graphql_devise 0.13.5 → 0.14.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 005b85ca3899cb7b69c3505680be677fa935f80b3d63480fbf65d7f116775efa
-  data.tar.gz: 8473a4ff5404ec543f57c9d95ad2844a039ba691865ca2d8fbea15a197f6d9b7
+  metadata.gz: 8babaa3e2f0ece19b6abd429ea42fb2f87f93490beb6a781329756506c90a00b
+  data.tar.gz: 599bb62bff4fa27c19f83a75ba328d1af3915b2fb726553168678a8a47a8a8ee
 SHA512:
-  metadata.gz: 1accf0a12781a9b53b0f17f25226c3cd8fb8e31e26e435ce1040a132f83f508e06532c202a3789a90dcb0fd54dd10e72d047c5da1b431bb8d1147c319abc4870
-  data.tar.gz: 4d5649f9f7d724cfbd6fc8a06e5acf2e0a3196d5f6ef7e8f4d5a569f39ae9978fc3ab6a956c110a19a7c8783b753e61f40aac9b8dcc77100b52ce14b3f6bff1b
+  metadata.gz: dd833162fd74b0174358424a5ef0ec59ce663577c1ce6de6b84b712d05856cba2e226aece27e07c03eef681483862ef181ef4dc61674b2b74e6c8f939e6c7e0a
+  data.tar.gz: 8e7af3981a3ad1d4a199ddf31cc3242f603205a02181b76d9e63be7ff09979927acd0305578d1583a421c08e076a666778a15d62e4fb1c9517d54f91a3b39111

data/.circleci/config.yml

@@ -0,0 +1,118 @@
+version: 2.1
+orbs:
+  coveralls: coveralls/coveralls@1.0.6
+
+jobs:
+  test:
+    parameters:
+      ruby-version:
+        type: string
+      gemfile:
+        type: string
+    docker:
+      - image: 'ruby:<< parameters.ruby-version >>'
+    environment:
+      BUNDLE_GEMFILE: << parameters.gemfile >>
+      BUNDLE_PATH: ../vendor/bundle
+      COVERALLS_PARALLEL: true
+      EAGER_LOAD: 'true'
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+      - run: gem install bundler -v '1.17'
+      - run:
+          name: Install dependencies
+          command: bundle install
+      - save_cache:
+          key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+          paths:
+            - vendor/bundle
+      - run:
+          name: Run Specs
+          command:
+            bundle exec rspec
+  report-coverage:
+    docker:
+      - image: 'circleci/node:10.0.0'
+    steps:
+      - coveralls/upload:
+          parallel_finished: true
+
+workflows:
+  test-suite:
+    jobs:
+      - test:
+          matrix:
+            parameters:
+              ruby-version:
+                - '2.2'
+                - '2.3'
+                - '2.4'
+                - '2.5'
+                - '2.6'
+                - '2.7'
+                - '3.0'
+              gemfile:
+                - gemfiles/rails4.2_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.9.gemfile
+                - gemfiles/rails5.1_graphql1.8.gemfile
+                - gemfiles/rails5.1_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.8.gemfile
+                - gemfiles/rails5.2_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.10.gemfile
+                - gemfiles/rails5.2_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.12.gemfile
+                - gemfiles/rails6.1_graphql1.11.gemfile
+                - gemfiles/rails6.1_graphql1.12.gemfile
+            exclude:
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.7'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.10.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.11.gemfile
+      - report-coverage:
+          requires:
+            - test

data/Appraisals

@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
   gem 'rspec-rails', '< 4.0'
 end
 
+appraise 'rails5.2-graphql1.12' do
+  gem 'sqlite3', '~> 1.3.6'
+  gem 'rails', github: 'rails/rails', branch: '5-2-stable'
+  gem 'graphql', '~> 1.12.0'
+  gem 'rspec-rails', '< 4.0'
+end
+
 appraise 'rails6.0-graphql1.8' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
   gem 'graphql', '~> 1.11.0'
 end
 
-appraise 'rails6.0-graphql_edge' do
+appraise 'rails6.0-graphql1.12' do
   gem 'sqlite3', '~> 1.4'
-  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
   gem 'rails', github: 'rails/rails', branch: '6-0-stable'
-  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
+  gem 'graphql', '~> 1.12.0'
+end
+
+appraise 'rails6.1-graphql1.9' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.9.0'
+end
+
+appraise 'rails6.1-graphql1.10' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.10.0'
+end
+
+appraise 'rails6.1-graphql1.11' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.11.0'
+end
+
+appraise 'rails6.1-graphql1.12' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.12.0'
 end
 
-appraise 'rails_edge-graphql_edge' do
+appraise 'rails6.1-graphql_edge' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
-  gem 'rails', github: 'rails/rails', branch: 'master'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
   gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
 end

data/CHANGELOG.md

@@ -1,5 +1,56 @@
 # Changelog
 
+## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
+
+**Implemented enhancements:**
+
+- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
+
+**Fixed bugs:**
+
+- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
+
+## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
+
+**Implemented enhancements:**
+
+- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
+
+## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
+
+**Implemented enhancements:**
+
+- Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
+- Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
+- Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
+
+**Merged pull requests:**
+
+- Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
+
+**Implemented enhancements:**
+
+- Alternate reset password flow, only 2 steps, no redirect [\#146](https://github.com/graphql-devise/graphql_devise/pull/146) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.13.6](https://github.com/graphql-devise/graphql_devise/tree/v0.13.6) (2020-12-22)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.5...v0.13.6)
+
+**Security fixes:**
+
+- Possible security issue with password reset and redirectUrl [\#136](https://github.com/graphql-devise/graphql_devise/issues/136)
+- Add redirect whitelist validation to all queries and mutations [\#140](https://github.com/graphql-devise/graphql_devise/pull/140) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.13.5](https://github.com/graphql-devise/graphql_devise/tree/v0.13.5) (2020-11-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.4...v0.13.5)
@@ -8,7 +59,7 @@
 
 - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
 
-## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
+## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
 
@@ -32,7 +83,7 @@
 
 - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
 
-## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
+## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
 
@@ -45,7 +96,7 @@
 - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
 - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
 
-## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
+## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
 
@@ -62,7 +113,7 @@
 - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
 - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
 
-## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
+## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
 
@@ -115,7 +166,7 @@
 
 **Implemented enhancements:**
 
-- Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
+- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
 - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
 - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
 
@@ -133,6 +184,7 @@
 
 **Implemented enhancements:**
 
+- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
 
 **Fixed bugs:**
@@ -143,7 +195,6 @@
 
 - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
 - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
-- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 
 **Merged pull requests:**
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphqlDevise
-[![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
-[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
+[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
+[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
 [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
 
 GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -31,8 +31,10 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
             * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
             * [Important](#important-2)
          * [Making Requests](#making-requests)
+            * [Introspection query](#introspection-query)
             * [Mutations](#mutations)
             * [Queries](#queries)
+         * [Reset Password Flow](#reset-password-flow)
          * [More Configuration Options](#more-configuration-options)
             * [Devise Token Auth Initializer](#devise-token-auth-initializer)
             * [Devise Initializer](#devise-initializer)
@@ -42,7 +44,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
       * [Contributing](#contributing)
       * [License](#license)
 
-<!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
+<!-- Added by: mcelicalderon, at: Mon Jan 25 22:48:17 -05 2021 -->
 
 <!--te-->
 
@@ -225,6 +227,12 @@ authentication unless specified otherwise using the `authenticate: true` option
 one argument (field name) and is called whenever a field that requires authentication
 is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
 raised if authentication fails. This will provide a GQL like error message on the response.
+1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
+information about what queries the schema supports. This query is very powerful and
+there may be some case in which you want to limit its usage to authenticated users.
+To accomplish this the schema plugin provides the `public_introspection` option. This option
+accepts a boolean value and by default will consider introspection queries public in all
+environments but production.
 
 ### Available Mount Options
 Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -288,10 +296,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 :login
 :logout
 :sign_up
-:update_password
-:send_password_reset
 :confirm_account
+:send_password_reset
 :check_password_token
+:update_password
+:send_password_reset_with_token
+:update_password_with_token
 ```
 
 ### Configuring Model
@@ -451,6 +461,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
 
+#### Introspection query
+If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
+
 #### Mutations
 
 Operation | Description | Example
@@ -458,9 +471,11 @@ Operation | Description | Example
 login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
 logout | | userLogout: UserLogoutPayload
 signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
 resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
+sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
+updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
 
 #### Queries
 Operation | Description | Example
@@ -478,6 +493,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
 Also, the [dummy app](spec/dummy) used in our specs will give you
 a clear idea on how to configure the gem on your Rails application.
 
+### Reset Password Flow
+This gem supports two password recovery flows. The most recently implemented is preferred and
+requires less steps. More detail on how it works can be found
+[here](docs/usage/reset_password_flow.md).
+
 ### More Configuration Options
 As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
 this values on the initializer files generated by the installer.

data/Rakefile

@@ -18,11 +18,12 @@ end
 
 require 'github_changelog_generator/task'
 
-GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+GitHubChangelogGenerator::RakeTask.new do |config|
   config.user = 'graphql-devise'
   config.project = 'graphql_devise'
   config.future_release = ENV['FUTURE_RELEASE']
   config.add_issues_wo_labels = false
+  config.add_pr_wo_labels = false
 end
 
 APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)

data/app/controllers/graphql_devise/graphql_controller.rb

@@ -14,7 +14,7 @@ module GraphqlDevise
           end
         )
       else
-        GraphqlDevise::Schema.execute(params[:query], execute_params(params))
+        GraphqlDevise::Schema.execute(params[:query], **execute_params(params))
       end
 
       render json: result unless performed?

data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,13 @@
 
 <p><%= t('.request_reset_link_msg') %></p>
 
-<p><%= link_to t('.password_change_link'), "#{message['schema_url']}?#{password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s).to_query}" %></p>
+<p>
+  <% if message['schema_url'].present? %>
+    <%= link_to t('.password_change_link'), "#{message['schema_url']}?#{password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s).to_query}" %>
+  <% else %>
+    <%= link_to t('.password_change_link'), "#{message['redirect-url'].to_s}?#{{ reset_password_token: @token }.to_query}" %>
+  <% end %>
+</p>
 
 <p><%= t('.ignore_mail_msg') %></p>
 <p><%= t('.no_changes_msg') %></p>

data/config/locales/en.yml

@@ -1,5 +1,6 @@
 en:
   graphql_devise:
+    redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
     registration_failed: "User couldn't be registered"
     resource_build_failed: "Resource couldn't be built, execution stopped."
     not_authenticated: "User is not logged in."
@@ -7,8 +8,8 @@ en:
     invalid_resource: "Errors present in the resource."
     registrations:
       missing_confirm_redirect_url: "Missing 'confirm_success_url' parameter. Required when confirmable module is enabled."
-      redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
     passwords:
+      password_recovery_disabled: "You must enable password recovery for this model."
       update_password_error: "Unable to update user password"
       missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
       password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."