RubyGems - graphql_devise - Versions diffs - 0.14.1 → 0.17.0 - Mend

graphql_devise 0.14.1 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

data/spec/requests/mutations/confirm_registration_with_token_spec.rb ADDED Viewed

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+require 'rails_helper'
+RSpec.describe 'Registration confirmation with token' do
+  include_context 'with graphql query request'
+  context 'when using the user model' do
+    let(:user) { create(:user, confirmed_at: nil) }
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          userConfirmRegistrationWithToken(
+            confirmationToken: "#{token}"
+          ) {
+            authenticatable {
+              email
+              name
+            }
+            credentials { client }
+          }
+        }
+      GRAPHQL
+    end
+    context 'when confirmation token is correct' do
+      let(:token) { user.confirmation_token }
+      before do
+        user.send_confirmation_instructions(
+          template_path: ['graphql_devise/mailer']
+        )
+      end
+      it 'confirms the resource and returns credentials' do
+        expect do
+          post_request
+          user.reload
+        end.to(change(user, :confirmed_at).from(nil))
+        expect(json_response[:data][:userConfirmRegistrationWithToken]).to include(
+          authenticatable: { email: user.email, name: user.name },
+          credentials:     { client: user.tokens.keys.first }
+        )
+        expect(user).to be_active_for_authentication
+      end
+      context 'when unconfirmed_email is present' do
+        let(:user) { create(:user, :confirmed, unconfirmed_email: 'vvega@wallaceinc.com') }
+        it 'confirms the unconfirmed email' do
+          expect do
+            post_request
+            user.reload
+          end.to change(user, :email).from(user.email).to('vvega@wallaceinc.com').and(
+            change(user, :unconfirmed_email).from('vvega@wallaceinc.com').to(nil)
+          )
+        end
+      end
+    end
+    context 'when reset password token is not found' do
+      let(:token) { "#{user.confirmation_token}-invalid" }
+      it 'does *NOT* confirm the user' do
+        expect do
+          post_request
+          user.reload
+        end.not_to change(user, :confirmed_at).from(nil)
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(
+            message:    'Invalid confirmation token. Please try again',
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
+    end
+  end
+  context 'when using the admin model' do
+    let(:admin) { create(:admin, confirmed_at: nil) }
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          adminConfirmRegistrationWithToken(
+            confirmationToken: "#{token}"
+          ) {
+            authenticatable { email }
+          }
+        }
+      GRAPHQL
+    end
+    context 'when confirmation token is correct' do
+      let(:token) { admin.confirmation_token }
+      before do
+        admin.send_confirmation_instructions(
+          template_path: ['graphql_devise/mailer']
+        )
+      end
+      it 'confirms the resource and persists credentials on the DB' do
+        expect do
+          get_request
+          admin.reload
+        end.to change(admin, :confirmed_at).from(nil).and(
+          change { admin.tokens.keys.count }.from(0).to(1)
+        )
+        expect(admin).to be_active_for_authentication
+      end
+    end
+  end
+end

