graphql_devise 0.11.4 → 0.13.0

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 begin
   require 'bundler/setup'
 rescue LoadError

data/app/controllers/graphql_devise/application_controller.rb

@@ -1,8 +1,9 @@
-module GraphqlDevise
-  class ApplicationController < DeviseTokenAuth::ApplicationController
-    private
+# frozen_string_literal: true
 
-    def verify_authenticity_token
-    end
+module GraphqlDevise
+  ApplicationController = if Rails::VERSION::MAJOR >= 5
+    Class.new(ActionController::API)
+  else
+    Class.new(ActionController::Base)
   end
 end

data/app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -1,5 +1,36 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
   module Concerns
     SetUserByToken = DeviseTokenAuth::Concerns::SetUserByToken
+
+    SetUserByToken.module_eval do
+      attr_accessor :client_id, :token, :resource
+
+      def full_url_without_params
+        request.base_url + request.path
+      end
+
+      def set_resource_by_token(resource)
+        set_user_by_token(resource)
+      end
+
+      def graphql_context(resource_name)
+        {
+          resource_name: resource_name,
+          controller:    self
+        }
+      end
+
+      def build_redirect_headers(access_token, client, redirect_header_options = {})
+        {
+          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
+          DeviseTokenAuth.headers_names[:client] => client,
+          :config => params[:config],
+          :client_id => client,
+          :token => access_token
+        }.merge(redirect_header_options)
+      end
+    end
   end
 end

data/app/controllers/graphql_devise/graphql_controller.rb

@@ -1,7 +1,11 @@
+# frozen_string_literal: true
+
 require_dependency 'graphql_devise/application_controller'
 
 module GraphqlDevise
   class GraphqlController < ApplicationController
+    include GraphqlDevise::Concerns::SetUserByToken
+
     def auth
       result = if params[:_json]
         GraphqlDevise::Schema.multiplex(

data/app/helpers/graphql_devise/application_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
   module ApplicationHelper
   end

data/app/helpers/graphql_devise/mailer_helper.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
   module MailerHelper
     def confirmation_query(resource_name:, token:, redirect_url:)
-      name = "#{resource_name.camelize(:lower)}ConfirmAccount"
+      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
@@ -17,7 +19,7 @@ module GraphqlDevise
     end
 
     def password_reset_query(token:, redirect_url:, resource_name:)
-      name = "#{resource_name.camelize(:lower)}CheckPasswordToken"
+      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}CheckPasswordToken"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){

data/app/models/graphql_devise/concerns/model.rb

@@ -1,5 +1,15 @@
+# frozen_string_literal: true
+
+require 'graphql_devise/model/with_email_updater'
+
 module GraphqlDevise
   module Concerns
     Model = DeviseTokenAuth::Concerns::User
+
+    Model.module_eval do
+      def update_with_email(attributes = {})
+        GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+      end
+    end
   end
 end

data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p><%= t('.confirm_link_msg') %></p>
 
-<p><%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %></p>
+<p><%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %></p>

data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p><%= t('.request_reset_link_msg') %></p>
 
-<p><%= link_to t('.password_change_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s)) %></p>
+<p><%= link_to t('.password_change_link'), "#{message['schema_url']}?#{password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s).to_query}" %></p>
 
 <p><%= t('.ignore_mail_msg') %></p>
 <p><%= t('.no_changes_msg') %></p>

data/config/locales/en.yml

@@ -14,6 +14,7 @@ en:
       password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
       reset_token_not_found: "No user found for the specified reset token."
       reset_token_expired: "Reset password token is no longer valid."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
     sessions:
       bad_credentials: "Invalid login credentials. Please try again."
       not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"

data/config/routes.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 GraphqlDevise::Engine.routes.draw do
   # Required as Devise forces routes to reload on eager_load
   unless GraphqlDevise.schema_loaded?
@@ -12,5 +14,7 @@ GraphqlDevise::Engine.routes.draw do
     GraphqlDevise::Schema.query(GraphqlDevise::Types::QueryType)
 
     GraphqlDevise.load_schema
+
+    Devise.mailer.helper(GraphqlDevise::MailerHelper)
   end
 end

data/graphql_devise.gemspec

@@ -21,13 +21,15 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.test_files    = Dir['spec/**/*']
+  spec.test_files    = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").select { |f| f.match(%r{^spec/}) }
+  end
 
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_dependency 'devise_token_auth', '>= 0.1.43'
-  spec.add_dependency 'graphql', '>= 1.8'
-  spec.add_dependency 'rails', '>= 4.2'
+  spec.add_dependency 'devise_token_auth', '>= 0.1.43', '< 2.0'
+  spec.add_dependency 'graphql', '>= 1.8', '< 1.12.0'
+  spec.add_dependency 'rails', '>= 4.2', '< 6.2'
 
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'coveralls'

data/lib/generators/graphql_devise/install_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
   class InstallGenerator < ::Rails::Generators::Base
     source_root File.expand_path('templates', __dir__)
@@ -5,6 +7,8 @@ module GraphqlDevise
     argument :user_class, type: :string, default: 'User'
     argument :mount_path, type: :string, default: 'auth'
 
+    class_option :mount, type: :string, default: 'separate_route'
+
     def execute_devise_installer
       generate 'devise:install'
     end
@@ -29,15 +33,20 @@ module GraphqlDevise
 
     def mount_resource_route
       routes_file = 'config/routes.rb'
-      gem_route   = "mount_graphql_devise_for '#{user_class}', at: '#{mount_path}'"
       dta_route   = "mount_devise_token_auth_for '#{user_class}', at: '#{mount_path}'"
 
-      if file_contains_str?(routes_file, gem_route)
+      if options['mount'] != 'separate_route'
         gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')
-
-        say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
       else
-        gsub_file(routes_file, /#{Regexp.escape(dta_route)}/i, gem_route)
+        gem_route = "mount_graphql_devise_for '#{user_class}', at: '#{mount_path}'"
+
+        if file_contains_str?(routes_file, gem_route)
+          gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')
+
+          say_status('skipped', "Routes already exist for #{user_class} at #{mount_path}")
+        else
+          gsub_file(routes_file, /#{Regexp.escape(dta_route)}/i, gem_route)
+        end
       end
     end
 
@@ -65,6 +74,22 @@ module GraphqlDevise
       )
     end
 
+    def mount_in_schema
+      return if options['mount'] == 'separate_route'
+
+      inject_into_file "app/graphql/#{options['mount'].underscore}.rb", after: "< GraphQL::Schema\n" do
+<<-RUBY
+  use GraphqlDevise::SchemaPlugin.new(
+    query:            Types::QueryType,
+    mutation:         Types::MutationType,
+    resource_loaders: [
+      GraphqlDevise::ResourceLoader.new('#{user_class}'),
+    ]
+  )
+RUBY
+      end
+    end
+
     private
 
     def file_contains_str?(filename, regex_str)

data/lib/graphql_devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rails'
 require 'graphql'
 require 'devise_token_auth'
@@ -18,15 +20,32 @@ module GraphqlDevise
     @schema_loaded = true
   end
 
-  def self.mount_resource(resource)
-    @mounted_resources << resource
+  def self.resource_mounted?(mapping_name)
+    @mounted_resources.include?(mapping_name)
+  end
+
+  def self.mount_resource(mapping_name)
+    @mounted_resources << mapping_name
   end
 
-  def self.resource_mounted?(resource)
-    @mounted_resources.include?(resource)
+  def self.add_mapping(mapping_name, resource)
+    return if Devise.mappings.key?(mapping_name)
+
+    Devise.add_mapping(
+      mapping_name.to_s.pluralize.to_sym,
+      module: :devise, class_name: resource
+    )
   end
 end
 
+require 'graphql_devise/engine'
+require 'graphql_devise/version'
+require 'graphql_devise/errors/error_codes'
+require 'graphql_devise/errors/execution_error'
+require 'graphql_devise/errors/user_error'
+require 'graphql_devise/errors/authentication_error'
+require 'graphql_devise/errors/detailed_user_error'
+
 require 'graphql_devise/concerns/controller_methods'
 require 'graphql_devise/schema'
 require 'graphql_devise/types/authenticatable_type'
@@ -37,13 +56,10 @@ require 'graphql_devise/default_operations/mutations'
 require 'graphql_devise/default_operations/resolvers'
 require 'graphql_devise/resolvers/dummy'
 
-require 'graphql_devise/engine'
-require 'graphql_devise/version'
-require 'graphql_devise/error_codes'
-require 'graphql_devise/user_error'
-require 'graphql_devise/detailed_user_error'
-
 require 'graphql_devise/mount_method/option_sanitizer'
 require 'graphql_devise/mount_method/options_validator'
 require 'graphql_devise/mount_method/operation_preparer'
 require 'graphql_devise/mount_method/operation_sanitizer'
+
+require 'graphql_devise/resource_loader'
+require 'graphql_devise/schema_plugin'

data/lib/graphql_devise/concerns/controller_methods.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
   module Concerns
     module ControllerMethods

data/lib/graphql_devise/default_operations/mutations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'graphql_devise/mutations/base'
 require 'graphql_devise/mutations/login'
 require 'graphql_devise/mutations/logout'
@@ -9,12 +11,12 @@ require 'graphql_devise/mutations/update_password'
 module GraphqlDevise
   module DefaultOperations
     MUTATIONS = {
-      login:               GraphqlDevise::Mutations::Login,
-      logout:              GraphqlDevise::Mutations::Logout,
-      sign_up:             GraphqlDevise::Mutations::SignUp,
-      update_password:     GraphqlDevise::Mutations::UpdatePassword,
-      send_password_reset: GraphqlDevise::Mutations::SendPasswordReset,
-      resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
+      login:               { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
+      logout:              { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
+      sign_up:             { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
+      update_password:     { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
+      send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
+      resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
     }.freeze
   end
 end

data/lib/graphql_devise/default_operations/resolvers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'graphql_devise/resolvers/base'
 require 'graphql_devise/resolvers/check_password_token'
 require 'graphql_devise/resolvers/confirm_account'
@@ -5,8 +7,8 @@ require 'graphql_devise/resolvers/confirm_account'
 module GraphqlDevise
   module DefaultOperations
     QUERIES = {
-      confirm_account:      GraphqlDevise::Resolvers::ConfirmAccount,
-      check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
+      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount },
+      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
     }.freeze
   end
 end

data/lib/graphql_devise/engine.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'graphql_devise/rails/routes'
 
 module GraphqlDevise

data/lib/graphql_devise/errors/authentication_error.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  class AuthenticationError < ExecutionError
+    def to_h
+      super.merge(extensions: { code: ERROR_CODES.fetch(:authentication_error) })
+    end
+  end
+end

data/lib/graphql_devise/{detailed_user_error.rb → errors/detailed_user_error.rb}

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
-  class DetailedUserError < GraphQL::ExecutionError
+  class DetailedUserError < ExecutionError
     def initialize(message, errors:)
       @message = message
       @errors  = errors

data/lib/graphql_devise/errors/error_codes.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  ERROR_CODES = {
+    user_error:           'USER_ERROR',
+    authentication_error: 'AUTHENTICATION_ERROR'
+  }.freeze
+end

data/lib/graphql_devise/errors/execution_error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  class ExecutionError < GraphQL::ExecutionError
+  end
+end

data/lib/graphql_devise/{user_error.rb → errors/user_error.rb}

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module GraphqlDevise
-  class UserError < GraphQL::ExecutionError
+  class UserError < ExecutionError
     def to_h
       super.merge(extensions: { code: ERROR_CODES.fetch(:user_error) })
     end

data/lib/graphql_devise/model/with_email_updater.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Model
+    class WithEmailUpdater
+      def initialize(resource, attributes)
+        @attributes = attributes
+        @resource   = resource
+      end
+
+      def call
+        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url)
+        return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
+
+        @resource.assign_attributes(resource_attributes)
+
+        if @resource.email == email_in_database
+          return @resource.save
+        elsif required_reconfirm_attributes?
+          return false unless @resource.valid?
+
+          store_unconfirmed_email
+          saved = @resource.save
+          send_confirmation_instructions(saved)
+
+          saved
+        else
+          raise(
+            GraphqlDevise::Error,
+            'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
+          )
+        end
+      end
+
+      private
+
+      def required_reconfirm_attributes?
+        @attributes[:schema_url].present? &&
+          (@attributes[:confirmation_success_url].present? || DeviseTokenAuth.default_confirm_success_url.present?)
+      end
+
+      def requires_reconfirmation?(resource_attributes)
+        resource_attributes.key?(:email) &&
+          @resource.devise_modules.include?(:confirmable) &&
+          @resource.respond_to?(:unconfirmed_email=)
+      end
+
+      def store_unconfirmed_email
+        @resource.unconfirmed_email  = @resource.email
+        @resource.confirmation_token = nil
+        @resource.email              = email_in_database
+        @resource.send(:generate_confirmation_token)
+      end
+
+      def email_in_database
+        if Devise.activerecord51?
+          @resource.email_in_database
+        else
+          @resource.email_was
+        end
+      end
+
+      def send_confirmation_instructions(saved)
+        return unless saved
+
+        @resource.send_confirmation_instructions(
+          redirect_url:  @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
+          template_path: ['graphql_devise/mailer'],
+          schema_url:    @attributes[:schema_url]
+        )
+      end
+    end
+  end
+end