graphql_devise 0.14.1 → 0.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf545450ef87f507744e5bf493ebc30d94c20da544307ec11657f58d2e685b37
-  data.tar.gz: 7c62c31ef018325ed51516e08a3f5774d5ebe8325340ce57edbee2df9a9e29bf
+  metadata.gz: 2a20dcb1834cc319028e86a024014875122d1b6351fed8dcd27c3a82acff8969
+  data.tar.gz: 92d6109d57ef77cced08a1a6a0a946441be37ddd14b9d27c672b6203ad260a76
 SHA512:
-  metadata.gz: 53dfe2bfde5d1e22f7d5d91f03c6336559abe2967208c2a237218d06fc65d4df2c5c3d0bf5d84f097c77fa2d39299defe6318999adddb68b05263c403a418654
-  data.tar.gz: dc0e2a550b3657fc13505db35042febdc32df9770cdfb00524fabb1fdaf09b1d43a0fc6a13ce71160e37aada85e3cef8ff611aaebb4d027efb81ec8013267eba
+  metadata.gz: f1f28dd471b8e533d1f918101790c6f95734c54050b7e80e00e2832e77a9ab51f72b5f51c1805f94aa8983c39900d8c94e7b3ad41134b9801c39ac3fde403a66
+  data.tar.gz: ac53e7a59a66bad7e34eae6587f6d31b47ecee4cf26b2fe5280bb2e10e2b3e343f3b1efc8f034aeaf17d4a9e5b73c2e77032ec3fd1d3d2f2efc7e39ce28e186a

data/.circleci/config.yml

@@ -0,0 +1,118 @@
+version: 2.1
+orbs:
+  coveralls: coveralls/coveralls@1.0.6
+
+jobs:
+  test:
+    parameters:
+      ruby-version:
+        type: string
+      gemfile:
+        type: string
+    docker:
+      - image: 'ruby:<< parameters.ruby-version >>'
+    environment:
+      BUNDLE_GEMFILE: << parameters.gemfile >>
+      BUNDLE_PATH: ../vendor/bundle
+      COVERALLS_PARALLEL: true
+      EAGER_LOAD: 'true'
+    steps:
+      - checkout
+      - restore_cache:
+          keys:
+            - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+      - run: gem install bundler -v '1.17'
+      - run:
+          name: Install dependencies
+          command: bundle install
+      - save_cache:
+          key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
+          paths:
+            - vendor/bundle
+      - run:
+          name: Run Specs
+          command:
+            bundle exec rspec
+  report-coverage:
+    docker:
+      - image: 'circleci/node:10.0.0'
+    steps:
+      - coveralls/upload:
+          parallel_finished: true
+
+workflows:
+  test-suite:
+    jobs:
+      - test:
+          matrix:
+            parameters:
+              ruby-version:
+                - '2.2'
+                - '2.3'
+                - '2.4'
+                - '2.5'
+                - '2.6'
+                - '2.7'
+                - '3.0'
+              gemfile:
+                - gemfiles/rails4.2_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.8.gemfile
+                - gemfiles/rails5.0_graphql1.9.gemfile
+                - gemfiles/rails5.1_graphql1.8.gemfile
+                - gemfiles/rails5.1_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.8.gemfile
+                - gemfiles/rails5.2_graphql1.9.gemfile
+                - gemfiles/rails5.2_graphql1.10.gemfile
+                - gemfiles/rails5.2_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.11.gemfile
+                - gemfiles/rails6.0_graphql1.12.gemfile
+                - gemfiles/rails6.1_graphql1.11.gemfile
+                - gemfiles/rails6.1_graphql1.12.gemfile
+            exclude:
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.2'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.3'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.0_graphql1.12.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.11.gemfile
+              - ruby-version: '2.4'
+                gemfile: gemfiles/rails6.1_graphql1.12.gemfile
+              - ruby-version: '2.7'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails4.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.0_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.1_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.8.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.9.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.10.gemfile
+              - ruby-version: '3.0'
+                gemfile: gemfiles/rails5.2_graphql1.11.gemfile
+      - report-coverage:
+          requires:
+            - test

data/Appraisals

@@ -110,18 +110,38 @@ appraise 'rails6.0-graphql1.12' do
   gem 'graphql', '~> 1.12.0'
 end
 
