graphql_devise 0.14.0 → 0.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +118 -0
- data/Appraisals +39 -5
- data/CHANGELOG.md +68 -6
- data/README.md +150 -51
- data/Rakefile +2 -1
- data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb +72 -0
- data/app/controllers/graphql_devise/concerns/set_user_by_token.rb +5 -27
- data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
- data/app/helpers/graphql_devise/mailer_helper.rb +2 -2
- data/app/models/graphql_devise/concerns/additional_model_methods.rb +21 -0
- data/app/models/graphql_devise/concerns/model.rb +6 -9
- data/docs/usage/reset_password_flow.md +90 -0
- data/graphql_devise.gemspec +2 -2
- data/lib/generators/graphql_devise/install_generator.rb +1 -1
- data/lib/graphql_devise.rb +20 -6
- data/lib/graphql_devise/concerns/controller_methods.rb +3 -3
- data/lib/graphql_devise/mount_method/operation_preparer.rb +6 -6
- data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb +6 -4
- data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -4
- data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb} +4 -4
- data/lib/graphql_devise/resolvers/confirm_account.rb +1 -1
- data/lib/graphql_devise/resource_loader.rb +26 -11
- data/lib/graphql_devise/schema_plugin.rb +41 -18
- data/lib/graphql_devise/version.rb +1 -1
- data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +13 -2
- data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
- data/spec/dummy/app/graphql/types/query_type.rb +5 -0
- data/spec/dummy/config/routes.rb +2 -1
- data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
- data/spec/dummy/db/migrate/20210516211417_add_vip_to_users.rb +5 -0
- data/spec/dummy/db/schema.rb +4 -4
- data/spec/generators/graphql_devise/install_generator_spec.rb +1 -1
- data/spec/graphql/user_queries_spec.rb +120 -0
- data/spec/requests/graphql_controller_spec.rb +12 -11
- data/spec/requests/queries/introspection_query_spec.rb +149 -0
- data/spec/requests/user_controller_spec.rb +93 -32
- data/spec/services/mount_method/operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb} +6 -6
- data/spec/services/resource_loader_spec.rb +5 -5
- data/spec/support/contexts/graphql_request.rb +11 -3
- data/spec/support/contexts/schema_test.rb +14 -0
- metadata +25 -14
- data/.travis.yml +0 -79
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 12c52068c8c538bc35dc67deb2d697101e1fa001419ccdbff23183e854f5f404
|
4
|
+
data.tar.gz: 65afe18384fb742e8dbc300d19b227815ebe166997147031bbabd63742738205
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fcf10385aeb27e02f283fa5b5d140f51352508d4a9973dd374edfe78b67a64cfa9b4183e39a8065af5a9697569fac4ed9c21aa007df26fd271b6739c2f9cd5a9
|
7
|
+
data.tar.gz: d3f45d87972e29a325375c1868fced4ef377effcfba6be182c7d8c0b34bdfd6032db66097f0304416ff5966b532fea994d135be0ee48a070c2369668acc3beb2
|
@@ -0,0 +1,118 @@
|
|
1
|
+
version: 2.1
|
2
|
+
orbs:
|
3
|
+
coveralls: coveralls/coveralls@1.0.6
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
test:
|
7
|
+
parameters:
|
8
|
+
ruby-version:
|
9
|
+
type: string
|
10
|
+
gemfile:
|
11
|
+
type: string
|
12
|
+
docker:
|
13
|
+
- image: 'ruby:<< parameters.ruby-version >>'
|
14
|
+
environment:
|
15
|
+
BUNDLE_GEMFILE: << parameters.gemfile >>
|
16
|
+
BUNDLE_PATH: ../vendor/bundle
|
17
|
+
COVERALLS_PARALLEL: true
|
18
|
+
EAGER_LOAD: 'true'
|
19
|
+
steps:
|
20
|
+
- checkout
|
21
|
+
- restore_cache:
|
22
|
+
keys:
|
23
|
+
- v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
|
24
|
+
- run: gem install bundler -v '1.17'
|
25
|
+
- run:
|
26
|
+
name: Install dependencies
|
27
|
+
command: bundle install
|
28
|
+
- save_cache:
|
29
|
+
key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
|
30
|
+
paths:
|
31
|
+
- vendor/bundle
|
32
|
+
- run:
|
33
|
+
name: Run Specs
|
34
