graphql_devise 0.14.1 → 0.17.0

data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb

@@ -4,19 +4,21 @@ module GraphqlDevise
   module MountMethod
     module OperationPreparers
       class CustomOperationPreparer
-        def initialize(selected_keys:, custom_operations:, mapping_name:)
+        def initialize(selected_keys:, custom_operations:, model:)
           @selected_keys     = selected_keys
           @custom_operations = custom_operations
-          @mapping_name      = mapping_name
+          @model             = model
         end
 
         def call
+          mapping_name = GraphqlDevise.to_mapping_name(@model)
+
           @custom_operations.slice(*@selected_keys).each_with_object({}) do |(action, operation), result|
-            mapped_action = "#{@mapping_name}_#{action}"
+            mapped_action = "#{mapping_name}_#{action}"
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
-              OperationPreparers::ResourceNameSetter.new(@mapping_name)
+              OperationPreparers::ResourceKlassSetter.new(@model)
             ].reduce(operation) { |prepared_operation, preparer| preparer.call(prepared_operation) }
           end
         end

data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb

@@ -4,23 +4,25 @@ module GraphqlDevise
   module MountMethod
     module OperationPreparers
       class DefaultOperationPreparer
-        def initialize(selected_operations:, custom_keys:, mapping_name:, preparer:)
+        def initialize(selected_operations:, custom_keys:, model:, preparer:)
           @selected_operations = selected_operations
           @custom_keys         = custom_keys
-          @mapping_name        = mapping_name
+          @model               = model
           @preparer            = preparer
         end
 
         def call
+          mapping_name = GraphqlDevise.to_mapping_name(@model)
+
           @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
-            mapped_action = "#{@mapping_name}_#{action}"
+            mapped_action = "#{mapping_name}_#{action}"
             operation     = operation_info[:klass]
-            options       = operation_info.except(:klass)
+            options       = operation_info.except(:klass, :deprecation_reason)
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
               @preparer,
-              OperationPreparers::ResourceNameSetter.new(@mapping_name)
+              OperationPreparers::ResourceKlassSetter.new(@model)
             ].reduce(child_class(operation)) do |prepared_operation, preparer|
               preparer.call(prepared_operation, **options)
             end

data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb}

@@ -3,13 +3,13 @@
 module GraphqlDevise
   module MountMethod
     module OperationPreparers
-      class ResourceNameSetter
-        def initialize(name)
-          @name = name
+      class ResourceKlassSetter
+        def initialize(klass)
+          @klass = klass
         end
 
         def call(operation, **)
-          operation.instance_variable_set(:@resource_name, @name)
+          operation.instance_variable_set(:@resource_klass, @klass)
 
           operation
         end

data/lib/graphql_devise/mount_method/operation_sanitizer.rb

@@ -18,13 +18,25 @@ module GraphqlDevise
       end
 
       def call
-        if @only.present?
+        operations = if @only.present?
           @default.slice(*@only)
         elsif @skipped.present?
           @default.except(*@skipped)
         else
           @default
         end
+
+        operations.each do |operation, values|
+          next if values[:deprecation_reason].blank?
+
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+              `#{operation}` is deprecated and will be removed in a future version of this gem.
+              #{values[:deprecation_reason]}
+
+              You can supress this message by skipping `#{operation}` on your ResourceLoader or the
+              mount_graphql_devise_for method on your routes file.
+          DEPRECATION
+        end
       end
     end
   end

data/lib/graphql_devise/mutations/confirm_registration_with_token.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class ConfirmRegistrationWithToken < Base
+      argument :confirmation_token, String, required: true
+
+      field :credentials,
+            GraphqlDevise::Types::CredentialType,
+            null:        true,
+            description: 'Authentication credentials. Null unless user is signed in after confirmation.'
+
+      def resolve(confirmation_token:)
+        resource = resource_class.confirm_by_token(confirmation_token)
+
+        if resource.errors.empty?
+          yield resource if block_given?
+
+          response_payload = { authenticatable: resource }
+
+          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+
+          response_payload
+        else
+          raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
+        end
+      end
+    end
+  end
+end

