graphql_devise 0.13.5 → 0.14.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +118 -0
  3. data/Appraisals +39 -5
  4. data/CHANGELOG.md +57 -6
  5. data/README.md +27 -7
  6. data/Rakefile +2 -1
  7. data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
  8. data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb +7 -1
  9. data/config/locales/en.yml +2 -1
  10. data/docs/usage/reset_password_flow.md +90 -0
  11. data/graphql_devise.gemspec +2 -2
  12. data/lib/graphql_devise/concerns/controller_methods.rb +6 -0
  13. data/lib/graphql_devise/default_operations/mutations.rb +10 -6
  14. data/lib/graphql_devise/mutations/resend_confirmation.rb +2 -0
  15. data/lib/graphql_devise/mutations/send_password_reset.rb +2 -0
  16. data/lib/graphql_devise/mutations/send_password_reset_with_token.rb +37 -0
  17. data/lib/graphql_devise/mutations/sign_up.rb +1 -3
  18. data/lib/graphql_devise/mutations/update_password_with_token.rb +38 -0
  19. data/lib/graphql_devise/resolvers/check_password_token.rb +1 -0
  20. data/lib/graphql_devise/resolvers/confirm_account.rb +2 -0
  21. data/lib/graphql_devise/schema_plugin.rb +22 -11
  22. data/lib/graphql_devise/version.rb +1 -1
  23. data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +2 -2
  24. data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
  25. data/spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb +13 -0
  26. data/spec/dummy/config/initializers/devise_token_auth.rb +2 -0
  27. data/spec/dummy/config/routes.rb +2 -1
  28. data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
  29. data/spec/dummy/db/schema.rb +0 -1
  30. data/spec/graphql/user_queries_spec.rb +118 -0
  31. data/spec/requests/graphql_controller_spec.rb +12 -11
  32. data/spec/requests/mutations/additional_mutations_spec.rb +0 -1
  33. data/spec/requests/mutations/resend_confirmation_spec.rb +16 -1
  34. data/spec/requests/mutations/send_password_reset_spec.rb +16 -1
  35. data/spec/requests/mutations/send_password_reset_with_token_spec.rb +78 -0
  36. data/spec/requests/mutations/sign_up_spec.rb +19 -1
  37. data/spec/requests/mutations/update_password_with_token_spec.rb +119 -0
  38. data/spec/requests/queries/check_password_token_spec.rb +16 -1
  39. data/spec/requests/queries/confirm_account_spec.rb +17 -2
  40. data/spec/requests/queries/introspection_query_spec.rb +149 -0
  41. data/spec/requests/user_controller_spec.rb +9 -9
  42. data/spec/support/contexts/graphql_request.rb +12 -4
  43. data/spec/support/contexts/schema_test.rb +14 -0
  44. metadata +26 -11
  45. data/.travis.yml +0 -79
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 005b85ca3899cb7b69c3505680be677fa935f80b3d63480fbf65d7f116775efa
4
- data.tar.gz: 8473a4ff5404ec543f57c9d95ad2844a039ba691865ca2d8fbea15a197f6d9b7
3
+ metadata.gz: 8babaa3e2f0ece19b6abd429ea42fb2f87f93490beb6a781329756506c90a00b
4
+ data.tar.gz: 599bb62bff4fa27c19f83a75ba328d1af3915b2fb726553168678a8a47a8a8ee
5
5
  SHA512:
6
- metadata.gz: 1accf0a12781a9b53b0f17f25226c3cd8fb8e31e26e435ce1040a132f83f508e06532c202a3789a90dcb0fd54dd10e72d047c5da1b431bb8d1147c319abc4870
7
- data.tar.gz: 4d5649f9f7d724cfbd6fc8a06e5acf2e0a3196d5f6ef7e8f4d5a569f39ae9978fc3ab6a956c110a19a7c8783b753e61f40aac9b8dcc77100b52ce14b3f6bff1b
6
+ metadata.gz: dd833162fd74b0174358424a5ef0ec59ce663577c1ce6de6b84b712d05856cba2e226aece27e07c03eef681483862ef181ef4dc61674b2b74e6c8f939e6c7e0a
7
+ data.tar.gz: 8e7af3981a3ad1d4a199ddf31cc3242f603205a02181b76d9e63be7ff09979927acd0305578d1583a421c08e076a666778a15d62e4fb1c9517d54f91a3b39111
@@ -0,0 +1,118 @@
1
+ version: 2.1
2
+ orbs:
3
+ coveralls: coveralls/coveralls@1.0.6
4
+
5
+ jobs:
6
+ test:
7
+ parameters:
8
+ ruby-version:
9
+ type: string
10
+ gemfile:
11
+ type: string
12
+ docker:
13
+ - image: 'ruby:<< parameters.ruby-version >>'
14
+ environment:
15
+ BUNDLE_GEMFILE: << parameters.gemfile >>
16
+ BUNDLE_PATH: ../vendor/bundle
17
+ COVERALLS_PARALLEL: true
18
+ EAGER_LOAD: 'true'
19
+ steps:
20
+ - checkout
21
+ - restore_cache:
22
+ keys:
23
+ - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
24
+ - run: gem install bundler -v '1.17'
25
+ - run:
26
+ name: Install dependencies
27
+ command: bundle install
28
+ - save_cache:
29
+ key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
30
+ paths:
31
+ - vendor/bundle
32
+ - run:
33
+ name: Run Specs
34
+ command:
35
+ bundle exec rspec
36
+ report-coverage:
37
+ docker:
38
+ - image: 'circleci/node:10.0.0'
39
+ steps:
40
+ - coveralls/upload:
41
+ parallel_finished: true
42
+
43
+ workflows:
44
+ test-suite:
45
+ jobs:
46
+ - test:
47
+ matrix:
48
+ parameters:
49
+ ruby-version:
50
+ - '2.2'
51
+ - '2.3'
52
+ - '2.4'
53
+ - '2.5'
54
+ - '2.6'
55
+ - '2.7'
56
+ - '3.0'
57
+ gemfile:
58
+ - gemfiles/rails4.2_graphql1.8.gemfile
59
+ - gemfiles/rails5.0_graphql1.8.gemfile
60
+ - gemfiles/rails5.0_graphql1.9.gemfile
61
+ - gemfiles/rails5.1_graphql1.8.gemfile
62
+ - gemfiles/rails5.1_graphql1.9.gemfile
63
+ - gemfiles/rails5.2_graphql1.8.gemfile
64
+ - gemfiles/rails5.2_graphql1.9.gemfile
65
+ - gemfiles/rails5.2_graphql1.10.gemfile
66
+ - gemfiles/rails5.2_graphql1.11.gemfile
67
+ - gemfiles/rails6.0_graphql1.11.gemfile
68
+ - gemfiles/rails6.0_graphql1.12.gemfile
69
+ - gemfiles/rails6.1_graphql1.11.gemfile
70
+ - gemfiles/rails6.1_graphql1.12.gemfile
71
+ exclude:
72
+ - ruby-version: '2.2'
73
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
74
+ - ruby-version: '2.2'
75
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
76
+ - ruby-version: '2.2'
77
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
78
+ - ruby-version: '2.2'
79
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
80
+ - ruby-version: '2.3'
81
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
82
+ - ruby-version: '2.3'
83
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
84
+ - ruby-version: '2.3'
85
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
86
+ - ruby-version: '2.3'
87
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
88
+ - ruby-version: '2.4'
89
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
90
+ - ruby-version: '2.4'
91
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
92
+ - ruby-version: '2.4'
93
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
94
+ - ruby-version: '2.4'
95
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
96
+ - ruby-version: '2.7'
97
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
98
+ - ruby-version: '3.0'
99
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
100
+ - ruby-version: '3.0'
101
+ gemfile: gemfiles/rails5.0_graphql1.8.gemfile
102
+ - ruby-version: '3.0'
103
+ gemfile: gemfiles/rails5.0_graphql1.9.gemfile
104
+ - ruby-version: '3.0'
105
+ gemfile: gemfiles/rails5.1_graphql1.8.gemfile
106
+ - ruby-version: '3.0'
107
+ gemfile: gemfiles/rails5.1_graphql1.9.gemfile
108
+ - ruby-version: '3.0'
109
+ gemfile: gemfiles/rails5.2_graphql1.8.gemfile
110
+ - ruby-version: '3.0'
111
+ gemfile: gemfiles/rails5.2_graphql1.9.gemfile
112
+ - ruby-version: '3.0'
113
+ gemfile: gemfiles/rails5.2_graphql1.10.gemfile
114
+ - ruby-version: '3.0'
115
+ gemfile: gemfiles/rails5.2_graphql1.11.gemfile
116
+ - report-coverage:
117
+ requires:
118
+ - test
data/Appraisals CHANGED
@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
68
68
  gem 'rspec-rails', '< 4.0'
69
69
  end
70
70
 
