graphql_devise 0.14.1 → 0.17.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +118 -0
  3. data/Appraisals +26 -6
  4. data/CHANGELOG.md +72 -6
  5. data/README.md +184 -69
  6. data/Rakefile +2 -1
  7. data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb +72 -0
  8. data/app/controllers/graphql_devise/concerns/set_user_by_token.rb +5 -27
  9. data/app/controllers/graphql_devise/graphql_controller.rb +1 -1
  10. data/app/helpers/graphql_devise/mailer_helper.rb +2 -2
  11. data/app/models/graphql_devise/concerns/additional_model_methods.rb +21 -0
  12. data/app/models/graphql_devise/concerns/model.rb +6 -9
  13. data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb +7 -1
  14. data/graphql_devise.gemspec +1 -1
  15. data/lib/generators/graphql_devise/install_generator.rb +1 -1
  16. data/lib/graphql_devise.rb +20 -6
  17. data/lib/graphql_devise/concerns/controller_methods.rb +3 -3
  18. data/lib/graphql_devise/default_operations/mutations.rb +14 -8
  19. data/lib/graphql_devise/default_operations/resolvers.rb +2 -2
  20. data/lib/graphql_devise/model/with_email_updater.rb +34 -8
  21. data/lib/graphql_devise/mount_method/operation_preparer.rb +6 -6
  22. data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb +6 -4
  23. data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +7 -5
  24. data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb} +4 -4
  25. data/lib/graphql_devise/mount_method/operation_sanitizer.rb +13 -1
  26. data/lib/graphql_devise/mutations/confirm_registration_with_token.rb +30 -0
  27. data/lib/graphql_devise/mutations/register.rb +60 -0
  28. data/lib/graphql_devise/mutations/resend_confirmation_with_token.rb +44 -0
  29. data/lib/graphql_devise/mutations/sign_up.rb +1 -1
  30. data/lib/graphql_devise/resolvers/confirm_account.rb +1 -1
  31. data/lib/graphql_devise/resource_loader.rb +26 -11
  32. data/lib/graphql_devise/schema_plugin.rb +31 -10
  33. data/lib/graphql_devise/version.rb +1 -1
  34. data/spec/dummy/app/controllers/api/v1/graphql_controller.rb +13 -2
  35. data/spec/dummy/app/graphql/dummy_schema.rb +8 -6
  36. data/spec/dummy/app/graphql/mutations/register.rb +14 -0
  37. data/spec/dummy/app/graphql/types/query_type.rb +5 -0
  38. data/spec/dummy/config/routes.rb +7 -5
  39. data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb +0 -1
  40. data/spec/dummy/db/migrate/20210516211417_add_vip_to_users.rb +5 -0
  41. data/spec/dummy/db/schema.rb +4 -4
  42. data/spec/generators/graphql_devise/install_generator_spec.rb +1 -1
  43. data/spec/graphql/user_queries_spec.rb +3 -1
  44. data/spec/graphql_devise/model/with_email_updater_spec.rb +97 -68
  45. data/spec/requests/graphql_controller_spec.rb +12 -11
  46. data/spec/requests/mutations/confirm_registration_with_token_spec.rb +117 -0
  47. data/spec/requests/mutations/register_spec.rb +166 -0
  48. data/spec/requests/mutations/resend_confirmation_with_token_spec.rb +137 -0
  49. data/spec/requests/queries/introspection_query_spec.rb +149 -0
  50. data/spec/requests/user_controller_spec.rb +86 -25
  51. data/spec/services/mount_method/operation_preparer_spec.rb +5 -5
  52. data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb +5 -5
  53. data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +5 -5
  54. data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb} +6 -6
  55. data/spec/services/mount_method/operation_sanitizer_spec.rb +3 -3
  56. data/spec/services/resource_loader_spec.rb +5 -5
  57. data/spec/support/contexts/graphql_request.rb +11 -3
  58. metadata +29 -12
  59. data/.travis.yml +0 -86
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bf545450ef87f507744e5bf493ebc30d94c20da544307ec11657f58d2e685b37
4
- data.tar.gz: 7c62c31ef018325ed51516e08a3f5774d5ebe8325340ce57edbee2df9a9e29bf
3
+ metadata.gz: 2a20dcb1834cc319028e86a024014875122d1b6351fed8dcd27c3a82acff8969
4
+ data.tar.gz: 92d6109d57ef77cced08a1a6a0a946441be37ddd14b9d27c672b6203ad260a76
5
5
  SHA512:
6
- metadata.gz: 53dfe2bfde5d1e22f7d5d91f03c6336559abe2967208c2a237218d06fc65d4df2c5c3d0bf5d84f097c77fa2d39299defe6318999adddb68b05263c403a418654
7
