graphql_devise 0.14.0 → 0.16.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +118 -0
  3. data/Appraisals +39 -5
  4. data/CHANGELOG.md +68 -6
  5. data/README.md +150 -51
  6. data/Rakefile +2 -1
  7. data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb +72 -0
  8. data/app/controllers/graphql_devise/concerns/set_user_by_token.rb +5 -27
  9. data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
  10. data/app/helpers/graphql_devise/mailer_helper.rb +2 -2
  11. data/app/models/graphql_devise/concerns/additional_model_methods.rb +21 -0
  12. data/app/models/graphql_devise/concerns/model.rb +6 -9
  13. data/docs/usage/reset_password_flow.md +90 -0
  14. data/graphql_devise.gemspec +2 -2
  15. data/lib/generators/graphql_devise/install_generator.rb +1 -1
  16. data/lib/graphql_devise.rb +20 -6
  17. data/lib/graphql_devise/concerns/controller_methods.rb +3 -3
  18. data/lib/graphql_devise/mount_method/operation_preparer.rb +6 -6
  19. data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb +6 -4
  20. data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -4
  21. data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb} +4 -4
  22. data/lib/graphql_devise/resolvers/confirm_account.rb +1 -1
  23. data/lib/graphql_devise/resource_loader.rb +26 -11
  24. data/lib/graphql_devise/schema_plugin.rb +41 -18
  25. data/lib/graphql_devise/version.rb +1 -1
  26. data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +13 -2
  27. data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
  28. data/spec/dummy/app/graphql/types/query_type.rb +5 -0
  29. data/spec/dummy/config/routes.rb +2 -1
  30. data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
  31. data/spec/dummy/db/migrate/20210516211417_add_vip_to_users.rb +5 -0
  32. data/spec/dummy/db/schema.rb +4 -4
  33. data/spec/generators/graphql_devise/install_generator_spec.rb +1 -1
  34. data/spec/graphql/user_queries_spec.rb +120 -0
  35. data/spec/requests/graphql_controller_spec.rb +12 -11
  36. data/spec/requests/queries/introspection_query_spec.rb +149 -0
  37. data/spec/requests/user_controller_spec.rb +93 -32
  38. data/spec/services/mount_method/operation_preparer_spec.rb +5 -5
  39. data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb +5 -5
  40. data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +5 -5
  41. data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb} +6 -6
  42. data/spec/services/resource_loader_spec.rb +5 -5
  43. data/spec/support/contexts/graphql_request.rb +11 -3
  44. data/spec/support/contexts/schema_test.rb +14 -0
  45. metadata +25 -14
  46. data/.travis.yml +0 -79
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 623b4df681f9e3ae95598c67885cbc261d4e73c5d6bd2cb070ea9c39b4305dbb
4
- data.tar.gz: 4efd72cc4b7b61d44b03cdf062db5a47c3bbce831c9101801b1a0a6d6af91701
3
+ metadata.gz: 12c52068c8c538bc35dc67deb2d697101e1fa001419ccdbff23183e854f5f404
4
+ data.tar.gz: 65afe18384fb742e8dbc300d19b227815ebe166997147031bbabd63742738205
5
5
  SHA512:
6
- metadata.gz: 0510a69ab752c9f5047f1d4dd3a7f6721c974b5d3af979b73cacd9a5456cd0cdc695766fce66e6b2ed70879a9faa24104fb71140ec12e900c51e4925bf4fc850
7
- data.tar.gz: afb8d1f441dde3094e11f9ff12e9555d7d0ada530d086a3836f371855ce1f784e48be0e93d3c0c20bef5e0bae5328cd7a4e17168e747edb57a43b03fbfec5ee4
6
+ metadata.gz: fcf10385aeb27e02f283fa5b5d140f51352508d4a9973dd374edfe78b67a64cfa9b4183e39a8065af5a9697569fac4ed9c21aa007df26fd271b6739c2f9cd5a9
7
+ data.tar.gz: d3f45d87972e29a325375c1868fced4ef377effcfba6be182c7d8c0b34bdfd6032db66097f0304416ff5966b532fea994d135be0ee48a070c2369668acc3beb2
@@ -0,0 +1,118 @@
1
+ version: 2.1
2
+ orbs:
3
+ coveralls: coveralls/coveralls@1.0.6
4
+
5
+ jobs:
6
+ test:
7
+ parameters:
8
+ ruby-version:
9
+ type: string
10
+ gemfile:
11
+ type: string
12
+ docker:
13
+ - image: 'ruby:<< parameters.ruby-version >>'
14
+ environment:
15
+ BUNDLE_GEMFILE: << parameters.gemfile >>
16
+ BUNDLE_PATH: ../vendor/bundle
17
+ COVERALLS_PARALLEL: true
18
+ EAGER_LOAD: 'true'
19
+ steps:
20
+ - checkout
21
+ - restore_cache:
22
+ keys:
23
+ - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
24
+ - run: gem install bundler -v '1.17'
25
+ - run:
26
+ name: Install dependencies
27
+ command: bundle install
28
+ - save_cache:
29
+ key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
30
+ paths:
31
+ - vendor/bundle
32
+ - run:
33
+ name: Run Specs
34
+ command:
35
+ bundle exec rspec
36
+ report-coverage:
37
+ docker:
38
+ - image: 'circleci/node:10.0.0'
39
+ steps:
40
+ - coveralls/upload:
41
+ parallel_finished: true
42
+
43
+ workflows:
44
+ test-suite:
45
+ jobs:
46
+ - test:
47
+ matrix:
48
+ parameters:
49
+ ruby-version:
50
+ - '2.2'
51
+ - '2.3'
52
+ - '2.4'
53
+ - '2.5'
54
+ - '2.6'
55
+ - '2.7'
56
+ - '3.0'
57
+ gemfile:
58
+ - gemfiles/rails4.2_graphql1.8.gemfile
59
+ - gemfiles/rails5.0_graphql1.8.gemfile
60
+ - gemfiles/rails5.0_graphql1.9.gemfile
61
+ - gemfiles/rails5.1_graphql1.8.gemfile
62
+ - gemfiles/rails5.1_graphql1.9.gemfile
63
+ - gemfiles/rails5.2_graphql1.8.gemfile
64
+ - gemfiles/rails5.2_graphql1.9.gemfile
65
+ - gemfiles/rails5.2_graphql1.10.gemfile
66
+ - gemfiles/rails5.2_graphql1.11.gemfile
67
+ - gemfiles/rails6.0_graphql1.11.gemfile
68
+ - gemfiles/rails6.0_graphql1.12.gemfile
69
+ - gemfiles/rails6.1_graphql1.11.gemfile
70
+ - gemfiles/rails6.1_graphql1.12.gemfile
71
+ exclude:
72
+ - ruby-version: '2.2'
73
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
74
+ - ruby-version: '2.2'
75
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
76
+ - ruby-version: '2.2'
77
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
78
+ - ruby-version: '2.2'
79
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
80
+ - ruby-version: '2.3'
81
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
82
+ - ruby-version: '2.3'
83
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
84
+ - ruby-version: '2.3'
85
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
86
+ - ruby-version: '2.3'
87
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
88
+ - ruby-version: '2.4'
89
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
90
+ - ruby-version: '2.4'
91
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
92
+ - ruby-version: '2.4'
93
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
94
+ - ruby-version: '2.4'
95
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
96
+ - ruby-version: '2.7'
97
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
98
+ - ruby-version: '3.0'
99
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
100
+ - ruby-version: '3.0'
101
+ gemfile: gemfiles/rails5.0_graphql1.8.gemfile
102
+ - ruby-version: '3.0'
103
+ gemfile: gemfiles/rails5.0_graphql1.9.gemfile
104
+ - ruby-version: '3.0'
105
+ gemfile: gemfiles/rails5.1_graphql1.8.gemfile
106
+ - ruby-version: '3.0'
107
+ gemfile: gemfiles/rails5.1_graphql1.9.gemfile
108
+ - ruby-version: '3.0'
109
+ gemfile: gemfiles/rails5.2_graphql1.8.gemfile
110
+ - ruby-version: '3.0'
111
+ gemfile: gemfiles/rails5.2_graphql1.9.gemfile
112
+ - ruby-version: '3.0'
113
+ gemfile: gemfiles/rails5.2_graphql1.10.gemfile
114
+ - ruby-version: '3.0'
115
+ gemfile: gemfiles/rails5.2_graphql1.11.gemfile
116
+ - report-coverage:
117
+ requires:
118
+ - test
data/Appraisals CHANGED
@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
68
68
  gem 'rspec-rails', '< 4.0'
69
69
  end
70
70
 
