graphql_devise 0.11.1 → 0.12.1

data/lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb

@@ -6,8 +6,8 @@ module GraphqlDevise
           @name = name
         end
 
-        def call(operation)
-          operation.instance_variable_set(:@resource_name, @name.to_sym)
+        def call(operation, **)
+          operation.instance_variable_set(:@resource_name, @name)
 
           operation
         end

data/lib/graphql_devise/mutations/resend_confirmation.rb

@@ -22,10 +22,7 @@ module GraphqlDevise
             template_path: ['graphql_devise/mailer']
           )
 
-          {
-            authenticatable: resource,
-            message:       I18n.t('graphql_devise.confirmations.send_instructions', email: email)
-          }
+          { message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }
         else
           raise_user_error(I18n.t('graphql_devise.confirmations.user_not_found', email: email))
         end

data/lib/graphql_devise/mutations/send_password_reset.rb

@@ -4,6 +4,8 @@ module GraphqlDevise
       argument :email,        String, required: true
       argument :redirect_url, String, required: true
 
+      field :message, String, null: false
+
       def resolve(email:, redirect_url:)
         resource = find_resource(:email, get_case_insensitive_field(:email, email))
 
@@ -18,7 +20,7 @@ module GraphqlDevise
           )
 
           if resource.errors.empty?
-            { authenticatable: resource }
+            { message: I18n.t('graphql_devise.passwords.send_instructions') }
           else
             raise_user_error_list(I18n.t('graphql_devise.invalid_resource'), errors: resource.errors.full_messages)
           end

data/lib/graphql_devise/mutations/sign_up.rb

@@ -35,7 +35,7 @@ module GraphqlDevise
 
           { authenticatable: resource }
         else
-          clean_up_passwords(resource)
+          resource.try(:clean_up_passwords)
           raise_user_error_list(
             I18n.t('graphql_devise.registration_failed'),
             errors: resource.errors.full_messages
@@ -48,10 +48,6 @@ module GraphqlDevise
       def build_resource(attrs)
         resource_class.new(attrs)
       end
-
-      def clean_up_passwords(resource)
-        controller.send(:clean_up_passwords, resource)
-      end
     end
   end
 end

data/lib/graphql_devise/rails/routes.rb

@@ -1,75 +1,13 @@
 module ActionDispatch::Routing
   class Mapper
-    DEVISE_OPERATIONS = [
-      :sessions,
-      :registrations,
-      :passwords,
-      :confirmations,
-      :omniauth_callbacks,
-      :unlocks,
-      :invitations
-    ].freeze
-
     def mount_graphql_devise_for(resource, options = {})
-      default_operations = GraphqlDevise::DefaultOperations::MUTATIONS.merge(GraphqlDevise::DefaultOperations::QUERIES)
-
-      # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
-      clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(options).call!
-
-      GraphqlDevise::MountMethod::OptionsValidator.new(
-        [
-          GraphqlDevise::MountMethod::OptionValidators::SkipOnlyValidator.new(options: clean_options),
-          GraphqlDevise::MountMethod::OptionValidators::ProvidedOperationsValidator.new(
-            options: clean_options, supported_operations: default_operations
-          )
-        ]
-      ).validate!
-
-      authenticatable_type = clean_options.authenticatable_type.presence ||
-                             "Types::#{resource}Type".safe_constantize ||
-                             GraphqlDevise::Types::AuthenticatableType
-
-      devise_for(
-        resource.pluralize.underscore.tr('/', '_').to_sym,
-        module:     :devise,
-        class_name: resource,
-        skip:       DEVISE_OPERATIONS
+      clean_options = GraphqlDevise::ResourceLoader.new(resource, options, true).call(
+        GraphqlDevise::Types::QueryType,
+        GraphqlDevise::Types::MutationType
       )
 
-      prepared_mutations = GraphqlDevise::MountMethod::OperationPreparer.new(
-        resource:              resource,
-        custom:                clean_options.operations,
-        additional_operations: clean_options.additional_mutations,
-        preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),
-        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
-          default: GraphqlDevise::DefaultOperations::MUTATIONS, only: clean_options.only, skipped: clean_options.skip
-        )
-      ).call
-
-      prepared_mutations.each do |action, mutation|
-        GraphqlDevise::Types::MutationType.field(action, mutation: mutation)
-      end
-
-      prepared_queries = GraphqlDevise::MountMethod::OperationPreparer.new(
-        resource:              resource,
-        custom:                clean_options.operations,
-        additional_operations: clean_options.additional_queries,
-        preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
-        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
-          default: GraphqlDevise::DefaultOperations::QUERIES, only: clean_options.only, skipped: clean_options.skip
-        )
-      ).call
-
-      prepared_queries.each do |action, resolver|
-        GraphqlDevise::Types::QueryType.field(action, resolver: resolver)
-      end
-
-      Devise.mailer.helper(GraphqlDevise::MailerHelper)
-
-      devise_scope resource.underscore.tr('/', '_').to_sym do
-        post clean_options.at, to: 'graphql_devise/graphql#auth'
-        get  clean_options.at, to: 'graphql_devise/graphql#auth'
-      end
+      post clean_options.at, to: 'graphql_devise/graphql#auth'
+      get  clean_options.at, to: 'graphql_devise/graphql#auth'
     end
   end
 end