data/spec/requests/mutations/register_spec.rb ADDED Viewed

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+require 'rails_helper'
+RSpec.describe 'Registration process' do
+  include_context 'with graphql query request'
+  let(:name)     { Faker::Name.name }
+  let(:password) { Faker::Internet.password }
+  let(:email)    { Faker::Internet.email }
+  let(:redirect) { 'https://google.com' }
+  context 'when using the user model' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          userRegister(
+            email:                "#{email}"
+            name:                 "#{name}"
+            password:             "#{password}"
+            passwordConfirmation: "#{password}"
+            confirmUrl:          "#{redirect}"
+          ) {
+            credentials { accessToken }
+            user {
+              email
+              name
+            }
+          }
+        }
+      GRAPHQL
+    end
+    context 'when redirect_url is not whitelisted' do
+      let(:redirect) { 'https://not-safe.com' }
+      it 'returns a not whitelisted redirect url error' do
+        expect { post_request }.to(
+          not_change(User, :count)
+          .and(not_change(ActionMailer::Base.deliveries, :count))
+        )
+        expect(json_response[:errors]).to containing_exactly(
+          hash_including(
+            message:    "Redirect to '#{redirect}' not allowed.",
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
+    end
+    context 'when params are correct' do
+      it 'creates a new resource that requires confirmation' do
+        expect { post_request }.to(
+          change(User, :count).by(1)
+          .and(change(ActionMailer::Base.deliveries, :count).by(1))
+        )
+        user = User.last
+        expect(user).not_to be_active_for_authentication
+        expect(user.confirmed_at).to be_nil
+        expect(user).to be_valid_password(password)
+        expect(json_response[:data][:userRegister]).to include(
+          credentials: nil,
+          user:        {
+            email: email,
+            name:  name
+          }
+        )
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+      context 'when email address uses different casing' do
+        let(:email) { 'miaWallace@wallaceinc.com' }
+        it 'honors devise configuration for case insensitive fields' do
+          expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+          expect(User.last.email).to eq('miawallace@wallaceinc.com')
+          expect(json_response[:data][:userRegister]).to include(user: { email: 'miawallace@wallaceinc.com', name: name })
+        end
+      end
+    end
+    context 'when required params are missing' do
+      let(:email) { '' }
+      it 'does *NOT* create resource a resource nor send an email' do
+        expect { post_request }.to(
+          not_change(User, :count)
+          .and(not_change(ActionMailer::Base.deliveries, :count))
+        )
+        expect(json_response[:data][:userRegister]).to be_nil
+        expect(json_response[:errors]).to containing_exactly(
+          hash_including(
+            message:    "User couldn't be registered",
+            extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
+          )
+        )
+      end
+    end
+  end
+  context 'when using the admin model' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          adminRegister(
+            email:                "#{email}"
+            password:             "#{password}"
+            passwordConfirmation: "#{password}"
+          ) {
+            authenticatable {
+              email
+            }
+          }
+        }
+      GRAPHQL
+    end
+    before { post_request }
+    it 'skips the register mutation' do
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: "Field 'adminRegister' doesn't exist on type 'Mutation'")
+      )
+    end
+  end
+  context 'when using the guest model' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          guestRegister(
+            email:                "#{email}"
+            password:             "#{password}"
+            passwordConfirmation: "#{password}"
+          ) {
+            credentials { accessToken client uid }
+            authenticatable {
+              email
+            }
+          }
+        }
+      GRAPHQL
+    end
+    it 'returns credentials as no confirmation is required' do
+      expect { post_request }.to change(Guest, :count).from(0).to(1)
+      expect(json_response[:data][:guestRegister]).to include(
+        authenticatable: { email: email },
+        credentials:     hash_including(
+          uid:    email,
+          client: Guest.last.tokens.keys.first
+        )
+      )
+    end
+  end
+end

data/spec/requests/mutations/resend_confirmation_with_token_spec.rb ADDED Viewed

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+require 'rails_helper'
+RSpec.describe 'Resend confirmation with token' do
+  include_context 'with graphql query request'
+  let(:confirmed_at) { nil }
+  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
+  let(:email)        { user.email }
+  let(:id)           { user.id }
+  let(:confirm_url)  { 'https://google.com' }
+  let(:query) do
+    <<-GRAPHQL
+      mutation {
+        userResendConfirmationWithToken(
+          email:"#{email}",
+          confirmUrl:"#{confirm_url}"
+        ) {
+          message
+        }
+      }
+    GRAPHQL
+  end
+  context 'when confirm_url is not whitelisted' do
+    let(:confirm_url) { 'https://not-safe.com' }
+    it 'returns a not whitelisted confirm url error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+      expect(json_response[:errors]).to containing_exactly(
+        hash_including(
+          message:    "Redirect to '#{confirm_url}' not allowed.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+  context 'when params are correct' do
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+    context 'when email address uses different casing' do
+      let(:email) { 'mWallace@wallaceinc.com' }
+      it 'honors devise configuration for case insensitive fields' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+      end
+    end
+    context 'when the user has already been confirmed' do
+      before { user.confirm }
+      it 'does *NOT* send an email and raises an error' do
+        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(
+            message:    'Email was already confirmed, please try signing in',
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
+    end
+  end
+  context 'when the email was changed' do
+    let(:confirmed_at) { 2.seconds.ago }
+    let(:email)        { 'new-email@wallaceinc.com' }
+    let(:new_email)    { email }
+    before do
+      user.update_with_email(
+        email:                    new_email,
+        schema_url:               'http://localhost/test',
+        confirmation_success_url: 'https://google.com'
+      )
+    end
+    it 'sends new confirmation email' do
+      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+      )
+    end
+  end
+  context "when the email isn't in the system" do
+    let(:email) { 'notthere@gmail.com' }
+    it 'does *NOT* send an email and raises an error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message:    "Unable to find user with email '#{email}'.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+end

