graphql_devise 0.11.2 → 0.12.2

data/spec/dummy/config/routes.rb

@@ -27,5 +27,8 @@ Rails.application.routes.draw do
     at:   '/api/v1/user_customer/graphql_auth'
   )
 
+  get '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
+  post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
+  post '/api/v1/failing', to: 'api/v1/graphql#failing_resource_name'
 end

data/spec/generators/graphql_devise/install_generator_spec.rb

@@ -3,50 +3,82 @@ require 'rails_helper'
 require 'generators/graphql_devise/install_generator'
 
 RSpec.describe GraphqlDevise::InstallGenerator, type: :generator do
-  destination File.expand_path('../../../tmp', __FILE__)
+  destination File.expand_path('../../../../gqld_dummy', __dir__)
+
+  let(:routes_path)    { "#{destination_root}/config/routes.rb" }
+  let(:routes_content) { File.read(routes_path) }
+  let(:dta_route)      { 'mount_devise_token_auth_for' }
+
+  after(:all) { FileUtils.rm_rf(destination_root) }
 
   before do
     prepare_destination
+    create_rails_project
+    run_generator(args)
   end
 
-  let(:routes_path)    { "#{destination_root}/config/routes.rb" }
-  let(:routes_content) { File.read(routes_path) }
-  let(:dta_route)      { "mount_devise_token_auth_for 'User', at: 'auth'" }
-
-  xcontext 'when the file exists' do
-    before do
-      create_file_with_content(
-        routes_path,
-        "Rails.application.routes.draw do\n#{dta_route}\nend"
-      )
-    end
+  context 'when mount option is schema' do
+    let(:args) { ['Admin', '--mount', 'GqldDummySchema'] }
+
+    it 'mounts the SchemaPlugin' do
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_admins.rb'
 
-    context 'when passing no params to the generator' do
-      before { run_generator }
+      assert_file 'app/models/admin.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
 
-      it 'replaces dta route using the default values for class and path' do
-        generator_added_route = /  mount_graphql_devise_for 'User', at: 'auth'/
-        expect(routes_content).to match(generator_added_route)
-        expect(routes_content).not_to match(dta_route)
-      end
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
+
+      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new('Admin')")}/
     end
+  end
+
+  context 'when passing no params to the generator' do
+    let(:args) { [] }
 
-    context 'when passing custom params to the generator' do
-      before { run_generator %w[Admin api] }
+    it 'creates and updated required files' do
+      assert_file 'config/routes.rb', /^\s{2}mount_graphql_devise_for 'User', at: 'auth'/
+      expect(routes_content).not_to match(dta_route)
 
-      it 'add the routes using the provided values for class and path and keeps dta route' do
-        generator_added_route = /  mount_graphql_devise_for 'Admin', at: 'api'/
-        expect(routes_content).to match(generator_added_route)
-        expect(routes_content).to match(dta_route)
-      end
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_users.rb'
+
+      assert_file 'app/models/user.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
+
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
     end
   end
 
-  xcontext 'when file does *NOT* exist' do
-    before { run_generator }
+  context 'when passing custom params to the generator' do
+    let(:args) { %w[Admin api] }
+
+    it 'creates and updated required files' do
+      assert_file 'config/routes.rb', /^\s{2}mount_graphql_devise_for 'Admin', at: 'api'/
+      expect(routes_content).not_to match(dta_route)
+
+      assert_file 'config/initializers/devise.rb'
+      assert_file 'config/initializers/devise_token_auth.rb', /^\s{2}#{Regexp.escape('config.change_headers_on_each_request = false')}/
+      assert_file 'config/locales/devise.en.yml'
+
+      assert_migration 'db/migrate/devise_token_auth_create_admins.rb'
 
