graphql_devise 0.13.6 → 0.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +118 -0
  3. data/Appraisals +39 -5
  4. data/CHANGELOG.md +64 -6
  5. data/README.md +135 -50
  6. data/Rakefile +2 -1
  7. data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb +72 -0
  8. data/app/controllers/graphql_devise/concerns/set_user_by_token.rb +5 -27
  9. data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
  10. data/app/helpers/graphql_devise/mailer_helper.rb +2 -2
  11. data/app/models/graphql_devise/concerns/additional_model_methods.rb +21 -0
  12. data/app/models/graphql_devise/concerns/model.rb +6 -9
  13. data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb +7 -1
  14. data/config/locales/en.yml +1 -0
  15. data/docs/usage/reset_password_flow.md +90 -0
  16. data/graphql_devise.gemspec +2 -2
  17. data/lib/generators/graphql_devise/install_generator.rb +1 -1
  18. data/lib/graphql_devise.rb +20 -6
  19. data/lib/graphql_devise/concerns/controller_methods.rb +3 -3
  20. data/lib/graphql_devise/default_operations/mutations.rb +10 -6
  21. data/lib/graphql_devise/mount_method/operation_preparer.rb +6 -6
  22. data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb +6 -4
  23. data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -4
  24. data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb} +4 -4
  25. data/lib/graphql_devise/mutations/send_password_reset_with_token.rb +37 -0
  26. data/lib/graphql_devise/mutations/update_password_with_token.rb +38 -0
  27. data/lib/graphql_devise/resolvers/confirm_account.rb +1 -1
  28. data/lib/graphql_devise/resource_loader.rb +26 -11
  29. data/lib/graphql_devise/schema_plugin.rb +35 -16
  30. data/lib/graphql_devise/version.rb +1 -1
  31. data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +13 -2
  32. data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
  33. data/spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb +13 -0
  34. data/spec/dummy/config/routes.rb +4 -2
  35. data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
  36. data/spec/dummy/db/schema.rb +0 -1
  37. data/spec/generators/graphql_devise/install_generator_spec.rb +1 -1
  38. data/spec/graphql/user_queries_spec.rb +120 -0
  39. data/spec/requests/graphql_controller_spec.rb +12 -11
  40. data/spec/requests/mutations/send_password_reset_with_token_spec.rb +78 -0
  41. data/spec/requests/mutations/update_password_with_token_spec.rb +119 -0
  42. data/spec/requests/queries/check_password_token_spec.rb +1 -1
  43. data/spec/requests/queries/introspection_query_spec.rb +149 -0
  44. data/spec/requests/user_controller_spec.rb +29 -9
  45. data/spec/services/mount_method/operation_preparer_spec.rb +5 -5
  46. data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb +5 -5
  47. data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +5 -5
  48. data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb} +6 -6
  49. data/spec/services/resource_loader_spec.rb +5 -5
  50. data/spec/support/contexts/graphql_request.rb +11 -3
  51. data/spec/support/contexts/schema_test.rb +14 -0
  52. metadata +31 -14
  53. data/.travis.yml +0 -79
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e90de970ae686dd8437156a6d830b922c1fe4369c10206532073e5bb3f8f75f8
4
- data.tar.gz: 3a74fe59c81889eb9f5a4bb42710d4cb7e086b9a9bdbd0e9bd09a370ccd7f435
3
+ metadata.gz: 6f90be997c50518d79c6b3fdaee2f896aeec557ca5084a6bac7059a518dd8ec3
4
+ data.tar.gz: e25b07dee790cd64a48a07970974c6ae3e2a567c9a75321f7af69c693140a342
5
5
  SHA512:
6
- metadata.gz: 0f608b88cf17acc4e8c4d7d54fb4d578afb38d2c7f7a73b9df2cee7b9661cdb6a35b1b45e4a6d7c05e022a334f6c7ed8bf1427b301422c2e27f191a830dde621
7
- data.tar.gz: 5d5bc1eab5158c5134f18a7f2f85e0653139ee13d67c45efb7050274d41ed6f1a5c2dee0c97c57ca987bd7f74556cbca9ae478b7782aee28f5967308d7bd3c92
6
+ metadata.gz: 8453243ec0816b2fc828c13f1033b70e97ae71d68c2938af469a435f99a1b26369f0482a4abcda50fbf61c1a9d1fbde12b47a51f6fa42fdbb29afe5aa7f8760e
