graphql_devise 0.14.0 → 0.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 623b4df681f9e3ae95598c67885cbc261d4e73c5d6bd2cb070ea9c39b4305dbb
-  data.tar.gz: 4efd72cc4b7b61d44b03cdf062db5a47c3bbce831c9101801b1a0a6d6af91701
+  metadata.gz: 12c52068c8c538bc35dc67deb2d697101e1fa001419ccdbff23183e854f5f404
+  data.tar.gz: 65afe18384fb742e8dbc300d19b227815ebe166997147031bbabd63742738205
 SHA512:
-  metadata.gz: 0510a69ab752c9f5047f1d4dd3a7f6721c974b5d3af979b73cacd9a5456cd0cdc695766fce66e6b2ed70879a9faa24104fb71140ec12e900c51e4925bf4fc850
-  data.tar.gz: afb8d1f441dde3094e11f9ff12e9555d7d0ada530d086a3836f371855ce1f784e48be0e93d3c0c20bef5e0bae5328cd7a4e17168e747edb57a43b03fbfec5ee4
+  metadata.gz: fcf10385aeb27e02f283fa5b5d140f51352508d4a9973dd374edfe78b67a64cfa9b4183e39a8065af5a9697569fac4ed9c21aa007df26fd271b6739c2f9cd5a9
+  data.tar.gz: d3f45d87972e29a325375c1868fced4ef377effcfba6be182c7d8c0b34bdfd6032db66097f0304416ff5966b532fea994d135be0ee48a070c2369668acc3beb2

data/.circleci/config.yml

@@ -0,0 +1,118 @@
+version: 2.1
+orbs:
+  coveralls: coveralls/coveralls@1.0.6
+
+jobs:
+  test:
+    parameters:
+      ruby-version:
+        type: string
+      gemfile:
+        type: string
+    docker:
+      - image: 'ruby:<< parameters.ruby-version >>'
+    environment:
+      BUNDLE_GEMFILE: << parameters.gemfile >>
+      BUNDLE_PATH: ../vendor/bundle
+      COVERALLS_PARALLEL: true
+      EAGER_LOAD: 'true'
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+      - run: gem install bundler -v '1.17'
+      - run:
+          name: Install dependencies
+          command: bundle install
+      - save_cache:
+          key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+          paths:
+            - vendor/bundle
+      - run:
+          name: Run Specs
+          command:
+            bundle exec rspec
+  report-coverage:
+    docker:
+      - image: 'circleci/node:10.0.0'
+    steps:
+      - coveralls/upload:
+          parallel_finished: true
+
+workflows:
+  test-suite:
+    jobs:
+      - test:
+          matrix:
+            parameters:
+              ruby-version:
+                - '2.2'
+                - '2.3'
+                - '2.4'
+                - '2.5'
+                - '2.6'
+                - '2.7'
+                - '3.0'
+              gemfile:
+                - gemfiles/rails4.2_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.9.gemfile
+                - gemfiles/rails5.1_graphql1.8.gemfile
+                - gemfiles/rails5.1_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.8.gemfile
+                - gemfiles/rails5.2_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.10.gemfile
+                - gemfiles/rails5.2_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.12.gemfile
+                - gemfiles/rails6.1_graphql1.11.gemfile
+                - gemfiles/rails6.1_graphql1.12.gemfile
+            exclude:
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.7'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.10.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.11.gemfile
+      - report-coverage:
+          requires:
+            - test

data/Appraisals

@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
   gem 'rspec-rails', '< 4.0'
 end
 
+appraise 'rails5.2-graphql1.12' do
+  gem 'sqlite3', '~> 1.3.6'
+  gem 'rails', github: 'rails/rails', branch: '5-2-stable'
+  gem 'graphql', '~> 1.12.0'
+  gem 'rspec-rails', '< 4.0'
+end
+
 appraise 'rails6.0-graphql1.8' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise', '>= 4.7'
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
   gem 'graphql', '~> 1.11.0'
 end
 
-appraise 'rails6.0-graphql_edge' do
+appraise 'rails6.0-graphql1.12' do
   gem 'sqlite3', '~> 1.4'
-  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
   gem 'rails', github: 'rails/rails', branch: '6-0-stable'
-  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
+  gem 'graphql', '~> 1.12.0'
+end
+
+appraise 'rails6.1-graphql1.9' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.9.0'
+end
+
+appraise 'rails6.1-graphql1.10' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.10.0'
+end
+
+appraise 'rails6.1-graphql1.11' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.11.0'
+end
+
+appraise 'rails6.1-graphql1.12' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.12.0'
 end
 
