RubyGems - graphql_devise - Versions diffs - 0.12.3 → 0.13.4 - Mend

graphql_devise 0.12.3 → 0.13.4

Files changed (168) hide show

data/spec/requests/mutations/resend_confirmation_spec.rb CHANGED

@@ -1,12 +1,15 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Resend confirmation' do
   include_context 'with graphql query request'
-  let!(:user)    { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
-  let(:email)    { user.email }
-  let(:id)       { user.id }
-  let(:redirect) { Faker::Internet.url }
+  let(:confirmed_at) { nil }
+  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
+  let(:email)        { user.email }
+  let(:id)           { user.id }
+  let(:redirect)     { Faker::Internet.url }
   let(:query) do
     <<-GRAPHQL
       mutation {
@@ -96,6 +99,28 @@ RSpec.describe 'Resend confirmation' do
     end
   end
+  context 'when the email was changed' do
+    let(:confirmed_at) { 2.seconds.ago }
+    let(:email)        { 'new-email@wallaceinc.com' }
+    let(:new_email)    { email }
+    before do
+      user.update_with_email(
+        email:                    new_email,
+        schema_url:               'http://localhost/test',
+        confirmation_success_url: 'https://google.com'
+      )
+    end
+    it 'sends new confirmation email' do
+      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
+      expect(json_response[:data][:userResendConfirmation]).to include(
+        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+      )
+    end
+  end
   context "when the email isn't in the system" do
     let(:email) { 'nothere@gmail.com' }

data/spec/requests/mutations/send_password_reset_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Send Password Reset Requests' do

data/spec/requests/mutations/sign_up_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Sign Up process' do
@@ -19,6 +21,7 @@ RSpec.describe 'Sign Up process' do
             passwordConfirmation: "#{password}"
             confirmSuccessUrl:    "#{redirect}"
           ) {
+            credentials { accessToken }
             user {
               email
               name
@@ -41,7 +44,8 @@ RSpec.describe 'Sign Up process' do
         expect(user.confirmed_at).to be_nil
         expect(user).to be_valid_password(password)
         expect(json_response[:data][:userSignUp]).to include(
-          user: {
+          credentials: nil,
+          user:        {
             email: email,
             name:  name
           }
@@ -124,6 +128,7 @@ RSpec.describe 'Sign Up process' do
             passwordConfirmation: "#{password}"
             confirmSuccessUrl:    "#{redirect}"
           ) {
+            credentials { accessToken client uid }
             authenticatable {
               email
             }
@@ -132,8 +137,16 @@ RSpec.describe 'Sign Up process' do
       GRAPHQL
     end
-    it 'works without the confirmable module' do
+    it 'returns credentials as no confirmation is required' do
       expect { post_request }.to change(Guest, :count).from(0).to(1)
+      expect(json_response[:data][:guestSignUp]).to include(
+        authenticatable: { email: email },
+        credentials:     hash_including(
+          uid:    email,
+          client: Guest.last.tokens.keys.first
+        )
+      )
     end
   end
 end

data/spec/requests/mutations/update_password_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Update Password Requests' do

data/spec/requests/queries/check_password_token_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Check Password Token Requests' do