71
+ appraise 'rails5.2-graphql1.12' do
72
+ gem 'sqlite3', '~> 1.3.6'
73
+ gem 'rails', github: 'rails/rails', branch: '5-2-stable'
74
+ gem 'graphql', '~> 1.12.0'
75
+ gem 'rspec-rails', '< 4.0'
76
+ end
77
+
71
78
  appraise 'rails6.0-graphql1.8' do
72
79
  gem 'sqlite3', '~> 1.4'
73
80
  gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
96
103
  gem 'graphql', '~> 1.11.0'
97
104
  end
98
105
 
99
- appraise 'rails6.0-graphql_edge' do
106
+ appraise 'rails6.0-graphql1.12' do
100
107
  gem 'sqlite3', '~> 1.4'
101
- gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
102
108
  gem 'devise', '>= 4.7'
103
109
  gem 'rails', github: 'rails/rails', branch: '6-0-stable'
104
- gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
110
+ gem 'graphql', '~> 1.12.0'
111
+ end
112
+
113
+ appraise 'rails6.1-graphql1.9' do
114
+ gem 'sqlite3', '~> 1.4'
115
+ gem 'devise', '>= 4.7'
116
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
117
+ gem 'graphql', '~> 1.9.0'
118
+ end
119
+
120
+ appraise 'rails6.1-graphql1.10' do
121
+ gem 'sqlite3', '~> 1.4'
122
+ gem 'devise', '>= 4.7'
123
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
124
+ gem 'graphql', '~> 1.10.0'
125
+ end
126
+
127
+ appraise 'rails6.1-graphql1.11' do
128
+ gem 'sqlite3', '~> 1.4'
129
+ gem 'devise', '>= 4.7'
130
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
131
+ gem 'graphql', '~> 1.11.0'
132
+ end
133
+
134
+ appraise 'rails6.1-graphql1.12' do
135
+ gem 'sqlite3', '~> 1.4'
136
+ gem 'devise', '>= 4.7'
137
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
138
+ gem 'graphql', '~> 1.12.0'
105
139
  end
106
140
 
107
- appraise 'rails_edge-graphql_edge' do
141
+ appraise 'rails6.1-graphql_edge' do
108
142
  gem 'sqlite3', '~> 1.4'
109
143
  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
110
144
  gem 'devise', '>= 4.7'
111
- gem 'rails', github: 'rails/rails', branch: 'master'
145
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
112
146
  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
113
147
  end
data/CHANGELOG.md CHANGED
@@ -1,5 +1,67 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
10
+
11
+ **Merged pull requests:**
12
+
13
+ - Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
14
+
15
+ ## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
16
+
17
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
18
+
19
+ **Implemented enhancements:**
20
+
21
+ - Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
22
+
23
+ **Deprecated:**
24
+
25
+ - Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
26
+
27
+ **Merged pull requests:**
28
+
29
+ - Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
30
+
31
+ ## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
32
+
33
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
34
+
35
+ **Implemented enhancements:**
36
+
37
+ - Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
38
+
39
+ **Fixed bugs:**
40
+
41
+ - ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
42
+
43
+ ## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
44
+
45
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
46
+
47
+ **Implemented enhancements:**
48
+
49
+ - Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
50
+
51
+ ## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
52
+
53
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
54
+
55
+ **Implemented enhancements:**
56
+
57
+ - Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
58
+ - Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
59
+ - Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
60
+
61
+ **Merged pull requests:**
62
+
63
+ - Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
64
+
3
65
  ## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
4
66
 
5
67
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
@@ -25,7 +87,7 @@
25
87
 
26
88
  - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
27
89
 
28
- ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
90
+ ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
29
91
 
30
92
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
31
93
 
@@ -49,7 +111,7 @@
49
111
 
50
112
  - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
51
113
 
52
- ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
114
+ ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
53
115
 
54
116
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
55
117
 
@@ -62,7 +124,7 @@
62
124
  - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
63
125
  - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
64
126
 
65
- ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
127
+ ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
66
128
 
67
129
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
68
130
 
@@ -79,7 +141,7 @@
79
141
  - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
80
142
  - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
81
143
 
82
- ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
144
+ ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
83
145
 