-appraise 'rails6.0-graphql_edge' do
+appraise 'rails6.1-graphql1.9' do
   gem 'sqlite3', '~> 1.4'
-  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
-  gem 'rails', github: 'rails/rails', branch: '6-0-stable'
-  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.9.0'
+end
+
+appraise 'rails6.1-graphql1.10' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.10.0'
+end
+
+appraise 'rails6.1-graphql1.11' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.11.0'
+end
+
+appraise 'rails6.1-graphql1.12' do
+  gem 'sqlite3', '~> 1.4'
+  gem 'devise', '>= 4.7'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
+  gem 'graphql', '~> 1.12.0'
 end
 
-appraise 'rails_edge-graphql_edge' do
+appraise 'rails6.1-graphql_edge' do
   gem 'sqlite3', '~> 1.4'
   gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
-  gem 'rails', github: 'rails/rails', branch: 'master'
+  gem 'rails', github: 'rails/rails', branch: '6-1-stable'
   gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
 end

data/CHANGELOG.md

@@ -1,5 +1,71 @@
 # Changelog
 
+## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
+
+**Implemented enhancements:**
+
+- Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
+- Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
+- Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
+
+**Implemented enhancements:**
+
+- Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
+
+**Implemented enhancements:**
+
+- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
+
+**Implemented enhancements:**
+
+- Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
+
+**Fixed bugs:**
+
+- ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
+
+## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
+
+**Implemented enhancements:**
+
+- Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
+
 ## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
@@ -39,7 +105,7 @@
 
 - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
 
-## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
+## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
 
@@ -63,7 +129,7 @@
 
 - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
 
-## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
+## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
 
@@ -76,7 +142,7 @@
 - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
 - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
 
-## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
+## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
 
@@ -93,7 +159,7 @@
 - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
 - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
 
-## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
+## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
 
@@ -146,7 +212,7 @@
 
 **Implemented enhancements:**
 
-- Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
+- Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
 - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
 - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
 
@@ -164,6 +230,7 @@
 
 **Implemented enhancements:**
 
+- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
 
 **Fixed bugs:**
@@ -174,7 +241,6 @@
 
 - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
 - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
-- Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
 
 **Merged pull requests:**
 

data/README.md

@@ -1,6 +1,6 @@
 # GraphqlDevise
-[![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
-[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
+[![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
+[![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
 [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
 
 GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,42 +8,47 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
 ## Table of Contents
 
 <!--ts-->
-   * [GraphqlDevise](#graphqldevise)
-      * [Table of Contents](#table-of-contents)
-      * [Introduction](#introduction)
-      * [Installation](#installation)
-         * [Running the Generator](#running-the-generator)
-            * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
-               * [Important](#important)
-            * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
-               * [Important](#important-1)
-      * [Usage](#usage)
-         * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
-         * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
-         * [Available Mount Options](#available-mount-options)
-         * [Available Operations](#available-operations)
-         * [Configuring Model](#configuring-model)
-         * [Email Reconfirmation](#email-reconfirmation)
-         * [Customizing Email Templates](#customizing-email-templates)
-         * [I18n](#i18n)
-         * [Authenticating Controller Actions](#authenticating-controller-actions)
-            * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
-            * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
-            * [Important](#important-2)
-         * [Making Requests](#making-requests)
-            * [Mutations](#mutations)
-            * [Queries](#queries)
-         * [Reset Password Flow](#reset-password-flow)
-         * [More Configuration Options](#more-configuration-options)
-            * [Devise Token Auth Initializer](#devise-token-auth-initializer)
-            * [Devise Initializer](#devise-initializer)
-         * [GraphQL Interpreter](#graphql-interpreter)
-         * [Using Alongside Standard Devise](#using-alongside-standard-devise)
-      * [Future Work](#future-work)
-      * [Contributing](#contributing)
-      * [License](#license)
-
-<!-- Added by: mcelicalderon, at: Mon Jan 25 22:48:17 -05 2021 -->
+* [GraphqlDevise](#graphqldevise)
+   * [Table of Contents](#table-of-contents)
+   * [Introduction](#introduction)
+   * [Installation](#installation)
+      * [Running the Generator](#running-the-generator)
+         * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
+            * [Important](#important)
+         * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
+            * [Important](#important-1)
+   * [Usage](#usage)
+      * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
+      * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+      * [Available Mount Options](#available-mount-options)
+      * [Available Operations](#available-operations)
+      * [Configuring Model](#configuring-model)
+      * [Email Reconfirmation](#email-reconfirmation)
+         * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
+      * [Customizing Email Templates](#customizing-email-templates)
+      * [I18n](#i18n)
+      * [Authenticating Controller Actions](#authenticating-controller-actions)
+         * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
+            * [Authentication Options](#authentication-options)
+         * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
+         * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
+            * [Authentication Options](#authentication-options-1)
+         * [Important](#important-2)
+      * [Making Requests](#making-requests)
+         * [Introspection query](#introspection-query)
+         * [Mutations](#mutations)
+         * [Queries](#queries)
+      * [Reset Password Flow](#reset-password-flow)
+      * [More Configuration Options](#more-configuration-options)
+         * [Devise Token Auth Initializer](#devise-token-auth-initializer)
+         * [Devise Initializer](#devise-initializer)
+      * [GraphQL Interpreter](#graphql-interpreter)
+      * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+   * [Future Work](#future-work)
+   * [Contributing](#contributing)
+   * [License](#license)
+
+<!-- Added by: mcelicalderon, at: Tue Jun  8 22:47:12 -05 2021 -->
 