|
+
command:
|
35
|
+
bundle exec rspec
|
36
|
+
report-coverage:
|
37
|
+
docker:
|
38
|
+
- image: 'circleci/node:10.0.0'
|
39
|
+
steps:
|
40
|
+
- coveralls/upload:
|
41
|
+
parallel_finished: true
|
42
|
+
|
43
|
+
workflows:
|
44
|
+
test-suite:
|
45
|
+
jobs:
|
46
|
+
- test:
|
47
|
+
matrix:
|
48
|
+
parameters:
|
49
|
+
ruby-version:
|
50
|
+
- '2.2'
|
51
|
+
- '2.3'
|
52
|
+
- '2.4'
|
53
|
+
- '2.5'
|
54
|
+
- '2.6'
|
55
|
+
- '2.7'
|
56
|
+
- '3.0'
|
57
|
+
gemfile:
|
58
|
+
- gemfiles/rails4.2_graphql1.8.gemfile
|
59
|
+
- gemfiles/rails5.0_graphql1.8.gemfile
|
60
|
+
- gemfiles/rails5.0_graphql1.9.gemfile
|
61
|
+
- gemfiles/rails5.1_graphql1.8.gemfile
|
62
|
+
- gemfiles/rails5.1_graphql1.9.gemfile
|
63
|
+
- gemfiles/rails5.2_graphql1.8.gemfile
|
64
|
+
- gemfiles/rails5.2_graphql1.9.gemfile
|
65
|
+
- gemfiles/rails5.2_graphql1.10.gemfile
|
66
|
+
- gemfiles/rails5.2_graphql1.11.gemfile
|
67
|
+
- gemfiles/rails6.0_graphql1.11.gemfile
|
68
|
+
- gemfiles/rails6.0_graphql1.12.gemfile
|
69
|
+
- gemfiles/rails6.1_graphql1.11.gemfile
|
70
|
+
- gemfiles/rails6.1_graphql1.12.gemfile
|
71
|
+
exclude:
|
72
|
+
- ruby-version: '2.2'
|
73
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
74
|
+
- ruby-version: '2.2'
|
75
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
76
|
+
- ruby-version: '2.2'
|
77
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
78
|
+
- ruby-version: '2.2'
|
79
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
80
|
+
- ruby-version: '2.3'
|
81
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
82
|
+
- ruby-version: '2.3'
|
83
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
84
|
+
- ruby-version: '2.3'
|
85
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
86
|
+
- ruby-version: '2.3'
|
87
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
88
|
+
- ruby-version: '2.4'
|
89
|
+
gemfile: gemfiles/rails6.0_graphql1.11.gemfile
|
90
|
+
- ruby-version: '2.4'
|
91
|
+
gemfile: gemfiles/rails6.0_graphql1.12.gemfile
|
92
|
+
- ruby-version: '2.4'
|
93
|
+
gemfile: gemfiles/rails6.1_graphql1.11.gemfile
|
94
|
+
- ruby-version: '2.4'
|
95
|
+
gemfile: gemfiles/rails6.1_graphql1.12.gemfile
|
96
|
+
- ruby-version: '2.7'
|
97
|
+
gemfile: gemfiles/rails4.2_graphql1.8.gemfile
|
98
|
+
- ruby-version: '3.0'
|
99
|
+
gemfile: gemfiles/rails4.2_graphql1.8.gemfile
|
100
|
+
- ruby-version: '3.0'
|
101
|
+
gemfile: gemfiles/rails5.0_graphql1.8.gemfile
|
102
|
+
- ruby-version: '3.0'
|
103
|
+
gemfile: gemfiles/rails5.0_graphql1.9.gemfile
|
104
|
+
- ruby-version: '3.0'
|
105
|
+
gemfile: gemfiles/rails5.1_graphql1.8.gemfile
|
106
|
+
- ruby-version: '3.0'
|
107
|
+
gemfile: gemfiles/rails5.1_graphql1.9.gemfile
|
108
|
+
- ruby-version: '3.0'
|
109
|
+
gemfile: gemfiles/rails5.2_graphql1.8.gemfile
|
110
|
+
- ruby-version: '3.0'
|
111
|
+
gemfile: gemfiles/rails5.2_graphql1.9.gemfile
|
112
|
+
- ruby-version: '3.0'
|
113
|
+
gemfile: gemfiles/rails5.2_graphql1.10.gemfile
|
114
|
+
- ruby-version: '3.0'
|
115
|
+
gemfile: gemfiles/rails5.2_graphql1.11.gemfile
|
116
|
+
- report-coverage:
|
117
|
+
requires:
|
118
|
+
- test
|
data/Appraisals
CHANGED
@@ -68,6 +68,13 @@ appraise 'rails5.2-graphql1.11' do
|
|
68
68
|
gem 'rspec-rails', '< 4.0'
|
69
69
|
end
|
70
70
|
|
71
|
+
appraise 'rails5.2-graphql1.12' do
|
72
|
+
gem 'sqlite3', '~> 1.3.6'
|
73
|
+
gem 'rails', github: 'rails/rails', branch: '5-2-stable'
|
74
|
+
gem 'graphql', '~> 1.12.0'
|
75
|
+
gem 'rspec-rails', '< 4.0'
|
76
|
+
end
|
77
|
+
|
71
78
|
appraise 'rails6.0-graphql1.8' do
|
72
79
|
gem 'sqlite3', '~> 1.4'
|
73
80
|
gem 'devise', '>= 4.7'
|
@@ -96,18 +103,45 @@ appraise 'rails6.0-graphql1.11' do
|
|
96
103
|
gem 'graphql', '~> 1.11.0'
|
97
104
|
end
|
98
105
|
|
99
|
-
appraise 'rails6.0-
|
106
|
+