data/lib/graphql_devise/resource_loader.rb

@@ -0,0 +1,87 @@
+module GraphqlDevise
+  class ResourceLoader
+    def initialize(resource, options = {}, routing = false)
+      @resource           = resource
+      @options            = options
+      @routing            = routing
+      @default_operations = GraphqlDevise::DefaultOperations::MUTATIONS.merge(GraphqlDevise::DefaultOperations::QUERIES)
+    end
+
+    def call(query, mutation)
+      mapping_name = @resource.to_s.underscore.tr('/', '_').to_sym
+
+      # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
+      clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!
+
+      return clean_options if GraphqlDevise.resource_mounted?(mapping_name) && @routing
+
+      validate_options!(clean_options)
+
+      authenticatable_type = clean_options.authenticatable_type.presence ||
+                             "Types::#{@resource}Type".safe_constantize ||
+                             GraphqlDevise::Types::AuthenticatableType
+
+      prepared_mutations = prepare_mutations(mapping_name, clean_options, authenticatable_type)
+
+      if prepared_mutations.any? && mutation.blank?
+        raise GraphqlDevise::Error, 'You need to provide a mutation type unless all mutations are skipped'
+      end
+
+      prepared_mutations.each do |action, prepared_mutation|
+        mutation.field(action, mutation: prepared_mutation, authenticate: false)
+      end
+
+      prepared_resolvers = prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+
+      if prepared_resolvers.any? && query.blank?
+        raise GraphqlDevise::Error, 'You need to provide a query type unless all queries are skipped'
+      end
+
+      prepared_resolvers.each do |action, resolver|
+        query.field(action, resolver: resolver, authenticate: false)
+      end
+
+      GraphqlDevise.add_mapping(mapping_name, @resource)
+      GraphqlDevise.mount_resource(mapping_name) if @routing
+
+      clean_options
+    end
+
+    private
+
+    def prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+      GraphqlDevise::MountMethod::OperationPreparer.new(
+        mapping_name:          mapping_name,
+        custom:                clean_options.operations,
+        additional_operations: clean_options.additional_queries,
+        preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
+        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
+          default: GraphqlDevise::DefaultOperations::QUERIES, only: clean_options.only, skipped: clean_options.skip
+        )
+      ).call
+    end
+
+    def prepare_mutations(mapping_name, clean_options, authenticatable_type)
+      GraphqlDevise::MountMethod::OperationPreparer.new(
+        mapping_name:          mapping_name,
+        custom:                clean_options.operations,
+        additional_operations: clean_options.additional_mutations,
+        preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),
+        selected_operations:   GraphqlDevise::MountMethod::OperationSanitizer.call(
+          default: GraphqlDevise::DefaultOperations::MUTATIONS, only: clean_options.only, skipped: clean_options.skip
+        )
+      ).call
+    end
+
+    def validate_options!(clean_options)
+      GraphqlDevise::MountMethod::OptionsValidator.new(
+        [
+          GraphqlDevise::MountMethod::OptionValidators::SkipOnlyValidator.new(options: clean_options),
+          GraphqlDevise::MountMethod::OptionValidators::ProvidedOperationsValidator.new(
+            options: clean_options, supported_operations: @default_operations
+          )
+        ]
+      ).validate!
+    end
+  end
+end

