graphql_devise 0.14.0 → 0.16.0

data/Rakefile

@@ -18,11 +18,12 @@ end
 
 require 'github_changelog_generator/task'
 
-GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+GitHubChangelogGenerator::RakeTask.new do |config|
   config.user = 'graphql-devise'
   config.project = 'graphql_devise'
   config.future_release = ENV['FUTURE_RELEASE']
   config.add_issues_wo_labels = false
+  config.add_pr_wo_labels = false
 end
 
 APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)

data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Concerns
+    module AdditionalControllerMethods
+      extend ActiveSupport::Concern
+
+      included do
+        attr_accessor :client_id, :token, :resource
+      end
+
+      def gql_devise_context(*models)
+        {
+          current_resource: authenticate_model(*models),
+          controller:       self
+        }
+      end
+
+      def authenticate_model(*models)
+        models.each do |model|
+          set_resource_by_token(model)
+          return @resource if @resource.present?
+        end
+
+        nil
+      end
+
+      def resource_class(resource = nil)
+        # Return the resource class instead of looking for a Devise mapping if resource is already a resource class
+        return resource if resource.respond_to?(:find_by)
+
+        super
+      end
+
+      def full_url_without_params
+        request.base_url + request.path
+      end
+
+      def set_resource_by_token(resource)
+        set_user_by_token(resource)
+      end
+
+      def graphql_context(resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          `graphql_context` is deprecated and will be removed in a future version of this gem.
+           Use `gql_devise_context(model)` instead.
+
+           EXAMPLE
+           include GraphqlDevise::Concerns::SetUserByToken
+
+           DummySchema.execute(params[:query], context: gql_devise_context(User))
+           DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+        DEPRECATION
+
+        {
+          resource_name: resource_name,
+          controller:    self
+        }
+      end
+
+      def build_redirect_headers(access_token, client, redirect_header_options = {})
+        {
+          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
+          DeviseTokenAuth.headers_names[:client] => client,
+          :config => params[:config],
+          :client_id => client,
+          :token => access_token
+        }.merge(redirect_header_options)
+      end
+    end
+  end
+end

data/app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -2,34 +2,12 @@
 
 module GraphqlDevise
   module Concerns
-    SetUserByToken = DeviseTokenAuth::Concerns::SetUserByToken
+    module SetUserByToken
+      extend ActiveSupport::Concern
 
-    SetUserByToken.module_eval do
-      attr_accessor :client_id, :token, :resource
-
-      def full_url_without_params
-        request.base_url + request.path
-      end
-
-      def set_resource_by_token(resource)
-        set_user_by_token(resource)
-      end
-
-      def graphql_context(resource_name)
-        {
-          resource_name: resource_name,
-          controller:    self
-        }
-      end
-
-      def build_redirect_headers(access_token, client, redirect_header_options = {})
-        {
-          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
-          DeviseTokenAuth.headers_names[:client] => client,
-          :config => params[:config],
-          :client_id => client,
-          :token => access_token
-        }.merge(redirect_header_options)
+      included do
+        include DeviseTokenAuth::Concerns::SetUserByToken
+        include GraphqlDevise::Concerns::AdditionalControllerMethods
       end
     end
   end

data/app/controllers/graphql_devise/graphql_controller.rb

@@ -14,7 +14,7 @@ module GraphqlDevise
           end
         )
       else
-        GraphqlDevise::Schema.execute(params[:query], execute_params(params))
+        GraphqlDevise::Schema.execute(params[:query], **execute_params(params))
       end
 
       render json: result unless performed?

data/app/helpers/graphql_devise/mailer_helper.rb

@@ -3,7 +3,7 @@
 module GraphqlDevise
   module MailerHelper
     def confirmation_query(resource_name:, token:, redirect_url:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}ConfirmAccount"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
@@ -19,7 +19,7 @@ module GraphqlDevise
     end
 
     def password_reset_query(token:, redirect_url:, resource_name:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}CheckPasswordToken"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}CheckPasswordToken"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){

data/app/models/graphql_devise/concerns/additional_model_methods.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'graphql_devise/model/with_email_updater'
+
+module GraphqlDevise
+  module Concerns
+    module AdditionalModelMethods
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def reconfirmable
+          devise_modules.include?(:confirmable) && column_names.include?('unconfirmed_email')
+        end
+      end
+
+      def update_with_email(attributes = {})
+        GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+      end
+    end
+  end
+end

data/app/models/graphql_devise/concerns/model.rb

@@ -4,17 +4,14 @@ require 'graphql_devise/model/with_email_updater'
 
 module GraphqlDevise
   module Concerns
-    Model = DeviseTokenAuth::Concerns::User
+    module Model
+      extend ActiveSupport::Concern
 