71
+ appraise 'rails5.2-graphql1.12' do
72
+ gem 'sqlite3', '~> 1.3.6'
73
+ gem 'rails', github: 'rails/rails', branch: '5-2-stable'
74
+ gem 'graphql', '~> 1.12.0'
75
+ gem 'rspec-rails', '< 4.0'
76
+ end
77
+
71
78
  appraise 'rails6.0-graphql1.8' do
72
79
  gem 'sqlite3', '~> 1.4'
73
80
  gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
96
103
  gem 'graphql', '~> 1.11.0'
97
104
  end
98
105
 
99
- appraise 'rails6.0-graphql_edge' do
106
+ appraise 'rails6.0-graphql1.12' do
100
107
  gem 'sqlite3', '~> 1.4'
101
- gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
102
108
  gem 'devise', '>= 4.7'
103
109
  gem 'rails', github: 'rails/rails', branch: '6-0-stable'
104
- gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
110
+ gem 'graphql', '~> 1.12.0'
111
+ end
112
+
113
+ appraise 'rails6.1-graphql1.9' do
114
+ gem 'sqlite3', '~> 1.4'
115
+ gem 'devise', '>= 4.7'
116
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
117
+ gem 'graphql', '~> 1.9.0'
118
+ end
119
+
120
+ appraise 'rails6.1-graphql1.10' do
121
+ gem 'sqlite3', '~> 1.4'
122
+ gem 'devise', '>= 4.7'
123
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
124
+ gem 'graphql', '~> 1.10.0'
125
+ end
126
+
127
+ appraise 'rails6.1-graphql1.11' do
128
+ gem 'sqlite3', '~> 1.4'
129
+ gem 'devise', '>= 4.7'
130
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
131
+ gem 'graphql', '~> 1.11.0'
132
+ end
133
+
134
+ appraise 'rails6.1-graphql1.12' do
135
+ gem 'sqlite3', '~> 1.4'
136
+ gem 'devise', '>= 4.7'
137
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
138
+ gem 'graphql', '~> 1.12.0'
105
139
  end
106
140
 
107
- appraise 'rails_edge-graphql_edge' do
141
+ appraise 'rails6.1-graphql_edge' do
108
142
  gem 'sqlite3', '~> 1.4'
109
143
  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
110
144
  gem 'devise', '>= 4.7'
111
- gem 'rails', github: 'rails/rails', branch: 'master'
145
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
112
146
  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
113
147
  end
data/CHANGELOG.md CHANGED
@@ -1,5 +1,56 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
10
+
11
+ **Fixed bugs:**
12
+
13
+ - ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
14
+
15
+ ## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
16
+
17
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
18
+
19
+ **Implemented enhancements:**
20
+
21
+ - Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
22
+
23
+ ## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
24
+
25
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
26
+
27
+ **Implemented enhancements:**
28
+
29
+ - Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
30
+ - Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
31
+ - Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
32
+
33
+ **Merged pull requests:**
34
+
35
+ - Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
36
+
37
+ ## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
38
+
39
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
40
+
41
+ **Implemented enhancements:**
42
+
43
+ - Alternate reset password flow, only 2 steps, no redirect [\#146](https://github.com/graphql-devise/graphql_devise/pull/146) ([mcelicalderon](https://github.com/mcelicalderon))
44
+
45
+ ## [v0.13.6](https://github.com/graphql-devise/graphql_devise/tree/v0.13.6) (2020-12-22)
46
+
47
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.5...v0.13.6)
48
+
49
+ **Security fixes:**
50
+
51
+ - Possible security issue with password reset and redirectUrl [\#136](https://github.com/graphql-devise/graphql_devise/issues/136)
52
+ - Add redirect whitelist validation to all queries and mutations [\#140](https://github.com/graphql-devise/graphql_devise/pull/140) ([mcelicalderon](https://github.com/mcelicalderon))
53
+
3
54
  ## [v0.13.5](https://github.com/graphql-devise/graphql_devise/tree/v0.13.5) (2020-11-20)
4
55
 