data/lib/graphql_devise/schema_plugin.rb

@@ -0,0 +1,87 @@
+module GraphqlDevise
+  class SchemaPlugin
+    DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::AuthenticationError, "#{field} field requires authentication" }
+
+    def initialize(query: nil, mutation: nil, authenticate_default: true, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
+      @query                = query
+      @mutation             = mutation
+      @resource_loaders     = resource_loaders
+      @authenticate_default = authenticate_default
+      @unauthenticated_proc = unauthenticated_proc
+
+      # Must happen on initialize so operations are loaded before the types are added to the schema on GQL < 1.10
+      load_fields
+    end
+
+    def use(schema_definition)
+      schema_definition.tracer(self)
+    end
+
+    def trace(event, trace_data)
+      # Authenticate only root level queries
+      return yield unless event == 'execute_field' && path(trace_data).count == 1
+
+      field = traced_field(trace_data)
+      provided_value = authenticate_option(field, trace_data)
+
+      if !provided_value.nil?
+        raise_on_missing_resource(context(trace_data), field) if provided_value
+      elsif @authenticate_default
+        raise_on_missing_resource(context(trace_data), field)
+      end
+
+      yield
+    end
+
+    private
+
+    def raise_on_missing_resource(context, field)
+      @unauthenticated_proc.call(field.name) if context[:current_resource].blank?
+    end
+
+    def context(trace_data)
+      query = if trace_data[:context]
+        trace_data[:context].query
+      else
+        trace_data[:query]
+      end
+
+      query.context
+    end
+
+    def path(trace_data)
+      if trace_data[:context]
+        trace_data[:context].path
+      else
+        trace_data[:path]
+      end
+    end
+
+    def traced_field(trace_data)
+      if trace_data[:context]
+        trace_data[:context].field
+      else
+        trace_data[:field]
+      end
+    end
+
+    def authenticate_option(field, trace_data)
+      if trace_data[:context]
+        field.metadata[:authenticate]
+      else
+        field.graphql_definition.metadata[:authenticate]
+      end
+    end
+
+    def load_fields
+      @resource_loaders.each do |resource_loader|
+        raise Error, 'Invalid resource loader instance' unless resource_loader.instance_of?(GraphqlDevise::ResourceLoader)
+
+        resource_loader.call(@query, @mutation)
+      end
+    end
+  end
+end
+
+GraphQL::Field.accepts_definitions(authenticate: GraphQL::Define.assign_metadata_key(:authenticate))
+GraphQL::Schema::Field.accepts_definition(:authenticate)

data/lib/graphql_devise/version.rb

@@ -1,3 +1,3 @@
 module GraphqlDevise
-  VERSION = '0.11.1'.freeze
+  VERSION = '0.12.1'.freeze
 end

data/spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -3,10 +3,19 @@ module Api
     class GraphqlController < ApplicationController
       include GraphqlDevise::Concerns::SetUserByToken
 
-      before_action :authenticate_user!
+      before_action -> { set_resource_by_token(:user) }
 
       def graphql
-        render json: DummySchema.execute(params[:query])
+        render json: DummySchema.execute(params[:query], context: graphql_context)
+      end
+
+      def interpreter
+        render json: InterpreterSchema.execute(params[:query], context: graphql_context)
+      end
+
+      private
+
+      def verify_authenticity_token
       end
     end
   end

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,2 +1,3 @@
 class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
 end

data/spec/dummy/app/graphql/dummy_schema.rb

@@ -1,4 +1,13 @@
 class DummySchema < GraphQL::Schema
+  use GraphqlDevise::SchemaPlugin.new(
+    query:            Types::QueryType,
+    mutation:         Types::MutationType,
+    resource_loaders: [
+      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account]),
+      GraphqlDevise::ResourceLoader.new('Guest', only: [:logout])
+    ]
+  )
+
   mutation(Types::MutationType)
   query(Types::QueryType)
 end

data/spec/dummy/app/graphql/interpreter_schema.rb

@@ -0,0 +1,9 @@
+class InterpreterSchema < GraphQL::Schema
+  use GraphQL::Execution::Interpreter if Gem::Version.new(GraphQL::VERSION) >= Gem::Version.new('1.9.0')
+  use GraphQL::Analysis::AST          if Gem::Version.new(GraphQL::VERSION) >= Gem::Version.new('1.10.0')
+
+  use GraphqlDevise::SchemaPlugin.new(query: Types::QueryType, authenticate_default: false)
+
+  mutation(Types::MutationType)
+  query(Types::QueryType)
+end

data/spec/dummy/app/graphql/types/mutation_type.rb

@@ -1,6 +1,6 @@
 module Types
   class MutationType < Types::BaseObject
-    field :dummy_mutation, String, null: false
+    field :dummy_mutation, String, null: false, authenticate: true
 
     def dummy_mutation
       'Necessary so GraphQL gem does not complain about empty mutation type'

data/spec/dummy/app/graphql/types/query_type.rb

@@ -1,5 +1,15 @@
 module Types
   class QueryType < Types::BaseObject
     field :user, resolver: Resolvers::UserShow
+    field :public_field, String, null: false, authenticate: false
+    field :private_field, String, null: false, authenticate: true
+
+    def public_field
+      'Field does not require authentication'
+    end
+
+    def private_field
+      'Field will always require authentication'
+    end
   end
 end

data/spec/dummy/config/environments/test.rb

@@ -10,7 +10,7 @@ Rails.application.configure do
   # Do not eager load code on boot. This avoids loading your whole application
   # just for the purpose of running a single test. If you are using a tool that
   # preloads Rails for running tests, you may have to set it to true.
-  config.eager_load = false
+  config.eager_load = ENV['EAGER_LOAD'].present?
 
