graphql_devise 0.14.1 → 0.17.0

data/spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -6,19 +6,30 @@ module Api
       include GraphqlDevise::Concerns::SetUserByToken
 
       def graphql
-        result = DummySchema.execute(params[:query], execute_params(params))
+        result = DummySchema.execute(params[:query], **execute_params(params))
 
         render json: result unless performed?
       end
 
       def interpreter
-        render json: InterpreterSchema.execute(params[:query], execute_params(params))
+        render json: InterpreterSchema.execute(params[:query], **execute_params(params))
       end
 
       def failing_resource_name
         render json: DummySchema.execute(params[:query], context: graphql_context([:user, :fail]))
       end
 
+      def controller_auth
+        result = DummySchema.execute(
+          params[:query],
+          operation_name: params[:operationName],
+          variables:      ensure_hash(params[:variables]),
+          context:        gql_devise_context(SchemaUser, User)
+        )
+
+        render json: result unless performed?
+      end
+
       private
 
       def execute_params(item)

data/spec/dummy/app/graphql/dummy_schema.rb

@@ -2,21 +2,23 @@
 
 class DummySchema < GraphQL::Schema
   use GraphqlDevise::SchemaPlugin.new(
-    query:            Types::QueryType,
-    mutation:         Types::MutationType,
-    resource_loaders: [
+    query:                Types::QueryType,
+    mutation:             Types::MutationType,
+    public_introspection: true,
+    resource_loaders:     [
       GraphqlDevise::ResourceLoader.new(
-        'User',
+        User,
         only: [
           :login,
           :confirm_account,
           :send_password_reset,
           :resend_confirmation,
+          :resend_confirmation_with_token,
           :check_password_token
         ]
       ),
-      GraphqlDevise::ResourceLoader.new('Guest', only: [:logout]),
-      GraphqlDevise::ResourceLoader.new('SchemaUser')
+      GraphqlDevise::ResourceLoader.new(Guest, only: [:logout]),
+      GraphqlDevise::ResourceLoader.new(SchemaUser)
     ]
   )
 

data/spec/dummy/app/graphql/mutations/register.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Mutations
+  class Register < GraphqlDevise::Mutations::Register
+    argument :name, String, required: false
+
+    field :user, Types::UserType, null: true
+
+    def resolve(email:, **attrs)
+      original_payload = super
+      original_payload.merge(user: original_payload[:authenticatable])
+    end
+  end
+end

data/spec/dummy/app/graphql/types/query_type.rb

@@ -5,6 +5,7 @@ module Types
     field :user, resolver: Resolvers::UserShow
     field :public_field, String, null: false, authenticate: false
     field :private_field, String, null: false, authenticate: true
+    field :vip_field, String, null: false, authenticate: ->(user) { user.is_a?(User) && user.vip? }
 
     def public_field
       'Field does not require authentication'
@@ -13,5 +14,9 @@ module Types
     def private_field
       'Field will always require authentication'
     end
+
+    def vip_field
+      'Field available only for VIP Users'
+    end
   end
 end

data/spec/dummy/config/routes.rb

@@ -2,8 +2,9 @@
 
 Rails.application.routes.draw do
   mount_graphql_devise_for 'User', at: '/api/v1/graphql_auth', operations: {
-    login:   Mutations::Login,
-    sign_up: Mutations::SignUp
+    login:    Mutations::Login,
+    sign_up:  Mutations::SignUp,
+    register: Mutations::Register
   }, additional_mutations: {
     register_confirmed_user: Mutations::RegisterConfirmedUser
   }, additional_queries: {
@@ -11,9 +12,9 @@ Rails.application.routes.draw do
   }
 
   mount_graphql_devise_for(
-    'Admin',
+    Admin,
     authenticatable_type: Types::CustomAdminType,
-    skip:                 [:sign_up, :check_password_token],
+    skip:                 [:sign_up, :register, :check_password_token],
     operations:           {
       confirm_account:            Resolvers::ConfirmAdminAccount,
       update_password_with_token: Mutations::ResetAdminPasswordWithToken
@@ -23,7 +24,7 @@ Rails.application.routes.draw do
 
   mount_graphql_devise_for(
     'Guest',
-    only: [:login, :logout, :sign_up],
+    only: [:login, :logout, :sign_up, :register],
     at:   '/api/v1/guest/graphql_auth'
   )
 
