RubyGems - graphql_devise - Versions diffs - 0.11.4 → 0.13.0 - Mend

graphql_devise 0.11.4 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

data/spec/graphql_devise_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 RSpec.describe GraphqlDevise do
   it 'has a version number' do
     expect(GraphqlDevise::VERSION).not_to be_nil

data/spec/models/user_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe User do

data/spec/rails_helper.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 ENV['RAILS_ENV'] ||= 'test'
@@ -38,9 +40,9 @@ RSpec.configure do |config|
   config.include(Requests::JsonHelpers, type: :request)
   config.include(Requests::AuthHelpers, type: :request)
   config.include(ActiveSupport::Testing::TimeHelpers)
-  config.include(Generators::FileHelpers, type: :generator)
   config.before(:suite) do
     ActionController::Base.allow_forgery_protection = true
   end
+  config.before { ActionMailer::Base.deliveries.clear }
 end

data/spec/requests/graphql_controller_spec.rb ADDED

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+require 'rails_helper'
+RSpec.describe GraphqlDevise::GraphqlController do
+  let(:password) { 'password123' }
+  let(:user)     { create(:user, :confirmed, password: password) }
+  let(:params)   { { query: query, variables: variables } }
+  let(:request_params) do
+    if Rails::VERSION::MAJOR >= 5
+      { params: params }
+    else
+      params
+    end
+  end
+  context 'when variables are a string' do
+    let(:variables) { "{\"email\": \"#{user.email}\"}" }
+    let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
+    it 'parses the string variables' do
+      post '/api/v1/graphql_auth', request_params
+      expect(json_response).to match(
+        data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
+      )
+    end
+    context 'when variables is an empty string' do
+      let(:variables) { '' }
+      let(:query)     { "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" }
+      it 'returns an empty hash as variables' do
+        post '/api/v1/graphql_auth', request_params
+        expect(json_response).to match(
+          data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
+        )
+      end
+    end
+  end
+  context 'when variables are not a string or hash' do
+    let(:variables) { 1 }
+    let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
+    it 'raises an error' do
+      expect do
+        post '/api/v1/graphql_auth', request_params
+      end.to raise_error(ArgumentError)
+    end
+  end
+  context 'when multiplexing queries' do
+    let(:params) do
+      {
+        _json: [
+          { query: "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" },
+          { query: "mutation { userLogin(email: \"#{user.email}\", password: \"wrong password\") { user { email name signInCount } } }" }
+        ]
+      }
+    end
+    it 'executes multiple queries in the same request' do
+      post '/api/v1/graphql_auth', request_params
+      expect(json_response).to match(
+        [
+          { data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } } },
+          {
+            data:   { userLogin: nil },
+            errors: [
+              hash_including(
+                message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' }
+              )
+            ]
+          }
+        ]
+      )
+    end
+  end
+end

data/spec/requests/mutations/additional_mutations_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Additional Mutations' do

data/spec/requests/mutations/additional_queries_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Additional Queries' do

data/spec/requests/mutations/login_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Login Requests' do

data/spec/requests/mutations/logout_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Logout Requests' do

data/spec/requests/mutations/resend_confirmation_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Resend confirmation' do
@@ -15,39 +17,58 @@ RSpec.describe 'Resend confirmation' do
           redirectUrl:"#{redirect}"
         ) {
           message
-          authenticatable {
-            id
-            email
-          }
         }
       }
     GRAPHQL
   end
   context 'when params are correct' do
-    it 'sends an email to the user with confirmation url and returns a success message' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-        authenticatable: {
-          id:    id,
-          email: email
-        }
-      )
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
+        expect(link['href']).to include('/api/v1/graphql_auth?')
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
-      confirm_link_msg_text = email.css('p')[1].inner_html
-      confirm_account_link_text = link.inner_html
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
+    end
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
-      expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-      expect(confirm_account_link_text).to eq('Confirm my account')
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+        expect(link['href']).to include("#{custom_path}?")
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
     end
     context 'when email address uses different casing' do
@@ -56,11 +77,7 @@ RSpec.describe 'Resend confirmation' do
       it 'honors devise configuration for case insensitive fields' do
         expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
         expect(json_response[:data][:userResendConfirmation]).to include(
-          message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-          authenticatable: {
-            id:    id,
-            email: user.email
-          }
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
         )
       end
     end