appraise 'rails6.0-graphql1.12' do
|
100
107
|
gem 'sqlite3', '~> 1.4'
|
101
|
-
gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
|
102
108
|
gem 'devise', '>= 4.7'
|
103
109
|
gem 'rails', github: 'rails/rails', branch: '6-0-stable'
|
104
|
-
gem 'graphql',
|
110
|
+
gem 'graphql', '~> 1.12.0'
|
111
|
+
end
|
112
|
+
|
113
|
+
appraise 'rails6.1-graphql1.9' do
|
114
|
+
gem 'sqlite3', '~> 1.4'
|
115
|
+
gem 'devise', '>= 4.7'
|
116
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
117
|
+
gem 'graphql', '~> 1.9.0'
|
118
|
+
end
|
119
|
+
|
120
|
+
appraise 'rails6.1-graphql1.10' do
|
121
|
+
gem 'sqlite3', '~> 1.4'
|
122
|
+
gem 'devise', '>= 4.7'
|
123
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
124
|
+
gem 'graphql', '~> 1.10.0'
|
125
|
+
end
|
126
|
+
|
127
|
+
appraise 'rails6.1-graphql1.11' do
|
128
|
+
gem 'sqlite3', '~> 1.4'
|
129
|
+
gem 'devise', '>= 4.7'
|
130
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
131
|
+
gem 'graphql', '~> 1.11.0'
|
132
|
+
end
|
133
|
+
|
134
|
+
appraise 'rails6.1-graphql1.12' do
|
135
|
+
gem 'sqlite3', '~> 1.4'
|
136
|
+
gem 'devise', '>= 4.7'
|
137
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
138
|
+
gem 'graphql', '~> 1.12.0'
|
105
139
|
end
|
106
140
|
|
107
|
-
appraise '
|
141
|
+
appraise 'rails6.1-graphql_edge' do
|
108
142
|
gem 'sqlite3', '~> 1.4'
|
109
143
|
gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
|
110
144
|
gem 'devise', '>= 4.7'
|
111
|
-
gem 'rails', github: 'rails/rails', branch: '
|
145
|
+
gem 'rails', github: 'rails/rails', branch: '6-1-stable'
|
112
146
|
gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
|
113
147
|
end
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,67 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
|
10
|
+
|
11
|
+
**Merged pull requests:**
|
12
|
+
|
13
|
+
- Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
|
14
|
+
|
15
|
+
## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
|
16
|
+
|
17
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
|
18
|
+
|
19
|
+
**Implemented enhancements:**
|
20
|
+
|
21
|
+
- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
|
22
|
+
|
23
|
+
**Deprecated:**
|
24
|
+
|
25
|
+
- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
|
26
|
+
|
27
|
+
**Merged pull requests:**
|
28
|
+
|
29
|
+
- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
|
30
|
+
|
31
|
+
## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
|
32
|
+
|
33
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
|
34
|
+
|
35
|
+
**Implemented enhancements:**
|
36
|
+
|
37
|
+
- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
|
38
|
+
|
39
|
+
**Fixed bugs:**
|
40
|
+
|
41
|
+
- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
|
42
|
+
|
43
|
+
## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
|
44
|
+
|
45
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
|
46
|
+
|
47
|
+
**Implemented enhancements:**
|
48
|
+
|
49
|
+
- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
|
50
|
+
|
51
|
+
## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
|
52
|
+
|
53
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
|
54
|
+
|
55
|
+
**Implemented enhancements:**
|
56
|
+
|
57
|
+
- Testing Authenticated Elements [\#138](https://github.com/graphql-devise/graphql_devise/issues/138)
|
58
|
+
- Add support for GraphQL 1.12 [\#150](https://github.com/graphql-devise/graphql_devise/pull/150) ([mengqing](https://github.com/mengqing))
|
59
|
+
- Allow setting current resource in tests [\#149](https://github.com/graphql-devise/graphql_devise/pull/149) ([00dav00](https://github.com/00dav00))
|
60
|
+
|
61
|
+
**Merged pull requests:**
|
62
|
+
|
63
|
+
- Document password reset flows [\#147](https://github.com/graphql-devise/graphql_devise/pull/147) ([mcelicalderon](https://github.com/mcelicalderon))
