Expose pure uncached validation function #126
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is useful when we want to do validation without requiring IO
It was only used for not evaluating later errors if there's already an error and `checkExhaustive` is `False`. We can easily just use `m ~ Identity`, but at that point we might as well inline it, which this commit does.
infinisil
force-pushed
the
pure-validation
branch
from
cf94e07 to
6651148
Compare
|
Warning: The most recent force push fixes a problem that prevented certificates from being checked. A test case should be added to ensure this can't happen. |
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Dec 15, 2021
This commit changes the getPayload function to be jwtToJson instead, and making that function be pure by allowing the date of verification to be passed in manually. However, this date needs to be used by not only the JWT library, but also by the x509-validation library. Unfortunately the current version of x509-validation on hackage always gets the current time from IO. So instead we're using a fork of x509-validation which has support for doing this purely, the PR for the change is haskell-tls/hs-certificate#126. Notably this pure function is also needed to have a pure version of attestation verification, which is going to be done in the future.
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Dec 17, 2021
This commit changes the getPayload function to be jwtToJson instead, and making that function be pure by allowing the date of verification to be passed in manually. However, this date needs to be used by not only the JWT library, but also by the x509-validation library. Unfortunately the current version of x509-validation on hackage always gets the current time from IO. So instead we're using a fork of x509-validation which has support for doing this purely, the PR for the change is haskell-tls/hs-certificate#126. Notably this pure function is also needed to have a pure version of attestation verification, which is going to be done in the future.
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Dec 17, 2021
This commit changes the getPayload function to be jwtToJson instead, and making that function be pure by allowing the date of verification to be passed in manually. However, this date needs to be used by not only the JWT library, but also by the x509-validation library. Unfortunately the current version of x509-validation on hackage always gets the current time from IO. So instead we're using a fork of x509-validation which has support for doing this purely, the PR for the change is haskell-tls/hs-certificate#126. Notably this pure function is also needed to have a pure version of attestation verification, which is going to be done in the future.
|
Thanks, not sure the removal of the |
|
Thanks a lot! Could you also create a new Hackage release from master? |
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Jan 12, 2022
The 'validatePure' function is part of upstream x509-certificate in master after <haskell-tls/hs-certificate#126>, but no new version has yet been released [on hackage](https://hackage.haskell.org/package/x509-validation). In order to be able to release this webauthn library onto hackage we're temporarily inlining its implementation here.
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Jan 13, 2022
The 'validatePure' function is part of upstream x509-certificate in master after <haskell-tls/hs-certificate#126>, but no new version has yet been released [on hackage](https://hackage.haskell.org/package/x509-validation). In order to be able to release this webauthn library onto hackage we're temporarily inlining its implementation here.
infinisil
added a commit
to tweag/webauthn
that referenced
this pull request
Jan 13, 2022
The 'validatePure' function is part of upstream x509-certificate in master after <haskell-tls/hs-certificate#126>, but no new version has yet been released [on hackage](https://hackage.haskell.org/package/x509-validation). In order to be able to release this webauthn library onto hackage we're temporarily inlining its implementation here.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is useful when we want to do validation without requiring
IO