-    it 'does *NOT* create the file and throw no exception' do
-      expect(File.exist?(routes_path)).to be_falsey
+      assert_file 'app/models/admin.rb', /^\s{2}devise :.+include GraphqlDevise::Concerns::Model/m
+
+      assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
+    end
+  end
+
+  def create_rails_project
+    FileUtils.cd(File.join(destination_root, '..')) do
+      `rails new gqld_dummy -S -C --skip-action-mailbox --skip-action-text -T --skip-spring --skip-bundle --skip-keeps -G --skip-active-storage -J --skip-listen --skip-bootsnap`
+    end
+    FileUtils.cd(File.join(destination_root, '../gqld_dummy')) do
+      `rails generate graphql:install`
     end
   end
 end

data/spec/rails_helper.rb

@@ -38,5 +38,8 @@ RSpec.configure do |config|
   config.include(Requests::JsonHelpers, type: :request)
   config.include(Requests::AuthHelpers, type: :request)
   config.include(ActiveSupport::Testing::TimeHelpers)
-  config.include(Generators::FileHelpers, type: :generator)
+
+  config.before(:suite) do
+    ActionController::Base.allow_forgery_protection = true
+  end
 end

data/spec/requests/graphql_controller_spec.rb

@@ -0,0 +1,80 @@
+require 'rails_helper'
+
+RSpec.describe GraphqlDevise::GraphqlController do
+  let(:password) { 'password123' }
+  let(:user)     { create(:user, :confirmed, password: password) }
+  let(:params)   { { query: query, variables: variables } }
+  let(:request_params) do
+    if Rails::VERSION::MAJOR >= 5
+      { params: params }
+    else
+      params
+    end
+  end
+
+  context 'when variables are a string' do
+    let(:variables) { "{\"email\": \"#{user.email}\"}" }
+    let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
+
+    it 'parses the string variables' do
+      post '/api/v1/graphql_auth', request_params
+
+      expect(json_response).to match(
+        data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
+      )
+    end
+
+    context 'when variables is an empty string' do
+      let(:variables) { '' }
+      let(:query)     { "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" }
+
+      it 'returns an empty hash as variables' do
+        post '/api/v1/graphql_auth', request_params
+
+        expect(json_response).to match(
+          data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
+        )
+      end
+    end
+  end
+
+  context 'when variables are not a string or hash' do
+    let(:variables) { 1 }
+    let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
+
+    it 'raises an error' do
+      expect do
+        post '/api/v1/graphql_auth', request_params
+      end.to raise_error(ArgumentError)
+    end
+  end
+
+  context 'when multiplexing queries' do
+    let(:params) do
+      {
+        _json: [
+          { query: "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" },
+          { query: "mutation { userLogin(email: \"#{user.email}\", password: \"wrong password\") { user { email name signInCount } } }" }
+        ]
+      }
+    end
+
+    it 'executes multiple queries in the same request' do
+      post '/api/v1/graphql_auth', request_params
+
+      expect(json_response).to match(
+        [
+          { data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } } },
+          {
+            data:   { userLogin: nil },
+            errors: [
+              hash_including(
+                message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' }
+              )
+            ]
+          }
+        ]
+      )
+    end
+  end
+end

data/spec/requests/mutations/resend_confirmation_spec.rb

@@ -15,39 +15,58 @@ RSpec.describe 'Resend confirmation' do
           redirectUrl:"#{redirect}"
         ) {
           message
-          authenticatable {
-            id
-            email
-          }
         }
       }
     GRAPHQL
   end
 
   context 'when params are correct' do
-    it 'sends an email to the user with confirmation url and returns a success message' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-        authenticatable: {
-          id:    id,
-          email: email
-        }
-      )
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
 
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
-      confirm_link_msg_text = email.css('p')[1].inner_html
-      confirm_account_link_text = link.inner_html
+        expect(link['href']).to include('/api/v1/graphql_auth?')
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
 
-      expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-      expect(confirm_account_link_text).to eq('Confirm my account')
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
+    end
 