84
146
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
85
147
 
@@ -132,7 +194,7 @@
132
194
 
133
195
  **Implemented enhancements:**
134
196
 
135
- - Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
197
+ - Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
136
198
  - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
137
199
  - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
138
200
 
@@ -150,6 +212,7 @@
150
212
 
151
213
  **Implemented enhancements:**
152
214
 
215
+ - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
153
216
  - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
154
217
 
155
218
  **Fixed bugs:**
@@ -160,7 +223,6 @@
160
223
 
161
224
  - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
162
225
  - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
163
- - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
164
226
 
165
227
  **Merged pull requests:**
166
228
 
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # GraphqlDevise
2
- [![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
3
- [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
2
+ [![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
3
+ [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
4
4
  [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
5
5
 
6
6
  GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,41 +8,46 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
8
8
  ## Table of Contents
9
9
 
10
10
  <!--ts-->
11
- * [GraphqlDevise](#graphqldevise)
12
- * [Table of Contents](#table-of-contents)
13
- * [Introduction](#introduction)
14
- * [Installation](#installation)
15
- * [Running the Generator](#running-the-generator)
16
- * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
- * [Important](#important)
18
- * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
- * [Important](#important-1)
20
- * [Usage](#usage)
21
- * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
- * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
- * [Available Mount Options](#available-mount-options)
24
- * [Available Operations](#available-operations)
25
- * [Configuring Model](#configuring-model)
26
- * [Email Reconfirmation](#email-reconfirmation)
27
- * [Customizing Email Templates](#customizing-email-templates)
28
- * [I18n](#i18n)
29
- * [Authenticating Controller Actions](#authenticating-controller-actions)
30
- * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
31
- * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
32
- * [Important](#important-2)
33
- * [Making Requests](#making-requests)
34
- * [Mutations](#mutations)
35
- * [Queries](#queries)
36
- * [More Configuration Options](#more-configuration-options)
37
- * [Devise Token Auth Initializer](#devise-token-auth-initializer)
38
- * [Devise Initializer](#devise-initializer)
39
- * [GraphQL Interpreter](#graphql-interpreter)
40
- * [Using Alongside Standard Devise](#using-alongside-standard-devise)
41
- * [Future Work](#future-work)
42
- * [Contributing](#contributing)
43
- * [License](#license)
44
-
45
- <!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
11
+ * [GraphqlDevise](#graphqldevise)
12
+ * [Table of Contents](#table-of-contents)
13
+ * [Introduction](#introduction)
14
+ * [Installation](#installation)
15
+ * [Running the Generator](#running-the-generator)
16
+ * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
+ * [Important](#important)
18
+ * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
+ * [Important](#important-1)
20
+ * [Usage](#usage)
21
+ * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
+ * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
+ * [Available Mount Options](#available-mount-options)
24
+ * [Available Operations](#available-operations)
25
+ * [Configuring Model](#configuring-model)
26
+ * [Email Reconfirmation](#email-reconfirmation)
27
+ * [Customizing Email Templates](#customizing-email-templates)
28
+ * [I18n](#i18n)
29
+ * [Authenticating Controller Actions](#authenticating-controller-actions)
30
+ * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
31
+ * [Authentication Options](#authentication-options)
32
+ * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
33
+ * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
34
+ * [Authentication Options](#authentication-options-1)
35
+ * [Important](#important-2)
36
+ * [Making Requests](#making-requests)
37
+ * [Introspection query](#introspection-query)
38
+ * [Mutations](#mutations)
39
+ * [Queries](#queries)
40
+ * [Reset Password Flow](#reset-password-flow)
41
+ * [More Configuration Options](#more-configuration-options)
42
+ * [Devise Token Auth Initializer](#devise-token-auth-initializer)
43
+ * [Devise Initializer](#devise-initializer)
44
+ * [GraphQL Interpreter](#graphql-interpreter)
45
+ * [Using Alongside Standard Devise](#using-alongside-standard-devise)
46
+ * [Future Work](#future-work)
47
+ * [Contributing](#contributing)
48
+ * [License](#license)
49
+
50
+ <!-- Added by: mcelicalderon, at: Wed May 19 21:25:22 -05 2021 -->
46
51
 