- data.tar.gz: dc0e2a550b3657fc13505db35042febdc32df9770cdfb00524fabb1fdaf09b1d43a0fc6a13ce71160e37aada85e3cef8ff611aaebb4d027efb81ec8013267eba
6
+ metadata.gz: f1f28dd471b8e533d1f918101790c6f95734c54050b7e80e00e2832e77a9ab51f72b5f51c1805f94aa8983c39900d8c94e7b3ad41134b9801c39ac3fde403a66
7
+ data.tar.gz: ac53e7a59a66bad7e34eae6587f6d31b47ecee4cf26b2fe5280bb2e10e2b3e343f3b1efc8f034aeaf17d4a9e5b73c2e77032ec3fd1d3d2f2efc7e39ce28e186a
@@ -0,0 +1,118 @@
1
+ version: 2.1
2
+ orbs:
3
+ coveralls: coveralls/coveralls@1.0.6
4
+
5
+ jobs:
6
+ test:
7
+ parameters:
8
+ ruby-version:
9
+ type: string
10
+ gemfile:
11
+ type: string
12
+ docker:
13
+ - image: 'ruby:<< parameters.ruby-version >>'
14
+ environment:
15
+ BUNDLE_GEMFILE: << parameters.gemfile >>
16
+ BUNDLE_PATH: ../vendor/bundle
17
+ COVERALLS_PARALLEL: true
18
+ EAGER_LOAD: 'true'
19
+ steps:
20
+ - checkout
21
+ - restore_cache:
22
+ keys:
23
+ - v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
24
+ - run: gem install bundler -v '1.17'
25
+ - run:
26
+ name: Install dependencies
27
+ command: bundle install
28
+ - save_cache:
29
+ key: v1.0-<< parameters.gemfile >>-<< parameters.ruby-version >>
30
+ paths:
31
+ - vendor/bundle
32
+ - run:
33
+ name: Run Specs
34
+ command:
35
+ bundle exec rspec
36
+ report-coverage:
37
+ docker:
38
+ - image: 'circleci/node:10.0.0'
39
+ steps:
40
+ - coveralls/upload:
41
+ parallel_finished: true
42
+
43
+ workflows:
44
+ test-suite:
45
+ jobs:
46
+ - test:
47
+ matrix:
48
+ parameters:
49
+ ruby-version:
50
+ - '2.2'
51
+ - '2.3'
52
+ - '2.4'
53
+ - '2.5'
54
+ - '2.6'
55
+ - '2.7'
56
+ - '3.0'
57
+ gemfile:
58
+ - gemfiles/rails4.2_graphql1.8.gemfile
59
+ - gemfiles/rails5.0_graphql1.8.gemfile
60
+ - gemfiles/rails5.0_graphql1.9.gemfile
61
+ - gemfiles/rails5.1_graphql1.8.gemfile
62
+ - gemfiles/rails5.1_graphql1.9.gemfile
63
+ - gemfiles/rails5.2_graphql1.8.gemfile
64
+ - gemfiles/rails5.2_graphql1.9.gemfile
65
+ - gemfiles/rails5.2_graphql1.10.gemfile
66
+ - gemfiles/rails5.2_graphql1.11.gemfile
67
+ - gemfiles/rails6.0_graphql1.11.gemfile
68
+ - gemfiles/rails6.0_graphql1.12.gemfile
69
+ - gemfiles/rails6.1_graphql1.11.gemfile
70
+ - gemfiles/rails6.1_graphql1.12.gemfile
71
+ exclude:
72
+ - ruby-version: '2.2'
73
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
74
+ - ruby-version: '2.2'
75
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
76
+ - ruby-version: '2.2'
77
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
78
+ - ruby-version: '2.2'
79
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
80
+ - ruby-version: '2.3'
81
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
82
+ - ruby-version: '2.3'
83
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
84
+ - ruby-version: '2.3'
85
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
86
+ - ruby-version: '2.3'
87
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
88
+ - ruby-version: '2.4'
89
+ gemfile: gemfiles/rails6.0_graphql1.11.gemfile
90
+ - ruby-version: '2.4'
91
+ gemfile: gemfiles/rails6.0_graphql1.12.gemfile
92
+ - ruby-version: '2.4'
93
+ gemfile: gemfiles/rails6.1_graphql1.11.gemfile
94
+ - ruby-version: '2.4'
95
+ gemfile: gemfiles/rails6.1_graphql1.12.gemfile
96
+ - ruby-version: '2.7'
97
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
98
+ - ruby-version: '3.0'
99
+ gemfile: gemfiles/rails4.2_graphql1.8.gemfile
100
+ - ruby-version: '3.0'
101
+ gemfile: gemfiles/rails5.0_graphql1.8.gemfile
102
+ - ruby-version: '3.0'
103
+ gemfile: gemfiles/rails5.0_graphql1.9.gemfile
104
+ - ruby-version: '3.0'
105
+ gemfile: gemfiles/rails5.1_graphql1.8.gemfile
106
+ - ruby-version: '3.0'
107
+ gemfile: gemfiles/rails5.1_graphql1.9.gemfile
108
+ - ruby-version: '3.0'
109
+ gemfile: gemfiles/rails5.2_graphql1.8.gemfile
110
+ - ruby-version: '3.0'
111
+ gemfile: gemfiles/rails5.2_graphql1.9.gemfile
112
+ - ruby-version: '3.0'
113
+ gemfile: gemfiles/rails5.2_graphql1.10.gemfile
114
+ - ruby-version: '3.0'
115
+ gemfile: gemfiles/rails5.2_graphql1.11.gemfile
116
+ - report-coverage:
117
+ requires:
118
+ - test
data/Appraisals CHANGED
@@ -110,18 +110,38 @@ appraise 'rails6.0-graphql1.12' do
110
110
  gem 'graphql', '~> 1.12.0'
111
111
  end
112
112
 
