graphql_devise 0.13.6 → 0.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +118 -0
- data/Appraisals +39 -5
- data/CHANGELOG.md +64 -6
- data/README.md +135 -50
- data/Rakefile +2 -1
- data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb +72 -0
- data/app/controllers/graphql_devise/concerns/set_user_by_token.rb +5 -27
- data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
- data/app/helpers/graphql_devise/mailer_helper.rb +2 -2
- data/app/models/graphql_devise/concerns/additional_model_methods.rb +21 -0
- data/app/models/graphql_devise/concerns/model.rb +6 -9
- data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb +7 -1
- data/config/locales/en.yml +1 -0
- data/docs/usage/reset_password_flow.md +90 -0
- data/graphql_devise.gemspec +2 -2
- data/lib/generators/graphql_devise/install_generator.rb +1 -1
- data/lib/graphql_devise.rb +20 -6
- data/lib/graphql_devise/concerns/controller_methods.rb +3 -3
- data/lib/graphql_devise/default_operations/mutations.rb +10 -6
- data/lib/graphql_devise/mount_method/operation_preparer.rb +6 -6
- data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb +6 -4
- data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -4
- data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb} +4 -4
- data/lib/graphql_devise/mutations/send_password_reset_with_token.rb +37 -0
- data/lib/graphql_devise/mutations/update_password_with_token.rb +38 -0
- data/lib/graphql_devise/resolvers/confirm_account.rb +1 -1
- data/lib/graphql_devise/resource_loader.rb +26 -11
- data/lib/graphql_devise/schema_plugin.rb +35 -16
- data/lib/graphql_devise/version.rb +1 -1
- data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +13 -2
- data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
- data/spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb +13 -0
- data/spec/dummy/config/routes.rb +4 -2
- data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
- data/spec/dummy/db/schema.rb +0 -1
- data/spec/generators/graphql_devise/install_generator_spec.rb +1 -1
- data/spec/graphql/user_queries_spec.rb +120 -0
- data/spec/requests/graphql_controller_spec.rb +12 -11
- data/spec/requests/mutations/send_password_reset_with_token_spec.rb +78 -0
- data/spec/requests/mutations/update_password_with_token_spec.rb +119 -0
- data/spec/requests/queries/check_password_token_spec.rb +1 -1
- data/spec/requests/queries/introspection_query_spec.rb +149 -0
- data/spec/requests/user_controller_spec.rb +29 -9
- data/spec/services/mount_method/operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb} +6 -6
- data/spec/services/resource_loader_spec.rb +5 -5
- data/spec/support/contexts/graphql_request.rb +11 -3
- data/spec/support/contexts/schema_test.rb +14 -0
- metadata +31 -14
- data/.travis.yml +0 -79
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f90be997c50518d79c6b3fdaee2f896aeec557ca5084a6bac7059a518dd8ec3
|
4
|
+
data.tar.gz: e25b07dee790cd64a48a07970974c6ae3e2a567c9a75321f7af69c693140a342
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8453243ec0816b2fc828c13f1033b70e97ae71d68c2938af469a435f99a1b26369f0482a4abcda50fbf61c1a9d1fbde12b47a51f6fa42fdbb29afe5aa7f8760e
|
7
|
+
data.tar.gz: 0fb0ef651e1be37157948ce48e24690ec741e543abf5771ad85f6380a640efb9b772195b16132685887cef9eb8f03d923a12406c99877100c6f13408a70280d8
|
@@ -0,0 +1,118 @@
|
|
1
|
+
version: 2.1
|
2
|
+
orbs:
|
3
|
+
coveralls: coveralls/coveralls@1.0.6
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
test:
|
7
|
+
parameters:
|
8
|
+
ruby-version:
|
9
|
+
type: string
|
10
|
+
gemfile:
|
11
|
+
type: string
|
12
|
+
docker:
|
13
|
+
- image: 'ruby:<< parameters.ruby-version >>'
|
14
|
+
environment:
|
15
|
+
