graphql_devise 0.11.0 → 0.12.0

data/app/controllers/graphql_devise/application_controller.rb

@@ -1,4 +1,7 @@
 module GraphqlDevise
-  class ApplicationController < DeviseTokenAuth::ApplicationController
+  ApplicationController = if Rails::VERSION::MAJOR >= 5
+    Class.new(ActionController::API)
+  else
+    Class.new(ActionController::Base)
   end
 end

data/app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -1,5 +1,28 @@
 module GraphqlDevise
   module Concerns
     SetUserByToken = DeviseTokenAuth::Concerns::SetUserByToken
+
+    SetUserByToken.module_eval do
+      attr_accessor :client_id, :token, :resource
+
+      alias_method :set_resource_by_token, :set_user_by_token
+
+      def graphql_context
+        {
+          current_resource: @resource,
+          controller:       self
+        }
+      end
+
+      def build_redirect_headers(access_token, client, redirect_header_options = {})
+        {
+          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
+          DeviseTokenAuth.headers_names[:client] => client,
+          :config => params[:config],
+          :client_id => client,
+          :token => access_token
+        }.merge(redirect_header_options)
+      end
+    end
   end
 end

data/app/controllers/graphql_devise/graphql_controller.rb

@@ -2,6 +2,8 @@ require_dependency 'graphql_devise/application_controller'
 
 module GraphqlDevise
   class GraphqlController < ApplicationController
+    include GraphqlDevise::Concerns::SetUserByToken
+
     def auth
       result = if params[:_json]
         GraphqlDevise::Schema.multiplex(

data/app/helpers/graphql_devise/mailer_helper.rb

@@ -1,7 +1,7 @@
 module GraphqlDevise
   module MailerHelper
     def confirmation_query(resource_name:, token:, redirect_url:)
-      name = "#{resource_name.camelize(:lower)}ConfirmAccount"
+      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
@@ -17,7 +17,7 @@ module GraphqlDevise
     end
 
     def password_reset_query(token:, redirect_url:, resource_name:)
-      name = "#{resource_name.camelize(:lower)}CheckPasswordToken"
+      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}CheckPasswordToken"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){

data/config/routes.rb

@@ -0,0 +1,18 @@
+GraphqlDevise::Engine.routes.draw do
+  # Required as Devise forces routes to reload on eager_load
+  unless GraphqlDevise.schema_loaded?
+    if GraphqlDevise::Types::QueryType.fields.blank?
+      GraphqlDevise::Types::QueryType.field(:dummy, resolver: GraphqlDevise::Resolvers::Dummy)
+    end
+
+    if GraphqlDevise::Types::MutationType.fields.present?
+      GraphqlDevise::Schema.mutation(GraphqlDevise::Types::MutationType)
+    end
+
+    GraphqlDevise::Schema.query(GraphqlDevise::Types::QueryType)
+
+    GraphqlDevise.load_schema
+
+    Devise.mailer.helper(GraphqlDevise::MailerHelper)
+  end
+end

data/graphql_devise.gemspec

@@ -25,9 +25,9 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_dependency 'devise_token_auth', '>= 0.1.43'
-  spec.add_dependency 'graphql', '>= 1.8'
-  spec.add_dependency 'rails', '>= 4.2'
+  spec.add_dependency 'devise_token_auth', '>= 0.1.43', '< 2.0'
+  spec.add_dependency 'graphql', '>= 1.8', '< 1.11.0'
+  spec.add_dependency 'rails', '>= 4.2', '< 6.2'
 
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'coveralls'

data/lib/generators/graphql_devise/install_generator.rb

@@ -5,62 +5,95 @@ module GraphqlDevise
     argument :user_class, type: :string, default: 'User'
     argument :mount_path, type: :string, default: 'auth'
 