7
+ data.tar.gz: 0fb0ef651e1be37157948ce48e24690ec741e543abf5771ad85f6380a640efb9b772195b16132685887cef9eb8f03d923a12406c99877100c6f13408a70280d8
@@ -0,0 +1,118 @@
1
+ version: 2.1
2
+ orbs:
3
+ coveralls: coveralls/coveralls@1.0.6
4
+
5
+ jobs:
6
+ test:
7
+ parameters:
8
+ ruby-version:
9
+ type: string
10
+ gemfile:
11
+ type: string
12
+ docker:
13
+ - image: 'ruby:<< parameters.ruby-version >>'
14
+ environment:
15
+ BUNDLE_GEMFILE: << parameters.gemfile >>
16
+ BUNDLE_PATH: ../vendor/bundle
17
+ COVERALLS_PARALLEL: true
18
+ EAGER_LOAD: 'true'
19
+ steps:
20
+ - checkout
21
+ - restore_cache:
22
+ keys:
23
+ - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
24
+ - run: gem install bundler -v '1.17'
25
+ - run:
26
+ name: Install dependencies
27
+ command: bundle install
28
+ - save_cache:
29
+ key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
30
+ paths:
31
+ - vendor/bundle
32
+ - run:
33
+ name: Run Specs
34
+ command:
35
+ bundle exec rspec
36
+ report-coverage:
37
+ docker:
38
+ - image: 'circleci/node:10.0.0'
39
+ steps:
40
+ - coveralls/upload:
41
+ parallel_finished: true
42
+
43
+ workflows:
44
+ test-suite:
45
+ jobs:
46
+ - test:
47
+ matrix:
48
+ parameters:
49
+ ruby-version:
50
+ - '2.2'
51
+ - '2.3'
52
+ - '2.4'
53
+ - '2.5'
54
+ - '2.6'
55
+ - '2.7'
56
+ - '3.0'
57
+ gemfile:
58
+ - gemfiles/rails4.2_graphql1.8.gemfile
59
+ - gemfiles/rails5.0_graphql1.8.gemfile
60
+ - gemfiles/rails5.0_graphql1.9.gemfile
61
+ - gemfiles/rails5.1_graphql1.8.gemfile
62
+ - gemfiles/rails5.1_graphql1.9.gemfile
63
+ - gemfiles/rails5.2_graphql1.8.gemfile
64
+ - gemfiles/rails5.2_graphql1.9.gemfile
65
+ - gemfiles/rails5.2_graphql1.10.gemfile
66
+ - gemfiles/rails5.2_graphql1.11.gemfile
67
+ - gemfiles/rails6.0_graphql1.11.gemfile
68
+ - gemfiles/rails6.0_graphql1.12.gemfile
69
+ - gemfiles/rails6.1_graphql1.11.gemfile
70
+ - gemfiles/rails6.1_graphql1.12.gemfile
71
+ exclude:
72
+ - ruby-version: '2.2'
73
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
74
+ - ruby-version: '2.2'
75
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
76
+ - ruby-version: '2.2'
77
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
78
+ - ruby-version: '2.2'
79
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
80
+ - ruby-version: '2.3'
81
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
82
+ - ruby-version: '2.3'
83
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
84
+ - ruby-version: '2.3'
85
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
86
+ - ruby-version: '2.3'
87
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
88
+ - ruby-version: '2.4'
89
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
90
+ - ruby-version: '2.4'
91
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
92
+ - ruby-version: '2.4'
93
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
94
+ - ruby-version: '2.4'
95
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
96
+ - ruby-version: '2.7'
97
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
98
+ - ruby-version: '3.0'
99
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
100
+ - ruby-version: '3.0'
101
+ gemfile: gemfiles/rails5.0_graphql1.8.gemfile
102
+ - ruby-version: '3.0'
103
+ gemfile: gemfiles/rails5.0_graphql1.9.gemfile
104
+ - ruby-version: '3.0'
105
+ gemfile: gemfiles/rails5.1_graphql1.8.gemfile
106
+ - ruby-version: '3.0'
107
+ gemfile: gemfiles/rails5.1_graphql1.9.gemfile
108
+ - ruby-version: '3.0'
109
+ gemfile: gemfiles/rails5.2_graphql1.8.gemfile
110
+ - ruby-version: '3.0'
111
+ gemfile: gemfiles/rails5.2_graphql1.9.gemfile
112
+ - ruby-version: '3.0'
113
+ gemfile: gemfiles/rails5.2_graphql1.10.gemfile
114
+ - ruby-version: '3.0'
115
+ gemfile: gemfiles/rails5.2_graphql1.11.gemfile
116
+ - report-coverage:
117
+ requires:
118
+ - test
data/Appraisals CHANGED
@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
68
68
  gem 'rspec-rails', '< 4.0'
69
69
  end
70
70
 