-    Model.module_eval do
-      class_methods do
-        def reconfirmable
-          devise_modules.include?(:confirmable) && column_names.include?('unconfirmed_email')
-        end
-      end
+      included do
+        include DeviseTokenAuth::Concerns::User
+        include GraphqlDevise::Concerns::AdditionalModelMethods
 
-      def update_with_email(attributes = {})
-        GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+        GraphqlDevise.configure_warden_serializer_for_model(self)
       end
     end
   end

data/docs/usage/reset_password_flow.md

@@ -0,0 +1,90 @@
+# Reset Password Flow
+This gem supports two different ways to reset a password on a resource. Each password reset flow has it's own set of
+operations and this document will explain in more detail how to use each.
+The first and most recently implemented flow is preferred as it requires less steps and doesn't require a mutation
+to return a redirect on the response. Flow 2 might be deprecated in the future.
+
+## Flow #1 (Preferred)
+This flow only has two steps. Each step name refers to the operation name you can use in the mount options to skip or override.
+
+### 1. send_password_reset_with_token
+This mutation will send an email to the specified address if it's found on the system. Returns an error if the email is not found. Here's an example assuming the resource used
+for authentication is `User`:
+```graphql
+mutation {
+  userSendPasswordResetWithToken(
+    email:       "vvega@wallaceinc.com",
+    redirectUrl: "https://google.com"
+  ) {
+    message
+  }
+}
+```
+The email will contain a link to the `redirectUrl` (https://google.com in the example) and append a `reset_password_token` query param. This is the token you will
+need to use in the next step in order to reset the password.
+
+### 2. update_password_with_token
+This mutation uses the token sent on the email to find the resource you are trying to recover.
+All you have to do is send a valid token together with the new password and password confirmation.
+Here's an example assuming the resource used for authentication is `User`:
+
+```graphql
+mutation {
+  userUpdatePasswordWithToken(
+    resetPasswordToken: "token_here",
+    password: "password123",
+    passwordConfirmation: "password123"
+  ) {
+    authenticatable { email }
+    credentials { accessToken }
+  }
+}
+```
+The mutation has two fields:
+1. `authenticatable`: Just like other mutations, returns the actual resource you just recover the password for.
+1. `credentials`: This is a nullable field. It will only return credentials as if you had just logged
+in into the app if you explicitly say so by overriding the mutation. The docs have more detail
+on how to extend the default behavior of mutations, but
+[here](https://github.com/graphql-devise/graphql_devise/blob/8c7c8a5ff1b35fb026e4c9499c70dc5f90b9187a/spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb)
+you can find an example mutation on what needs to be done in order for the mutation to return
+credentials after updating the password.
+
+## Flow 2 (Deprecated)
+This was the first flow to be implemented, requires an additional step and also to encode a GQL query in a url, so this is not the preferred method.
+Each step name refers to the operation name you can use in the mount options to skip or override.
+
+### 1. send_password_reset
+This mutation will send an email to the specified address if it's found on the system. Returns an error if the email is not found. Here's an example assuming the resource used
+for authentication is `User`:
+```graphql
+mutation {
+  userSendPasswordReset(
+    email:       "vvega@wallaceinc.com",
+    redirectUrl: "https://google.com"
+  ) {
+    message
+  }
+}
+```
+The email will contain an encoded GraphQL query that holds the reset token and redirectUrl.
+The query is described in the next step.
+
+### 2. check_password_token
+This query checks the reset password token and if successful changes a column in the DB (`allow_password_change`) to true.
+This change will allow for the next step to update the password without providing the current password.
+Then, this query will redirect to the provided `redirectUrl` with credentials.
+
+### 3. update_password
+This step requires the request to include authentication headers and will allow the user to
+update the password if step 2 was successful.
+Here's an example assuming the resource used for authentication is `User`:
+```graphql
+mutation {
+  userUpdatePassword(
+    password: "password123",
+    passwordConfirmation: "password123"
+  ) {
+    authenticatable { email }
+  }
+}
+```

data/graphql_devise.gemspec

@@ -28,11 +28,11 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.2.0'
 
   spec.add_dependency 'devise_token_auth', '>= 0.1.43', '< 2.0'
-  spec.add_dependency 'graphql', '>= 1.8', '< 1.12.0'
+  spec.add_dependency 'graphql', '>= 1.8', '< 1.13.0'
   spec.add_dependency 'rails', '>= 4.2', '< 6.2'
 
   spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'coveralls'
+  spec.add_development_dependency 'coveralls-ruby', '~> 0.2'
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'faker'
   spec.add_development_dependency 'generator_spec'

data/lib/generators/graphql_devise/install_generator.rb

@@ -83,7 +83,7 @@ module GraphqlDevise
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('#{user_class}'),
+      GraphqlDevise::ResourceLoader.new(#{user_class})
     ]
   )
 RUBY

data/lib/graphql_devise.rb

@@ -20,22 +20,36 @@ module GraphqlDevise
     @schema_loaded = true
   end
 
-  def self.resource_mounted?(mapping_name)
-    @mounted_resources.include?(mapping_name)
+  def self.resource_mounted?(model)
+    @mounted_resources.include?(model)
   end
 