data/lib/graphql_devise/mutations/register.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class Register < Base
+      argument :email,                 String, required: true
+      argument :password,              String, required: true
+      argument :password_confirmation, String, required: true
+      argument :confirm_url,           String, required: false
+
+      field :credentials,
+            GraphqlDevise::Types::CredentialType,
+            null:        true,
+            description: 'Authentication credentials. Null if after signUp resource is not active for authentication (e.g. Email confirmation required).'
+
+      def resolve(confirm_url: nil, **attrs)
+        resource = build_resource(attrs.merge(provider: provider))
+        raise_user_error(I18n.t('graphql_devise.resource_build_failed')) if resource.blank?
+
+        redirect_url = confirm_url || DeviseTokenAuth.default_confirm_success_url
+        if confirmable_enabled? && redirect_url.blank?
+          raise_user_error(I18n.t('graphql_devise.registrations.missing_confirm_redirect_url'))
+        end
+
+        check_redirect_url_whitelist!(redirect_url)
+
+        resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!)
+
+        if resource.save
+          yield resource if block_given?
+
+          unless resource.confirmed?
+            resource.send_confirmation_instructions(
+              redirect_url:  redirect_url,
+              template_path: ['graphql_devise/mailer']
+            )
+          end
+
+          response_payload = { authenticatable: resource }
+
+          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+
+          response_payload
+        else
+          resource.try(:clean_up_passwords)
+          raise_user_error_list(
+            I18n.t('graphql_devise.registration_failed'),
+            errors: resource.errors.full_messages
+          )
+        end
+      end
+
+      private
+
+      def build_resource(attrs)
+        resource_class.new(attrs)
+      end
+    end
+  end
+end

data/lib/graphql_devise/mutations/resend_confirmation_with_token.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class ResendConfirmationWithToken < Base
+      argument :email,       String, required: true
+      argument :confirm_url, String, required: true
+
+      field :message, String, null: false
+
+      def resolve(email:, confirm_url:)
+        check_redirect_url_whitelist!(confirm_url)
+
+        resource = find_confirmable_resource(email)
+
+        if resource
+          yield resource if block_given?
+
+          if resource.confirmed? && !resource.pending_reconfirmation?
+            raise_user_error(I18n.t('graphql_devise.confirmations.already_confirmed'))
+          end
+
+          resource.send_confirmation_instructions(
+            redirect_url:  confirm_url,
+            template_path: ['graphql_devise/mailer']
+          )
+
+          { message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }
+        else
+          raise_user_error(I18n.t('graphql_devise.confirmations.user_not_found', email: email))
+        end
+      end
+
+      private
+
+      def find_confirmable_resource(email)
+        email_insensitive = get_case_insensitive_field(:email, email)
+        resource = find_resource(:unconfirmed_email, email_insensitive) if resource_class.reconfirmable
+        resource ||= find_resource(:email, email_insensitive)
+        resource
+      end
+    end
+  end
+end

data/lib/graphql_devise/mutations/sign_up.rb

@@ -31,7 +31,7 @@ module GraphqlDevise
 
           unless resource.confirmed?
             resource.send_confirmation_instructions(
-              redirect_url:  confirm_success_url,
+              redirect_url:  redirect_url,
               template_path: ['graphql_devise/mailer'],
               schema_url:    controller.full_url_without_params
             )

data/lib/graphql_devise/resolvers/confirm_account.rb

@@ -32,7 +32,7 @@ module GraphqlDevise
           end
 
           controller.redirect_to(redirect_to_link)
-          { authenticatable: resource }
+          resource
         else
           raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
         end

data/lib/graphql_devise/resource_loader.rb

@@ -10,12 +10,27 @@ module GraphqlDevise
     end
 
     def call(query, mutation)
-      mapping_name = @resource.to_s.underscore.tr('/', '_').to_sym
-
       # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
       clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!
 
-      return clean_options if GraphqlDevise.resource_mounted?(mapping_name) && @routing
+      model = if @resource.is_a?(String)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing a String as the model you want to mount is deprecated and will be removed in a future version of
+          this gem. Please use the actual model constant instead.
+
+          EXAMPLE
+
+          GraphqlDevise::ResourceLoader.new(User) # instead of GraphqlDevise::ResourceLoader.new('User')
+
+          mount_graphql_devise_for User # instead of mount_graphql_devise_for 'User'
+        DEPRECATION
+        @resource.constantize
+      else
+        @resource
+      end
+
+      # Necesary when mounting a resource via route file as Devise forces the reloading of routes
+      return clean_options if GraphqlDevise.resource_mounted?(model) && @routing
 
       validate_options!(clean_options)
 
@@ -23,7 +38,7 @@ module GraphqlDevise
                              "Types::#{@resource}Type".safe_constantize ||
                              GraphqlDevise::Types::AuthenticatableType
 
-      prepared_mutations = prepare_mutations(mapping_name, clean_options, authenticatable_type)
+      prepared_mutations = prepare_mutations(model, clean_options, authenticatable_type)
 
       if prepared_mutations.any? && mutation.blank?
         raise GraphqlDevise::Error, 'You need to provide a mutation type unless all mutations are skipped'
@@ -33,7 +48,7 @@ module GraphqlDevise
         mutation.field(action, mutation: prepared_mutation, authenticate: false)
       end
 
-      prepared_resolvers = prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+      prepared_resolvers = prepare_resolvers(model, clean_options, authenticatable_type)
 
       if prepared_resolvers.any? && query.blank?
         raise GraphqlDevise::Error, 'You need to provide a query type unless all queries are skipped'
@@ -43,17 +58,17 @@ module GraphqlDevise
         query.field(action, resolver: resolver, authenticate: false)
       end
 
