Yesod.Auth no authentication and no authorization

Question

I'am writing a web app for personal use with Yesod. I don't want authentication and no log in. What is the best way to achieve this?

• remove the Auth library from the application
• use a default hidden user that automatically logs in at startup (Auth.dummy?)
• or something else....

Answer 1

Assuming you're using a recent version of the scaffolded site, you should be able to look in src/Foundation.hs for the definition of isAuthorized. Replace the entire definition with:

isAuthorized _ _ = return Authorized

or even remove it entirely, since the above definition is the default.

That should be sufficient to allow access to all pages. Next, search your code for uses of maybeAuth* and requireAuth* functions. Make sure that pages that use maybeAuth* work as expected if they get back Nothing. Remove any uses of requireAuth* and any dependencies on its return value.

Afterwards, you can clean up unneeded code, but this is entirely optional:

• In Foundation.hs, you can:
  • remove Yesod.Auth.Dummy and Yesod.Auth.OpenId imports
  • remove the definition of muser <- maybeAuthPair from defaultLayout
  • remove login/logout/profile pages from the navbar (menuItems)
  • remove the authRoute definition in the instance Yesod App
  • remove AuthR and ProfileR from the breadcrumb
  • remove the instance YesodAuth App, the definition of isAuthenticated, and the instance YesodAuthPersist App
• In NoFoundation.hs, you can remove the Yesod.Auth import.
• In Settings.hs, remove the appAuthDummyLogin field and the reference to it in instance FromJSON AppSettings
• In config/routes.yesodroutes remove /auth and /profile routes
• Remove src/Handler/Profile.hs and the import Handler.Profile from Application.hs.
• Stamp out any remaining references to maybeAuth* functions or references to the ProfileR route.