71
+ appraise 'rails5.2-graphql1.12' do
72
+ gem 'sqlite3', '~> 1.3.6'
73
+ gem 'rails', github: 'rails/rails', branch: '5-2-stable'
74
+ gem 'graphql', '~> 1.12.0'
75
+ gem 'rspec-rails', '< 4.0'
76
+ end
77
+
71
78
  appraise 'rails6.0-graphql1.8' do
72
79
  gem 'sqlite3', '~> 1.4'
73
80
  gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
96
103
  gem 'graphql', '~> 1.11.0'
97
104
  end
98
105
 
99
- appraise 'rails6.0-graphql_edge' do
106
+ appraise 'rails6.0-graphql1.12' do
100
107
  gem 'sqlite3', '~> 1.4'
101
- gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
102
108
  gem 'devise', '>= 4.7'
103
109
  gem 'rails', github: 'rails/rails', branch: '6-0-stable'
104
- gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
110
+ gem 'graphql', '~> 1.12.0'
111
+ end
112
+
113
+ appraise 'rails6.1-graphql1.9' do
114
+ gem 'sqlite3', '~> 1.4'
115
+ gem 'devise', '>= 4.7'
116
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
117
+ gem 'graphql', '~> 1.9.0'
118
+ end
119
+
120
+ appraise 'rails6.1-graphql1.10' do
121
+ gem 'sqlite3', '~> 1.4'
122
+ gem 'devise', '>= 4.7'
123
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
124
+ gem 'graphql', '~> 1.10.0'
125
+ end
126
+
127
+ appraise 'rails6.1-graphql1.11' do
128
+ gem 'sqlite3', '~> 1.4'
129
+ gem 'devise', '>= 4.7'
130
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
131
+ gem 'graphql', '~> 1.11.0'
132
+ end
133
+
134
+ appraise 'rails6.1-graphql1.12' do
135
+ gem 'sqlite3', '~> 1.4'
136
+ gem 'devise', '>= 4.7'
137
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
138
+ gem 'graphql', '~> 1.12.0'
105
139
  end
106
140
 
107
- appraise 'rails_edge-graphql_edge' do
141
+ appraise 'rails6.1-graphql_edge' do
108
142
  gem 'sqlite3', '~> 1.4'
109
143
  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
110
144
  gem 'devise', '>= 4.7'
111
- gem 'rails', github: 'rails/rails', branch: 'master'
145
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
112
146
  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
113
147
  end
data/CHANGELOG.md CHANGED
@@ -1,5 +1,63 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
10
+
11
+ **Deprecated:**
12
+
13
+ - Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
14
+
15
+ **Merged pull requests:**
16
+
17
+ - Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
18
+
19
+ ## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
20
+
21
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
22
+
23
+ **Implemented enhancements:**
24
+
25
+ - Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
26
+
27
+ **Fixed bugs:**
28
+
29
+ - ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
30
+
31
+ ## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
32
+
33
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
34
+
35
+ **Implemented enhancements:**
36
+
37
+ - Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
38
+
39
+ ## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
40
+
41
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
42
+
43
+ **Implemented enhancements:**
44
+
45
+ - Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
46
+ - Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
47
+ - Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
48
+
49
+ **Merged pull requests:**
50
+
51
+ - Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
52
+
53
+ ## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
54
+
55
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
56
+
57
+ **Implemented enhancements:**
58
+
59
+ - Alternate reset password flow, only 2 steps, no redirect [\#146](https://github.com/graphql-devise/graphql_devise/pull/146) ([mcelicalderon](https://github.com/mcelicalderon))
60
+
3
61
  ## [v0.13.6](https://github.com/graphql-devise/graphql_devise/tree/v0.13.6) (2020-12-22)
4
62
 