47
52
  <!--te-->
48
53
 
@@ -98,7 +103,7 @@ Will do the following:
98
103
  - Add `devise` modules to `Admin` model
99
104
  - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
100
105
  - Add the route to `config/routes.rb`
101
- - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
106
+ - `mount_graphql_devise_for Admin, at: 'api/auth'`
102
107
 
103
108
  `Admin` could be any model name you are going to be using for authentication,
104
109
  and `api/auth` could be any mount path you would like to use for auth.
@@ -147,7 +152,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
147
152
 
148
153
  Rails.application.routes.draw do
149
154
  mount_graphql_devise_for(
150
- 'User',
155
+ User,
151
156
  at: 'api/v1',
152
157
  authenticatable_type: Types::MyCustomUserType,
153
158
  operations: {
@@ -185,7 +190,7 @@ class DummySchema < GraphQL::Schema
185
190
  query: Types::QueryType,
186
191
  mutation: Types::MutationType,
187
192
  resource_loaders: [
188
- GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
193
+ GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
189
194
  ]
190
195
  )
191
196
 
@@ -225,6 +230,12 @@ authentication unless specified otherwise using the `authenticate: true` option
225
230
  one argument (field name) and is called whenever a field that requires authentication
226
231
  is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
227
232
  raised if authentication fails. This will provide a GQL like error message on the response.
233
+ 1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
234
+ information about what queries the schema supports. This query is very powerful and
235
+ there may be some case in which you want to limit its usage to authenticated users.
236
+ To accomplish this the schema plugin provides the `public_introspection` option. This option
237
+ accepts a boolean value and by default will consider introspection queries public in all
238
+ environments but production.
228
239
 
229
240
  ### Available Mount Options
230
241
  Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -234,10 +245,10 @@ this gem's auth operation into your schema, these are the options you can provid
234
245
 
235
246
  ```ruby
236
247
  # Using the mount method in your config/routes.rb file
237
- mount_graphql_devise_for('User', {})
248
+ mount_graphql_devise_for(User, {})
238
249
 
239
250
  # Providing options to a GraphqlDevise::ResourceLoader
240
- GraphqlDevise::ResourceLoader.new('User', {})
251
+ GraphqlDevise::ResourceLoader.new(User, {})
241
252
  ```
242
253
 
243
254
  1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,10 +299,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
288
299
  :login
289
300
  :logout
290
301
  :sign_up
291
- :update_password
292
- :send_password_reset
293
302
  :confirm_account
303
+ :send_password_reset
294
304
  :check_password_token
305
+ :update_password
306
+ :send_password_reset_with_token
307
+ :update_password_with_token
295
308
  ```
296
309
 
297
310
  ### Configuring Model
@@ -375,7 +388,75 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
375
388
  ### Authenticating Controller Actions
376
389
  When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
377
390
 
378
- #### Authenticate Before Reaching Your GQL Schema
391
+ #### Authenticate Resource in the Controller (>= v0.15.0)
392
+ This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
393
+ You simply need to pass the return value of our `gql_devise_context` method in the context of your
394
+ GQL schema execution like this:
395
+
396
+ ```ruby
397
+ # app/controllers/my_controller.rb
398
+
399
+ class MyController < ApplicationController
400
+ include GraphqlDevise::Concerns::SetUserByToken
401
+
402
+ def my_action
403
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User))
404
+ render json: result unless performed?
405
+ end
406
+ end
407
+ ```
408
+ `gql_devise_context` receives as many models as you need to authenticate in the request, like this:
409
+ ```ruby
410
+ # app/controllers/my_controller.rb
411
+
412
+ class MyController < ApplicationController
413
+ include GraphqlDevise::Concerns::SetUserByToken
414
+
415
+ def my_action
416
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
417
+ render json: result unless performed?
418
+ end
419
+ end
420
+ ```
421
+ Internally in your own mutations and queries a key `current_resource` will be available in
422
+ the context if a resource was successfully authenticated or `nil` otherwise.
423
+
424
+ Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
425
+ on who makes the request, the context value `current_resource` might contain instances of the
426
+ different models you provided.
427
+
428
+ **Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
429
+ method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
430
+ It will also set the instance variable `@resource` in the controller.
431
+
432
+ Please note that by using this mechanism your GQL schema will be in control of what queries are
433
+ restricted to authenticated users and you can only do this at the root level fields of your GQL
434
+ schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
435
+ so this can work.
436
+
437
+ ##### Authentication Options
438
+ Wether you setup authentications as a default in the plugin, or you do it at the field level,
439
+ these are the options you can use:
440
+ 1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
441
+ 1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
442
+
443
+ In your main app's schema this is how you might specify if a field needs to be authenticated or not:
444
+ ```ruby
445
+ module Types
446
+ class QueryType < Types::BaseObject
447
+ # user field used the default set in the Plugin's initializer
448
+ field :user, resolver: Resolvers::UserShow
449
+ # this field will never require authentication
450
+ field :public_field, String, null: false, authenticate: false
451
+ # this field requires authentication
452
+ field :private_field, String, null: false, authenticate: true
453
+ # this field requires authenticated users to also be admins
454
+ field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
455
+ end
456
+ end
457
+ ```
458
+
459
+ #### Authenticate Before Reaching Your GQL Schema (Deprecated)
379
460
  For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
380
461
  In our example our model is `User`, so it would look like this:
381
462
  ```ruby
@@ -387,7 +468,7 @@ class MyController < ApplicationController
387
468
  before_action :authenticate_user!
388
469
 