113
- appraise 'rails6.0-graphql_edge' do
113
+ appraise 'rails6.1-graphql1.9' do
114
114
  gem 'sqlite3', '~> 1.4'
115
- gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
116
115
  gem 'devise', '>= 4.7'
117
- gem 'rails', github: 'rails/rails', branch: '6-0-stable'
118
- gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
116
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
117
+ gem 'graphql', '~> 1.9.0'
118
+ end
119
+
120
+ appraise 'rails6.1-graphql1.10' do
121
+ gem 'sqlite3', '~> 1.4'
122
+ gem 'devise', '>= 4.7'
123
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
124
+ gem 'graphql', '~> 1.10.0'
125
+ end
126
+
127
+ appraise 'rails6.1-graphql1.11' do
128
+ gem 'sqlite3', '~> 1.4'
129
+ gem 'devise', '>= 4.7'
130
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
131
+ gem 'graphql', '~> 1.11.0'
132
+ end
133
+
134
+ appraise 'rails6.1-graphql1.12' do
135
+ gem 'sqlite3', '~> 1.4'
136
+ gem 'devise', '>= 4.7'
137
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
138
+ gem 'graphql', '~> 1.12.0'
119
139
  end
120
140
 
121
- appraise 'rails_edge-graphql_edge' do
141
+ appraise 'rails6.1-graphql_edge' do
122
142
  gem 'sqlite3', '~> 1.4'
123
143
  gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
124
144
  gem 'devise', '>= 4.7'
125
- gem 'rails', github: 'rails/rails', branch: 'master'
145
+ gem 'rails', github: 'rails/rails', branch: '6-1-stable'
126
146
  gem 'graphql', github: 'rmosolgo/graphql-ruby', branch: 'master'
127
147
  end
data/CHANGELOG.md CHANGED
@@ -1,5 +1,71 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
10
+ - Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
11
+ - Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
12
+
13
+ **Deprecated:**
14
+
15
+ - Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
16
+
17
+ **Merged pull requests:**
18
+
19
+ - Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
20
+
21
+ ## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
22
+
23
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
24
+
25
+ **Implemented enhancements:**
26
+
27
+ - Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
28
+
29
+ **Merged pull requests:**
30
+
31
+ - Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
32
+
33
+ ## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
34
+
35
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
36
+
37
+ **Implemented enhancements:**
38
+
39
+ - Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
40
+
41
+ **Deprecated:**
42
+
43
+ - Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
44
+
45
+ **Merged pull requests:**
46
+
47
+ - Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
48
+
49
+ ## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
50
+
51
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)
52
+
53
+ **Implemented enhancements:**
54
+
55
+ - Add Support for Ruby 3 [\#170](https://github.com/graphql-devise/graphql_devise/pull/170) ([00dav00](https://github.com/00dav00))
56
+
57
+ **Fixed bugs:**
58
+
59
+ - ArgumentError \(wrong number of arguments \(given 2, expected 0..1\)\) [\#169](https://github.com/graphql-devise/graphql_devise/issues/169)
60
+
61
+ ## [v0.14.2](https://github.com/graphql-devise/graphql_devise/tree/v0.14.2) (2021-03-08)
62
+
63
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.1...v0.14.2)
64
+
65
+ **Implemented enhancements:**
66
+
67
+ - Add config for public introspection query on schema plugin [\#154](https://github.com/graphql-devise/graphql_devise/pull/154) ([00dav00](https://github.com/00dav00))
68
+
3
69
  ## [v0.14.1](https://github.com/graphql-devise/graphql_devise/tree/v0.14.1) (2021-02-11)
4
70
 