data/spec/requests/queries/confirm_account_spec.rb CHANGED

@@ -1,62 +1,122 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe 'Account confirmation' do
   include_context 'with graphql query request'
-  let(:user)     { create(:user, confirmed_at: nil) }
-  let(:redirect) { Faker::Internet.url }
-  let(:query) do
-    <<-GRAPHQL
-      {
-        userConfirmAccount(
-          confirmationToken: "#{token}"
-          redirectUrl:       "#{redirect}"
-        ) {
-          email
-          name
+  context 'when using the user model' do
+    let(:user)     { create(:user, confirmed_at: nil) }
+    let(:redirect) { Faker::Internet.url }
+    let(:query) do
+      <<-GRAPHQL
+        {
+          userConfirmAccount(
+            confirmationToken: "#{token}"
+            redirectUrl:       "#{redirect}"
+          ) {
+            email
+            name
+          }
         }
-      }
-    GRAPHQL
-  end
+      GRAPHQL
+    end
+    context 'when confirmation token is correct' do
+      let(:token) { user.confirmation_token }
+      before do
+        user.send_confirmation_instructions(
+          template_path: ['graphql_devise/mailer'],
+          controller:    'graphql_devise/graphql',
+          schema_url:    'http://not-using-this-value.com/gql'
+        )
+      end
+      it 'confirms the resource and redirects to the sent url' do
+        expect do
+          get_request
+          user.reload
+        end.to(change(user, :confirmed_at).from(nil))
+        expect(response).to redirect_to("#{redirect}?account_confirmation_success=true")
+        expect(user).to be_active_for_authentication
+      end
-  context 'when confirmation token is correct' do
-    let(:token) { user.confirmation_token }
+      context 'when unconfirmed_email is present' do
+        let(:user) { create(:user, :confirmed, unconfirmed_email: 'vvega@wallaceinc.com') }
-    before do
-      user.send_confirmation_instructions(
-        template_path: ['graphql_devise/mailer'],
-        controller:    'graphql_devise/graphql',
-        action:        'auth'
-      )
+        it 'confirms the unconfirmed email and redirects' do
+          expect do
+            get_request
+            user.reload
+          end.to change(user, :email).from(user.email).to('vvega@wallaceinc.com').and(
+            change(user, :unconfirmed_email).from('vvega@wallaceinc.com').to(nil)
+          )
+          expect(response).to redirect_to("#{redirect}?account_confirmation_success=true")
+        end
+      end
     end
-    it 'confirms the resource and redirects to the sent url' do
-      expect do
-        get_request
-        user.reload
-      end.to(change(user, :confirmed_at).from(nil))
+    context 'when reset password token is not found' do
+      let(:token) { "#{user.confirmation_token}-invalid" }
+      it 'does *NOT* confirm the user nor does the redirection' do
+        expect do
+          get_request
+          user.reload
+        end.not_to(change(user, :confirmed_at).from(nil))
-      expect(response).to redirect_to "#{redirect}?account_confirmation_success=true"
-      expect(user).to be_active_for_authentication
+        expect(response).not_to be_redirect
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(
+            message:    'Invalid confirmation token. Please try again',
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
     end
   end
-  context 'when reset password token is not found' do
-    let(:token) { "#{user.confirmation_token}-invalid" }
+  context 'when using the admin model' do
+    let(:admin)    { create(:admin, confirmed_at: nil) }
+    let(:redirect) { Faker::Internet.url }
+    let(:query) do
+      <<-GRAPHQL
+        {
+          adminConfirmAccount(
+            confirmationToken: "#{token}"
+            redirectUrl:       "#{redirect}"
+          ) {
+            email
+          }
+        }
+      GRAPHQL
+    end
+    context 'when confirmation token is correct' do
+      let(:token) { admin.confirmation_token }
-    it 'does *NOT* confirm the user nor does the redirection' do
-      expect do
-        get_request
-        user.reload
-      end.not_to(change(user, :confirmed_at).from(nil))
+      before do
+        admin.send_confirmation_instructions(
+          template_path: ['graphql_devise/mailer'],
+          controller:    'graphql_devise/graphql',
+          schema_url:    'http://not-using-this-value.com/gql'
+        )
+      end
-      expect(response).not_to be_redirect
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(
-          message: 'Invalid confirmation token. Please try again',
-          extensions: { code: 'USER_ERROR' }
+      it 'confirms the resource, persists credentials on the DB and redirects to the sent url' do
+        expect do
+          get_request
+          admin.reload
+        end.to change(admin, :confirmed_at).from(nil).and(
+          change { admin.tokens.keys.count }.from(0).to(1)
         )
-      )
+        expect(response).to redirect_to(/\A#{redirect}.+access\-token=/)
+        expect(admin).to be_active_for_authentication
+      end
     end
   end
 end

data/spec/requests/user_controller_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'rails_helper'
 RSpec.describe "Integrations with the user's controller" do
@@ -34,7 +36,7 @@ RSpec.describe "Integrations with the user's controller" do
       it 'raises an invalid resource_name error' do
         expect { post_request('/api/v1/failing') }.to raise_error(
           GraphqlDevise::Error,
-          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer].'
+          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer, :schema_user].'
         )
       end
     end
@@ -55,9 +57,17 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
         end
+        context 'when using a SchemaUser' do
+          let(:headers) { create(:schema_user, :confirmed).create_new_auth_token }
+          it 'allows to perform the query' do
+            expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+          end
+        end
       end
       context 'when user is not authenticated' do
@@ -75,7 +85,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
         end
       end
@@ -105,7 +115,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
         end
       end
@@ -125,7 +135,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:dummyMutation]).to eq('Necessary so GraphQL gem does not complain about empty mutation type')
         end
       end
@@ -160,7 +170,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:user]).to match(
             email: user.email,
             id:    user.id
@@ -183,7 +193,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is authenticated' do
         let(:headers) { user.create_new_auth_token }
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:user]).to match(
             email: user.email,
             id:    user.id
@@ -193,7 +203,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         # Interpreter schema fields are public unless specified otherwise (plugin setting)
-        it 'allow to perform the query' do
+        it 'allows to perform the query' do
           expect(json_response[:data][:user]).to match(
             email: user.email,
             id:    user.id
@@ -202,4 +212,43 @@ RSpec.describe "Integrations with the user's controller" do
       end
     end
   end
+  describe 'updateUser' do
+    let(:headers) { user.create_new_auth_token }
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          updateUser(email: "updated@gmail.com", name: "updated name") {
+            user { email name }
+          }
+        }
+      GRAPHQL
+    end
+    it 'requires new email confirmation' do
+      original_email = user.email
+      expect do
+        post_request('/api/v1/graphql?test=value')
+        user.reload
+      end.to not_change(user, :email).from(original_email).and(
+        change(user, :unconfirmed_email).from(nil).to('updated@gmail.com')
+      ).and(
+        not_change(user, :uid).from(original_email)
+      ).and(
+        change(user, :name).from(user.name).to('updated name')
+      )
+      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+      link  = email.css('a').first
+      expect(link['href']).to include('/api/v1/graphql')
+      expect do
+        get link['href']
+        user.reload
+      end.to change(user, :email).from(original_email).to('updated@gmail.com').and(
+        change(user, :uid).from(original_email).to('updated@gmail.com')
+      )
+    end
+  end
 end

data/spec/services/mount_method/operation_preparer_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do

data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPreparer do

data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationPreparer do

data/spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::GqlNameSetter do

data/spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter do

data/spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'spec_helper'
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter do