graphql_devise 0.13.6 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e90de970ae686dd8437156a6d830b922c1fe4369c10206532073e5bb3f8f75f8
-  data.tar.gz: 3a74fe59c81889eb9f5a4bb42710d4cb7e086b9a9bdbd0e9bd09a370ccd7f435
+  metadata.gz: 6f90be997c50518d79c6b3fdaee2f896aeec557ca5084a6bac7059a518dd8ec3
+  data.tar.gz: e25b07dee790cd64a48a07970974c6ae3e2a567c9a75321f7af69c693140a342
 SHA512:
-  metadata.gz: 0f608b88cf17acc4e8c4d7d54fb4d578afb38d2c7f7a73b9df2cee7b9661cdb6a35b1b45e4a6d7c05e022a334f6c7ed8bf1427b301422c2e27f191a830dde621
-  data.tar.gz: 5d5bc1eab5158c5134f18a7f2f85e0653139ee13d67c45efb7050274d41ed6f1a5c2dee0c97c57ca987bd7f74556cbca9ae478b7782aee28f5967308d7bd3c92
+  metadata.gz: 8453243ec0816b2fc828c13f1033b70e97ae71d68c2938af469a435f99a1b26369f0482a4abcda50fbf61c1a9d1fbde12b47a51f6fa42fdbb29afe5aa7f8760e
+  data.tar.gz: 0fb0ef651e1be37157948ce48e24690ec741e543abf5771ad85f6380a640efb9b772195b16132685887cef9eb8f03d923a12406c99877100c6f13408a70280d8

data/.circleci/config.yml

@@ -0,0 +1,118 @@
+version: 2.1
+orbs:
+  coveralls: coveralls/coveralls@1.0.6
+
+jobs:
+  test:
+    parameters:
+      ruby-version:
+        type: string
+      gemfile:
+        type: string
+    docker:
+      - image: 'ruby:<< parameters.ruby-version >>'
+    environment:
+      BUNDLE_GEMFILE: << parameters.gemfile >>
+      BUNDLE_PATH: ../vendor/bundle
+      COVERALLS_PARALLEL: true
+      EAGER_LOAD: 'true'
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+      - run: gem install bundler -v '1.17'
+      - run:
+          name: Install dependencies
+          command: bundle install
+      - save_cache:
+          key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+          paths:
+            - vendor/bundle
+      - run:
+          name: Run Specs
+          command:
+            bundle exec rspec
+  report-coverage:
+    docker:
+      - image: 'circleci/node:10.0.0'
+    steps:
+      - coveralls/upload:
+          parallel_finished: true
+
+workflows:
+  test-suite:
+    jobs:
+      - test:
+          matrix:
+            parameters:
+              ruby-version:
+                - '2.2'
+                - '2.3'
+                - '2.4'
+                - '2.5'
+                - '2.6'
+                - '2.7'
+                - '3.0'
+              gemfile:
+                - gemfiles/rails4.2_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.9.gemfile
+                - gemfiles/rails5.1_graphql1.8.gemfile
+                - gemfiles/rails5.1_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.8.gemfile
+                - gemfiles/rails5.2_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.10.gemfile
+                - gemfiles/rails5.2_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.12.gemfile
+                - gemfiles/rails6.1_graphql1.11.gemfile
+                - gemfiles/rails6.1_graphql1.12.gemfile
+            exclude:
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.7'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.10.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.11.gemfile
+      - report-coverage:
+          requires:
+            - test

data/Appraisals

@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
   gem 'rspec-rails', '< 4.0'
 end
 
+appraise 'rails5.2-graphql1.12' do
+  gem 'sqlite3', '~> 1.3.6'
+  gem 'rails', github: 'rails/rails', branch: '5-2-stable'
+  gem 'graphql', '~> 1.12.0'
+  gem 'rspec-rails', '< 4.0'
+end
+
 appraise 'rails6.0-graphql1.8' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
   gem 'graphql', '~> 1.11.0'
 end
 
-appraise 'rails6.0-graphql_edge' do
+appraise 'rails6.0-graphql1.12' do
   gem 'sqlite3', '~> 1.4'
-  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
   gem 'rails', github: 'rails/rails', branch: '6-0-stable'
-  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
+  gem 'graphql', '~> 1.12.0'
+end
+
+appraise 'rails6.1-graphql1.9' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.9.0'
+end
+
+appraise 'rails6.1-graphql1.10' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.10.0'
+end
+
+appraise 'rails6.1-graphql1.11' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.11.0'
+end
+
+appraise 'rails6.1-graphql1.12' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.12.0'
 end
 