data/spec/requests/queries/introspection_query_spec.rb ADDED Viewed

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+require 'rails_helper'
+RSpec.describe 'Login Requests' do
+  include_context 'with graphql query request'
+  let(:query) do
+    <<-GRAPHQL
+      query IntrospectionQuery {
+        __schema {
+          queryType { name }
+          mutationType { name }
+          subscriptionType { name }
+          types {
+            ...FullType
+          }
+          directives {
+            name
+            description
+            args {
+              ...InputValue
+            }
+            onOperation
+            onFragment
+            onField
+          }
+        }
+      }
+      fragment FullType on __Type {
+        kind
+        name
+        description
+        fields(includeDeprecated: true) {
+          name
+          description
+          args {
+            ...InputValue
+          }
+          type {
+            ...TypeRef
+          }
+          isDeprecated
+          deprecationReason
+        }
+        inputFields {
+          ...InputValue
+        }
+        interfaces {
+          ...TypeRef
+        }
+        enumValues(includeDeprecated: true) {
+          name
+          description
+          isDeprecated
+          deprecationReason
+        }
+        possibleTypes {
+          ...TypeRef
+        }
+      }
+      fragment InputValue on __InputValue {
+        name
+        description
+        type { ...TypeRef }
+        defaultValue
+      }
+      fragment TypeRef on __Type {
+        kind
+        name
+        ofType {
+          kind
+          name
+          ofType {
+            kind
+            name
+            ofType {
+              kind
+              name
+            }
+          }
+        }
+      }
+    GRAPHQL
+  end
+  context 'when using a schema plugin to mount devise operations' do
+    context 'when schema plugin is set to authenticate by default' do
+      context 'when the resource is authenticated' do
+        let(:user) { create(:user, :confirmed) }
+        let(:headers) { user.create_new_auth_token }
+        it 'return the schema information' do
+          post_request('/api/v1/graphql')
+          expect(json_response[:data][:__schema].keys).to contain_exactly(
+            :queryType, :mutationType, :subscriptionType, :types, :directives
+          )
+        end
+      end
+      context 'when the resource is *NOT* authenticated' do
+        context 'and instrospection is set to be public' do
+          it 'return the schema information' do
+            post_request('/api/v1/graphql')
+            expect(json_response[:data][:__schema].keys).to contain_exactly(
+              :queryType, :mutationType, :subscriptionType, :types, :directives
+            )
+          end
+        end
+        context 'and introspection is set to require auth' do
+          before do
+            allow_any_instance_of(GraphqlDevise::SchemaPlugin).to(
+              receive(:public_introspection).and_return(false)
+            )
+          end
+          it 'return an error' do
+            post_request('/api/v1/graphql')
+            expect(json_response[:data]).to be_nil
+            expect(json_response[:errors]).to contain_exactly(
+              hash_including(
+                message:    '__schema field requires authentication',
+                extensions: { code: 'AUTHENTICATION_ERROR' }
+              )
+            )
+          end
+        end
+      end
+    end
+    context 'when schema plugin is set *NOT* to authenticate by default' do
+      it 'return the schema information' do
+        post_request('/api/v1/interpreter')
+        expect(json_response[:data][:__schema].keys).to contain_exactly(
+          :queryType, :mutationType, :subscriptionType, :types, :directives
+        )
+      end
+    end
+  end
+end