data/spec/requests/mutations/send_password_reset_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Send Password Reset Requests' do
@@ -13,26 +15,51 @@ RSpec.describe 'Send Password Reset Requests' do
           email:       "#{email}",
           redirectUrl: "#{redirect_url}"
         ) {
-          authenticatable {
-            email
-          }
+          message
         }
       }
     GRAPHQL
   end
   context 'when params are correct' do
-    it 'sends password reset  email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+    context 'when using the gem schema' do
+      it 'sends password reset  email' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include('/api/v1/graphql_auth?')
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
+    end
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+      it 'sends password reset  email' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :allow_password_change).from(false).to(true)
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include("#{custom_path}?")
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
     end
   end
@@ -41,6 +68,9 @@ RSpec.describe 'Send Password Reset Requests' do
     it 'honors devise configuration for case insensitive fields' do
       expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(json_response[:data][:userSendPasswordReset]).to include(
+        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+      )
     end
   end

data/spec/requests/mutations/sign_up_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Sign Up process' do

data/spec/requests/mutations/update_password_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Update Password Requests' do

data/spec/requests/queries/check_password_token_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Check Password Token Requests' do

data/spec/requests/queries/confirm_account_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Account confirmation' do
@@ -22,7 +24,13 @@ RSpec.describe 'Account confirmation' do
   context 'when confirmation token is correct' do
     let(:token) { user.confirmation_token }
-    before { user.send_confirmation_instructions(template_path: ['graphql_devise/mailer']) }
+    before do
+      user.send_confirmation_instructions(
+        template_path: ['graphql_devise/mailer'],
+        controller:    'graphql_devise/graphql',
+        schema_url:    'http://not-using-this-value.com/gql'
+      )
+    end
     it 'confirms the resource and redirects to the sent url' do
       expect do

data/spec/requests/user_controller_spec.rb CHANGED

@@ -1,39 +1,253 @@
+# frozen_string_literal: true
 require 'rails_helper'
-RSpec.describe 'Integrations with the user controller' do
+RSpec.describe "Integrations with the user's controller" do
   include_context 'with graphql query request'
   let(:user) { create(:user, :confirmed) }
-  let(:query) do
-    <<-GRAPHQL
-      query {
-        user(
-          id: #{user.id}
-        ) {
-          id
-          email
+  describe 'publicField' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          publicField
         }
-      }
-    GRAPHQL
+      GRAPHQL
+    end
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+      it 'does not require authentication' do
+        expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
+      end
+    end
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+      it 'does not require authentication' do
+        expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
+      end
+    end
+    context 'when using the failing route' do
+      it 'raises an invalid resource_name error' do
+        expect { post_request('/api/v1/failing') }.to raise_error(
+          GraphqlDevise::Error,
+          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer, :schema_user].'
+        )
+      end
+    end
   end
-  before { post_request('/api/v1/graphql') }
+  describe 'privateField' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          privateField
+        }
+      GRAPHQL
+    end
-  context 'when user is authenticated' do
-    let(:headers) { user.create_new_auth_token }
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
-    it 'allow to perform the query' do
-      expect(json_response[:data][:user]).to match(
-        email: user.email,
-        id:    user.id
-      )
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+        context 'when using a SchemaUser' do
+          let(:headers) { create(:schema_user, :confirmed).create_new_auth_token }
+          it 'allows to perform the query' do
+            expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+          end
+        end
+      end
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+  end
+  describe 'dummyMutation' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          dummyMutation
+        }
+      GRAPHQL
+    end
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
+        end
+      end
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
+        end
+      end
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+  end
+  describe 'user' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          user(
+            id: #{user.id}
+          ) {
+            id
+            email
+          }
+        }
+      GRAPHQL
+    end
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+    context 'when using an interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+        it 'allows to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
+      context 'when user is not authenticated' do
+        # Interpreter schema fields are public unless specified otherwise (plugin setting)
+        it 'allows to perform the query' do
+          expect(json_response[:data][:user]).to match(
+            email: user.email,
+            id:    user.id
+          )
+        end
+      end
     end
   end
-  context 'when user is not authenticated' do
-    it 'returns a must sign in error' do
-      expect(json_response[:errors]).to contain_exactly(
-        'You need to sign in or sign up before continuing.'
+  describe 'updateUser' do
+    let(:headers) { user.create_new_auth_token }
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          updateUser(email: "updated@gmail.com", name: "updated name") {
+            user { email name }
+          }
+        }
+      GRAPHQL
+    end
+    it 'requires new email confirmation' do
+      original_email = user.email
+      expect do
+        post_request('/api/v1/graphql?test=value')
+        user.reload
+      end.to not_change(user, :email).from(original_email).and(
+        change(user, :unconfirmed_email).from(nil).to('updated@gmail.com')
+      ).and(
+        not_change(user, :uid).from(original_email)
+      ).and(
+        change(user, :name).from(user.name).to('updated name')
+      )
+      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+      link  = email.css('a').first
+      expect(link['href']).to include('/api/v1/graphql')
+      expect do
+        get link['href']
+        user.reload
+      end.to change(user, :email).from(original_email).to('updated@gmail.com').and(
+        change(user, :uid).from(original_email).to('updated@gmail.com')
       )
     end
   end