   # Configure public file server for tests with Cache-Control for performance.
   if Rails::VERSION::MAJOR >= 5

data/spec/dummy/config/routes.rb

@@ -28,4 +28,5 @@ Rails.application.routes.draw do
   )
 
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
+  post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
 end

data/spec/generators/graphql_devise/install_generator_spec.rb

@@ -3,50 +3,82 @@ require 'rails_helper'
 require 'generators/graphql_devise/install_generator'
 
 RSpec.describe GraphqlDevise::InstallGenerator, type: :generator do
-  destination File.expand_path('../../../tmp', __FILE__)
+  destination File.expand_path('../../../../gqld_dummy', __dir__)
+
+  let(:routes_path)    { "#{destination_root}/config/routes.rb" }
+  let(:routes_content) { File.read(routes_path) }
+  let(:dta_route)      { 'mount_devise_token_auth_for' }
+
+  after(:all) { FileUtils.rm_rf(destination_root) }
 
   before do
     prepare_destination
+    create_rails_project
+    run_generator(args)
   end
 
-  let(:routes_path)    { "#{destination_root}/config/routes.rb" }
-  let(:routes_content) { File.read(routes_path) }
-  let(:dta_route)      { "mount_devise_token_auth_for 'User', at: 'auth'" }
-
-  xcontext 'when the file exists' do
-    before do
-      create_file_with_content(
-        routes_path,
-        "Rails.application.routes.draw do\n#{dta_route}\nend"
-      )
-    end
+  context 'when mount option is schema' do
+    let(:args) { ['Admin', '--mount', 'GqldDummySchema'] }
+
+    it 'mounts the SchemaPlugin' do
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_admins.rb'
 
-    context 'when passing no params to the generator' do
-      before { run_generator }
+      assert_file 'app/models/admin.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
 
-      it 'replaces dta route using the default values for class and path' do
-        generator_added_route = /  mount_graphql_devise_for 'User', at: 'auth'/
-        expect(routes_content).to match(generator_added_route)
-        expect(routes_content).not_to match(dta_route)
-      end
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
+
+      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new('Admin')")}/
     end
+  end
+
+  context 'when passing no params to the generator' do
+    let(:args) { [] }
 
-    context 'when passing custom params to the generator' do
-      before { run_generator %w[Admin api] }
+    it 'creates and updated required files' do
+      assert_file 'config/routes.rb', /^\s{2}mount_graphql_devise_for 'User', at: 'auth'/
+      expect(routes_content).not_to match(dta_route)
 
-      it 'add the routes using the provided values for class and path and keeps dta route' do
-        generator_added_route = /  mount_graphql_devise_for 'Admin', at: 'api'/
-        expect(routes_content).to match(generator_added_route)
-        expect(routes_content).to match(dta_route)
-      end
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+
+      assert_file 'app/models/user.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
+
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
     end
   end
 
-  xcontext 'when file does *NOT* exist' do
-    before { run_generator }
+  context 'when passing custom params to the generator' do
+    let(:args) { %w[Admin api] }
+
+    it 'creates and updated required files' do
+      assert_file 'config/routes.rb', /^\s{2}mount_graphql_devise_for 'Admin', at: 'api'/
+      expect(routes_content).not_to match(dta_route)
+
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_admins.rb'
 
-    it 'does *NOT* create the file and throw no exception' do
-      expect(File.exist?(routes_path)).to be_falsey
+      assert_file 'app/models/admin.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
+
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
+    end
+  end
+
+  def create_rails_project
+    FileUtils.cd(File.join(destination_root, '..')) do
+      `rails new gqld_dummy -S -C --skip-action-mailbox --skip-action-text -T --skip-spring --skip-bundle --skip-keeps -G --skip-active-storage -J --skip-listen --skip-bootsnap`
+    end
+    FileUtils.cd(File.join(destination_root, '../gqld_dummy')) do
+      `rails generate graphql:install`
     end
   end
 end