graphql_authentication 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '0559b2a44d5f3558a14ce497658ccbd7e216435600f215515190017a4e427af0'
+  data.tar.gz: c94bf77fea7d83a7f177f9f0fb4f92ec69b273a5d532ddee6c38eb528f8d9d33
+SHA512:
+  metadata.gz: 4c22d1ab29125f19c74f3b332088ea80de3db8e03922ed7fa6734ebdecf2327ef46edb81dd45f780761c9f47da47ff4c8b78c3803336be1f3cee42363fee43c9
+  data.tar.gz: ec09ed14e65891f6302efda0aefdd7bd9db1d112cca605f94a5d6da69e8febff828da3ec4691f27948a353c589a952e57067125a96faf376b76cc748c68c9500

data/CHANGELOG.md

@@ -0,0 +1,58 @@
+# Changelog
+
+## 1.0.0
+
+### News
+
+- This gem was forked
+- Supports Rails 7.x
+
+## 0.6.1
+
+Multiple fixes to allow usage of the gem without the lockable Devise
+feature
+
+## 0.6.0
+
+### Important
+
+Upgrade to 0.6.1 if you plan on using this gem without Devise's lockable
+feature
+
+### New features
+
+Added to possibility to use your own sign_up and update_account mutations
+to allow custom fields for your user accounts
+
+### Breaking changes
+
+Configuration file was changed and some config names now have a different
+use.
+
+Please make sure to update your config file with the current version.
+
+**Those settings were renamed for more clarity**
+* sign_up_mutation => allow_sign_up
+* lock_account_mutation => allow_lock_account
+* unlock_account_mutation => allow_unlock_account
+
+The updated config file should look like this:
+```
+GraphQL::Authentication.configure do |config|
+  # config.token_lifespan = 4.hours
+  # config.jwt_secret_key = ENV['JWT_SECRET_KEY']
+  # config.app_url = ENV['APP_URL']
+
+  # config.user_type = '::Types::Authentication::User'
+
+  # Devise allowed actions
+  # Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
+  # config.allow_sign_up = true
+  # config.allow_lock_account = false
+  # config.allow_unlock_account = false
+
+  # Allow custom mutations for signup and update account
+  # config.sign_up_mutation = '::Mutations::Authentication::SignUp'
+  # config.update_account_mutation = '::Mutations::Authentication::UpdateAccount'
+end
+```

data/README.md

@@ -0,0 +1,132 @@
+# GraphQL Authentication
+
+[![Build Status](https://travis-ci.org/wbotelhos/graphql_authentication.svg?branch=master)](https://travis-ci.org/wbotelhos/graphql_authentication) [![Maintainability](https://api.codeclimate.com/v1/badges/7e2515bb59f0b205a603/maintainability)](https://codeclimate.com/github/wbotelhos/graphql_authentication/maintainability)
+[![Downloads](https://img.shields.io/gem/dt/graphql_authentication.svg)](https://rubygems.org/gems/graphql_authentication)
+[![Latest Version](https://img.shields.io/gem/v/graphql_authentication.svg)](https://rubygems.org/gems/graphql_authentication)
+
+This gem provides an authenticationentication mechanism on a GraphQL API. It use JSON Web Token (JWT) and Devise logic.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'graphql_authentication'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install graphql_authentication
+
+Then run the installer to create `graphql_authentication.rb` file in your initializers folder.
+
+```
+rails g graphql_authentication:install
+```
+
+Make sure to read all configurations present inside the file and fill them with your own configs.
+
+## Devise gem
+
+ Use Devise with a User model and skip all route
+
+ ```ruby
+Rails.application.routes.draw do
+  devise_for :users, skip: :all
+end
+```
+
+## Usage
+
+Make 'JWT_SECRET_KEY' and 'APP_URL' available to ENV
+
+```
+JWT_SECRET_KEY=
+APP_URL=
+```
+
+Make sure the `Authorization` header is allowed in your api
+
+```ruby
+Rails.application.config.middleware.insert_before 0, Rack::Cors do
+  allow do
+    origins '*'
+    resource '*',
+             headers: %w(Authorization Expires RefreshToken),
+             methods: :any,
+             expose: %w(Authorization Expires RefreshToken),
+             max_age: 600
+  end
+end
+```
+
+Make sure to include `Graphql::AuthenticationHelper` in your `GraphqlController`. A context method returning the current_user will be available
+
+```ruby
+class GraphqlController < ActionController::API
+
+  include Graphql::AuthenticationHelper
+
+  def execute
+    variables = ensure_hash(params[:variables])
+    query = params[:query]
+    operation_name = params[:operationName]
+    result = ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
+    render json: result
+
+    ...