|
64
|
+
|
3
65
|
## [v0.14.0](https://github.com/graphql-devise/graphql_devise/tree/v0.14.0) (2021-01-19)
|
4
66
|
|
5
67
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.6...v0.14.0)
|
@@ -25,7 +87,7 @@
|
|
25
87
|
|
26
88
|
- Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
|
27
89
|
|
28
|
-
## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-
|
90
|
+
## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
|
29
91
|
|
30
92
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
|
31
93
|
|
@@ -49,7 +111,7 @@
|
|
49
111
|
|
50
112
|
- Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
|
51
113
|
|
52
|
-
## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-
|
114
|
+
## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
|
53
115
|
|
54
116
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
|
55
117
|
|
@@ -62,7 +124,7 @@
|
|
62
124
|
- Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
|
63
125
|
- no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
|
64
126
|
|
65
|
-
## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-
|
127
|
+
## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
|
66
128
|
|
67
129
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
|
68
130
|
|
@@ -79,7 +141,7 @@
|
|
79
141
|
- CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
|
80
142
|
- Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
|
81
143
|
|
82
|
-
## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-
|
144
|
+
## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
|
83
145
|
|
84
146
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
|
85
147
|
|
@@ -132,7 +194,7 @@
|
|
132
194
|
|
133
195
|
**Implemented enhancements:**
|
134
196
|
|
135
|
-
- Default `
|
197
|
+
- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
|
136
198
|
- Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
|
137
199
|
- Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
|
138
200
|
|
@@ -150,6 +212,7 @@
|
|
150
212
|
|
151
213
|
**Implemented enhancements:**
|
152
214
|
|
215
|
+
- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
|
153
216
|
- Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
|
154
217
|
|
155
218
|
**Fixed bugs:**
|
@@ -160,7 +223,6 @@
|
|
160
223
|
|
161
224
|
- Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
|
162
225
|
- Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
|
163
|
-
- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
|
164
226
|
|
165
227
|
**Merged pull requests:**
|
166
228
|
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# GraphqlDevise
|
2
|
-
[![Build Status](https://
|
3
|
-
[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg
|
2
|
+
[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
|
3
|
+
[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
|
4
4
|
[![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
|
5
5
|
|
6
6
|
GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
|
@@ -8,41 +8,46 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
|
|
8
8
|
## Table of Contents
|
9
9
|
|
10
10
|
<!--ts-->
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
* [
|
32
|
-
|
33
|
-
* [
|
34
|
-
* [
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
* [
|
40
|
-
|
41
|
-
* [
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
11
|
+
* [GraphqlDevise](#graphqldevise)
|
12
|
+
* [Table of Contents](#table-of-contents)
|
13
|
+
* [Introduction](#introduction)
|
14
|
+
* [Installation](#installation)
|
15
|
+
* [Running the Generator](#running-the-generator)
|
16
|
+
* [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
|
17
|
+
* [Important](#important)
|
18
|
+
* [Mounting Operations in Your Own Schema (> v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
|
19