5
63
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.5...v0.13.6)
@@ -17,7 +75,7 @@
17
75
 
18
76
  - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
19
77
 
20
- ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
78
+ ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
21
79
 
22
80
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
23
81
 
@@ -41,7 +99,7 @@
41
99
 
42
100
  - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
43
101
 
44
- ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
102
+ ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
45
103
 
46
104
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
47
105
 
@@ -54,7 +112,7 @@
54
112
  - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
55
113
  - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
56
114
 
57
- ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
115
+ ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
58
116
 
59
117
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
60
118
 
@@ -71,7 +129,7 @@
71
129
  - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
72
130
  - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
73
131
 
74
- ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
132
+ ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
75
133
 
76
134
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
77
135
 
@@ -124,7 +182,7 @@
124
182
 
125
183
  **Implemented enhancements:**
126
184
 
127
- - Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
185
+ - Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
128
186
  - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
129
187
  - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
130
188
 
@@ -142,6 +200,7 @@
142
200
 
143
201
  **Implemented enhancements:**
144
202
 
203
+ - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
145
204
  - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
146
205
 
147
206
  **Fixed bugs:**
@@ -152,7 +211,6 @@
152
211
 
153
212
  - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
154
213
  - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
155
- - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
156
214
 
157
215
  **Merged pull requests:**
158
216
 
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # GraphqlDevise
2
- [![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
3
- [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
2
+ [![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
3
+ [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
4
4
  [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
5
5
 
6
6
  GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,41 +8,44 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
8
8
  ## Table of Contents
9
9
 
10
10
  <!--ts-->
11
- * [GraphqlDevise](#graphqldevise)
12
- * [Table of Contents](#table-of-contents)
13
- * [Introduction](#introduction)
14
- * [Installation](#installation)
15
- * [Running the Generator](#running-the-generator)
16
- * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
- * [Important](#important)
18
- * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
- * [Important](#important-1)
20
- * [Usage](#usage)
21
- * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
- * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
- * [Available Mount Options](#available-mount-options)
24
- * [Available Operations](#available-operations)
25
- * [Configuring Model](#configuring-model)
26
- * [Email Reconfirmation](#email-reconfirmation)
27
- * [Customizing Email Templates](#customizing-email-templates)
28
- * [I18n](#i18n)
29
- * [Authenticating Controller Actions](#authenticating-controller-actions)
30
- * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
31
- * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
32
- * [Important](#important-2)
33
- * [Making Requests](#making-requests)
34
- * [Mutations](#mutations)
35
- * [Queries](#queries)
36
- * [More Configuration Options](#more-configuration-options)
37
- * [Devise Token Auth Initializer](#devise-token-auth-initializer)
38
- * [Devise Initializer](#devise-initializer)
39
- * [GraphQL Interpreter](#graphql-interpreter)
40
- * [Using Alongside Standard Devise](#using-alongside-standard-devise)
41
- * [Future Work](#future-work)
42
- * [Contributing](#contributing)
43
- * [License](#license)
44
-
45
- <!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
11
+ * [GraphqlDevise](#graphqldevise)
12
+ * [Table of Contents](#table-of-contents)
13
+ * [Introduction](#introduction)
14
+ * [Installation](#installation)
15
+ * [Running the Generator](#running-the-generator)
16
+ * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
+ * [Important](#important)
18
+ * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
+ * [Important](#important-1)
20
+ * [Usage](#usage)
21
+ * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
+ * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
+ * [Available Mount Options](#available-mount-options)
24
+ * [Available Operations](#available-operations)
25
+ * [Configuring Model](#configuring-model)
26
+ * [Email Reconfirmation](#email-reconfirmation)
27
+ * [Customizing Email Templates](#customizing-email-templates)
28
+ * [I18n](#i18n)
29
+ * [Authenticating Controller Actions](#authenticating-controller-actions)
30
+ * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
31
+ * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
32
+ * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
33
+ * [Important](#important-2)
34
+ * [Making Requests](#making-requests)
35
+ * [Introspection query](#introspection-query)
36
+ * [Mutations](#mutations)
37
+ * [Queries](#queries)
38
+ * [Reset Password Flow](#reset-password-flow)
39
+ * [More Configuration Options](#more-configuration-options)
40
+ * [Devise Token Auth Initializer](#devise-token-auth-initializer)
41
+ * [Devise Initializer](#devise-initializer)
42
+ * [GraphQL Interpreter](#graphql-interpreter)
43
+ * [Using Alongside Standard Devise](#using-alongside-standard-devise)
44
+ * [Future Work](#future-work)
45
+ * [Contributing](#contributing)
46
+ * [License](#license)
47
+
48
+ <!-- Added by: mcelicalderon, at: Sat May 8 12:32:03 -05 2021 -->
46
49
 