+```
+
+Make sure to implement `GraphqlAuthentication` in your `MutationType` to make authentication mutations available
+
+```ruby
+class Types::MutationType < Types::BaseObject
+  implements ::Types::GraphqlAuthentication
+end
+```
+
+## Customization
+
+If you can to customize any mutation, make sure to update the configurations
+
+```ruby
+GraphQL::Authentication.configure do |config|
+  # config.token_lifespan = 4.hours
+  # config.jwt_secret_key = ENV['JWT_SECRET_KEY']
+  # config.app_url = ENV['APP_URL']
+
+  # config.user_type = '::Types::Authentication::User'
+
+  # Devise allowed actions
+  # Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
+  # config.allow_sign_up = true
+  # config.allow_lock_account = false
+  # config.allow_unlock_account = false
+
+  # Allow custom mutations for signup and update account
+  # config.sign_up_mutation = '::Mutations::Authentication::SignUp'
+  # config.update_account_mutation = '::Mutations::Authentication::UpdateAccount'
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `graphql_authentication.gemspec`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/wbotelhos/graphql_authentication. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the GraphQL Authentication project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/wbotelhos/graphql_authentication/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,18 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+require 'rake'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.pattern = Dir.glob('spec/**/*_spec.rb')
+  t.rspec_opts = '--format documentation'
+end
+
+task default: :spec

data/app/graphql/mutations/authentication/forgot_password.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::ForgotPassword < GraphQL::Schema::Mutation
+  include ::Graphql::AccountLockHelper
+
+  argument :email, String, required: true do
+    description 'The email with forgotten password'
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :valid, Boolean, null: false
+
+  def resolve(email:)
+    if lockable?
+      user = User.where(locked_at: nil).find_by email: email
+    else
+      user = User.find_by email: email
+    end
+
+    user.send_reset_password_instructions if user.present?
+
+    {
+      errors: [],
+      success: true,
+      valid: true
+    }
+  end
+end

data/app/graphql/mutations/authentication/lock_account.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::LockAccount < GraphQL::Schema::Mutation
+  argument :id, ID, required: true do
+    description 'User id'
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+
+  def resolve(id:)
+    user = User.where(locked_at: nil).find_by id: id
+
+    if context[:current_user] && user.present? && user.lock_access!
+      {
+        errors: [],
+        success: true,
+        user: user
+      }
+    else
+      {
+        errors: [
+          { field: :_error, message: I18n.t('devise.locks.cannot_lock') }
+        ],
+        success: false,
+        user: user
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/reset_password.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::ResetPassword < GraphQL::Schema::Mutation
+  include ::Graphql::AccountLockHelper
+
+  argument :reset_password_token, String, required: true do
+    description "Reset password token"
+  end
+
+  argument :password, String, required: true do
+    description "New user's new password"
+  end
+
+  argument :password_confirmation, String, required: true do
+    description "New user's new password confirmation"
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+
+  def resolve(args)
+    if lockable?
+      user = User.where(locked_at: nil).reset_password_by_token args
+    else
+      user = User.reset_password_by_token args
+    end
+
+    if user.errors.any?
+      {
+        success: false,
+        errors: user.errors.messages.map { |field, messages|
+          error_field = field == :reset_password_token ? :_error : field.to_s.camelize(:lower)
+
+          {
+            field: error_field,
+            message: messages.first.capitalize,
+            details: user.errors.details.dig(field)
+          }
+        }
+      }
+    else
+      {
+        errors: [],
+        success: true
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/sign_in.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::SignIn < GraphQL::Schema::Mutation
+  include ::Graphql::AccountLockHelper
+  include ::Graphql::TokenHelper
+
+  argument :email, String, required: true do
+    description "The user's email"
+  end
+
+  argument :password, String, required: true do
+    description "The user's password"
+  end
+
+  argument :remember_me, Boolean, required: false do
+    description "User's checkbox to be remembered after connection timeout"
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+
+  def resolve(email:, password:, remember_me:)
+    response = context[:response]
+
+    if lockable?