 <!--te-->
 
@@ -99,7 +104,7 @@ Will do the following:
   - Add `devise` modules to `Admin` model
   - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
 - Add the route to `config/routes.rb`
-  - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
+  - `mount_graphql_devise_for Admin, at: 'api/auth'`
 
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
@@ -148,13 +153,13 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
 
 Rails.application.routes.draw do
   mount_graphql_devise_for(
-    'User',
+    User,
     at: 'api/v1',
     authenticatable_type: Types::MyCustomUserType,
     operations: {
       login: Mutations::Login
     },
-    skip: [:sign_up],
+    skip: [:register],
     additional_mutations: {
       # generates mutation { adminUserSignUp }
       admin_user_sign_up: Mutations::AdminUserSignUp
@@ -186,7 +191,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
     ]
   )
 
@@ -226,6 +231,12 @@ authentication unless specified otherwise using the `authenticate: true` option
 one argument (field name) and is called whenever a field that requires authentication
 is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
 raised if authentication fails. This will provide a GQL like error message on the response.
+1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
+information about what queries the schema supports. This query is very powerful and
+there may be some case in which you want to limit its usage to authenticated users.
+To accomplish this the schema plugin provides the `public_introspection` option. This option
+accepts a boolean value and by default will consider introspection queries public in all
+environments but production.
 
 ### Available Mount Options
 Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -235,10 +246,10 @@ this gem's auth operation into your schema, these are the options you can provid
 
 ```ruby
 # Using the mount method in your config/routes.rb file
-mount_graphql_devise_for('User', {})
+mount_graphql_devise_for(User, {})
 
 # Providing options to a GraphqlDevise::ResourceLoader
-GraphqlDevise::ResourceLoader.new('User', {})
+GraphqlDevise::ResourceLoader.new(User, {})
 ```
 
 1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,13 +299,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 ```ruby
 :login
 :logout
-:sign_up
-:confirm_account
-:send_password_reset
-:check_password_token
-:update_password
-:send_password_reset_with_token
+:sign_up (deprecated)
+:register
+:update_password (deprecated)
 :update_password_with_token
+:send_password_reset (deprecated)
+:send_password_reset_with_token
+:resend_confirmation (deprecated)
+:resend_confirmation_with_token
+:confirm_registration_with_token
+:confirm_account (deprecated)
+:check_password_token (deprecated)
 ```
 
 ### Configuring Model
@@ -322,6 +337,9 @@ The install generator can do this for you if you specify the `user_class` option
 See [Installation](#installation) for details.
 
 ### Email Reconfirmation
+We want reconfirmable in this gem to work separately
+from DTA's or Devise (too much complexity in the model based on callbacks).
+
 Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
 in this gem to work on model basis instead of having a global configuration like in Devise.
 **For this reason Devise's global `reconfirmable` setting is ignored.**
@@ -330,10 +348,29 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
 1. Include the `:confirmable` module.
 1. Has an `unconfirmed_email` column in the resource's table.
 
-In order to trigger the reconfirmation email in a reconfirmable resource, you simply needi
+In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
 to call a different update method on your resource,`update_with_email`.
 When the resource is not reconfirmable or the email is not updated, this method behaves exactly
 the same as ActiveRecord's `update`.
+
+`update_with_email` requires one additional attribute when email will change or an error
+will be raised:
+
+1. `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
+a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
+your client application.
+
+So, it's up to you where you require confirmation of changing emails.
+Here's a demonstration on the method usage:
+```ruby
+user.update_with_email(
+  name:             'New Name',
+  email:            'new@domain.com',
+  confirmation_url: 'https://google.com'
+)
+```
+
+#### Deprecated flow - Do Not Use
 `update_with_email` requires two additional attributes when email will change or an error
 will be raised:
 
@@ -358,9 +395,6 @@ user.update_with_email(
 )
 ```
 
