-02 09:41:22 -0500
committer	Andrew Cady <d@cryptonomic.net>	2022-12-02 09:41:26 -0500
commit	d7684e1b4c448f968d9e06d74c4e380a1ebc984f (patch)
tree	103cc806f4703c38ac59494e965c25f2d06e2ff8
parent	4c11cc6cf603e99dfb5d671fc9804eaaee40289c (diff)

diff --git a/types.hs b/types.hs index bf2b4c4..0021599 100644 --- a/types.hs +++ b/types.hs
@@ -8,12 +8,39 @@ createInvitation (CreateInvitation u e t) = do
8	type Username = Text	8	type Username = Text
9	data User = User UserID Username	9	data User = User UserID Username
10		10
		11	-- These ID types use a type parameter "trick." The type parameter is
		12	-- instantiated twice; once with () for its id field type, and once with an
		13	-- actual data type there. This allows the "nulled" version to be used to
		14	-- represent database field inputs; and the "indexed" version to represent
		15	-- corresponding outputs.
		16
		17	newtype UserAccountID = UserAccountID UserID
		18	newtype SheetID = SheetID (UserID, Integer)
		19	newtype SignupCodeID = SignupCodeID Text -- short code for typing
		20	newtype InvitationID = InvitationID UUID
		21	newtype PasswordResetID = PasswordResetID UUID
		22
		23	data UserAccount' id = UserAccount'
		24	{ userAccountID :: id
		25	, userAccountInvitation :: Invitation' InvitationID -- Contains inviter
		26	, userAccountEmail :: EmailAddress
		27	, userAccountCreationTime :: UTCTime
		28	}
		29	type CreateUserAccount = UserAccount' ()
		30	type UserAccount = UserAccount' UserID
		31
		32	-- A Sheet contains a Set of SignupCodes. SignupCode converts to
		33	-- an Invitation after user supplies Email address. An Invitation
		34	-- submitted to the web server initiates a verification email which must
		35	-- be submitted with the InvitationID to initiate the password reset in
		36	-- the browser.
		37
11	data Provenance = ProvenanceSheet Sheet \| ProvenanceUser User	38	data Provenance = ProvenanceSheet Sheet \| ProvenanceUser User
12	data Invitation' id = Invitation'	39	data Invitation' id = Invitation'
13	{ invitationID :: id	40	{ invitationID :: id
14	, invitationCreationTime :: UTCTime	41	, invitationCreationTime :: UTCTime
15	, invitationEmailAddress :: EmailAddress -- invited user	42	, invitationEmailAddress :: EmailAddress -- invited user
16	, invitationProvenance :: Provenance -- inviting user	43	, invitationProvenance :: Provenance -- inviting user
17	}	44	}
18	type CreateInvitation = Invitation' ()	45	type CreateInvitation = Invitation' ()
19	type Invitation = Invitation' UUID	46	type Invitation = Invitation' UUID
@@ -24,21 +51,25 @@ createInvitation (CreateInvitation () t e (ProvenanceUser u) = do
24	-- record invitation code and shared secret in database	51	-- record invitation code and shared secret in database
25	-- send email containing shared secret	52	-- send email containing shared secret
26		53
27	-- preinvitations can be used to create invitations,	54	-- signupcodes can be used to create self-invitations. the user must
28	-- when email addresses are added	55	-- supply a signupcode and their email address. a secret code will be
29	data PreInvitation' id = PreInvitation'	56	-- sent to the email address.
30	{ preInvitationID :: id	57	data SignupCode' id = SignupCode'
31	, preInvitationSheetID :: Sheet	58	{ signupCodeID :: id
		59	, signupCodeSheetID :: Sheet
32	}	60	}
33	type CreatePreInvitation = PreInvitation' ()	61	type CreateSignupCode = SignupCode' ()
34	type PreInvitation = PreInvitation' PreInvitationCode	62	type SignupCode = SignupCode' SignupCodeCode
35	createPreInvitation :: CreatePreInvitation -> PreInvitation	63	createSignupCode :: CreateSignupCode -> SignupCode
36		64
37	-- A sheet containing preinvitations.	65	-- A sheet containing signupcodes.
38	-- The preinvitations link up to their creating sheet.	66	-- The signupcodes link up to their creating sheet. Since the real purpose is to
		67	-- get the Username, it is kept as a Sheet rather than SheetID. If the username
		68	-- changes for the UserID then we have retained a record of the inviting
		69	-- username at the time.
39	data Sheet' id = Sheet'	70	data Sheet' id = Sheet'
40	{ sheetID :: id	71	{ sheetID :: id
41	, sheetCreator :: User	72	, sheetCreator :: UserAccount' () -- Stores the data! Not the database record ID!
42	, sheetCreationTime :: UTCTime	73	, sheetCreationTime :: UTCTime
43	}	74	}
44	type CreateSheet = Sheet' ()	75	type CreateSheet = Sheet' ()
@@ -46,3 +77,24 @@ type Sheet = Sheet' SheetID
46	type SheetID = UUID	77	type SheetID = UUID
47	createSheet :: CreateSheet -> m Sheet	78	createSheet :: CreateSheet -> m Sheet
48		79
		80
		81
		82
		83
		84
		85
		86
		87
		88
		89
		90
		91
		92
		93
		94
		95
		96
		97	-- The browser is expected to generate a secure password that will be
		98	-- stored within the browser. Do not re-use passwords! Password re-use
		99	-- causes a compromise at one site of password-collection to yield
		100	-- information compromising password-protected barriers at other sites.