+      user = User.where(locked_at: nil).find_by email: email
+    else
+      user = User.find_by email: email
+    end
+
+    valid_sign_in = user.present? && user.valid_password?(password)
+
+    if valid_sign_in
+      generate_access_token(user, response)
+      set_current_user(user)
+      remember_me ? set_refresh_token(user, response) : delete_refresh_token(user)
+
+      {
+        errors: [],
+        success: true,
+        user: user
+      }
+    else
+      {
+        errors: [
+          {
+            field: :_error,
+            message: I18n.t('devise.failure.invalid',
+                            authenticationentication_keys: I18n.t('activerecord.attributes.user.email'))
+          }
+        ],
+        success: false,
+        user: nil
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/sign_up.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::SignUp < GraphQL::Schema::Mutation
+  include ::Graphql::TokenHelper
+
+  argument :email, String, required: true do
+    description "New user's email"
+  end
+
+  argument :password, String, required: true do
+    description "New user's password"
+  end
+
+  argument :password_confirmation, String, required: true do
+    description "New user's password confirmation"
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+
+  def resolve(args)
+    response = context[:response]
+    user = User.new args
+
+    if user.save
+      generate_access_token(user, response)
+
+      {
+        errors: [],
+        success: true,
+        user: user
+      }
+    else
+      {
+        errors: user.errors.messages.map do |field, messages|
+          { field: field.to_s.camelize(:lower), message: messages.first.capitalize }
+        end,
+        success: false,
+        user: nil
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/unlock_account.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::UnlockAccount < GraphQL::Schema::Mutation
+  argument :id, ID, required: true do
+    description 'User id'
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+
+  def resolve(id:)
+    user = User.where.not(locked_at: nil).find_by id: id
+
+    if context[:current_user] && user.present? && user.unlock_access!
+      {
+        errors: [],
+        success: true,
+        user: user
+      }
+    else
+      {
+        errors: [
+          { field: :_error, message: I18n.t('devise.unlocks.cannot_unlock') }
+        ],
+        success: false,
+        user: user
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/update_account.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::UpdateAccount < GraphQL::Schema::Mutation
+  argument :current_password, String, required: true do
+    description "User's current password"
+  end
+
+  argument :password, String, required: true do
+    description "User's new password"
+  end
+
+  argument :password_confirmation, String, required: true do
+    description "User's new password confirmation"
+  end
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+
+  def resolve(args)
+    user = context[:current_user]
+
+    if user.blank?
+      return {
+        errors: [
+          { field: :_error, message: I18n.t('devise.failure.unauthenticationenticated') }
+        ],
+        success: false,
+        user: nil
+      }
+    end
+
+    user.update_with_password args
+
+    if user.errors.any?