@@ -37,4 +38,5 @@ Rails.application.routes.draw do
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
   post '/api/v1/failing', to: 'api/v1/graphql#failing_resource_name'
+  post '/api/v1/controller_auth', to: 'api/v1/graphql#controller_auth'
 end

data/spec/dummy/db/migrate/20200623003142_create_schema_users.rb

@@ -41,6 +41,5 @@ class CreateSchemaUsers < ActiveRecord::Migration[6.0]
     add_index :schema_users, [:uid, :provider],     unique: true
     add_index :schema_users, :reset_password_token, unique: true
     add_index :schema_users, :confirmation_token,   unique: true
-    add_index :schema_users, :unlock_token,         unique: true
   end
 end

data/spec/dummy/db/migrate/20210516211417_add_vip_to_users.rb

@@ -0,0 +1,5 @@
+class AddVipToUsers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :users, :vip, :boolean, null: false, default: false
+  end
+end

data/spec/dummy/db/schema.rb

@@ -2,15 +2,15 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# This file is the source Rails uses to define your schema when running `rails
-# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
 # be faster and is potentially less error prone than running all of your
 # migrations from scratch. Old migrations may fail to apply correctly if those
 # migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2020_06_23_003142) do
+ActiveRecord::Schema.define(version: 2021_05_16_211417) do
 
   create_table "admins", force: :cascade do |t|
     t.string "provider", default: "email", null: false
@@ -73,7 +73,6 @@ ActiveRecord::Schema.define(version: 2020_06_23_003142) do
     t.text "tokens"
     t.datetime "created_at", precision: 6, null: false
     t.datetime "updated_at", precision: 6, null: false
-    t.index "\"unlock_token\"", name: "index_schema_users_on_unlock_token", unique: true
     t.index ["confirmation_token"], name: "index_schema_users_on_confirmation_token", unique: true
     t.index ["email"], name: "index_schema_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_schema_users_on_reset_password_token", unique: true
@@ -106,6 +105,7 @@ ActiveRecord::Schema.define(version: 2020_06_23_003142) do
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.boolean "auth_available", default: true, null: false
+    t.boolean "vip", default: false, null: false
     t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true

data/spec/generators/graphql_devise/install_generator_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe GraphqlDevise::InstallGenerator, type: :generator do
 
       assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
 
-      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new('Admin')")}/
+      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new(Admin)")}/
     end
   end
 

data/spec/graphql/user_queries_spec.rb

@@ -78,7 +78,9 @@ RSpec.describe 'Users controller specs' do
     let(:query) do
       <<-GRAPHQL
         query {
-          user(id: #{user.id}) {
+          user(
+            id: #{user.id}
+          ) {
             id
             email
           }

data/spec/graphql_devise/model/with_email_updater_spec.rb

@@ -4,6 +4,57 @@ require 'rails_helper'
 