5
56
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.4...v0.13.5)
@@ -8,7 +59,7 @@
8
59
 
9
60
  - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
10
61
 
11
- ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
62
+ ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
12
63
 
13
64
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
14
65
 
@@ -32,7 +83,7 @@
32
83
 
33
84
  - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
34
85
 
35
- ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
86
+ ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
36
87
 
37
88
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
38
89
 
@@ -45,7 +96,7 @@
45
96
  - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
46
97
  - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
47
98
 
48
- ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
99
+ ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
49
100
 
50
101
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
51
102
 
@@ -62,7 +113,7 @@
62
113
  - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
63
114
  - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
64
115
 
65
- ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
116
+ ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
66
117
 
67
118
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
68
119
 
@@ -115,7 +166,7 @@
115
166
 
116
167
  **Implemented enhancements:**
117
168
 
118
- - Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
169
+ - Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
119
170
  - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
120
171
  - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
121
172
 
@@ -133,6 +184,7 @@
133
184
 
134
185
  **Implemented enhancements:**
135
186
 
187
+ - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
136
188
  - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
137
189
 
138
190
  **Fixed bugs:**
@@ -143,7 +195,6 @@
143
195
 
144
196
  - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
145
197
  - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
146
- - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
147
198
 
148
199
  **Merged pull requests:**
149
200
 
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # GraphqlDevise
2
- [![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
3
- [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
2
+ [![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
3
+ [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
4
4
  [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
5
5
 
6
6
  GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -31,8 +31,10 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
31
31
  * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
32
32
  * [Important](#important-2)
33
33
  * [Making Requests](#making-requests)
34
+ * [Introspection query](#introspection-query)
34
35
  * [Mutations](#mutations)
35
36
  * [Queries](#queries)
37
+ * [Reset Password Flow](#reset-password-flow)
36
38
  * [More Configuration Options](#more-configuration-options)
37
39
  * [Devise Token Auth Initializer](#devise-token-auth-initializer)
38
40
  * [Devise Initializer](#devise-initializer)
@@ -42,7 +44,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
42
44
  * [Contributing](#contributing)
43
45
  * [License](#license)
44
46
 
45
- <!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
47
+ <!-- Added by: mcelicalderon, at: Mon Jan 25 22:48:17 -05 2021 -->
46
48
 
47
49
  <!--te-->
48
50
 
@@ -225,6 +227,12 @@ authentication unless specified otherwise using the `authenticate: true` option
225
227
  one argument (field name) and is called whenever a field that requires authentication
226
228
  is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
227
229
  raised if authentication fails. This will provide a GQL like error message on the response.
230
+ 1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
231
+ information about what queries the schema supports. This query is very powerful and
232
+ there may be some case in which you want to limit its usage to authenticated users.
233
+ To accomplish this the schema plugin provides the `public_introspection` option. This option
234
+ accepts a boolean value and by default will consider introspection queries public in all
235
+ environments but production.
228
236
 