+      {
+        errors: user.errors.messages.map do |field, messages|
+          { field: field.to_s.camelize(:lower), message: messages.first.capitalize }
+        end,
+        success: false,
+        user: nil
+      }
+    else
+      {
+        errors: [],
+        success: true,
+        user: user
+      }
+    end
+  end
+end

data/app/graphql/mutations/authentication/validate_token.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Mutations::Authentication::ValidateToken < GraphQL::Schema::Mutation
+  include ::Graphql::AccountLockHelper
+
+  field :errors, [::Types::Authentication::Error], null: false
+  field :success, Boolean, null: false
+  field :user, GraphQL::Authentication.configuration.user_type.constantize, null: true
+  field :valid, Boolean, null: false
+
+  def resolve
+    user = context[:current_user]
+
+    if user.present? && !account_locked?(user)
+      {
+        errors: [],
+        success: true,
+        user: user,
+        valid: true
+      }
+    else
+      {
+        errors: [],
+        success: false,
+        user: nil,
+        valid: false
+      }
+    end
+  end
+end

data/app/graphql/types/authentication/error.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Types::Authentication::Error < GraphQL::Schema::Object
+  description 'Form error'
+
+  field :field, String, null: false do
+    description 'Field of the error'
+  end
+
+  field :message, String, null: false do
+    description 'Error message'
+  end
+
+  field :details, GraphQL::Types::JSON, null: true do
+    description 'Error details'
+  end
+end

data/app/graphql/types/authentication/user.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class Types::Authentication::User < GraphQL::Schema::Object
+  description 'Data of a user'
+
+  field :id, ID, null: false do
+    description 'ID of the user'
+  end
+
+  field :email, String, null: false do
+    description 'Email address of the user'
+  end
+end

data/app/graphql/types/graphql_authentication.rb

@@ -0,0 +1,26 @@
+# implements GraphQLAuthentication in in Types::MutationType to access authentication mutations
+
+module Types::GraphqlAuthentication
+  include GraphQL::Schema::Interface
+
+  field :sign_in, mutation: ::Mutations::Authentication::SignIn
+
+  if GraphQL::Authentication.configuration.allow_sign_up
+    field :sign_up, mutation: GraphQL::Authentication.configuration.sign_up_mutation.constantize
+  end
+
+  field :forgot_password, mutation: ::Mutations::Authentication::ForgotPassword
+  field :reset_password, mutation: ::Mutations::Authentication::ResetPassword
+
+  field :update_account, mutation: GraphQL::Authentication.configuration.update_account_mutation.constantize
+
+  field :validate_token, mutation: ::Mutations::Authentication::ValidateToken
+
+  if GraphQL::Authentication.configuration.allow_lock_account
+    field :lock_account, mutation: Mutations::Authentication::LockAccount
+  end
+
+  if GraphQL::Authentication.configuration.allow_unlock_account
+    field :unlock_account, mutation: Mutations::Authentication::UnlockAccount
+  end
+end

data/app/helpers/graphql/account_lock_helper.rb

@@ -0,0 +1,14 @@
+module Graphql
+  module AccountLockHelper
+
+    def account_locked?(user)
+      return false unless lockable?
+      user.access_locked?
+    end
+
+    def lockable?
+      GraphQL::Authentication.configuration.allow_lock_account
+    end
+
+  end
+end

data/app/helpers/graphql/authentication_helper.rb

@@ -0,0 +1,45 @@
+# include this helper in GraphqlController to use context method so that current_user will be available
+#
+# ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
+
+module Graphql
+  module AuthenticationHelper
+    include ::Graphql::AccountLockHelper
+    include ::Graphql::TokenHelper
+
+    def context
+      {
+        current_user: current_user,
+        response: response
+      }
+    end
+
+    # set current user from Authorization header
+    def current_user
+      authorization_token = request.headers['Authorization']
+      return nil if authorization_token.nil?
+
+      decrypted_token = GraphQL::Authentication::JwtManager.decode(authorization_token)
+      user = User.find_by id: decrypted_token['user']
+      return nil if user.blank? || account_locked?(user)
+
+      # update token if user is found with token
+      generate_access_token(user, response)
+
+      user
+
+    # rescue expired Authorization header with RefreshToken header
+    rescue JWT::ExpiredSignature
+      refresh_token = request.headers['RefreshToken']
+      return nil if refresh_token.nil?
+
+      user = User.find_by refresh_token: refresh_token
+      return nil if user.blank? || account_locked?(user)
+
+      generate_access_token(user, response)
+      set_refresh_token(user, response)
+
+      user
+    end
+  end
+end

data/app/helpers/graphql/token_helper.rb

@@ -0,0 +1,27 @@
+# include this helper in GraphqlController to use context method so that current_user will be available
+#
+# ::GraphqlSchema.execute(query, variables: variables, context: context, operation_name: operation_name)
+
+module Graphql
+  module TokenHelper
+    def generate_access_token(user, response)
+      token = GraphQL::Authentication::JwtManager.issue_with_expiration({ user: user.id }) # TODO use uuid
+      response.set_header 'Authorization', token
+      response.set_header 'Expires', GraphQL::Authentication::JwtManager.token_expiration(token)
+    end
+
+    def set_refresh_token(user, response)
+      refresh_token = user.refresh_token.presence || GraphQL::Authentication::JwtManager.issue_without_expiration({ user: user.id })
+      user.update_column :refresh_token, refresh_token
+      response.set_header 'RefreshToken', refresh_token
+    end
+
+    def set_current_user(user)
+      context[:current_user] = user
+    end
+
+    def delete_refresh_token(user)
+      user.update_column :refresh_token, nil if user.refresh_token.present?