- We want reconfirmable in this gem to work separately
- from DTA's or Devise (too much complexity in the model based on callbacks).
-
 ### Customizing Email Templates
 The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
 so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -378,7 +412,75 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
 ### Authenticating Controller Actions
 When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
 
-#### Authenticate Before Reaching Your GQL Schema
+#### Authenticate Resource in the Controller (>= v0.15.0)
+This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
+You simply need to pass the return value of our `gql_devise_context` method in the context of your
+GQL schema execution like this:
+
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User))
+    render json: result unless performed?
+  end
+end
+```
+`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+    render json: result unless performed?
+  end
+end
+```
+Internally in your own mutations and queries a key `current_resource` will be available in
+the context if a resource was successfully authenticated or `nil` otherwise.
+
+Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
+on who makes the request, the context value `current_resource` might contain instances of the
+different models you provided.
+
+**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
+method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
+It will also set the instance variable `@resource` in the controller.
+
+Please note that by using this mechanism your GQL schema will be in control of what queries are
+restricted to authenticated users and you can only do this at the root level fields of your GQL
+schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
+so this can work.
+
+##### Authentication Options
+Wether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
+```ruby
+module Types
+  class QueryType < Types::BaseObject
+    # user field used the default set in the Plugin's initializer
+    field :user, resolver: Resolvers::UserShow
+    # this field will never require authentication
+    field :public_field, String, null: false, authenticate: false
+    # this field requires authentication
+    field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
+  end
+end
+```
+
+#### Authenticate Before Reaching Your GQL Schema (Deprecated)
 For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
 In our example our model is `User`, so it would look like this:
 ```ruby
@@ -390,7 +492,7 @@ class MyController < ApplicationController
   before_action :authenticate_user!
 
   def my_action
-    result = DummySchema.execute(params[:query], context: current_user: current_user)
+    result = DummySchema.execute(params[:query], context: { current_resource: current_user })
     render json: result unless performed?
   end
 end
@@ -399,7 +501,7 @@ end
 The install generator can include the concern in you application controller.
 If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
 
-#### Authenticate in Your GQL Schema
+#### Authenticate in Your GQL Schema (Deprecated)
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
 [here](#mounting-operations-into-your-own-schema).
 
@@ -416,7 +518,7 @@ class MyController < ApplicationController
 end
 ```
 The `graphql_context` method receives a symbol identifying the resource you are trying
-to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
+to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
 this snippet to find the symbol for more complex scenarios
 `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
 array of resources if you mounted more than one into your schema. The gem will try to
@@ -434,7 +536,13 @@ restricted to authenticated users and you can only do this at the root level fie
 schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
 so this can work.
 
-In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+##### Authentication Options
+Wether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
 ```ruby
 module Types
   class QueryType < Types::BaseObject
@@ -444,6 +552,8 @@ module Types
     field :public_field, String, null: false, authenticate: false
     # this field requires authentication
     field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
   end
 end
 ```
@@ -454,24 +564,29 @@ Remember to check `performed?` before rendering the result of the graphql operat
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
 
+#### Introspection query
+If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
+
 #### Mutations
 
 Operation | Description | Example
 :--- | :--- | :------------------:
-login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
-logout | | userLogout: UserLogoutPayload
-signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
-updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
-resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
-sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
+logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
+signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
+register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
+resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
+resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
+sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
+updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
 
 #### Queries
 Operation | Description | Example
 :--- | :--- | :------------------:
-confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
-checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
+confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
+checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
 
 The reason for having 2 queries is that these 2 are going to be accessed when clicking on
 the confirmation and reset password email urls. There is no limitation for making mutation