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
+
+        expect(link['href']).to include("#{custom_path}?")
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
+
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
     end
 
     context 'when email address uses different casing' do
@@ -56,11 +75,7 @@ RSpec.describe 'Resend confirmation' do
       it 'honors devise configuration for case insensitive fields' do
         expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
         expect(json_response[:data][:userResendConfirmation]).to include(
-          message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-          authenticatable: {
-            id:    id,
-            email: user.email
-          }
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
         )
       end
     end

data/spec/requests/mutations/send_password_reset_spec.rb

@@ -13,26 +13,51 @@ RSpec.describe 'Send Password Reset Requests' do
           email:       "#{email}",
           redirectUrl: "#{redirect_url}"
         ) {
-          authenticatable {
-            email
-          }
+          message
         }
       }
     GRAPHQL
   end
 
   context 'when params are correct' do
-    it 'sends password reset  email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+    context 'when using the gem schema' do
+      it 'sends password reset  email' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
 
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include('/api/v1/graphql_auth?')
 
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :allow_password_change).from(false).to(true)
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
+    end
+
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends password reset  email' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
+
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include("#{custom_path}?")
+
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
     end
   end
 
@@ -41,6 +66,9 @@ RSpec.describe 'Send Password Reset Requests' do
 
     it 'honors devise configuration for case insensitive fields' do
       expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(json_response[:data][:userSendPasswordReset]).to include(
+        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+      )
     end
   end
 

data/spec/requests/queries/confirm_account_spec.rb

@@ -22,7 +22,13 @@ RSpec.describe 'Account confirmation' do
   context 'when confirmation token is correct' do
     let(:token) { user.confirmation_token }
 
-    before { user.send_confirmation_instructions(template_path: ['graphql_devise/mailer']) }
+    before do
+      user.send_confirmation_instructions(
+        template_path: ['graphql_devise/mailer'],
+        controller:    'graphql_devise/graphql',
+        action:        'auth'
+      )
+    end
 
     it 'confirms the resource and redirects to the sent url' do
       expect do

data/spec/requests/user_controller_spec.rb

@@ -1,40 +1,205 @@
 require 'rails_helper'
 
-RSpec.describe 'Integrations with the user controller' do
+RSpec.describe "Integrations with the user's controller" do
   include_context 'with graphql query request'
 
   let(:user) { create(:user, :confirmed) }
-  let(:query) do
-    <<-GRAPHQL
-      query {
-        user(
-          id: #{user.id}
-        ) {
-          id
-          email
+
+  describe 'publicField' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          publicField
+        }
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      it 'does not require authentication' do
+        expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
+      end
+    end
+
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      it 'does not require authentication' do
+        expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
+      end
+    end
+
+    context 'when using the failing route' do
+      it 'raises an invalid resource_name error' do
+        expect { post_request('/api/v1/failing') }.to raise_error(
+          GraphqlDevise::Error,
+          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer].'
+        )
+      end
+    end
+  end
+
+  describe 'privateField' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          privateField
         }
-      }
-    GRAPHQL
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        it 'allow to perform the query' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        it 'allow to perform the query' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
   end
 
-  before { post_request('/api/v1/graphql') }
+  describe 'dummyMutation' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          dummyMutation
+        }
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        it 'allow to perform the query' do
+          expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
 
-  context 'when user is authenticated' do
-    let(:headers) { user.create_new_auth_token }
+        it 'allow to perform the query' do
+          expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
+        end
+      end
 
-    it 'allow to perform the query' do
-      expect(json_response[:data][:user]).to match(
-        email: user.email,
-        id:    user.id
-      )
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
     end
   end
 
-  context 'when user is not authenticated' do
-    it 'returns a must sign in error' do
-      expect(json_response[:errors]).to contain_exactly(
-        'You need to sign in or sign up before continuing.'
-      )
+  describe 'user' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          user(
+            id: #{user.id}
+          ) {
+            id
+            email
+          }
+        }
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        it 'allow to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        it 'allow to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
+
+      context 'when user is not authenticated' do
+        # Interpreter schema fields are public unless specified otherwise (plugin setting)
+        it 'allow to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
     end
   end
 end