229
237
  ### Available Mount Options
230
238
  Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -288,10 +296,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
288
296
  :login
289
297
  :logout
290
298
  :sign_up
291
- :update_password
292
- :send_password_reset
293
299
  :confirm_account
300
+ :send_password_reset
294
301
  :check_password_token
302
+ :update_password
303
+ :send_password_reset_with_token
304
+ :update_password_with_token
295
305
  ```
296
306
 
297
307
  ### Configuring Model
@@ -451,6 +461,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
451
461
  ### Making Requests
452
462
  Here is a list of the available mutations and queries assuming your mounted model is `User`.
453
463
 
464
+ #### Introspection query
465
+ If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
466
+
454
467
  #### Mutations
455
468
 
456
469
  Operation | Description | Example
@@ -458,9 +471,11 @@ Operation | Description | Example
458
471
  login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
459
472
  logout | | userLogout: UserLogoutPayload
460
473
  signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
461
- sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
462
- updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
474
+ sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
475
+ updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
463
476
  resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
477
+ sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
478
+ updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
464
479
 
465
480
  #### Queries
466
481
  Operation | Description | Example
@@ -478,6 +493,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
478
493
  Also, the [dummy app](spec/dummy) used in our specs will give you
479
494
  a clear idea on how to configure the gem on your Rails application.
480
495
 
496
+ ### Reset Password Flow
497
+ This gem supports two password recovery flows. The most recently implemented is preferred and
498
+ requires less steps. More detail on how it works can be found
499
+ [here](docs/usage/reset_password_flow.md).
500
+
481
501
  ### More Configuration Options
482
502
  As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
483
503
  this values on the initializer files generated by the installer.
data/Rakefile CHANGED
@@ -18,11 +18,12 @@ end
18
18
 
19
19
  require 'github_changelog_generator/task'
20
20
 
21
- GitHubChangelogGenerator::RakeTask.new :changelog do |config|
21
+ GitHubChangelogGenerator::RakeTask.new do |config|
22
22
  config.user = 'graphql-devise'
23
23
  config.project = 'graphql_devise'
24
24
  config.future_release = ENV['FUTURE_RELEASE']
25
25
  config.add_issues_wo_labels = false
26
+ config.add_pr_wo_labels = false
26
27
  end
27
28
 
28
29
  APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
@@ -14,7 +14,7 @@ module GraphqlDevise
14
14
  end
15
15
  )
16
16
  else
17
- GraphqlDevise::Schema.execute(params[:query], execute_params(params))
17
+ GraphqlDevise::Schema.execute(params[:query], **execute_params(params))
18
18
  end
19
19
 
20
20
  render json: result unless performed?
@@ -2,7 +2,13 @@
2
2
 
3
3
  <p><%= t('.request_reset_link_msg') %></p>
4
4
 
5
- <p><%= link_to t('.password_change_link'), "#{message['schema_url']}?#{password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s).to_query}" %></p>
5
+ <p>
6
+ <% if message['schema_url'].present? %>
7
+ <%= link_to t('.password_change_link'), "#{message['schema_url']}?#{password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s).to_query}" %>
8
+ <% else %>
9
+ <%= link_to t('.password_change_link'), "#{message['redirect-url'].to_s}?#{{ reset_password_token: @token }.to_query}" %>
10
+ <% end %>
11
+ </p>
6
12
 
7
13
  <p><%= t('.ignore_mail_msg') %></p>
8
14
  <p><%= t('.no_changes_msg') %></p>
@@ -1,5 +1,6 @@
1
1
  en:
2
2
  graphql_devise:
3
+ redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
3
4
  registration_failed: "User couldn't be registered"
4
5
  resource_build_failed: "Resource couldn't be built, execution stopped."
5
6
  not_authenticated: "User is not logged in."
@@ -7,8 +8,8 @@ en:
7
8
  invalid_resource: "Errors present in the resource."
8
9
  registrations:
9
10
  missing_confirm_redirect_url: "Missing 'confirm_success_url' parameter. Required when confirmable module is enabled."
10
- redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
11
11
  passwords:
12
+ password_recovery_disabled: "You must enable password recovery for this model."
12
13
  update_password_error: "Unable to update user password"
13
14
  missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
14
15
  password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."