47
50
  <!--te-->
48
51
 
@@ -98,7 +101,7 @@ Will do the following:
98
101
  - Add `devise` modules to `Admin` model
99
102
  - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
100
103
  - Add the route to `config/routes.rb`
101
- - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
104
+ - `mount_graphql_devise_for Admin, at: 'api/auth'`
102
105
 
103
106
  `Admin` could be any model name you are going to be using for authentication,
104
107
  and `api/auth` could be any mount path you would like to use for auth.
@@ -147,7 +150,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
147
150
 
148
151
  Rails.application.routes.draw do
149
152
  mount_graphql_devise_for(
150
- 'User',
153
+ User,
151
154
  at: 'api/v1',
152
155
  authenticatable_type: Types::MyCustomUserType,
153
156
  operations: {
@@ -185,7 +188,7 @@ class DummySchema < GraphQL::Schema
185
188
  query: Types::QueryType,
186
189
  mutation: Types::MutationType,
187
190
  resource_loaders: [
188
- GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
191
+ GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
189
192
  ]
190
193
  )
191
194
 
@@ -225,6 +228,12 @@ authentication unless specified otherwise using the `authenticate: true` option
225
228
  one argument (field name) and is called whenever a field that requires authentication
226
229
  is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
227
230
  raised if authentication fails. This will provide a GQL like error message on the response.
231
+ 1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
232
+ information about what queries the schema supports. This query is very powerful and
233
+ there may be some case in which you want to limit its usage to authenticated users.
234
+ To accomplish this the schema plugin provides the `public_introspection` option. This option
235
+ accepts a boolean value and by default will consider introspection queries public in all
236
+ environments but production.
228
237
 
229
238
  ### Available Mount Options
230
239
  Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -234,10 +243,10 @@ this gem's auth operation into your schema, these are the options you can provid
234
243
 
235
244
  ```ruby
236
245
  # Using the mount method in your config/routes.rb file
237
- mount_graphql_devise_for('User', {})
246
+ mount_graphql_devise_for(User, {})
238
247
 
239
248
  # Providing options to a GraphqlDevise::ResourceLoader
240
- GraphqlDevise::ResourceLoader.new('User', {})
249
+ GraphqlDevise::ResourceLoader.new(User, {})
241
250
  ```
242
251
 