BUNDLE_GEMFILE: << parameters.gemfile >>
|
16
|
+
BUNDLE_PATH: ../vendor/bundle
|
17
|
+
COVERALLS_PARALLEL: true
|
18
|
+
EAGER_LOAD: 'true'
|
19
|
+
steps:
|
20
|
+
- checkout
|
21
|
+
- restore_cache:
|
22
|
+
keys:
|
23
|
+
- v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
|
24
|
+
- run: gem install bundler -v '1.17'
|
25
|
+
- run:
|
26
|
+
name: Install dependencies
|
27
|
+
command: bundle install
|
28
|
+
- save_cache:
|
29
|
+
key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
|
30
|
+
paths:
|
31
|
+
- vendor/bundle
|
32
|
+
- run:
|
33
|
+
name: Run Specs
|
34
|
+
command:
|
35
|
+
bundle exec rspec
|
36
|
+
report-coverage:
|
37
|
+
docker:
|
38
|
+
- image: 'circleci/node:10.0.0'
|
39
|
+
steps:
|
40
|
+
- coveralls/upload:
|
41
|
+
parallel_finished: true
|
42
|
+
|
43
|
+
workflows:
|
44
|
+
test-suite:
|
45
|
+
jobs:
|
46
|
+
- test:
|
47
|
+
matrix:
|
48
|
+
parameters:
|
49
|
+
ruby-version:
|
50
|
+
- '2.2'
|
51
|
+
- '2.3'
|
52
|
+
- '2.4'
|
53
|
+
- '2.5'
|
54
|
+
- '2.6'
|
55
|
+
- '2.7'
|
56
|
+
- '3.0'
|
57
|
+
gemfile:
|
58
|
+
- gemfiles/rails4.2_graphql1.8.gemfile
|
59
|
+
- gemfiles/rails5.0_graphql1.8.gemfile
|
60
|
+
- gemfiles/rails5.0_graphql1.9.gemfile
|
61
|
+
- gemfiles/rails5.1_graphql1.8.gemfile
|
62
|
+
- gemfiles/rails5.1_graphql1.9.gemfile
|
63
|
+
- gemfiles/rails5.2_graphql1.8.gemfile
|
64
|
+
- gemfiles/rails5.2_graphql1.9.gemfile
|
65
|
+
- gemfiles/rails5.2_graphql1.10.gemfile
|
66
|
+
- gemfiles/rails5.2_graphql1.11.gemfile
|
67
|
+
- gemfiles/rails6.0_graphql1.11.gemfile
|
68
|
+
- gemfiles/rails6.0_graphql1.12.gemfile
|
69
|
+
- gemfiles/rails6.1_graphql1.11.gemfile
|
70
|
+
- gemfiles/rails6.1_graphql1.12.gemfile
|
71
|
+
exclude:
|
72
|
+
- ruby-version: '2.2'
|
73
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
74
|
+
- ruby-version: '2.2'
|
75
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
76
|
+
- ruby-version: '2.2'
|
77
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
78
|
+
- ruby-version: '2.2'
|
79
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
80
|
+
- ruby-version: '2.3'
|
81
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
82
|
+
- ruby-version: '2.3'
|
83
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
84
|
+
- ruby-version: '2.3'
|
85
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
86
|
+
- ruby-version: '2.3'
|
87
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
88
|
+
- ruby-version: '2.4'
|
89
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
90
|
+
- ruby-version: '2.4'
|
91
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
92
|
+
- ruby-version: '2.4'
|
93
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
94
|
+
- ruby-version: '2.4'
|
95
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
96
|
+
- ruby-version: '2.7'
|
97
|
+
gemfile: gemfiles/rails4.2_graphql1.8.gemfile
|
98
|
+
- ruby-version: '3.0'
|
99
|
+
gemfile: gemfiles/rails4.2_graphql1.8.gemfile
|
100
|
+
- ruby-version: '3.0'
|
101
|
+
gemfile: gemfiles/rails5.0_graphql1.8.gemfile
|
102
|
+
- ruby-version: '3.0'
|
103
|
+
gemfile: gemfiles/rails5.0_graphql1.9.gemfile
|
104
|
+
- ruby-version: '3.0'
|
105
|
+
gemfile: gemfiles/rails5.1_graphql1.8.gemfile
|
106
|
+
- ruby-version: '3.0'
|
107
|
+
gemfile: gemfiles/rails5.1_graphql1.9.gemfile
|
108
|
+
- ruby-version: '3.0'
|
109
|
+
gemfile: gemfiles/rails5.2_graphql1.8.gemfile
|
110
|
+
- ruby-version: '3.0'
|
111
|
+
gemfile: gemfiles/rails5.2_graphql1.9.gemfile
|
112
|
+
- ruby-version: '3.0'
|
113
|
+
gemfile: gemfiles/rails5.2_graphql1.10.gemfile
|
114
|
+
- ruby-version: '3.0'
|
115
|
+
gemfile: gemfiles/rails5.2_graphql1.11.gemfile
|
116
|
+
- report-coverage:
|
117
|
+
requires:
|
118
|
+
- test
|
data/Appraisals
CHANGED
@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
|
|
68
68
|
gem 'rspec-rails', '< 4.0'
|
69
69
|
end
|
70
70
|
|
71
|
+
appraise 'rails5.2-graphql1.12' do
|
72
|
+
gem 'sqlite3', '~> 1.3.6'
|
73
|
+
gem 'rails', github: 'rails/rails', branch: '5-2-stable'
|
74
|
+
gem 'graphql', '~> 1.12.0'
|
75
|
+
gem 'rspec-rails', '< 4.0'
|
76
|
+
end
|
77
|
+
|
71
78
|
appraise 'rails6.0-graphql1.8' do
|
72
79
|
gem 'sqlite3', '~> 1.4'
|
73
80
|
gem 'devise', '>= 4.7'
|
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
|
|
96
103
|
gem 'graphql', '~> 1.11.0'
|
97
104
|
end
|
98
105
|
|
99
|
-
appraise 'rails6.0-
|
106
|
+
appraise 'rails6.0-graphql1.12' do
|
100
107
|
gem 'sqlite3', '~> 1.4'
|
101
|
-
gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
|
102
108
|
gem 'devise', '>= 4.7'
|
103
109
|
gem 'rails', github: 'rails/rails', branch: '6-0-stable'
|
104
|
-
gem 'graphql',
|
110
|
+
gem 'graphql', '~> 1.12.0'
|
111
|
+
end
|
112
|
+
|
113
|
+
appraise 'rails6.1-graphql1.9' do
|
114
|
+
gem 'sqlite3', '~> 1.4'
|
115
|
+
gem 'devise', '>= 4.7'
|
116
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
117
|
+
gem 'graphql', '~> 1.9.0'
|
118
|
+
end
|
119
|
+
|
120
|
+
appraise 'rails6.1-graphql1.10' do
|
121
|
+
gem 'sqlite3', '~> 1.4'
|
122
|
+
gem 'devise', '>= 4.7'
|
123
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
124
|
+
gem 'graphql', '~> 1.10.0'
|
125
|
+
end
|
126
|
+
|
127
|
+
appraise 'rails6.1-graphql1.11' do
|
128
|
+
gem 'sqlite3', '~> 1.4'
|
129
|
+
gem 'devise', '>= 4.7'
|
130
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
131
|
+
gem 'graphql', '~> 1.11.0'
|
132
|
+
end
|
133
|
+
|
134
|
+
appraise 'rails6.1-graphql1.12' do
|
135
|
+
gem 'sqlite3', '~> 1.4'
|
136
|
+
gem 'devise', '>= 4.7'
|
137
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
138
|
+
gem 'graphql', '~> 1.12.0'
|
105
139
|
end
|
106
140
|
|
107
|
-
appraise '
|
141
|
+
appraise 'rails6.1-graphql_edge' do
|
108
142
|
gem 'sqlite3', '~> 1.4'
|
109
143
|
gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
|
110
144
|
gem 'devise', '>= 4.7'
|
111
|
-
gem 'rails', github: 'rails/rails', branch: '
|
145
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
112
146
|
gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
|
113
147
|
end
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,63 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
|
10
|
+
|
11
|
+
**Deprecated:**
|
12
|
+
|
13
|
+
- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
|
14
|
+
|
15
|
+
**Merged pull requests:**
|
16
|
+
|
17
|
+
- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
|
18
|
+
|
19
|
+
## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
|
20
|
+
|
21
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
|
22
|
+
|
23
|
+
**Implemented enhancements:**
|
24
|
+
|
25
|
+
- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
|
26
|
+
|
27
|
+
**Fixed bugs:**
|
28
|
+
|
29
|
+
- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
|
30
|
+
|
31
|
+
## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
|
32
|
+
|
33
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
|
34
|
+
|
35
|
+
**Implemented enhancements:**
|
36
|
+
|
37
|
+
- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
|
38
|
+
|
39
|
+
## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
|
40
|
+
|
41
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
|
42
|
+
|
43
|
+
**Implemented enhancements:**
|
44
|
+
|
45
|
+
- Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
|
46
|
+
- Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
|
47
|
+
- Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
|
48
|
+
|
49
|
+
**Merged pull requests:**
|
50
|
+
|
51
|
+
- Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
|
52
|
+
|
53
|
+
## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
|
54
|
+
|
55
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
|
56
|
+
|
57
|
+
**Implemented enhancements:**
|
58
|
+
|
59
|
+
- Alternate reset password flow, only 2 steps, no redirect [\#146](https://github.com/graphql-devise/graphql_devise/pull/146) ([mcelicalderon](https://github.com/mcelicalderon))
|
60
|
+
|
3
61
|
## [v0.13.6](https://github.com/graphql-devise/graphql_devise/tree/v0.13.6) (2020-12-22)
|
4
62
|
|
5
63
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.5...v0.13.6)
|
@@ -17,7 +75,7 @@
|
|
17
75
|
|
18
76
|
- Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
|
19
77
|
|
20
|
-
## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-
|
78
|
+
## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
|
21
79
|
|
22
80
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
|
23
81
|
|
@@ -41,7 +99,7 @@
|
|
41
99
|
|
42
100
|
- Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
|
43
101
|
|
44
|
-
## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-
|
102
|
+
## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
|
45
103
|
|
46
104
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
|
47
105
|
|
@@ -54,7 +112,7 @@
|
|
54
112
|
- Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
|
55
113
|
- no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
|
56
114
|
|
57
|
-
## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-
|
115
|
+
## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
|
58
116
|
|
59
117
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
|
60
118
|
|
@@ -71,7 +129,7 @@
|
|
71
129
|
- CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
|
72
130
|
- Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
|
73
131
|
|
74
|
-
## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-
|
132
|
+
## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
|
75
133
|
|
76
134
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
|
77
135
|
|
@@ -124,7 +182,7 @@
|
|
124
182
|
|
125
183
|
**Implemented enhancements:**
|
126
184
|
|
127
|
-
- Default `
|
185
|
+
- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
|
128
186
|
- Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
|
129
187
|
- Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
|
130
188
|
|
@@ -142,6 +200,7 @@
|
|
142
200
|
|
143
201
|
**Implemented enhancements:**
|
144
202
|
|
203
|
+
- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
|
145
204
|
- Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
|
146
205
|
|
147
206
|
**Fixed bugs:**
|
@@ -152,7 +211,6 @@
|
|
152
211
|
|
153
212
|
- Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
|
154
213
|
- Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
|
155
|
-
- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
|
156
214
|
|
157
215
|
**Merged pull requests:**
|
158
216
|
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# GraphqlDevise
|
2
|
-
[![Build Status](https://
|
3
|
-
[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg
|
2
|
+
[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
|
3
|
+
[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
|
5
5
|
|
6
6
|
GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
|
@@ -8,41 +8,44 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
|
|
8
8
|
## Table of Contents
|
9
9
|
|
10
10
|
<!--ts-->
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
* [
|
34
|
-
|
35
|
-
|
36
|
-
* [
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
* [
|
41
|
-
|
42
|
-
* [
|
43
|
-
* [
|
44
|
-
|
45
|
-
|
11
|
+
* [GraphqlDevise](#graphqldevise)
|
12
|
+
* [Table of Contents](#table-of-contents)
|
13
|
+
* [Introduction](#introduction)
|
14
|
+
* [Installation](#installation)
|
15
|
+
* [Running the Generator](#running-the-generator)
|
16
|
+
* [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
|
17
|
+
* [Important](#important)
|
18
|
+
* [Mounting Operations in Your Own Schema (> v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
|
19
|
+
* [Important](#important-1)
|
20
|
+
* [Usage](#usage)
|
21
|
+
* [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
|
22
|
+
* [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
|
23
|
+
* [Available Mount Options](#available-mount-options)
|
24
|
+
* [Available Operations](#available-operations)
|
25
|
+
* [Configuring Model](#configuring-model)
|
26
|
+
* [Email Reconfirmation](#email-reconfirmation)
|
27
|
+
* [Customizing Email Templates](#customizing-email-templates)
|
28
|
+
* [I18n](#i18n)
|
29
|
+
* [Authenticating Controller Actions](#authenticating-controller-actions)
|
30
|
+
* [Authenticate Resource in the Controller (>= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
|
31
|
+
* [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
|
32
|
+
* [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
|
33
|
+
* [Important](#important-2)
|
34
|
+
* [Making Requests](#making-requests)
|
35
|
+
* [Introspection query](#introspection-query)
|
36
|
+
* [Mutations](#mutations)
|
37
|
+
* [Queries](#queries)
|
38
|
+
* [Reset Password Flow](#reset-password-flow)
|
39
|
+
* [More Configuration Options](#more-configuration-options)
|
40
|
+
* [Devise Token Auth Initializer](#devise-token-auth-initializer)
|
41
|
+
* [Devise Initializer](#devise-initializer)
|
42
|
+
* [GraphQL Interpreter](#graphql-interpreter)
|
43
|
+
* [Using Alongside Standard Devise](#using-alongside-standard-devise)
|
44
|
+
* [Future Work](#future-work)
|
45
|
+
* [Contributing](#contributing)
|
46
|
+
* [License](#license)
|
47
|
+
|
48
|
+
<!-- Added by: mcelicalderon, at: Sat May 8 12:32:03 -05 2021 -->
|
46
49
|
|
47
50
|
<!--te-->
|
48
51
|
|
@@ -98,7 +101,7 @@ Will do the following:
|
|
98
101
|
- Add `devise` modules to `Admin` model
|
99
102
|
- Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
|
100
103
|
- Add the route to `config/routes.rb`
|
101
|
-
- `mount_graphql_devise_for
|
104
|
+
- `mount_graphql_devise_for Admin, at: 'api/auth'`
|
102
105
|
|
103
106
|
`Admin` could be any model name you are going to be using for authentication,
|
104
107
|
and `api/auth` could be any mount path you would like to use for auth.
|
@@ -147,7 +150,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
|
|
147
150
|
|
148
151
|
Rails.application.routes.draw do
|
149
152
|
mount_graphql_devise_for(
|
150
|
-
|
153
|
+
User,
|
151
154
|
at: 'api/v1',
|
152
155
|
authenticatable_type: Types::MyCustomUserType,
|
153
156
|
operations: {
|
@@ -185,7 +188,7 @@ class DummySchema < GraphQL::Schema
|
|
185
188
|
query: Types::QueryType,
|
186
189
|
mutation: Types::MutationType,
|
187
190
|
resource_loaders: [
|
188
|
-
GraphqlDevise::ResourceLoader.new(
|
191
|
+
GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
|
189
192
|
]
|
190
193
|
)
|
191
194
|
|
@@ -225,6 +228,12 @@ authentication unless specified otherwise using the `authenticate: true` option
|
|
225
228
|
one argument (field name) and is called whenever a field that requires authentication
|
226
229
|
is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
|
227
230
|
raised if authentication fails. This will provide a GQL like error message on the response.
|
231
|
+
1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
|
232
|
+
information about what queries the schema supports. This query is very powerful and
|
233
|
+
there may be some case in which you want to limit its usage to authenticated users.
|
234
|
+
To accomplish this the schema plugin provides the `public_introspection` option. This option
|
235
|
+
accepts a boolean value and by default will consider introspection queries public in all
|
236
|
+
environments but production.
|
228
237
|
|
229
238
|
### Available Mount Options
|
230
239
|
Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
|
@@ -234,10 +243,10 @@ this gem's auth operation into your schema, these are the options you can provid
|
|
234
243
|
|
235
244
|
```ruby
|
236
245
|
# Using the mount method in your config/routes.rb file
|
237
|
-
mount_graphql_devise_for(
|
246
|
+
mount_graphql_devise_for(User, {})
|
238
247
|
|
239
248
|
# Providing options to a GraphqlDevise::ResourceLoader
|
240
|
-
GraphqlDevise::ResourceLoader.new(
|
249
|
+
GraphqlDevise::ResourceLoader.new(User, {})
|
241
250
|
```
|
242
251
|
|
243
252
|
1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
|
@@ -288,10 +297,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
|
|
288
297
|
:login
|
289
298
|
:logout
|
290
299
|
:sign_up
|
291
|
-
:update_password
|
292
|
-
:send_password_reset
|
293
300
|
:confirm_account
|
301
|
+
:send_password_reset
|
294
302
|
:check_password_token
|
303
|
+
:update_password
|
304
|
+
:send_password_reset_with_token
|
305
|
+
:update_password_with_token
|
295
306
|
```
|
296
307
|
|
297
308
|
### Configuring Model
|
@@ -375,7 +386,71 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
|
|
375
386
|
### Authenticating Controller Actions
|
376
387
|
When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
|
377
388
|
|
378
|
-
#### Authenticate
|
389
|
+
#### Authenticate Resource in the Controller (>= v0.15.0)
|
390
|
+
This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
|
391
|
+
You simply need to pass the return value of our `gql_devise_context` method in the context of your
|
392
|
+
GQL schema execution like this:
|
393
|
+
|
394
|
+
```ruby
|
395
|
+
# app/controllers/my_controller.rb
|
396
|
+
|
397
|
+
class MyController < ApplicationController
|
398
|
+
include GraphqlDevise::Concerns::SetUserByToken
|
399
|
+
|
400
|
+
def my_action
|
401
|
+
result = DummySchema.execute(params[:query], context: gql_devise_context(User))
|
402
|
+
render json: result unless performed?
|
403
|
+
end
|
404
|
+
end
|
405
|
+
```
|
406
|
+
`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
|
407
|
+
```ruby
|
408
|
+
# app/controllers/my_controller.rb
|
409
|
+
|
410
|
+
class MyController < ApplicationController
|
411
|
+
include GraphqlDevise::Concerns::SetUserByToken
|
412
|
+
|
413
|
+
def my_action
|
414
|
+
result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
|
415
|
+
render json: result unless performed?
|
416
|
+
end
|
417
|
+
end
|
418
|
+
```
|
419
|
+
Internally in your own mutations and queries a key `current_resource` will be available in
|
420
|
+
the context if a resource was successfully authenticated or `nil` otherwise.
|
421
|
+
|
422
|
+
Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
|
423
|
+
on who makes the request, the context value `current_resource` might contain instances of the
|
424
|
+
different models you provided.
|
425
|
+
|
426
|
+
**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
|
427
|
+
method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
|
428
|
+
It will also set the instance variable `@resource` in the controller.
|
429
|
+
|
430
|
+
Please note that by using this mechanism your GQL schema will be in control of what queries are
|
431
|
+
restricted to authenticated users and you can only do this at the root level fields of your GQL
|
432
|
+
schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
|
433
|
+
so this can work.
|
434
|
+
|
435
|
+
In you main app's schema this is how you might specify if a field needs to be authenticated or not:
|
436
|
+
```ruby
|
437
|
+
module Types
|
438
|
+
class QueryType < Types::BaseObject
|
439
|
+
# user field used the default set in the Plugin's initializer
|
440
|
+
field :user, resolver: Resolvers::UserShow
|
441
|
+
# this field will never require authentication
|
442
|
+
field :public_field, String, null: false, authenticate: false
|
443
|
+
# this field requires authentication
|
444
|
+
field :private_field, String, null: false, authenticate: true
|
445
|
+
end
|
446
|
+
end
|
447
|
+
```
|
448
|
+
**Important:** Currently, the only check the plugin does to see if the user is authenticated or not when executing
|
449
|
+
the query, is verifying that `context[:current_resource].present?` in the GraphQL context.
|
450
|
+
So, be careful not to populate that key of the context with values other than what `gql_devise_context`
|
451
|
+
returns. The option to do more complex verifications will be added in the future.
|
452
|
+
|
453
|
+
#### Authenticate Before Reaching Your GQL Schema (Deprecated)
|
379
454
|
For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
|
380
455
|
In our example our model is `User`, so it would look like this:
|
381
456
|
```ruby
|
@@ -387,7 +462,7 @@ class MyController < ApplicationController
|
|
387
462
|
before_action :authenticate_user!
|
388
463
|
|
389
464
|
def my_action
|
390
|
-
result = DummySchema.execute(params[:query], context:
|
465
|
+
result = DummySchema.execute(params[:query], context: { current_resource: current_user })
|
391
466
|
render json: result unless performed?
|
392
467
|
end
|
393
468
|
end
|
@@ -396,7 +471,7 @@ end
|
|
396
471
|
The install generator can include the concern in you application controller.
|
397
472
|
If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
|
398
473
|
|
399
|
-
#### Authenticate in Your GQL Schema
|
474
|
+
#### Authenticate in Your GQL Schema (Deprecated)
|
400
475
|
For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
|
401
476
|
[here](#mounting-operations-into-your-own-schema).
|
402
477
|
|
@@ -413,7 +488,7 @@ class MyController < ApplicationController
|
|
413
488
|
end
|
414
489
|
```
|
415
490
|
The `graphql_context` method receives a symbol identifying the resource you are trying
|
416
|
-
to authenticate. So if you mounted the `
|
491
|
+
to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
|
417
492
|
this snippet to find the symbol for more complex scenarios
|
418
493
|
`resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
|
419
494
|
array of resources if you mounted more than one into your schema. The gem will try to
|
@@ -451,6 +526,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
|
|
451
526
|
### Making Requests
|
452
527
|
Here is a list of the available mutations and queries assuming your mounted model is `User`.
|
453
528
|
|
529
|
+
#### Introspection query
|
530
|
+
If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
|
531
|
+
|
454
532
|
#### Mutations
|
455
533
|
|
456
534
|
Operation | Description | Example
|
@@ -458,9 +536,11 @@ Operation | Description | Example
|
|
458
536
|
login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
|
459
537
|
logout | | userLogout: UserLogoutPayload
|
460
538
|
signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
|
461
|
-
|
462
|
-
|
539
|
+
sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
|
540
|
+
updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
|
463
541
|
resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
|
542
|
+
sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
|
543
|
+
updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
|
464
544
|
|
465
545
|
#### Queries
|
466
546
|
Operation | Description | Example
|
@@ -478,6 +558,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
|
|
478
558
|
Also, the [dummy app](spec/dummy) used in our specs will give you
|
479
559
|
a clear idea on how to configure the gem on your Rails application.
|
480
560
|
|
561
|
+
### Reset Password Flow
|
562
|
+
This gem supports two password recovery flows. The most recently implemented is preferred and
|
563
|
+
requires less steps. More detail on how it works can be found
|
564
|
+
[here](docs/usage/reset_password_flow.md).
|
565
|
+
|
481
566
|
### More Configuration Options
|
482
567
|
As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
|
483
568
|
this values on the initializer files generated by the installer.
|