graphql_devise 0.14.0 → 0.16.0

data/spec/requests/graphql_controller_spec.rb

@@ -6,20 +6,13 @@ RSpec.describe GraphqlDevise::GraphqlController do
   let(:password) { 'password123' }
   let(:user)     { create(:user, :confirmed, password: password) }
   let(:params)   { { query: query, variables: variables } }
-  let(:request_params) do
-    if Rails::VERSION::MAJOR >= 5
-      { params: params }
-    else
-      params
-    end
-  end
 
   context 'when variables are a string' do
     let(:variables) { "{\"email\": \"#{user.email}\"}" }
     let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
 
     it 'parses the string variables' do
-      post '/api/v1/graphql_auth', request_params
+      post_request('/api/v1/graphql_auth')
 
       expect(json_response).to match(
         data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
@@ -31,7 +24,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
       let(:query)     { "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" }
 
       it 'returns an empty hash as variables' do
-        post '/api/v1/graphql_auth', request_params
+        post_request('/api/v1/graphql_auth')
 
         expect(json_response).to match(
           data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
@@ -46,7 +39,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
 
     it 'raises an error' do
       expect do
-        post '/api/v1/graphql_auth', request_params
+        post_request('/api/v1/graphql_auth')
       end.to raise_error(ArgumentError)
     end
   end
@@ -62,7 +55,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
     end
 
     it 'executes multiple queries in the same request' do
-      post '/api/v1/graphql_auth', request_params
+      post_request('/api/v1/graphql_auth')
 
       expect(json_response).to match(
         [
@@ -79,4 +72,12 @@ RSpec.describe GraphqlDevise::GraphqlController do
       )
     end
   end
+
+  def post_request(path)
+    if Rails::VERSION::MAJOR >= 5
+      post(path, params: params)
+    else
+      post(path, params)
+    end
+  end
 end

data/spec/requests/queries/introspection_query_spec.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Login Requests' do
+  include_context 'with graphql query request'
+
+  let(:query) do
+    <<-GRAPHQL
+      query IntrospectionQuery {
+        __schema {
+          queryType { name }
+          mutationType { name }
+          subscriptionType { name }
+          types {
+            ...FullType
+          }
+          directives {
+            name
+            description
+            args {
+              ...InputValue
+            }
+            onOperation
+            onFragment
+            onField
+          }
+        }
+      }
+
+      fragment FullType on __Type {
+        kind
+        name
+        description
+        fields(includeDeprecated: true) {
+          name
+          description
+          args {
+            ...InputValue
+          }
+          type {
+            ...TypeRef
+          }
+          isDeprecated
+          deprecationReason
+        }
+        inputFields {
+          ...InputValue
+        }
+        interfaces {
+          ...TypeRef
+        }
+        enumValues(includeDeprecated: true) {
+          name
+          description
+          isDeprecated
+          deprecationReason
+        }
+        possibleTypes {
+          ...TypeRef
+        }
+      }
+
+      fragment InputValue on __InputValue {
+        name
+        description
+        type { ...TypeRef }
+        defaultValue
+      }
+
+      fragment TypeRef on __Type {
+        kind
+        name
+        ofType {
+          kind
+          name
+          ofType {
+            kind
+            name
+            ofType {
+              kind
+              name
+            }
+          }
+        }
+      }
+
+    GRAPHQL
+  end
+
+  context 'when using a schema plugin to mount devise operations' do
+    context 'when schema plugin is set to authenticate by default' do
+      context 'when the resource is authenticated' do
+        let(:user) { create(:user, :confirmed) }
+        let(:headers) { user.create_new_auth_token }
+
+        it 'return the schema information' do
+          post_request('/api/v1/graphql')
+
+          expect(json_response[:data][:__schema].keys).to contain_exactly(
+            :queryType, :mutationType, :subscriptionType, :types, :directives
+          )
+        end
+      end
+
+      context 'when the resource is *NOT* authenticated' do
+        context 'and instrospection is set to be public' do
+          it 'return the schema information' do
+            post_request('/api/v1/graphql')
+
+            expect(json_response[:data][:__schema].keys).to contain_exactly(
+              :queryType, :mutationType, :subscriptionType, :types, :directives
+            )
+          end
+        end
+
+        context 'and introspection is set to require auth' do
+          before do
+            allow_any_instance_of(GraphqlDevise::SchemaPlugin).to(
+              receive(:public_introspection).and_return(false)
+            )
+          end
+
+          it 'return an error' do
+            post_request('/api/v1/graphql')
+
+            expect(json_response[:data]).to be_nil
+            expect(json_response[:errors]).to contain_exactly(
+              hash_including(
+                message:    '__schema field requires authentication',
+                extensions: { code: 'AUTHENTICATION_ERROR' }
+              )
+            )
+          end
+        end
+      end
+    end
+
+    context 'when schema plugin is set *NOT* to authenticate by default' do
+      it 'return the schema information' do
+        post_request('/api/v1/interpreter')
+
+        expect(json_response[:data][:__schema].keys).to contain_exactly(
+          :queryType, :mutationType, :subscriptionType, :types, :directives
+        )
+      end
+    end
+  end
+end

data/spec/requests/user_controller_spec.rb

@@ -5,6 +5,14 @@ require 'rails_helper'
 RSpec.describe "Integrations with the user's controller" do
   include_context 'with graphql query request'
 