-appraise 'rails_edge-graphql_edge' do
+appraise 'rails6.1-graphql_edge' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
-  gem 'rails', github: 'rails/rails', branch: 'master'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
   gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
 end

data/CHANGELOG.md

@@ -1,5 +1,67 @@
 # Changelog
 
+## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
+
+**Implemented enhancements:**
+
+- Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
+
+**Implemented enhancements:**
+
+- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
+
+**Implemented enhancements:**
+
+- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
+
+**Fixed bugs:**
+
+- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
+
+## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
+
+**Implemented enhancements:**
+
+- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
+
+## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
+
+**Implemented enhancements:**
+
+- Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
+- Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
+- Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
+
+**Merged pull requests:**
+
+- Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
@@ -25,7 +87,7 @@
 
 - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
 
-## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
+## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
 
@@ -49,7 +111,7 @@
 
 - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
 
-## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
+## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
 
@@ -62,7 +124,7 @@
 - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
 - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
 
-## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
+## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
 
@@ -79,7 +141,7 @@
 - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
 - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
 
-## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
+## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
 
@@ -132,7 +194,7 @@
 
 **Implemented enhancements:**
 
-- Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
+- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
 - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
 - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
 
@@ -150,6 +212,7 @@
 
 **Implemented enhancements:**
 
+- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
 
 **Fixed bugs:**
@@ -160,7 +223,6 @@
 
 - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
 - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
-- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 
 **Merged pull requests:**
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphqlDevise
-[![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
-[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
+[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
+[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
 [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
 
 GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,41 +8,46 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
 ## Table of Contents
 
 <!--ts-->
-   * [GraphqlDevise](#graphqldevise)
-      * [Table of Contents](#table-of-contents)
-      * [Introduction](#introduction)
-      * [Installation](#installation)
-         * [Running the Generator](#running-the-generator)
-            * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
-               * [Important](#important)
-            * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
-               * [Important](#important-1)
-      * [Usage](#usage)
-         * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
-         * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
-         * [Available Mount Options](#available-mount-options)
-         * [Available Operations](#available-operations)
-         * [Configuring Model](#configuring-model)
-         * [Email Reconfirmation](#email-reconfirmation)
-         * [Customizing Email Templates](#customizing-email-templates)
-         * [I18n](#i18n)
-         * [Authenticating Controller Actions](#authenticating-controller-actions)
-            * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
-            * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
-            * [Important](#important-2)
-         * [Making Requests](#making-requests)
-            * [Mutations](#mutations)
-            * [Queries](#queries)
-         * [More Configuration Options](#more-configuration-options)
-            * [Devise Token Auth Initializer](#devise-token-auth-initializer)
-            * [Devise Initializer](#devise-initializer)
-         * [GraphQL Interpreter](#graphql-interpreter)
-         * [Using Alongside Standard Devise](#using-alongside-standard-devise)
-      * [Future Work](#future-work)
-      * [Contributing](#contributing)
-      * [License](#license)
-
-<!-- Added by: david, at: mar jul 14 08:08:02 -05 2020 -->
+* [GraphqlDevise](#graphqldevise)
+   * [Table of Contents](#table-of-contents)
+   * [Introduction](#introduction)
+   * [Installation](#installation)
+      * [Running the Generator](#running-the-generator)
+         * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
+            * [Important](#important)
+         * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
+            * [Important](#important-1)
+   * [Usage](#usage)
+      * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
+      * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+      * [Available Mount Options](#available-mount-options)
+      * [Available Operations](#available-operations)
+      * [Configuring Model](#configuring-model)
+      * [Email Reconfirmation](#email-reconfirmation)
+      * [Customizing Email Templates](#customizing-email-templates)
+      * [I18n](#i18n)
+      * [Authenticating Controller Actions](#authenticating-controller-actions)
+         * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
+            * [Authentication Options](#authentication-options)
+         * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
+         * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
+            * [Authentication Options](#authentication-options-1)
+         * [Important](#important-2)
+      * [Making Requests](#making-requests)
+         * [Introspection query](#introspection-query)
+         * [Mutations](#mutations)
+         * [Queries](#queries)
+      * [Reset Password Flow](#reset-password-flow)
+      * [More Configuration Options](#more-configuration-options)
+         * [Devise Token Auth Initializer](#devise-token-auth-initializer)
+         * [Devise Initializer](#devise-initializer)
+      * [GraphQL Interpreter](#graphql-interpreter)
+      * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+   * [Future Work](#future-work)
+   * [Contributing](#contributing)
+   * [License](#license)
+
+<!-- Added by: mcelicalderon, at: Wed May 19 21:25:22 -05 2021 -->
 
 <!--te-->
 
@@ -98,7 +103,7 @@ Will do the following:
   - Add `devise` modules to `Admin` model
   - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
 - Add the route to `config/routes.rb`
-  - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
+  - `mount_graphql_devise_for Admin, at: 'api/auth'`
 
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
@@ -147,7 +152,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
 
 Rails.application.routes.draw do
   mount_graphql_devise_for(
-    'User',
+    User,
     at: 'api/v1',
     authenticatable_type: Types::MyCustomUserType,
     operations: {
@@ -185,7 +190,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
     ]
   )
 
@@ -225,6 +230,12 @@ authentication unless specified otherwise using the `authenticate: true` option
 one argument (field name) and is called whenever a field that requires authentication
 is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
 raised if authentication fails. This will provide a GQL like error message on the response.
+1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
+information about what queries the schema supports. This query is very powerful and
+there may be some case in which you want to limit its usage to authenticated users.
+To accomplish this the schema plugin provides the `public_introspection` option. This option
+accepts a boolean value and by default will consider introspection queries public in all
+environments but production.
 