+    end
+  end
+end

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password. You can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', GraphQL::Authentication::ResetPassword.url(@token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>

data/db/migrate/20190108151146_add_refresh_token_to_user.rb

@@ -0,0 +1,5 @@
+class AddRefreshTokenToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :refresh_token, :string, default: nil
+  end
+end

data/db/migrate/20190226175233_add_lockable_to_devise.rb

@@ -0,0 +1,5 @@
+class AddLockableToDevise < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :locked_at, :datetime
+  end
+end

data/lib/generators/graphql_authentication/install_generator.rb

@@ -0,0 +1,15 @@
+module GraphqlAuthentication
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def copy_configuration
+        template 'graphql_authentication.rb.erb', 'config/initializers/graphql_authentication.rb'
+      end
+
+      def rake_db
+        rake("railties:install:migrations")
+      end
+    end
+  end
+end

data/lib/generators/graphql_authentication/templates/graphql_authentication.rb.erb

@@ -0,0 +1,17 @@
+GraphQL::Authentication.configure do |config|
+  # config.token_lifespan = 4.hours
+  # config.jwt_secret_key = ENV['JWT_SECRET_KEY']
+  # config.app_url = ENV['APP_URL']
+
+  # config.user_type = '::Types::Authentication::User'
+
+  # Devise allowed actions
+  # Don't forget to enable the lockable setting in your Devise user model if you plan on using the lock_account feature
+  # config.allow_sign_up = true
+  # config.allow_lock_account = false
+  # config.allow_unlock_account = false
+
+  # Allow custom mutations for signup and update account
+  # config.sign_up_mutation = '::Mutations::Authentication::SignUp'
+  # config.update_account_mutation = '::Mutations::Authentication::UpdateAccount'
+end

data/lib/graphql_authentication/configuration.rb

@@ -0,0 +1,32 @@
+module GraphQL
+  module Authentication
+    class Configuration
+      attr_accessor :token_lifespan,
+                    :jwt_secret_key,
+                    :app_url,
+                    :user_type,
+                    :allow_sign_up,
+                    :allow_lock_account,
+                    :allow_unlock_account,
+                    :sign_up_mutation,
+                    :update_account_mutation
+
+      def initialize
+        @token_lifespan = 4.hours
+        @jwt_secret_key = ENV['JWT_SECRET_KEY']
+        @app_url = ENV['APP_URL']
+
+        @user_type = '::Types::Authentication::User'
+
+        # Devise allowed actions
+        @allow_sign_up = true
+        @allow_lock_account = false
+        @allow_unlock_account = false
+
+        # Allow custom mutations for signup and update account
+        @sign_up_mutation = '::Mutations::Authentication::SignUp'
+        @update_account_mutation = '::Mutations::Authentication::UpdateAccount'
+      end
+    end
+  end
+end

data/lib/graphql_authentication/engine.rb

@@ -0,0 +1,9 @@
+module GraphQL
+  module Authentication
+    class Engine < ::Rails::Engine
+      isolate_namespace GraphQL::Authentication
+
+      config.autoload_paths += Dir["#{config.root}/app/**/*.rb"]
+    end
+  end
+end

data/lib/graphql_authentication/jwt_manager.rb

@@ -0,0 +1,65 @@
+require 'jwt'
+require 'graphql_authentication'
+
+module GraphQL
+  module Authentication
+    class JwtManager
+      ALGORITHM = 'HS256'
+      TYPE = 'Bearer'
+
+      class << self
+        def issue_with_expiration(payload, custom_expiration = nil)
+          if custom_expiration.present? && custom_expiration.is_a?(ActiveSupport::Duration)
+            payload[:exp] = custom_expiration
+          else
+            payload.merge!(expiration)
+          end
+
+          issue payload
+        end
+
+        def issue(payload)
+          token = JWT.encode payload,
+                             authentication_secret,
+                             ALGORITHM
+          set_type token
+        end
+
+        def token_expiration(token)