|
+
* [Important](#important-1)
|
20
|
+
* [Usage](#usage)
|
21
|
+
* [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
|
22
|
+
* [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
|
23
|
+
* [Available Mount Options](#available-mount-options)
|
24
|
+
* [Available Operations](#available-operations)
|
25
|
+
* [Configuring Model](#configuring-model)
|
26
|
+
* [Email Reconfirmation](#email-reconfirmation)
|
27
|
+
* [Customizing Email Templates](#customizing-email-templates)
|
28
|
+
* [I18n](#i18n)
|
29
|
+
* [Authenticating Controller Actions](#authenticating-controller-actions)
|
30
|
+
* [Authenticate Resource in the Controller (>= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
|
31
|
+
* [Authentication Options](#authentication-options)
|
32
|
+
* [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
|
33
|
+
* [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
|
34
|
+
* [Authentication Options](#authentication-options-1)
|
35
|
+
* [Important](#important-2)
|
36
|
+
* [Making Requests](#making-requests)
|
37
|
+
* [Introspection query](#introspection-query)
|
38
|
+
* [Mutations](#mutations)
|
39
|
+
* [Queries](#queries)
|
40
|
+
* [Reset Password Flow](#reset-password-flow)
|
41
|
+
* [More Configuration Options](#more-configuration-options)
|
42
|
+
* [Devise Token Auth Initializer](#devise-token-auth-initializer)
|
43
|
+
* [Devise Initializer](#devise-initializer)
|
44
|
+
* [GraphQL Interpreter](#graphql-interpreter)
|
45
|
+
* [Using Alongside Standard Devise](#using-alongside-standard-devise)
|
46
|
+
* [Future Work](#future-work)
|
47
|
+
* [Contributing](#contributing)
|
48
|
+
* [License](#license)
|
49
|
+
|
50
|
+
<!-- Added by: mcelicalderon, at: Wed May 19 21:25:22 -05 2021 -->
|
46
51
|
|
47
52
|
<!--te-->
|
48
53
|
|
@@ -98,7 +103,7 @@ Will do the following:
|
|
98
103
|
- Add `devise` modules to `Admin` model
|
99
104
|
- Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
|
100
105
|
- Add the route to `config/routes.rb`
|
101
|
-
- `mount_graphql_devise_for
|
106
|
+
- `mount_graphql_devise_for Admin, at: 'api/auth'`
|
102
107
|
|
103
108
|
`Admin` could be any model name you are going to be using for authentication,
|
104
109
|
and `api/auth` could be any mount path you would like to use for auth.
|
@@ -147,7 +152,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
|
|
147
152
|
|
148
153
|
Rails.application.routes.draw do
|
149
154
|
mount_graphql_devise_for(
|
150
|
-
|
155
|
+
User,
|
151
156
|
at: 'api/v1',
|
152
157
|
authenticatable_type: Types::MyCustomUserType,
|
153
158
|
operations: {
|
@@ -185,7 +190,7 @@ class DummySchema < GraphQL::Schema
|
|
185
190
|
query: Types::QueryType,
|
186
191
|
mutation: Types::MutationType,
|
187
192
|
resource_loaders: [
|
188
|
-
GraphqlDevise::ResourceLoader.new(
|
193
|
+
GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
|
189
194
|
]
|
190
195
|
)
|
191
196
|
|
@@ -225,6 +230,12 @@ authentication unless specified otherwise using the `authenticate: true` option
|
|
225
230
|
one argument (field name) and is called whenever a field that requires authentication
|
226
231
|
is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
|
227
232
|
raised if authentication fails. This will provide a GQL like error message on the response.
|
233
|
+
1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
|
234
|
+
information about what queries the schema supports. This query is very powerful and
|
235
|
+
there may be some case in which you want to limit its usage to authenticated users.
|
236
|
+
To accomplish this the schema plugin provides the `public_introspection` option. This option
|
237
|
+
accepts a boolean value and by default will consider introspection queries public in all
|
238
|
+
environments but production.