5
71
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.0...v0.14.1)
@@ -39,7 +105,7 @@
39
105
 
40
106
  - Fixes connection\_config deprecation warning [\#135](https://github.com/graphql-devise/graphql_devise/pull/135) ([artplan1](https://github.com/artplan1))
41
107
 
42
- ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-15)
108
+ ## [v0.13.4](https://github.com/graphql-devise/graphql_devise/tree/v0.13.4) (2020-08-16)
43
109
 
44
110
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.3...v0.13.4)
45
111
 
@@ -63,7 +129,7 @@
63
129
 
64
130
  - Save resource after generating credentials in resource confirmation [\#125](https://github.com/graphql-devise/graphql_devise/pull/125) ([mcelicalderon](https://github.com/mcelicalderon))
65
131
 
66
- ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-29)
132
+ ## [v0.13.1](https://github.com/graphql-devise/graphql_devise/tree/v0.13.1) (2020-07-30)
67
133
 
68
134
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.13.0...v0.13.1)
69
135
 
@@ -76,7 +142,7 @@
76
142
  - Checking for `performed?` when mounting into your graphql schema. [\#110](https://github.com/graphql-devise/graphql_devise/issues/110)
77
143
  - no query string for email reset [\#104](https://github.com/graphql-devise/graphql_devise/issues/104)
78
144
 
79
- ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-22)
145
+ ## [v0.13.0](https://github.com/graphql-devise/graphql_devise/tree/v0.13.0) (2020-06-23)
80
146
 
81
147
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.3...v0.13.0)
82
148
 
@@ -93,7 +159,7 @@
93
159
  - CookieOverflow for Own Schema Mount [\#112](https://github.com/graphql-devise/graphql_devise/issues/112)
94
160
  - Reconfirmable not setting unconfirmed\_email [\#102](https://github.com/graphql-devise/graphql_devise/issues/102)
95
161
 
96
- ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-19)
162
+ ## [v0.12.3](https://github.com/graphql-devise/graphql_devise/tree/v0.12.3) (2020-06-20)
97
163
 
98
164
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.2...v0.12.3)
99
165
 
@@ -146,7 +212,7 @@
146
212
 
147
213
  **Implemented enhancements:**
148
214
 
149
- - Default `change\_headers\_on\_each\_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
215
+ - Default `change_headers_on_each_request` to false [\#76](https://github.com/graphql-devise/graphql_devise/issues/76)
150
216
  - Replace the auth model concern on generator execution [\#53](https://github.com/graphql-devise/graphql_devise/issues/53)
151
217
  - Generator. Use our modules, change defaults [\#91](https://github.com/graphql-devise/graphql_devise/pull/91) ([mcelicalderon](https://github.com/mcelicalderon))
152
218
 