+          decrypted_token = decode(token)
+          decrypted_token.try(:[], 'exp')
+        end
+
+        def decode(token)
+          token = extract_token token
+          decrypted_token = JWT.decode token,
+                                       authentication_secret,
+                                       true,
+                                       { algorithm: ALGORITHM }
+          decrypted_token.first
+        end
+
+        private
+
+        def authentication_secret
+          GraphQL::Authentication.configuration.jwt_secret_key
+        end
+
+        def set_type(token)
+          "#{TYPE} #{token}"
+        end
+
+        def extract_token(token)
+          token.gsub "#{TYPE} ", ''
+        end
+
+        def expiration
+          exp = Time.now.to_i + GraphQL::Authentication.configuration.token_lifespan
+          { exp: exp }
+        end
+
+        alias_method :issue_without_expiration, :issue
+      end
+    end
+  end
+end

data/lib/graphql_authentication/reset_password.rb

@@ -0,0 +1,12 @@
+module GraphQL
+  module Authentication
+    class ResetPassword
+      class << self
+        def url(token)
+          url = I18n.locale === :fr ? 'nouveau-mot-de-passe' : 'new-password'
+          "#{GraphQL::Authentication.configuration.app_url}/#{I18n.locale}/#{url}/#{token}"
+        end
+      end
+    end
+  end
+end

data/lib/graphql_authentication/version.rb

@@ -0,0 +1,5 @@
+module GraphQL
+  module Authentication
+    VERSION = '1.0.0'
+  end
+end

data/lib/graphql_authentication.rb

@@ -0,0 +1,19 @@
+require 'devise'
+require 'graphql'
+require 'graphql_authentication/configuration'
+require 'graphql_authentication/engine'
+require 'graphql_authentication/reset_password'
+require 'graphql_authentication/jwt_manager'
+
+module GraphQL
+  module Authentication
+    class << self
+      attr_accessor :configuration
+    end
+
+    def self.configure
+      @configuration ||= Configuration.new
+      yield(configuration)
+    end
+  end
+end

metadata

@@ -0,0 +1,199 @@
+--- !ruby/object:Gem::Specification
+name: graphql_authentication
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Guillaume Ferland
+- Brice Sanchez
+- Guillaume Loubier
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-07-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: graphql
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: GraphQL + JWT + Devise
+email:
+- ferland182@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- Rakefile
+- app/graphql/mutations/authentication/forgot_password.rb
+- app/graphql/mutations/authentication/lock_account.rb
+- app/graphql/mutations/authentication/reset_password.rb
+- app/graphql/mutations/authentication/sign_in.rb
+- app/graphql/mutations/authentication/sign_up.rb
+- app/graphql/mutations/authentication/unlock_account.rb
+- app/graphql/mutations/authentication/update_account.rb
+- app/graphql/mutations/authentication/validate_token.rb
+- app/graphql/types/authentication/error.rb
+- app/graphql/types/authentication/user.rb
+- app/graphql/types/graphql_authentication.rb
+- app/helpers/graphql/account_lock_helper.rb
+- app/helpers/graphql/authentication_helper.rb
+- app/helpers/graphql/token_helper.rb
+- app/views/devise/mailer/reset_password_instructions.html.erb
+- db/migrate/20190108151146_add_refresh_token_to_user.rb
+- db/migrate/20190226175233_add_lockable_to_devise.rb
+- lib/generators/graphql_authentication/install_generator.rb
+- lib/generators/graphql_authentication/templates/graphql_authentication.rb.erb
+- lib/graphql_authentication.rb
+- lib/graphql_authentication/configuration.rb
+- lib/graphql_authentication/engine.rb
+- lib/graphql_authentication/jwt_manager.rb
+- lib/graphql_authentication/reset_password.rb
+- lib/graphql_authentication/version.rb
+homepage: https://github.com/wbotelhos/graphql_authentication
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.5
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.15
+signing_key:
+specification_version: 4
+summary: GraphQL + JWT + Devise
+test_files: []