+    class_option :mount, type: :string, default: 'separate_route'
+
     def execute_devise_installer
       generate 'devise:install'
     end
 
     def execute_dta_installer
+      # Necessary in case of a re-run of the generator, for DTA to detect concerns already included
+      if File.exist?(File.expand_path("app/models/#{user_class.underscore}.rb", destination_root))
+        gsub_file(
+          "app/models/#{user_class.underscore}.rb",
+          'GraphqlDevise::Concerns::Model',
+          'DeviseTokenAuth::Concerns::User'
+        )
+      end
+      gsub_file(
+        'app/controllers/application_controller.rb',
+        'GraphqlDevise::Concerns::SetUserByToken',
+        'DeviseTokenAuth::Concerns::SetUserByToken'
+      )
+
       generate 'devise_token_auth:install', "#{user_class} #{mount_path}"
     end
 
     def mount_resource_route
       routes_file = 'config/routes.rb'
-      routes_path = File.join(destination_root, routes_file)
-      gem_helper  = 'mount_graphql_devise_for'
-      gem_route   = "#{gem_helper} '#{user_class}', at: '#{mount_path}'"
       dta_route   = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
-      file_start  = 'Rails.application.routes.draw do'
 
-      if File.exist?(routes_path)
-        current_route = parse_file_for_line(routes_path, gem_route)
+      if options['mount'] != 'separate_route'
+        gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')
+      else
+        gem_route = "mount_graphql_devise_for '#{user_class}', at: '#{mount_path}'"
+
+        if file_contains_str?(routes_file, gem_route)
+          gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')
 
-        if current_route.present?
           say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
         else
-          current_dta_route = parse_file_for_line(routes_path, dta_route)
-
-          if current_dta_route.present?
-            replace_line(routes_path, dta_route, gem_route)
-          else
-            insert_text_after_line(routes_path, file_start, gem_route)
-          end
+          gsub_file(routes_file, /#{Regexp.escape(dta_route)}/i, gem_route)
         end
-      else
-        say_status('skipped', "#{routes_file} not found. Add \"#{gem_route}\" to your routes file.")
       end
     end
 
-    private
+    def replace_model_concern
+      gsub_file(
+        "app/models/#{user_class.underscore}.rb",
+        /^\s+include DeviseTokenAuth::Concerns::User/,
+        '  include GraphqlDevise::Concerns::Model'
+      )
+    end
 
-    def insert_text_after_line(filename, line, str)
-      gsub_file(filename, /(#{Regexp.escape(line)})/mi) do |match|
-        "#{match}\n  #{str}"
-      end
+    def replace_controller_concern
+      gsub_file(
+        'app/controllers/application_controller.rb',
+        /^\s+include DeviseTokenAuth::Concerns::SetUserByToken/,
+        '  include GraphqlDevise::Concerns::SetUserByToken'
+      )
     end
 
-    def replace_line(filename, old_line, new_line)
-      gsub_file(filename, /(#{Regexp.escape(old_line)})/mi, "  #{new_line}")
+    def set_change_headers_on_each_request_false
+      gsub_file(
+        'config/initializers/devise_token_auth.rb',
+        '# config.change_headers_on_each_request = true',
+        'config.change_headers_on_each_request = false'
+      )
     end
 
-    def parse_file_for_line(filename, str)
-      match = false
+    def mount_in_schema
+      return if options['mount'] == 'separate_route'
 
-      File.open(filename) do |f|
-        f.each_line do |line|
-          match = line if line =~ /(#{Regexp.escape(str)})/mi
-        end
+      inject_into_file "app/graphql/#{options['mount'].underscore}.rb", after: "< GraphQL::Schema\n" do
+<<-RUBY
+  use GraphqlDevise::SchemaPlugin.new(
+    query:            Types::QueryType,
+    mutation:         Types::MutationType,
+    resource_loaders: [
+      GraphqlDevise::ResourceLoader.new('#{user_class}'),
+    ]
+  )
+RUBY
       end
-      match
+    end
+
+    private
+
+    def file_contains_str?(filename, regex_str)
+      path = File.join(destination_root, filename)
+
+      File.read(path) =~ /(#{Regexp.escape(regex_str)})/i
     end
   end
 end

data/lib/graphql_devise.rb

@@ -6,9 +6,38 @@ module GraphqlDevise
   class Error < StandardError; end
 
   class InvalidMountOptionsError < GraphqlDevise::Error; end
+
+  @schema_loaded     = false
+  @mounted_resources = []
+
+  def self.schema_loaded?
+    @schema_loaded
+  end
+
+  def self.load_schema
+    @schema_loaded = true
+  end
+
+  def self.resource_mounted?(mapping_name)
+    @mounted_resources.include?(mapping_name)
+  end
+
+  def self.mount_resource(mapping_name)
+    @mounted_resources << mapping_name
+  end
+
+  def self.add_mapping(mapping_name, resource)
+    return if Devise.mappings.key?(mapping_name)
+
+    Devise.add_mapping(
+      mapping_name.to_s.pluralize.to_sym,
+      module: :devise, class_name: resource
+    )
+  end
 end
 