@@ -164,6 +230,7 @@
164
230
 
165
231
  **Implemented enhancements:**
166
232
 
233
+ - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
167
234
  - Honor Devise's case insensitive fields [\#81](https://github.com/graphql-devise/graphql_devise/pull/81) ([mcelicalderon](https://github.com/mcelicalderon))
168
235
 
169
236
  **Fixed bugs:**
@@ -174,7 +241,6 @@
174
241
 
175
242
  - Get the Mutations going [\#83](https://github.com/graphql-devise/graphql_devise/issues/83)
176
243
  - Improve docs. Better reference to Devise and DTA. [\#75](https://github.com/graphql-devise/graphql_devise/issues/75)
177
- - Add case insensitive fields to sign\_up and login [\#66](https://github.com/graphql-devise/graphql_devise/issues/66)
178
244
 
179
245
  **Merged pull requests:**
180
246
 
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # GraphqlDevise
2
- [![Build Status](https://travis-ci.com/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.com/graphql-devise/graphql_devise)
3
- [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg?branch=master)](https://coveralls.io/github/graphql-devise/graphql_devise?branch=master)
2
+ [![Build Status](https://circleci.com/gh/graphql-devise/graphql_devise.svg?style=svg)](https://app.circleci.com/pipelines/github/graphql-devise/graphql_devise)
3
+ [![Coverage Status](https://coveralls.io/repos/github/graphql-devise/graphql_devise/badge.svg)](https://coveralls.io/github/graphql-devise/graphql_devise)
4
4
  [![Gem Version](https://badge.fury.io/rb/graphql_devise.svg)](https://badge.fury.io/rb/graphql_devise)
5
5
 
6
6
  GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylanhurley/devise_token_auth) (DTA) gem.
@@ -8,42 +8,47 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
8
8
  ## Table of Contents
9
9
 
10
10
  <!--ts-->
11
- * [GraphqlDevise](#graphqldevise)
12
- * [Table of Contents](#table-of-contents)
13
- * [Introduction](#introduction)
14
- * [Installation](#installation)
15
- * [Running the Generator](#running-the-generator)
16
- * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
- * [Important](#important)
18
- * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
- * [Important](#important-1)
20
- * [Usage](#usage)
21
- * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
- * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
- * [Available Mount Options](#available-mount-options)
24
- * [Available Operations](#available-operations)
25
- * [Configuring Model](#configuring-model)
26
- * [Email Reconfirmation](#email-reconfirmation)
27
- * [Customizing Email Templates](#customizing-email-templates)
28
- * [I18n](#i18n)
29
- * [Authenticating Controller Actions](#authenticating-controller-actions)
30
- * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
31
- * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
32
- * [Important](#important-2)
33
- * [Making Requests](#making-requests)
34
- * [Mutations](#mutations)
35
- * [Queries](#queries)
36
- * [Reset Password Flow](#reset-password-flow)
37
- * [More Configuration Options](#more-configuration-options)
38
- * [Devise Token Auth Initializer](#devise-token-auth-initializer)
39
- * [Devise Initializer](#devise-initializer)
40
- * [GraphQL Interpreter](#graphql-interpreter)
41
- * [Using Alongside Standard Devise](#using-alongside-standard-devise)
42
- * [Future Work](#future-work)
43
- * [Contributing](#contributing)
44
- * [License](#license)
45
-
46
- <!-- Added by: mcelicalderon, at: Mon Jan 25 22:48:17 -05 2021 -->
11
+ * [GraphqlDevise](#graphqldevise)
12
+ * [Table of Contents](#table-of-contents)
13
+ * [Introduction](#introduction)
14
+ * [Installation](#installation)
15
+ * [Running the Generator](#running-the-generator)
16
+ * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
17
+ * [Important](#important)
18
+ * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
19
+ * [Important](#important-1)
20
+ * [Usage](#usage)
21
+ * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
22
+ * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
23
+ * [Available Mount Options](#available-mount-options)
24
+ * [Available Operations](#available-operations)
25
+ * [Configuring Model](#configuring-model)
26
+ * [Email Reconfirmation](#email-reconfirmation)
27
+ * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
28
+ * [Customizing Email Templates](#customizing-email-templates)
29
+ * [I18n](#i18n)
30
+ * [Authenticating Controller Actions](#authenticating-controller-actions)
31
+ * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
32
+ * [Authentication Options](#authentication-options)
33
+ * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
34
+ * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
35
+ * [Authentication Options](#authentication-options-1)
36
+ * [Important](#important-2)
37
+ * [Making Requests](#making-requests)
38
+ * [Introspection query](#introspection-query)
39
+ * [Mutations](#mutations)
40
+ * [Queries](#queries)
41
+ * [Reset Password Flow](#reset-password-flow)
42
+ * [More Configuration Options](#more-configuration-options)
43
+ * [Devise Token Auth Initializer](#devise-token-auth-initializer)
44
+ * [Devise Initializer](#devise-initializer)
45
+ * [GraphQL Interpreter](#graphql-interpreter)
46
+ * [Using Alongside Standard Devise](#using-alongside-standard-devise)
47
+ * [Future Work](#future-work)
48
+ * [Contributing](#contributing)
49
+ * [License](#license)
50
+
51
+ <!-- Added by: mcelicalderon, at: Tue Jun 8 22:47:12 -05 2021 -->
47
52
 