 ### Available Mount Options
 Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -234,10 +245,10 @@ this gem's auth operation into your schema, these are the options you can provid
 
 ```ruby
 # Using the mount method in your config/routes.rb file
-mount_graphql_devise_for('User', {})
+mount_graphql_devise_for(User, {})
 
 # Providing options to a GraphqlDevise::ResourceLoader
-GraphqlDevise::ResourceLoader.new('User', {})
+GraphqlDevise::ResourceLoader.new(User, {})
 ```
 
 1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,10 +299,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 :login
 :logout
 :sign_up
-:update_password
-:send_password_reset
 :confirm_account
+:send_password_reset
 :check_password_token
+:update_password
+:send_password_reset_with_token
+:update_password_with_token
 ```
 
 ### Configuring Model
@@ -375,7 +388,75 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
 ### Authenticating Controller Actions
 When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
 
-#### Authenticate Before Reaching Your GQL Schema
+#### Authenticate Resource in the Controller (>= v0.15.0)
+This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
+You simply need to pass the return value of our `gql_devise_context` method in the context of your
+GQL schema execution like this:
+
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User))
+    render json: result unless performed?
+  end
+end
+```
+`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+    render json: result unless performed?
+  end
+end
+```
+Internally in your own mutations and queries a key `current_resource` will be available in
+the context if a resource was successfully authenticated or `nil` otherwise.
+
+Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
+on who makes the request, the context value `current_resource` might contain instances of the
+different models you provided.
+
+**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
+method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
+It will also set the instance variable `@resource` in the controller.
+
+Please note that by using this mechanism your GQL schema will be in control of what queries are
+restricted to authenticated users and you can only do this at the root level fields of your GQL
+schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
+so this can work.
+
+##### Authentication Options
+Wether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
+```ruby
+module Types
+  class QueryType < Types::BaseObject
+    # user field used the default set in the Plugin's initializer
+    field :user, resolver: Resolvers::UserShow
+    # this field will never require authentication
+    field :public_field, String, null: false, authenticate: false
+    # this field requires authentication
+    field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
+  end
+end
+```
+
+#### Authenticate Before Reaching Your GQL Schema (Deprecated)
 For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
 In our example our model is `User`, so it would look like this:
 ```ruby
@@ -387,7 +468,7 @@ class MyController < ApplicationController
   before_action :authenticate_user!
 
   def my_action
-    result = DummySchema.execute(params[:query], context: current_user: current_user)
+    result = DummySchema.execute(params[:query], context: { current_resource: current_user })
     render json: result unless performed?
   end
 end
@@ -396,7 +477,7 @@ end
 The install generator can include the concern in you application controller.
 If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
 
-#### Authenticate in Your GQL Schema
+#### Authenticate in Your GQL Schema (Deprecated)
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
 [here](#mounting-operations-into-your-own-schema).
 
@@ -413,7 +494,7 @@ class MyController < ApplicationController
 end
 ```
 The `graphql_context` method receives a symbol identifying the resource you are trying
-to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
+to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
 this snippet to find the symbol for more complex scenarios
 `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
 array of resources if you mounted more than one into your schema. The gem will try to
@@ -431,7 +512,13 @@ restricted to authenticated users and you can only do this at the root level fie
 schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
 so this can work.
 
-In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+##### Authentication Options
+Wether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
 ```ruby
 module Types
   class QueryType < Types::BaseObject
@@ -441,6 +528,8 @@ module Types
     field :public_field, String, null: false, authenticate: false
     # this field requires authentication
     field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
   end
 end
 ```
@@ -451,6 +540,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
 
+#### Introspection query
+If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
+
 #### Mutations
 
 Operation | Description | Example
@@ -458,9 +550,11 @@ Operation | Description | Example
 login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
 logout | | userLogout: UserLogoutPayload
 signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendResetPassword | | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
 resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
+sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
+updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
 
 #### Queries
 Operation | Description | Example
@@ -478,6 +572,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
 Also, the [dummy app](spec/dummy) used in our specs will give you
 a clear idea on how to configure the gem on your Rails application.
 
+### Reset Password Flow
+This gem supports two password recovery flows. The most recently implemented is preferred and
+requires less steps. More detail on how it works can be found
+[here](docs/usage/reset_password_flow.md).
+
 ### More Configuration Options
 As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
 this values on the initializer files generated by the installer.