 require 'graphql_devise/concerns/controller_methods'
+require 'graphql_devise/schema'
 require 'graphql_devise/types/authenticatable_type'
 require 'graphql_devise/types/credential_type'
 require 'graphql_devise/types/mutation_type'
@@ -27,3 +56,6 @@ require 'graphql_devise/mount_method/option_sanitizer'
 require 'graphql_devise/mount_method/options_validator'
 require 'graphql_devise/mount_method/operation_preparer'
 require 'graphql_devise/mount_method/operation_sanitizer'
+
+require 'graphql_devise/resource_loader'
+require 'graphql_devise/schema_plugin'

data/lib/graphql_devise/concerns/controller_methods.rb

@@ -86,6 +86,29 @@ module GraphqlDevise
           redirect_header_options
         )
       end
+
+      def find_resource(field, value)
+        if resource_class.try(:connection_config).try(:[], :adapter).try(:include?, 'mysql')
+          # fix for mysql default case insensitivity
+          resource_class.where("BINARY #{field} = ? AND provider= ?", value, provider).first
+        elsif Gem::Version.new(DeviseTokenAuth::VERSION) < Gem::Version.new('1.1.0')
+          resource_class.find_by(field => value, :provider => provider)
+        else
+          resource_class.dta_find_by(field => value, :provider => provider)
+        end
+      end
+
+      def get_case_insensitive_field(field, value)
+        if resource_class.case_insensitive_keys.include?(field)
+          value.downcase
+        else
+          value
+        end
+      end
+
+      def provider
+        :email
+      end
     end
   end
 end

data/lib/graphql_devise/mount_method/operation_preparer.rb

@@ -8,10 +8,10 @@ require_relative 'operation_preparers/custom_operation_preparer'
 module GraphqlDevise
   module MountMethod
     class OperationPreparer
-      def initialize(resource:, selected_operations:, preparer:, custom:, additional_operations:)
+      def initialize(mapping_name:, selected_operations:, preparer:, custom:, additional_operations:)
         @selected_operations   = selected_operations
         @preparer              = preparer
-        @mapping_name          = resource.underscore.tr('/', '_')
+        @mapping_name          = mapping_name
         @custom                = custom
         @additional_operations = additional_operations
       end

data/lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb

@@ -7,7 +7,7 @@ module GraphqlDevise
         end
 
         def call(operation)
-          operation.instance_variable_set(:@resource_name, @name.to_sym)
+          operation.instance_variable_set(:@resource_name, @name)
 
           operation
         end

data/lib/graphql_devise/mutations/login.rb

@@ -7,7 +7,10 @@ module GraphqlDevise
       field :credentials, GraphqlDevise::Types::CredentialType, null: false
 
       def resolve(email:, password:)
-        resource = resource_class.find_by(email: email)
+        resource = find_resource(
+          :email,
+          get_case_insensitive_field(:email, email)
+        )
 
         if resource && active_for_authentication?(resource)
           if invalid_for_authentication?(resource, password)

data/lib/graphql_devise/mutations/resend_confirmation.rb

@@ -7,7 +7,10 @@ module GraphqlDevise
       field :message, String, null: false
 
       def resolve(email:, redirect_url:)
-        resource = controller.find_resource(:uid, email)
+        resource = find_resource(
+          :email,
+          get_case_insensitive_field(:email, email)
+        )
 
         if resource
           yield resource if block_given?

data/lib/graphql_devise/mutations/send_password_reset.rb

@@ -1,14 +1,15 @@
 module GraphqlDevise
   module Mutations
     class SendPasswordReset < Base
-      argument :email,        String, required: true, prepare: ->(email, _) { email.downcase }
+      argument :email,        String, required: true
       argument :redirect_url, String, required: true
 
       def resolve(email:, redirect_url:)
-        resource = controller.find_resource(:uid, email)
+        resource = find_resource(:email, get_case_insensitive_field(:email, email))
 
         if resource
           yield resource if block_given?
+
           resource.send_reset_password_instructions(
             email:         email,
             provider:      'email',