48
53
  <!--te-->
49
54
 
@@ -99,7 +104,7 @@ Will do the following:
99
104
  - Add `devise` modules to `Admin` model
100
105
  - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
101
106
  - Add the route to `config/routes.rb`
102
- - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
107
+ - `mount_graphql_devise_for Admin, at: 'api/auth'`
103
108
 
104
109
  `Admin` could be any model name you are going to be using for authentication,
105
110
  and `api/auth` could be any mount path you would like to use for auth.
@@ -148,13 +153,13 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
148
153
 
149
154
  Rails.application.routes.draw do
150
155
  mount_graphql_devise_for(
151
- 'User',
156
+ User,
152
157
  at: 'api/v1',
153
158
  authenticatable_type: Types::MyCustomUserType,
154
159
  operations: {
155
160
  login: Mutations::Login
156
161
  },
157
- skip: [:sign_up],
162
+ skip: [:register],
158
163
  additional_mutations: {
159
164
  # generates mutation { adminUserSignUp }
160
165
  admin_user_sign_up: Mutations::AdminUserSignUp
@@ -186,7 +191,7 @@ class DummySchema < GraphQL::Schema
186
191
  query: Types::QueryType,
187
192
  mutation: Types::MutationType,
188
193
  resource_loaders: [
189
- GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
194
+ GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
190
195
  ]
191
196
  )
192
197
 
@@ -226,6 +231,12 @@ authentication unless specified otherwise using the `authenticate: true` option
226
231
  one argument (field name) and is called whenever a field that requires authentication
227
232
  is called without an authenticated resource. By default a `GraphQL::ExecutionError` will be
228
233
  raised if authentication fails. This will provide a GQL like error message on the response.
234
+ 1. `public_introspection`: The [introspection query](https://graphql.org/learn/introspection/) is a very useful GQL resource that provides
235
+ information about what queries the schema supports. This query is very powerful and
236
+ there may be some case in which you want to limit its usage to authenticated users.
237
+ To accomplish this the schema plugin provides the `public_introspection` option. This option
238
+ accepts a boolean value and by default will consider introspection queries public in all
239
+ environments but production.
229
240
 
230
241
  ### Available Mount Options
231
242
  Both the `mount_graphql_devise_for` method and the `GraphqlDevise::ResourceLoader` class
@@ -235,10 +246,10 @@ this gem's auth operation into your schema, these are the options you can provid
235
246
 
236
247
  ```ruby
237
248
  # Using the mount method in your config/routes.rb file
238
- mount_graphql_devise_for('User', {})
249
+ mount_graphql_devise_for(User, {})
239
250
 
240
251
  # Providing options to a GraphqlDevise::ResourceLoader
241
- GraphqlDevise::ResourceLoader.new('User', {})
252
+ GraphqlDevise::ResourceLoader.new(User, {})
242
253
  ```
243
254
 
244
255
  1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -288,13 +299,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
288
299
  ```ruby
289
300
  :login
290
301
  :logout
291
- :sign_up
292
- :confirm_account
293
- :send_password_reset
294
- :check_password_token
295
- :update_password
296
- :send_password_reset_with_token
302
+ :sign_up (deprecated)
303
+ :register
304
+ :update_password (deprecated)
297
305
  :update_password_with_token
306
+ :send_password_reset (deprecated)
307
+ :send_password_reset_with_token
308
+ :resend_confirmation (deprecated)
309
+ :resend_confirmation_with_token
310
+ :confirm_registration_with_token
311
+ :confirm_account (deprecated)
312
+ :check_password_token (deprecated)
298
313
  ```
299
314
 