-  def self.mount_resource(mapping_name)
-    @mounted_resources << mapping_name
+  def self.mount_resource(model)
+    @mounted_resources << model
   end
 
   def self.add_mapping(mapping_name, resource)
-    return if Devise.mappings.key?(mapping_name)
+    return if Devise.mappings.key?(mapping_name.to_sym)
 
     Devise.add_mapping(
       mapping_name.to_s.pluralize.to_sym,
-      module: :devise, class_name: resource
+      module: :devise, class_name: resource.to_s
     )
   end
+
+  def self.to_mapping_name(resource)
+    resource.to_s.underscore.tr('/', '_')
+  end
+
+  def self.configure_warden_serializer_for_model(model)
+    Devise.warden_config.serialize_into_session(to_mapping_name(model)) do |record|
+      model.serialize_into_session(record)
+    end
+
+    Devise.warden_config.serialize_from_session(to_mapping_name(model)) do |args|
+      model.serialize_from_session(*args)
+    end
+  end
 end
 
 require 'graphql_devise/engine'

data/lib/graphql_devise/concerns/controller_methods.rb

@@ -40,11 +40,11 @@ module GraphqlDevise
       end
 
       def resource_name
-        self.class.instance_variable_get(:@resource_name)
+        GraphqlDevise.to_mapping_name(resource_class)
       end
 
       def resource_class
-        controller.send(:resource_class, resource_name)
+        self.class.instance_variable_get(:@resource_klass)
       end
 
       def recoverable_enabled?
@@ -60,7 +60,7 @@ module GraphqlDevise
       end
 
       def current_resource
-        @current_resource ||= controller.send(:set_user_by_token, resource_name)
+        @current_resource ||= controller.send(:set_resource_by_token, resource_class)
       end
 
       def client

data/lib/graphql_devise/mount_method/operation_preparer.rb

@@ -3,17 +3,17 @@
 require_relative 'operation_preparers/gql_name_setter'
 require_relative 'operation_preparers/mutation_field_setter'
 require_relative 'operation_preparers/resolver_type_setter'
-require_relative 'operation_preparers/resource_name_setter'
+require_relative 'operation_preparers/resource_klass_setter'
 require_relative 'operation_preparers/default_operation_preparer'
 require_relative 'operation_preparers/custom_operation_preparer'
 
 module GraphqlDevise
   module MountMethod
     class OperationPreparer
-      def initialize(mapping_name:, selected_operations:, preparer:, custom:, additional_operations:)
+      def initialize(model:, selected_operations:, preparer:, custom:, additional_operations:)
         @selected_operations   = selected_operations
         @preparer              = preparer
-        @mapping_name          = mapping_name
+        @model                 = model
         @custom                = custom
         @additional_operations = additional_operations
       end
@@ -22,18 +22,18 @@ module GraphqlDevise
         default_operations = OperationPreparers::DefaultOperationPreparer.new(
           selected_operations: @selected_operations,
           custom_keys:         @custom.keys,
-          mapping_name:        @mapping_name,
+          model:               @model,
           preparer:            @preparer
         ).call
 
         custom_operations = OperationPreparers::CustomOperationPreparer.new(
           selected_keys:     @selected_operations.keys,
           custom_operations: @custom,
-          mapping_name:      @mapping_name
+          model:             @model
         ).call
 
         additional_operations = @additional_operations.each_with_object({}) do |(action, operation), result|
-          result[action] = OperationPreparers::ResourceNameSetter.new(@mapping_name).call(operation)
+          result[action] = OperationPreparers::ResourceKlassSetter.new(@model).call(operation)
         end
 
         default_operations.merge(custom_operations).merge(additional_operations)

data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb

@@ -4,19 +4,21 @@ module GraphqlDevise
   module MountMethod
     module OperationPreparers
       class CustomOperationPreparer
-        def initialize(selected_keys:, custom_operations:, mapping_name:)
+        def initialize(selected_keys:, custom_operations:, model:)
           @selected_keys     = selected_keys
           @custom_operations = custom_operations
-          @mapping_name      = mapping_name
+          @model             = model
         end
 
         def call
+          mapping_name = GraphqlDevise.to_mapping_name(@model)
+
           @custom_operations.slice(*@selected_keys).each_with_object({}) do |(action, operation), result|
-            mapped_action = "#{@mapping_name}_#{action}"
+            mapped_action = "#{mapping_name}_#{action}"
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
-              OperationPreparers::ResourceNameSetter.new(@mapping_name)
+              OperationPreparers::ResourceKlassSetter.new(@model)
             ].reduce(operation) { |prepared_operation, preparer| preparer.call(prepared_operation) }
           end
         end