+  shared_examples 'returns a must authenticate error' do |field|
+    it 'returns a must sign in error' do
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: "#{field} field requires authentication", extensions: { code: 'AUTHENTICATION_ERROR' })
+      )
+    end
+  end
+
   let(:user) { create(:user, :confirmed) }
 
   describe 'publicField' do
@@ -31,15 +39,6 @@ RSpec.describe "Integrations with the user's controller" do
         expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
       end
     end
-
-    context 'when using the failing route' do
-      it 'raises an invalid resource_name error' do
-        expect { post_request('/api/v1/failing') }.to raise_error(
-          GraphqlDevise::Error,
-          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer, :schema_user].'
-        )
-      end
-    end
   end
 
   describe 'privateField' do
@@ -51,6 +50,22 @@ RSpec.describe "Integrations with the user's controller" do
       GRAPHQL
     end
 
+    context 'when authenticating before using the GQL schema' do
+      before { post_request('/api/v1/controller_auth') }
+
+      context 'when user is authenticated' do
+        let(:headers) { create(:schema_user).create_new_auth_token }
+
+        it 'allows authentication at the controller level' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'privateField'
+      end
+    end
+
     context 'when using a regular schema' do
       before { post_request('/api/v1/graphql') }
 
@@ -71,9 +86,14 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+        it_behaves_like 'returns a must authenticate error', 'privateField'
+      end
+
+      context 'when using the failing route' do
+        it 'raises an invalid resource_name error' do
+          expect { post_request('/api/v1/failing') }.to raise_error(
+            GraphqlDevise::Error,
+            'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer, :schema_user].'
           )
         end
       end
@@ -91,11 +111,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'privateField'
       end
     end
   end
@@ -121,11 +137,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'dummyMutation'
       end
     end
 
@@ -141,11 +153,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'dummyMutation'
       end
     end
   end
@@ -179,11 +187,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'user'
       end
     end
 
@@ -251,4 +255,61 @@ RSpec.describe "Integrations with the user's controller" do
       )
     end
   end
+
+  describe 'vipField' do
+    let(:error_message) { 'Field available only for VIP Users' }
+    let(:query) do
+      <<-GRAPHQL
+        query { vipField }
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        context 'when schema user is VIP' do
+          let(:user) { create(:user, :confirmed, vip: true) }
+
+          it 'allows to perform the query' do
+            expect(json_response[:data][:vipField]).to eq(error_message)
+          end
+        end
+
+        context 'when schema user is not VIP' do
+          it_behaves_like 'returns a must authenticate error', 'vipField'
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'vipField'
+      end
+    end
+
+    context 'when using the interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        context 'when schema user is VIP' do
+          let(:user) { create(:user, :confirmed, vip: true) }
+
+          it 'allows to perform the query' do
+            expect(json_response[:data][:vipField]).to eq(error_message)
+          end
+        end
+
+        context 'when schema user is not VIP' do
+          it_behaves_like 'returns a must authenticate error', 'vipField'
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'vipField'
+      end
+    end
+  end
 end

data/spec/services/mount_method/operation_preparer_spec.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
   describe '#call' do
     subject(:prepared_operations) do
       described_class.new(
-        mapping_name:          mapping,
+        model:                 model,
         selected_operations:   selected,
         preparer:              preparer,
         custom:                custom,
@@ -15,14 +15,14 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
     end
 
     let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
-    let(:mapping)      { :user }
+    let(:model)        { User }
     let(:preparer)     { double(:preparer, call: logout_class) }
     let(:custom)       { { login: double(:custom_login, graphql_name: nil) } }
     let(:additional)   { { user_additional: double(:user_additional) } }
     let(:selected) do
       {
-        login: { klass: double(:login_default) },
-        logout:{ klass: logout_class }
+        login:  { klass: double(:login_default) },
+        logout: { klass: logout_class }
       }
     end
 

data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPreparer do
   describe '#call' do
-    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, mapping_name: mapping_name).call }
+    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, model: model).call }
 
     let(:login_operation)  { double(:confirm_operation, graphql_name: nil) }
     let(:logout_operation) { double(:sign_up_operation, graphql_name: nil) }
-    let(:mapping_name)     { :user }
+    let(:model)            { User }
     let(:operations)       { { login: login_operation, logout: logout_operation, invalid: double(:invalid) } }
     let(:selected_keys)    { [:login, :logout, :sign_up, :confirm] }
 
@@ -22,8 +22,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPr
 
       prepared
 
-      expect(login_operation.instance_variable_get(:@resource_name)).to eq(:user)
-      expect(logout_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(login_operation.instance_variable_get(:@resource_klass)).to eq(User)
+      expect(logout_operation.instance_variable_get(:@resource_klass)).to eq(User)
     end
 
     context 'when no selected keys are provided' do