300
315
  ### Configuring Model
@@ -322,6 +337,9 @@ The install generator can do this for you if you specify the `user_class` option
322
337
  See [Installation](#installation) for details.
323
338
 
324
339
  ### Email Reconfirmation
340
+ We want reconfirmable in this gem to work separately
341
+ from DTA's or Devise (too much complexity in the model based on callbacks).
342
+
325
343
  Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
326
344
  in this gem to work on model basis instead of having a global configuration like in Devise.
327
345
  **For this reason Devise's global `reconfirmable` setting is ignored.**
@@ -330,10 +348,29 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
330
348
  1. Include the `:confirmable` module.
331
349
  1. Has an `unconfirmed_email` column in the resource's table.
332
350
 
333
- In order to trigger the reconfirmation email in a reconfirmable resource, you simply needi
351
+ In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
334
352
  to call a different update method on your resource,`update_with_email`.
335
353
  When the resource is not reconfirmable or the email is not updated, this method behaves exactly
336
354
  the same as ActiveRecord's `update`.
355
+
356
+ `update_with_email` requires one additional attribute when email will change or an error
357
+ will be raised:
358
+
359
+ 1. `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
360
+ a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
361
+ your client application.
362
+
363
+ So, it's up to you where you require confirmation of changing emails.
364
+ Here's a demonstration on the method usage:
365
+ ```ruby
366
+ user.update_with_email(
367
+ name: 'New Name',
368
+ email: 'new@domain.com',
369
+ confirmation_url: 'https://google.com'
370
+ )
371
+ ```
372
+
373
+ #### Deprecated flow - Do Not Use
337
374
  `update_with_email` requires two additional attributes when email will change or an error
338
375
  will be raised:
339
376
 
@@ -358,9 +395,6 @@ user.update_with_email(
358
395
  )
359
396
  ```
360
397
 
361
- We want reconfirmable in this gem to work separately
362
- from DTA's or Devise (too much complexity in the model based on callbacks).
363
-
364
398
  ### Customizing Email Templates
365
399
  The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
366
400
  so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -378,7 +412,75 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
378
412
  ### Authenticating Controller Actions
379
413
  When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
380
414
 
381
- #### Authenticate Before Reaching Your GQL Schema
415
+ #### Authenticate Resource in the Controller (>= v0.15.0)
416
+ This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
417
+ You simply need to pass the return value of our `gql_devise_context` method in the context of your
418
+ GQL schema execution like this:
419
+
420
+ ```ruby
421
+ # app/controllers/my_controller.rb
422
+
423
+ class MyController < ApplicationController
424
+ include GraphqlDevise::Concerns::SetUserByToken
425
+
426
+ def my_action
427
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User))
428
+ render json: result unless performed?
429
+ end
430
+ end
431
+ ```
432
+ `gql_devise_context` receives as many models as you need to authenticate in the request, like this:
433
+ ```ruby
434
+ # app/controllers/my_controller.rb
435
+
436
+ class MyController < ApplicationController
437
+ include GraphqlDevise::Concerns::SetUserByToken
438
+
439
+ def my_action
440
+ result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
441
+ render json: result unless performed?
442
+ end
443
+ end
444
+ ```
445
+ Internally in your own mutations and queries a key `current_resource` will be available in
446
+ the context if a resource was successfully authenticated or `nil` otherwise.
447
+
448
+ Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
449
+ on who makes the request, the context value `current_resource` might contain instances of the
450
+ different models you provided.
451
+
452
+ **Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
453
+ method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
454
+ It will also set the instance variable `@resource` in the controller.
455
+
456
+ Please note that by using this mechanism your GQL schema will be in control of what queries are
457
+ restricted to authenticated users and you can only do this at the root level fields of your GQL
458
+ schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
459
+ so this can work.
460
+
461
+ ##### Authentication Options
462
+ Wether you setup authentications as a default in the plugin, or you do it at the field level,
463
+ these are the options you can use:
464
+ 1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
465
+ 1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
466
+
467
+ In your main app's schema this is how you might specify if a field needs to be authenticated or not:
468
+ ```ruby
469
+ module Types
470
+ class QueryType < Types::BaseObject
471
+ # user field used the default set in the Plugin's initializer
472
+ field :user, resolver: Resolvers::UserShow
473
+ # this field will never require authentication
474
+ field :public_field, String, null: false, authenticate: false
475
+ # this field requires authentication
476
+ field :private_field, String, null: false, authenticate: true
477
+ # this field requires authenticated users to also be admins
478
+ field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
479
+ end
480
+ end
481
+ ```
482
+
483
+ #### Authenticate Before Reaching Your GQL Schema (Deprecated)
382
484
  For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
383
485
  In our example our model is `User`, so it would look like this:
384
486
  ```ruby
@@ -390,7 +492,7 @@ class MyController < ApplicationController
390
492
  before_action :authenticate_user!
391
493
 