243
252
  1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,10 +297,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
288
297
  :login
289
298
  :logout
290
299
  :sign_up
291
- :update_password
292
- :send_password_reset
293
300
  :confirm_account
301
+ :send_password_reset
294
302
  :check_password_token
303
+ :update_password
304
+ :send_password_reset_with_token
305
+ :update_password_with_token
295
306
  ```
296
307
 
297
308
  ### Configuring Model
@@ -375,7 +386,71 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
375
386
  ### Authenticating Controller Actions
376
387
  When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
377
388
 
378
- #### Authenticate Before Reaching Your GQL Schema
389
+ #### Authenticate Resource in the Controller (>= v0.15.0)
390
+ This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
391
+ You simply need to pass the return value of our `gql_devise_context` method in the context of your
392
+ GQL schema execution like this:
393
+
394
+ ```ruby
395
+ # app/controllers/my_controller.rb
396
+
397
+ class MyController < ApplicationController
398
+ include GraphqlDevise::Concerns::SetUserByToken
399
+
400
+ def my_action
401
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User))
402
+ render json: result unless performed?
403
+ end
404
+ end
405
+ ```
406
+ `gql_devise_context` receives as many models as you need to authenticate in the request, like this:
407
+ ```ruby
408
+ # app/controllers/my_controller.rb
409
+
410
+ class MyController < ApplicationController
411
+ include GraphqlDevise::Concerns::SetUserByToken
412
+
413
+ def my_action
414
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
415
+ render json: result unless performed?
416
+ end
417
+ end
418
+ ```
419
+ Internally in your own mutations and queries a key `current_resource` will be available in
420
+ the context if a resource was successfully authenticated or `nil` otherwise.
421
+
422
+ Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
423
+ on who makes the request, the context value `current_resource` might contain instances of the
424
+ different models you provided.
425
+
426
+ **Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
427
+ method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
428
+ It will also set the instance variable `@resource` in the controller.
429
+
430
+ Please note that by using this mechanism your GQL schema will be in control of what queries are
431
+ restricted to authenticated users and you can only do this at the root level fields of your GQL
432
+ schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
433
+ so this can work.
434
+
435
+ In you main app's schema this is how you might specify if a field needs to be authenticated or not:
436
+ ```ruby
437
+ module Types
438
+ class QueryType < Types::BaseObject
439
+ # user field used the default set in the Plugin's initializer
440
+ field :user, resolver: Resolvers::UserShow
441
+ # this field will never require authentication
442
+ field :public_field, String, null: false, authenticate: false
443
+ # this field requires authentication
444
+ field :private_field, String, null: false, authenticate: true
445
+ end
446
+ end
447
+ ```
448
+ **Important:** Currently, the only check the plugin does to see if the user is authenticated or not when executing
449
+ the query, is verifying that `context[:current_resource].present?` in the GraphQL context.
450
+ So, be careful not to populate that key of the context with values other than what `gql_devise_context`
451
+ returns. The option to do more complex verifications will be added in the future.
452
+
453
+ #### Authenticate Before Reaching Your GQL Schema (Deprecated)
379
454
  For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
380
455
  In our example our model is `User`, so it would look like this:
381
456
  ```ruby
@@ -387,7 +462,7 @@ class MyController < ApplicationController
387
462
  before_action :authenticate_user!
388
463
 
389
464
  def my_action
390
- result = DummySchema.execute(params[:query], context: current_user: current_user)
465
+ result = DummySchema.execute(params[:query], context: { current_resource: current_user })
391
466
  render json: result unless performed?
392
467
  end
393
468
  end
@@ -396,7 +471,7 @@ end
396
471
  The install generator can include the concern in you application controller.
397
472
  If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
398
473
 
399
- #### Authenticate in Your GQL Schema
474
+ #### Authenticate in Your GQL Schema (Deprecated)
400
475
  For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
401
476
  [here](#mounting-operations-into-your-own-schema).
402
477
 
@@ -413,7 +488,7 @@ class MyController < ApplicationController
413
488
  end
414
489
  ```
415
490
  The `graphql_context` method receives a symbol identifying the resource you are trying
416
- to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
491
+ to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
417
492
  this snippet to find the symbol for more complex scenarios
418
493
  `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
419
494
  array of resources if you mounted more than one into your schema. The gem will try to
@@ -451,6 +526,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
451
526
  ### Making Requests
452
527
  Here is a list of the available mutations and queries assuming your mounted model is `User`.
453
528
 
529
+ #### Introspection query
530
+ If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
531
+
454
532
  #### Mutations
455
533
 
456
534
  Operation | Description | Example
@@ -458,9 +536,11 @@ Operation | Description | Example
458
536
  login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
459
537
  logout | | userLogout: UserLogoutPayload
460
538
  signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
461
- sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
462
- updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
539
+ sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
540
+ updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
463
541
  resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
542
+ sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
543
+ updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
464
544
 
465
545
  #### Queries
466
546
  Operation | Description | Example
@@ -478,6 +558,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
478
558
  Also, the [dummy app](spec/dummy) used in our specs will give you
479
559
  a clear idea on how to configure the gem on your Rails application.
480
560
 
561
+ ### Reset Password Flow
562
+ This gem supports two password recovery flows. The most recently implemented is preferred and
563
+ requires less steps. More detail on how it works can be found
564
+ [here](docs/usage/reset_password_flow.md).
565
+
481
566
  ### More Configuration Options
482
567
  As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
483
568
  this values on the initializer files generated by the installer.