 RSpec.describe GraphqlDevise::Model::WithEmailUpdater do
   describe '#call' do
+    shared_examples 'all required arguments are provided' do |base_attributes|
+      let(:attributes) { base_attributes.merge(email: 'new@gmail.com', name: 'Updated Name') }
+
+      it 'postpones email update' do
+        expect do
+          updater
+          resource.reload
+        end.to not_change(resource, :email).from(resource.email).and(
+          not_change(resource, :uid).from(resource.uid)
+        ).and(
+          change(resource, :unconfirmed_email).from(nil).to('new@gmail.com')
+        ).and(
+          change(resource, :name).from(resource.name).to('Updated Name')
+        )
+      end
+
+      it 'sends out a confirmation email to the unconfirmed_email' do
+        expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        email = ActionMailer::Base.deliveries.first
+        expect(email.to).to contain_exactly('new@gmail.com')
+      end
+
+      context 'when email value is the same on the DB' do
+        let(:attributes) { base_attributes.merge(email: resource.email, name: 'changed') }
+
+        it 'updates attributes and does not send confirmation email' do
+          expect do
+            updater
+            resource.reload
+          end.to change(resource, :name).from(resource.name).to('changed').and(
+            not_change(resource, :email).from(resource.email)
+          ).and(
+            not_change(ActionMailer::Base.deliveries, :count).from(0)
+          )
+        end
+      end
+
+      context 'when provided params are invalid' do
+        let(:attributes) { base_attributes.merge(email: 'newgmail.com', name: '') }
+
+        it 'returns false and adds errors to the model' do
+          expect(updater).to be_falsey
+          expect(resource.errors.full_messages).to contain_exactly(
+            'Email is not an email',
+            "Name can't be blank"
+          )
+        end
+      end
+    end
+
     subject(:updater) { described_class.new(resource, attributes).call }
 
     context 'when the model does not have an unconfirmed_email column' do
@@ -38,90 +89,68 @@ RSpec.describe GraphqlDevise::Model::WithEmailUpdater do
       end
 
       context 'when attributes contain email' do
-        context 'when schema_url is missing' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name' } }
-
-          it 'raises an error' do
-            expect { updater }.to raise_error(
-              GraphqlDevise::Error,
-              'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
-            )
-          end
+        context 'when confirmation_success_url is used' do
+          it_behaves_like 'all required arguments are provided', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com'
 
-          context 'when email will not change' do
-            let(:attributes) { { email: resource.email, name: 'changed' } }
-
-            it 'updates name and does not raise an error' do
-              expect do
-                updater
-                resource.reload
-              end.to change(resource, :name).from(resource.name).to('changed').and(
-                not_change(resource, :email).from(resource.email)
-              ).and(
-                not_change(ActionMailer::Base.deliveries, :count).from(0)
+          context 'when confirmation_success_url is missing and no default is set' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
+
+            before { allow(DeviseTokenAuth).to receive(:default_confirm_success_url).and_return(nil) }
+
+            it 'raises an error' do
+              expect { updater }.to raise_error(
+                GraphqlDevise::Error,
+                'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
               )
             end
+
+            context 'when email will not change' do
+              let(:attributes) { { email: resource.email, name: 'changed', confirmation_success_url: 'https://google.com' } }
+
+              it 'updates name and does not raise an error' do
+                expect do
+                  updater
+                  resource.reload
+                end.to change(resource, :name).from(resource.name).to('changed').and(
+                  not_change(resource, :email).from(resource.email)
+                ).and(
+                  not_change(ActionMailer::Base.deliveries, :count).from(0)
+                )
+              end
+            end
           end
         end
 
-        context 'when only confirmation_success_url is missing' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
+        context 'when confirm_url is used' do
+          it_behaves_like 'all required arguments are provided', confirmation_url: 'https://google.com'
 
-          it 'uses DTA default_confirm_success_url on the email' do
-            expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
-
-            email = ActionMailer::Base.deliveries.first
-            expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+          context 'when arguments hash has strings as keys' do
+            it_behaves_like 'all required arguments are provided', 'confirmation_url' => 'https://google.com'
           end
         end
 
-        context 'when both required urls are provided' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
-
-          it 'postpones email update' do
-            expect do
-              updater
-              resource.reload
-            end.to not_change(resource, :email).from(resource.email).and(
-              not_change(resource, :uid).from(resource.uid)
-            ).and(
-              change(resource, :unconfirmed_email).from(nil).to('new@gmail.com')
-            ).and(
-              change(resource, :name).from(resource.name).to('Updated Name')
-            )
-          end
-
-          it 'sends out a confirmation email to the unconfirmed_email' do
-            expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        context 'when no confirmation url is provided is provided' do
+          context 'when schema_url is provided' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
 