392
494
  def my_action
393
- result = DummySchema.execute(params[:query], context: current_user: current_user)
495
+ result = DummySchema.execute(params[:query], context: { current_resource: current_user })
394
496
  render json: result unless performed?
395
497
  end
396
498
  end
@@ -399,7 +501,7 @@ end
399
501
  The install generator can include the concern in you application controller.
400
502
  If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
401
503
 
402
- #### Authenticate in Your GQL Schema
504
+ #### Authenticate in Your GQL Schema (Deprecated)
403
505
  For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
404
506
  [here](#mounting-operations-into-your-own-schema).
405
507
 
@@ -416,7 +518,7 @@ class MyController < ApplicationController
416
518
  end
417
519
  ```
418
520
  The `graphql_context` method receives a symbol identifying the resource you are trying
419
- to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
521
+ to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
420
522
  this snippet to find the symbol for more complex scenarios
421
523
  `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
422
524
  array of resources if you mounted more than one into your schema. The gem will try to
@@ -434,7 +536,13 @@ restricted to authenticated users and you can only do this at the root level fie
434
536
  schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
435
537
  so this can work.
436
538
 
437
- In you main app's schema this is how you might specify if a field needs to be authenticated or not:
539
+ ##### Authentication Options
540
+ Wether you setup authentications as a default in the plugin, or you do it at the field level,
541
+ these are the options you can use:
542
+ 1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
543
+ 1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
544
+
545
+ In your main app's schema this is how you might specify if a field needs to be authenticated or not:
438
546
  ```ruby
439
547
  module Types
440
548
  class QueryType < Types::BaseObject
@@ -444,6 +552,8 @@ module Types
444
552
  field :public_field, String, null: false, authenticate: false
445
553
  # this field requires authentication
446
554
  field :private_field, String, null: false, authenticate: true
555
+ # this field requires authenticated users to also be admins
556
+ field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
447
557
  end
448
558
  end
449
559
  ```
@@ -454,24 +564,29 @@ Remember to check `performed?` before rendering the result of the graphql operat
454
564
  ### Making Requests
455
565
  Here is a list of the available mutations and queries assuming your mounted model is `User`.
456
566
 
567
+ #### Introspection query
568
+ If you are using the schema plugin, you can require authentication before doing an introspection query by modifying the `public_introspection` option of the plugin. Check the [plugin config section](#mounting-operations-into-your-own-schema) for more information.
569
+
457
570
  #### Mutations
458
571
 
459
572
  Operation | Description | Example
460
573
  :--- | :--- | :------------------:
461
- login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
462
- logout | | userLogout: UserLogoutPayload
463
- signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
464
- sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
465
- updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
466
- resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
467
- sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
468
- updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
574
+ login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
575
+ logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
576
+ signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
577
+ register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
578
+ sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
579
+ updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
580
+ resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
581
+ resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
582
+ sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
583
+ updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
469
584
 
470
585
  #### Queries
471
586
  Operation | Description | Example
472
587
  :--- | :--- | :------------------:
473
- confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
474
- checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
588
+ confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
589
+ checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
475
590
 
476
591
  The reason for having 2 queries is that these 2 are going to be accessed when clicking on
477
592
  the confirmation and reset password email urls. There is no limitation for making mutation