This library basically brings together mito, mito-auth and jzon-util to avoid json encoding the password slots from has-secure-password and any other sensitive slots.
The code currently lives in GitHub
Here’s a simple example
CL-USER> (defclass user1 (mito-auth:has-secure-sensitive-password)
((name :col-type (:varchar 60)
:initarg :name
:accessor user-name)
(email :col-type (:varchar 255)
:initarg :email
:accessor user-email)
(secret :col-type (or :null :text)
:accessor secret
:sensitive t))
(:metaclass mito-auth-jzon:mito-auth-jzon-metaclass))
#<MITO-AUTH-JZON:MITO-AUTH-JZON-METACLASS COMMON-LISP-USER::USER1>
CL-USER> (make-instance 'user1 :name "robert" :email "robert@ludlum.com" :password "bourne" :secret "jason")
#<USER1 {1004743603}>
CL-USER> (inspect *)
The object is a STANDARD-OBJECT of type USER1.
0. PASSWORD-HASH: "eb9589da31ec4d09d43879ebc106d55fab3db1321e1980e3c445a6b02a2b85aa"
1. PASSWORD-SALT: #(184 252 253 13 101 200 240 24 44 116 95 210 250 251 28 24
197 80 191 137)
2. NAME: "robert"
3. EMAIL: "robert@ludlum.com"
4. SECRET: "jason"
> q
; No values
CL-USER> (com.inuoe.jzon:stringify (make-instance 'user1 :name "robert" :email "robert@ludlum.com" :password "bourne" :secret "jason"))
"{\"name\":\"robert\",\"email\":\"robert@ludlum.com\"}"As you can see, the password related fields are not encoded.
They key ideas to keep in mind is that
- We need to set the metaclass to be
mito-auth-jzon:mito-auth-jzon-metaclass - Mark any slot you don’t want to be displayed with
:sensitive t
For the usage of the authentication, please referer to the original project mito-auth.
For detailed usage of the sensitve API to avoid json encoding see jzon-util.
To use: define a class and inherit from mito-auth:has-secure-sensitive-password and apply the metaclass mito-auth-jzon:mito-auth-jzon-metaclass. See above for an example.
All the mito-auth code was graciously contributed by Eitaro Fukamachi see mito-auth.
If there are any updates to mito-auth that need to be added here, please open up an issue.