-            email = ActionMailer::Base.deliveries.first
-            expect(email.to).to contain_exactly('new@gmail.com')
-          end
+            it 'uses DTA default_confirm_success_url on the email with redirect flow' do
+              expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
 
-          context 'when email value is the same on the DB' do
-            let(:attributes) { { email: resource.email, name: 'changed', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
-
-            it 'updates attributes and does not send confirmation email' do
-              expect do
-                updater
-                resource.reload
-              end.to change(resource, :name).from(resource.name).to('changed').and(
-                not_change(resource, :email).from(resource.email)
-              ).and(
-                not_change(ActionMailer::Base.deliveries, :count).from(0)
-              )
+              email = ActionMailer::Base.deliveries.first
+              expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+              expect(email.body.decoded).to include(CGI.escape('ConfirmAccount('))
             end
           end
 
-          context 'when provided params are invalid' do
-            let(:attributes) { { email: 'newgmail.com', name: '', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
+          context 'when schema_url is not provided' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name' } }
 
-            it 'returns false and adds errors to the model' do
-              expect(updater).to be_falsey
-              expect(resource.errors.full_messages).to contain_exactly(
-                'Email is not an email',
-                "Name can't be blank"
-              )
+            it 'uses DTA default_confirm_success_url on the email and new confirmation flow' do
+              expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+              email = ActionMailer::Base.deliveries.first
+              expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+              expect(email.body.decoded).to include('?confirmationToken=')
             end
           end
         end

data/spec/requests/graphql_controller_spec.rb

@@ -6,20 +6,13 @@ RSpec.describe GraphqlDevise::GraphqlController do
   let(:password) { 'password123' }
   let(:user)     { create(:user, :confirmed, password: password) }
   let(:params)   { { query: query, variables: variables } }
-  let(:request_params) do
-    if Rails::VERSION::MAJOR >= 5
-      { params: params }
-    else
-      params
-    end
-  end
 
   context 'when variables are a string' do
     let(:variables) { "{\"email\": \"#{user.email}\"}" }
     let(:query)     { "mutation($email: String!) { userLogin(email: $email, password: \"#{password}\") { user { email name signInCount } } }" }
 
     it 'parses the string variables' do
-      post '/api/v1/graphql_auth', request_params
+      post_request('/api/v1/graphql_auth')
 
       expect(json_response).to match(
         data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
@@ -31,7 +24,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
       let(:query)     { "mutation { userLogin(email: \"#{user.email}\", password: \"#{password}\") { user { email name signInCount } } }" }
 
       it 'returns an empty hash as variables' do
-        post '/api/v1/graphql_auth', request_params
+        post_request('/api/v1/graphql_auth')
 
         expect(json_response).to match(
           data: { userLogin: { user: { email: user.email, name: user.name, signInCount: 1 } } }
@@ -46,7 +39,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
 
     it 'raises an error' do
       expect do
-        post '/api/v1/graphql_auth', request_params
+        post_request('/api/v1/graphql_auth')
       end.to raise_error(ArgumentError)
     end
   end
@@ -62,7 +55,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
     end
 
     it 'executes multiple queries in the same request' do
-      post '/api/v1/graphql_auth', request_params
+      post_request('/api/v1/graphql_auth')
 
       expect(json_response).to match(
         [
@@ -79,4 +72,12 @@ RSpec.describe GraphqlDevise::GraphqlController do
       )
     end
   end
+
+  def post_request(path)
+    if Rails::VERSION::MAJOR >= 5
+      post(path, params: params)
+    else
+      post(path, params)
+    end
+  end
 end