-appraise 'rails_edge-graphql_edge' do
+appraise 'rails6.1-graphql_edge' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
-  gem 'rails', github: 'rails/rails', branch: 'master'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
   gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
 end

data/CHANGELOG.md

@@ -1,5 +1,63 @@
 # Changelog
 
+## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
+
+**Implemented enhancements:**
+
+- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
+
+**Implemented enhancements:**
+
+- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
+
+**Fixed bugs:**
+
+- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
+
+## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
+
+**Implemented enhancements:**
+
+- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
+
+## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
+
+**Implemented enhancements:**
+
+- Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
+- Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
+- Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
+
+**Merged pull requests:**
+
+- Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
+
+**Implemented enhancements:**
+
+- Alternate reset password flow, only 2 steps, no redirect [\#146](https://github.com/graphql-devise/graphql_devise/pull/146) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.13.6](https://github.com/graphql-devise/graphql_devise/tree/v0.13.6) (2020-12-22)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.5...v0.13.6)
@@ -17,7 +75,7 @@
 
 - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
 
-## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
+## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
 
@@ -41,7 +99,7 @@
 
 - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
 
-## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
+## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
 
@@ -54,7 +112,7 @@
 - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
 - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
 
-## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
+## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
 
@@ -71,7 +129,7 @@
 - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
 - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
 
-## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
+## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
 
@@ -124,7 +182,7 @@
 
 **Implemented enhancements:**
 
-- Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
+- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
 - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
 - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
 
@@ -142,6 +200,7 @@
 
 **Implemented enhancements:**
 
+- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
 
 **Fixed bugs:**
@@ -152,7 +211,6 @@
 
 - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
 - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
-- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 
 **Merged pull requests:**
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphqlDevise
-[![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
-[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
+[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
+[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
 [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
 
 GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,41 +8,44 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
 ## Table of Contents
 
 <!--ts-->
-   * [GraphqlDevise](#graphqldevise)
-      * [Table of Contents](#table-of-contents)
-      * [Introduction](#introduction)
-      * [Installation](#installation)
-         * [Running the Generator](#running-the-generator)
-            * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
-               * [Important](#important)
-            * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
-               * [Important](#important-1)
-      * [Usage](#usage)
-         * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
-         * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
-         * [Available Mount Options](#available-mount-options)
-         * [Available Operations](#available-operations)
-         * [Configuring Model](#configuring-model)
-         * [Email Reconfirmation](#email-reconfirmation)
-         * [Customizing Email Templates](#customizing-email-templates)
-         * [I18n](#i18n)
-         * [Authenticating Controller Actions](#authenticating-controller-actions)
-            * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
-            * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
-            * [Important](#important-2)
-         * [Making Requests](#making-requests)
-            * [Mutations](#mutations)
-            * [Queries](#queries)
-         * [More Configuration Options](#more-configuration-options)
-            * [Devise Token Auth Initializer](#devise-token-auth-initializer)
-            * [Devise Initializer](#devise-initializer)
-         * [GraphQL Interpreter](#graphql-interpreter)
-         * [Using Alongside Standard Devise](#using-alongside-standard-devise)
-      * [Future Work](#future-work)
-      * [Contributing](#contributing)
-      * [License](#license)
-
-<!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
+* [GraphqlDevise](#graphqldevise)
+   * [Table of Contents](#table-of-contents)
+   * [Introduction](#introduction)
+   * [Installation](#installation)
+      * [Running the Generator](#running-the-generator)
+         * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
+            * [Important](#important)
+         * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
+            * [Important](#important-1)
+   * [Usage](#usage)
+      * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
+      * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+      * [Available Mount Options](#available-mount-options)
+      * [Available Operations](#available-operations)
+      * [Configuring Model](#configuring-model)
+      * [Email Reconfirmation](#email-reconfirmation)
+      * [Customizing Email Templates](#customizing-email-templates)
+      * [I18n](#i18n)
+      * [Authenticating Controller Actions](#authenticating-controller-actions)
+         * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
+         * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
+         * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
+         * [Important](#important-2)
+      * [Making Requests](#making-requests)
+         * [Introspection query](#introspection-query)
+         * [Mutations](#mutations)
+         * [Queries](#queries)
+      * [Reset Password Flow](#reset-password-flow)
+      * [More Configuration Options](#more-configuration-options)
+         * [Devise Token Auth Initializer](#devise-token-auth-initializer)
+         * [Devise Initializer](#devise-initializer)
+      * [GraphQL Interpreter](#graphql-interpreter)
+      * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+   * [Future Work](#future-work)
+   * [Contributing](#contributing)
+   * [License](#license)
+
+<!-- Added by: mcelicalderon, at: Sat May  8 12:32:03 -05 2021 -->
 
 <!--te-->
 
@@ -98,7 +101,7 @@ Will do the following:
   - Add `devise` modules to `Admin` model
   - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
 - Add the route to `config/routes.rb`
-  - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
+  - `mount_graphql_devise_for Admin, at: 'api/auth'`
 
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
@@ -147,7 +150,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
 
 Rails.application.routes.draw do
   mount_graphql_devise_for(
-    'User',
+    User,
     at: 'api/v1',
     authenticatable_type: Types::MyCustomUserType,
     operations: {
@@ -185,7 +188,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
     ]
   )
 
@@ -225,6 +228,12 @@ authentication unless specified otherwise using the `authenticate: true` option
 one argument (field name) and is called whenever a field that requires authentication
 is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
 raised if authentication fails. This will provide a GQL like error message on the response.
+1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
+information about what queries the schema supports. This query is very powerful and
+there may be some case in which you want to limit its usage to authenticated users.
+To accomplish this the schema plugin provides the `public_introspection` option. This option
+accepts a boolean value and by default will consider introspection queries public in all
+environments but production.
 