data/lib/graphql_devise/mutations/sign_up.rb

@@ -35,7 +35,7 @@ module GraphqlDevise
 
           { authenticatable: resource }
         else
-          clean_up_passwords(resource)
+          resource.try(:clean_up_passwords)
           raise_user_error_list(
             I18n.t('graphql_devise.registration_failed'),
             errors: resource.errors.full_messages
@@ -48,14 +48,6 @@ module GraphqlDevise
       def build_resource(attrs)
         resource_class.new(attrs)
       end
-
-      def provider
-        :email
-      end
-
-      def clean_up_passwords(resource)
-        controller.send(:clean_up_passwords, resource)
-      end
     end
   end
 end

data/lib/graphql_devise/rails/routes.rb

@@ -1,84 +1,13 @@
 module ActionDispatch::Routing
   class Mapper
-    DEVISE_OPERATIONS = [
-      :sessions,
-      :registrations,
-      :passwords,
-      :confirmations,
-      :omniauth_callbacks,
-      :unlocks,
-      :invitations
-    ].freeze
-
     def mount_graphql_devise_for(resource, options = {})
-      default_operations = GraphqlDevise::DefaultOperations::MUTATIONS.merge(GraphqlDevise::DefaultOperations::QUERIES)
-
-      # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
-      clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(options).call!
-
-      GraphqlDevise::MountMethod::OptionsValidator.new(
-        [
-          GraphqlDevise::MountMethod::OptionValidators::SkipOnlyValidator.new(options: clean_options),
-          GraphqlDevise::MountMethod::OptionValidators::ProvidedOperationsValidator.new(
-            options: clean_options, supported_operations: default_operations
-          )
-        ]
-      ).validate!
-
-      authenticatable_type = clean_options.authenticatable_type.presence ||
-                             "Types::#{resource}Type".safe_constantize ||
-                             GraphqlDevise::Types::AuthenticatableType
-
-      devise_for(
-        resource.pluralize.underscore.tr('/', '_').to_sym,
-        module:     :devise,
-        class_name: resource,
-        skip:       DEVISE_OPERATIONS
+      clean_options = GraphqlDevise::ResourceLoader.new(resource, options, true).call(
+        GraphqlDevise::Types::QueryType,
+        GraphqlDevise::Types::MutationType
       )
 
-      prepared_mutations = GraphqlDevise::MountMethod::OperationPreparer.new(
-        resource:              resource,
-        custom:                clean_options.operations,
-        additional_operations: clean_options.additional_mutations,
-        preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),
-        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
-          default: GraphqlDevise::DefaultOperations::MUTATIONS, only: clean_options.only, skipped: clean_options.skip
-        )
-      ).call
-
-      prepared_mutations.each do |action, mutation|
-        GraphqlDevise::Types::MutationType.field(action, mutation: mutation)
-      end
-
-      if prepared_mutations.present? &&
-         (Gem::Version.new(GraphQL::VERSION) < Gem::Version.new('1.10.0') || GraphqlDevise::Schema.mutation.nil?)
-        GraphqlDevise::Schema.mutation(GraphqlDevise::Types::MutationType)
-      end
-
-      prepared_queries = GraphqlDevise::MountMethod::OperationPreparer.new(
-        resource:              resource,
-        custom:                clean_options.operations,
-        additional_operations: clean_options.additional_queries,
-        preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
-        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
-          default: GraphqlDevise::DefaultOperations::QUERIES, only: clean_options.only, skipped: clean_options.skip
-        )
-      ).call
-
-      prepared_queries.each do |action, resolver|
-        GraphqlDevise::Types::QueryType.field(action, resolver: resolver)
-      end
-
-      if prepared_queries.blank? && GraphqlDevise::Types::QueryType.fields.blank?
-        GraphqlDevise::Types::QueryType.field(:dummy, resolver: GraphqlDevise::Resolvers::Dummy)
-      end
-
-      Devise.mailer.helper(GraphqlDevise::MailerHelper)
-
-      devise_scope resource.underscore.tr('/', '_').to_sym do
-        post clean_options.at, to: 'graphql_devise/graphql#auth'
-        get  clean_options.at, to: 'graphql_devise/graphql#auth'
-      end
+      post clean_options.at, to: 'graphql_devise/graphql#auth'
+      get  clean_options.at, to: 'graphql_devise/graphql#auth'
     end
   end
 end