|
228
239
|
|
229
240
|
### Available Mount Options
|
230
241
|
Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
|
@@ -234,10 +245,10 @@ this gem's auth operation into your schema, these are the options you can provid
|
|
234
245
|
|
235
246
|
```ruby
|
236
247
|
# Using the mount method in your config/routes.rb file
|
237
|
-
mount_graphql_devise_for(
|
248
|
+
mount_graphql_devise_for(User, {})
|
238
249
|
|
239
250
|
# Providing options to a GraphqlDevise::ResourceLoader
|
240
|
-
GraphqlDevise::ResourceLoader.new(
|
251
|
+
GraphqlDevise::ResourceLoader.new(User, {})
|
241
252
|
```
|
242
253
|
|
243
254
|
1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
|
@@ -288,10 +299,12 @@ The following is a list of the symbols you can provide to the `operations`, `ski
|
|
288
299
|
:login
|
289
300
|
:logout
|
290
301
|
:sign_up
|
291
|
-
:update_password
|
292
|
-
:send_password_reset
|
293
302
|
:confirm_account
|
303
|
+
:send_password_reset
|
294
304
|
:check_password_token
|
305
|
+
:update_password
|
306
|
+
:send_password_reset_with_token
|
307
|
+
:update_password_with_token
|
295
308
|
```
|
296
309
|
|
297
310
|
### Configuring Model
|
@@ -375,7 +388,75 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
|
|
375
388
|
### Authenticating Controller Actions
|
376
389
|
When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
|
377
390
|
|
378
|
-
#### Authenticate
|
391
|
+
#### Authenticate Resource in the Controller (>= v0.15.0)
|
392
|
+
This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
|
393
|
+
You simply need to pass the return value of our `gql_devise_context` method in the context of your
|
394
|
+
GQL schema execution like this:
|
395
|
+
|
396
|
+
```ruby
|
397
|
+
# app/controllers/my_controller.rb
|
398
|
+
|
399
|
+
class MyController < ApplicationController
|
400
|
+
include GraphqlDevise::Concerns::SetUserByToken
|
401
|
+
|
402
|
+
def my_action
|
403
|
+
result = DummySchema.execute(params[:query], context: gql_devise_context(User))
|
404
|
+
render json: result unless performed?
|
405
|
+
end
|
406
|
+
end
|
407
|
+
```
|
408
|
+
`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
|
409
|
+
```ruby
|
410
|
+
# app/controllers/my_controller.rb
|
411
|
+
|
412
|
+
class MyController < ApplicationController
|
413
|
+
include GraphqlDevise::Concerns::SetUserByToken
|
414
|
+
|
415
|
+
def my_action
|
416
|
+
result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
|
417
|
+
render json: result unless performed?
|
418
|
+
end
|
419
|
+
end
|
420
|
+
```
|
421
|
+
Internally in your own mutations and queries a key `current_resource` will be available in
|
422
|
+
the context if a resource was successfully authenticated or `nil` otherwise.
|
423
|
+
|
424
|
+
Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
|
425
|
+
on who makes the request, the context value `current_resource` might contain instances of the
|
426
|
+
different models you provided.
|
427
|
+
|
428
|
+
**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
|
429
|
+
method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
|
430
|
+
It will also set the instance variable `@resource` in the controller.
|
431
|
+
|
432
|
+
Please note that by using this mechanism your GQL schema will be in control of what queries are
|
433
|
+
restricted to authenticated users and you can only do this at the root level fields of your GQL
|
434
|
+
schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
|
435
|
+
so this can work.
|
436
|
+
|
437
|
+
##### Authentication Options
|
438
|
+
Wether you setup authentications as a default in the plugin, or you do it at the field level,
|
439
|
+
these are the options you can use:
|
440
|
+
1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
|
441
|
+
1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
|
442
|
+
|
443
|
+
In your main app's schema this is how you might specify if a field needs to be authenticated or not:
|
444
|
+
```ruby
|
445
|
+
module Types
|
446
|
+
class QueryType < Types::BaseObject
|
447
|
+
# user field used the default set in the Plugin's initializer
|
448
|
+
field :user, resolver: Resolvers::UserShow
|
449
|
+
# this field will never require authentication
|
450
|
+
field :public_field, String, null: false, authenticate: false
|
451
|
+
# this field requires authentication
|
452
|
+
field :private_field, String, null: false, authenticate: true
|
453
|
+
# this field requires authenticated users to also be admins
|
454
|
+
field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
|
455
|
+
end
|
456
|
+
end
|
457
|
+
```
|
458
|
+
|
459
|
+
#### Authenticate Before Reaching Your GQL Schema (Deprecated)
|
379
460
|
For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
|
380
461
|
In our example our model is `User`, so it would look like this:
|
381
462
|
```ruby
|
@@ -387,7 +468,7 @@ class MyController < ApplicationController
|
|
387
468
|
before_action :authenticate_user!