-      GraphqlDevise.add_mapping(mapping_name, @resource)
-      GraphqlDevise.mount_resource(mapping_name) if @routing
+      GraphqlDevise.add_mapping(GraphqlDevise.to_mapping_name(@resource).to_sym, @resource)
+      GraphqlDevise.mount_resource(model) if @routing
 
       clean_options
     end
 
     private
 
-    def prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+    def prepare_resolvers(model, clean_options, authenticatable_type)
       GraphqlDevise::MountMethod::OperationPreparer.new(
-        mapping_name:          mapping_name,
+        model:                 model,
         custom:                clean_options.operations,
         additional_operations: clean_options.additional_queries,
         preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
@@ -63,9 +78,9 @@ module GraphqlDevise
       ).call
     end
 
-    def prepare_mutations(mapping_name, clean_options, authenticatable_type)
+    def prepare_mutations(model, clean_options, authenticatable_type)
       GraphqlDevise::MountMethod::OperationPreparer.new(
-        mapping_name:          mapping_name,
+        model:                 model,
         custom:                clean_options.operations,
         additional_operations: clean_options.additional_mutations,
         preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),

data/lib/graphql_devise/schema_plugin.rb

@@ -2,18 +2,20 @@
 
 module GraphqlDevise
   class SchemaPlugin
+    # NOTE: Based on GQL-Ruby docs  https://graphql-ruby.org/schema/introspection.html
+    INTROSPECTION_FIELDS = ['__schema', '__type', '__typename']
     DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::AuthenticationError, "#{field} field requires authentication" }
 
-    def initialize(query: nil, mutation: nil, authenticate_default: true, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
+    def initialize(query: nil, mutation: nil, authenticate_default: true, public_introspection: !Rails.env.production?, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
       @query                = query
       @mutation             = mutation
       @resource_loaders     = resource_loaders
       @authenticate_default = authenticate_default
+      @public_introspection = public_introspection
       @unauthenticated_proc = unauthenticated_proc
 
       # Must happen on initialize so operations are loaded before the types are added to the schema on GQL < 1.10
       load_fields
-      reconfigure_warden!
     end
 
     def use(schema_definition)
@@ -28,9 +30,23 @@ module GraphqlDevise
       auth_required = authenticate_option(field, trace_data)
       context       = context_from_data(trace_data)
 
-      if auth_required
+      if context.key?(:resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing `resource_name` as part of the GQL context, or doing so by using the `graphql_context(resource_name)`
+          method on your controller is deprecated and will be removed in a future version of this gem.
+          Please use `gql_devise_context` in you controller instead.
+
+          EXAMPLE
+          include GraphqlDevise::Concerns::SetUserByToken
+
+          DummySchema.execute(params[:query], context: gql_devise_context(User))
+          DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+        DEPRECATION
+      end
+
+      if auth_required && !(public_introspection && introspection_field?(field))
         context = set_current_resource(context)
-        raise_on_missing_resource(context, field)
+        raise_on_missing_resource(context, field, auth_required)
       end
 
       yield
@@ -38,6 +54,8 @@ module GraphqlDevise
 
     private
 
+    attr_reader :public_introspection
+
     def set_current_resource(context)
       controller     = context[:controller]
       resource_names = Array(context[:resource_name])
@@ -57,8 +75,12 @@ module GraphqlDevise
       context
     end
 
-    def raise_on_missing_resource(context, field)
+    def raise_on_missing_resource(context, field, auth_required)
       @unauthenticated_proc.call(field.name) if context[:current_resource].blank?
+
+      if auth_required.respond_to?(:call) && !auth_required.call(context[:current_resource])
+        @unauthenticated_proc.call(field.name)
+      end
     end
 
     def context_from_data(trace_data)
@@ -97,11 +119,6 @@ module GraphqlDevise
       auth_required.nil? ? @authenticate_default : auth_required
     end
 
-    def reconfigure_warden!
-      Devise.class_variable_set(:@@warden_configured, nil)
-      Devise.configure_warden!
-    end
-
     def load_fields
       @resource_loaders.each do |resource_loader|
         raise Error, 'Invalid resource loader instance' unless resource_loader.instance_of?(GraphqlDevise::ResourceLoader)
@@ -109,6 +126,10 @@ module GraphqlDevise
         resource_loader.call(@query, @mutation)
       end
     end
+
+    def introspection_field?(field)
+      INTROSPECTION_FIELDS.include?(field.name)
+    end
   end
 end
 

data/lib/graphql_devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphqlDevise
-  VERSION = '0.14.1'.freeze
+  VERSION = '0.17.0'.freeze
 end