389
470
  def my_action
390
- result = DummySchema.execute(params[:query], context: current_user: current_user)
471
+ result = DummySchema.execute(params[:query], context: { current_resource: current_user })
391
472
  render json: result unless performed?
392
473
  end
393
474
  end
@@ -396,7 +477,7 @@ end
396
477
  The install generator can include the concern in you application controller.
397
478
  If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
398
479
 
399
- #### Authenticate in Your GQL Schema
480
+ #### Authenticate in Your GQL Schema (Deprecated)
400
481
  For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
401
482
  [here](#mounting-operations-into-your-own-schema).
402
483
 
@@ -413,7 +494,7 @@ class MyController < ApplicationController
413
494
  end
414
495
  ```
415
496
  The `graphql_context` method receives a symbol identifying the resource you are trying
416
- to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
497
+ to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
417
498
  this snippet to find the symbol for more complex scenarios
418
499
  `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
419
500
  array of resources if you mounted more than one into your schema. The gem will try to
@@ -431,7 +512,13 @@ restricted to authenticated users and you can only do this at the root level fie
431
512
  schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
432
513
  so this can work.
433
514
 
434
- In you main app's schema this is how you might specify if a field needs to be authenticated or not:
515
+ ##### Authentication Options
516
+ Wether you setup authentications as a default in the plugin, or you do it at the field level,
517
+ these are the options you can use:
518
+ 1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
519
+ 1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
520
+
521
+ In your main app's schema this is how you might specify if a field needs to be authenticated or not:
435
522
  ```ruby
436
523
  module Types
437
524
  class QueryType < Types::BaseObject
@@ -441,6 +528,8 @@ module Types
441
528
  field :public_field, String, null: false, authenticate: false
442
529
  # this field requires authentication
443
530
  field :private_field, String, null: false, authenticate: true
531
+ # this field requires authenticated users to also be admins
532
+ field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
444
533
  end
445
534
  end
446
535
  ```
@@ -451,6 +540,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
451
540
  ### Making Requests
452
541
  Here is a list of the available mutations and queries assuming your mounted model is `User`.
453
542
 
543
+ #### Introspection query
544
+ If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
545
+
454
546
  #### Mutations
455
547
 
456
548
  Operation | Description | Example
@@ -458,9 +550,11 @@ Operation | Description | Example
458
550
  login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
459
551
  logout | | userLogout: UserLogoutPayload
460
552
  signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
461
- sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
462
- updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
553
+ sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
554
+ updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
463
555
  resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
556
+ sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
557
+ updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
464
558
 
465
559
  #### Queries
466
560
  Operation | Description | Example
@@ -478,6 +572,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
478
572
  Also, the [dummy app](spec/dummy) used in our specs will give you
479
573
  a clear idea on how to configure the gem on your Rails application.
480
574
 
575
+ ### Reset Password Flow
576
+ This gem supports two password recovery flows. The most recently implemented is preferred and
577
+ requires less steps. More detail on how it works can be found
578
+ [here](docs/usage/reset_password_flow.md).
579
+
481
580
  ### More Configuration Options
482
581
  As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
483
582
  this values on the initializer files generated by the installer.