|
388
469
|
|
389
470
|
def my_action
|
390
|
-
result = DummySchema.execute(params[:query], context:
|
471
|
+
result = DummySchema.execute(params[:query], context: { current_resource: current_user })
|
391
472
|
render json: result unless performed?
|
392
473
|
end
|
393
474
|
end
|
@@ -396,7 +477,7 @@ end
|
|
396
477
|
The install generator can include the concern in you application controller.
|
397
478
|
If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
|
398
479
|
|
399
|
-
#### Authenticate in Your GQL Schema
|
480
|
+
#### Authenticate in Your GQL Schema (Deprecated)
|
400
481
|
For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
|
401
482
|
[here](#mounting-operations-into-your-own-schema).
|
402
483
|
|
@@ -413,7 +494,7 @@ class MyController < ApplicationController
|
|
413
494
|
end
|
414
495
|
```
|
415
496
|
The `graphql_context` method receives a symbol identifying the resource you are trying
|
416
|
-
to authenticate. So if you mounted the `
|
497
|
+
to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
|
417
498
|
this snippet to find the symbol for more complex scenarios
|
418
499
|
`resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
|
419
500
|
array of resources if you mounted more than one into your schema. The gem will try to
|
@@ -431,7 +512,13 @@ restricted to authenticated users and you can only do this at the root level fie
|
|
431
512
|
schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
|
432
513
|
so this can work.
|
433
514
|
|
434
|
-
|
515
|
+
##### Authentication Options
|
516
|
+
Wether you setup authentications as a default in the plugin, or you do it at the field level,
|
517
|
+
these are the options you can use:
|
518
|
+
1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
|
519
|
+
1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
|
520
|
+
|
521
|
+
In your main app's schema this is how you might specify if a field needs to be authenticated or not:
|
435
522
|
```ruby
|
436
523
|
module Types
|
437
524
|
class QueryType < Types::BaseObject
|
@@ -441,6 +528,8 @@ module Types
|
|
441
528
|
field :public_field, String, null: false, authenticate: false
|
442
529
|
# this field requires authentication
|
443
530
|
field :private_field, String, null: false, authenticate: true
|
531
|
+
# this field requires authenticated users to also be admins
|
532
|
+
field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
|
444
533
|
end
|
445
534
|
end
|
446
535
|
```
|
@@ -451,6 +540,9 @@ Remember to check `performed?` before rendering the result of the graphql operat
|
|
451
540
|
### Making Requests
|
452
541
|
Here is a list of the available mutations and queries assuming your mounted model is `User`.
|
453
542
|
|
543
|
+
#### Introspection query
|
544
|
+
If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
|
545
|
+
|
454
546
|
#### Mutations
|
455
547
|
|
456
548
|
Operation | Description | Example
|
@@ -458,9 +550,11 @@ Operation | Description | Example
|
|
458
550
|
login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
|
459
551
|
logout | | userLogout: UserLogoutPayload
|
460
552
|
signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
|
461
|
-
|
462
|
-
|
553
|
+
sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
|
554
|
+
updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
|
463
555
|
resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
|
556
|
+
sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
|
557
|
+
updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
|
464
558
|
|
465
559
|
#### Queries
|
466
560
|
Operation | Description | Example
|
@@ -478,6 +572,11 @@ you can use [our specs](spec/requests) to better understand how to use the gem.
|
|
478
572
|
Also, the [dummy app](spec/dummy) used in our specs will give you
|
479
573
|
a clear idea on how to configure the gem on your Rails application.
|
480
574
|
|
575
|
+
### Reset Password Flow
|
576
|
+
This gem supports two password recovery flows. The most recently implemented is preferred and
|
577
|
+
requires less steps. More detail on how it works can be found
|
578
|
+
[here](docs/usage/reset_password_flow.md).
|
579
|
+
|
481
580
|
### More Configuration Options
|
482
581
|
As mentioned in the introduction there are many configurations that will change how this gem behaves. You can change
|
483
582
|
this values on the initializer files generated by the installer.
|