 ### Available Mount Options
 Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -234,10 +243,10 @@ this gem's auth operation into your schema, these are the options you can provid
 
 ```ruby
 # Using the mount method in your config/routes.rb file
-mount_graphql_devise_for('User', {})
+mount_graphql_devise_for(User, {})
 
 # Providing options to a GraphqlDevise::ResourceLoader
-GraphqlDevise::ResourceLoader.new('User', {})
+GraphqlDevise::ResourceLoader.new(User, {})
 ```
 
 1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,10 +297,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 :login
 :logout
 :sign_up
-:update_password
-:send_password_reset
 :confirm_account
+:send_password_reset
 :check_password_token
+:update_password
+:send_password_reset_with_token
+:update_password_with_token
 ```
 
 ### Configuring Model
@@ -375,7 +386,71 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
 ### Authenticating Controller Actions
 When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
 
-#### Authenticate Before Reaching Your GQL Schema
+#### Authenticate Resource in the Controller (>= v0.15.0)
+This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
+You simply need to pass the return value of our `gql_devise_context` method in the context of your
+GQL schema execution like this:
+
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User))
+    render json: result unless performed?
+  end
+end
+```
+`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+    render json: result unless performed?
+  end
+end
+```
+Internally in your own mutations and queries a key `current_resource` will be available in
+the context if a resource was successfully authenticated or `nil` otherwise.
+
+Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
+on who makes the request, the context value `current_resource` might contain instances of the
+different models you provided.
+
+**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
+method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
+It will also set the instance variable `@resource` in the controller.
+
+Please note that by using this mechanism your GQL schema will be in control of what queries are
+restricted to authenticated users and you can only do this at the root level fields of your GQL
+schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
+so this can work.
+
+In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+```ruby
+module Types
+  class QueryType < Types::BaseObject
+    # user field used the default set in the Plugin's initializer
+    field :user, resolver: Resolvers::UserShow
+    # this field will never require authentication
+    field :public_field, String, null: false, authenticate: false
+    # this field requires authentication
+    field :private_field, String, null: false, authenticate: true
+  end
+end
+```
+**Important:** Currently, the only check the plugin does to see if the user is authenticated or not when executing
+the query, is verifying that `context[:current_resource].present?` in the GraphQL context.
+So, be careful not to populate that key of the context with values other than what `gql_devise_context`
+returns. The option to do more complex verifications will be added in the future.
+
+#### Authenticate Before Reaching Your GQL Schema (Deprecated)
 For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
 In our example our model is `User`, so it would look like this:
 ```ruby
@@ -387,7 +462,7 @@ class MyController < ApplicationController
   before_action :authenticate_user!
 
   def my_action
-    result = DummySchema.execute(params[:query], context: current_user: current_user)
+    result = DummySchema.execute(params[:query], context: { current_resource: current_user })
     render json: result unless performed?
   end
 end
@@ -396,7 +471,7 @@ end
 The install generator can include the concern in you application controller.
 If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
 
-#### Authenticate in Your GQL Schema
+#### Authenticate in Your GQL Schema (Deprecated)
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
 [here](#mounting-operations-into-your-own-schema).
 
@@ -413,7 +488,7 @@ class MyController < ApplicationController
 end
 ```
 The `graphql_context` method receives a symbol identifying the resource you are trying
-to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
+to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
 this snippet to find the symbol for more complex scenarios
 `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
 array of resources if you mounted more than one into your schema. The gem will try to
@@ -451,6 +526,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
 
+#### Introspection query
+If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
+
 #### Mutations
 
 Operation | Description | Example
@@ -458,9 +536,11 @@ Operation | Description | Example
 login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
 logout | | userLogout: UserLogoutPayload
 signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
 resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
+sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
+updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
 
 #### Queries
 Operation | Description | Example
@@ -478,6 +558,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
 Also, the [dummy app](spec/dummy) used in our specs will give you
 a clear idea on how to configure the gem on your Rails application.
 
+### Reset Password Flow
+This gem supports two password recovery flows. The most recently implemented is preferred and
+requires less steps. More detail on how it works can be found
+[here](docs/usage/reset_password_flow.md).
+
 ### More Configuration Options
 As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
 this values on the initializer files generated by the installer.