graphql_devise 0.14.3 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8babaa3e2f0ece19b6abd429ea42fb2f87f93490beb6a781329756506c90a00b
-  data.tar.gz: 599bb62bff4fa27c19f83a75ba328d1af3915b2fb726553168678a8a47a8a8ee
+  metadata.gz: 6f90be997c50518d79c6b3fdaee2f896aeec557ca5084a6bac7059a518dd8ec3
+  data.tar.gz: e25b07dee790cd64a48a07970974c6ae3e2a567c9a75321f7af69c693140a342
 SHA512:
-  metadata.gz: dd833162fd74b0174358424a5ef0ec59ce663577c1ce6de6b84b712d05856cba2e226aece27e07c03eef681483862ef181ef4dc61674b2b74e6c8f939e6c7e0a
-  data.tar.gz: 8e7af3981a3ad1d4a199ddf31cc3242f603205a02181b76d9e63be7ff09979927acd0305578d1583a421c08e076a666778a15d62e4fb1c9517d54f91a3b39111
+  metadata.gz: 8453243ec0816b2fc828c13f1033b70e97ae71d68c2938af469a435f99a1b26369f0482a4abcda50fbf61c1a9d1fbde12b47a51f6fa42fdbb29afe5aa7f8760e
+  data.tar.gz: 0fb0ef651e1be37157948ce48e24690ec741e543abf5771ad85f6380a640efb9b772195b16132685887cef9eb8f03d923a12406c99877100c6f13408a70280d8

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)
+
+**Implemented enhancements:**
+
+- Allow controller level authentication [\#175](https://github.com/graphql-devise/graphql_devise/pull/175) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate authenticating resources inside the GQL schema [\#176](https://github.com/graphql-devise/graphql_devise/pull/176) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Add controller level auth documentation [\#177](https://github.com/graphql-devise/graphql_devise/pull/177) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.14.3](https://github.com/graphql-devise/graphql_devise/tree/v0.14.3) (2021-04-28)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.2...v0.14.3)

data/README.md

@@ -8,43 +8,44 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
 ## Table of Contents
 
 <!--ts-->
-   * [GraphqlDevise](#graphqldevise)
-      * [Table of Contents](#table-of-contents)
-      * [Introduction](#introduction)
-      * [Installation](#installation)
-         * [Running the Generator](#running-the-generator)
-            * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
-               * [Important](#important)
-            * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
-               * [Important](#important-1)
-      * [Usage](#usage)
-         * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
-         * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
-         * [Available Mount Options](#available-mount-options)
-         * [Available Operations](#available-operations)
-         * [Configuring Model](#configuring-model)
-         * [Email Reconfirmation](#email-reconfirmation)
-         * [Customizing Email Templates](#customizing-email-templates)
-         * [I18n](#i18n)
-         * [Authenticating Controller Actions](#authenticating-controller-actions)
-            * [Authenticate Before Reaching Your GQL Schema](#authenticate-before-reaching-your-gql-schema)
-            * [Authenticate in Your GQL Schema](#authenticate-in-your-gql-schema)
-            * [Important](#important-2)
-         * [Making Requests](#making-requests)
-            * [Introspection query](#introspection-query)
-            * [Mutations](#mutations)
-            * [Queries](#queries)
-         * [Reset Password Flow](#reset-password-flow)
-         * [More Configuration Options](#more-configuration-options)
-            * [Devise Token Auth Initializer](#devise-token-auth-initializer)
-            * [Devise Initializer](#devise-initializer)
-         * [GraphQL Interpreter](#graphql-interpreter)
-         * [Using Alongside Standard Devise](#using-alongside-standard-devise)
-      * [Future Work](#future-work)
-      * [Contributing](#contributing)
-      * [License](#license)
-
-<!-- Added by: mcelicalderon, at: Mon Jan 25 22:48:17 -05 2021 -->
+* [GraphqlDevise](#graphqldevise)
+   * [Table of Contents](#table-of-contents)
+   * [Introduction](#introduction)
+   * [Installation](#installation)
+      * [Running the Generator](#running-the-generator)
+         * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
+            * [Important](#important)
+         * [Mounting Operations in Your Own Schema (&gt; v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
+            * [Important](#important-1)
+   * [Usage](#usage)
+      * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
+      * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+      * [Available Mount Options](#available-mount-options)
+      * [Available Operations](#available-operations)
+      * [Configuring Model](#configuring-model)
+      * [Email Reconfirmation](#email-reconfirmation)
+      * [Customizing Email Templates](#customizing-email-templates)
+      * [I18n](#i18n)
+      * [Authenticating Controller Actions](#authenticating-controller-actions)
+         * [Authenticate Resource in the Controller (&gt;= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
+         * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
+         * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
+         * [Important](#important-2)
+      * [Making Requests](#making-requests)
+         * [Introspection query](#introspection-query)
+         * [Mutations](#mutations)
+         * [Queries](#queries)
+      * [Reset Password Flow](#reset-password-flow)
+      * [More Configuration Options](#more-configuration-options)
+         * [Devise Token Auth Initializer](#devise-token-auth-initializer)
+         * [Devise Initializer](#devise-initializer)
+      * [GraphQL Interpreter](#graphql-interpreter)
+      * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+   * [Future Work](#future-work)
+   * [Contributing](#contributing)
+   * [License](#license)
+
+<!-- Added by: mcelicalderon, at: Sat May  8 12:32:03 -05 2021 -->
 
 <!--te-->
 
@@ -100,7 +101,7 @@ Will do the following:
   - Add `devise` modules to `Admin` model
   - Other changes that you can find [here](https://devise-token-auth.gitbook.io/devise-token-auth/config)
 - Add the route to `config/routes.rb`
-  - `mount_graphql_devise_for 'Admin', at: 'api/auth'`
+  - `mount_graphql_devise_for Admin, at: 'api/auth'`
 
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
@@ -149,7 +150,7 @@ You can mount this gem's GraphQL auth schema in your routes file like this:
 
 Rails.application.routes.draw do
   mount_graphql_devise_for(
-    'User',
+    User,
     at: 'api/v1',
     authenticatable_type: Types::MyCustomUserType,
     operations: {
@@ -187,7 +188,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
     ]
   )
 
@@ -242,10 +243,10 @@ this gem's auth operation into your schema, these are the options you can provid
 
 ```ruby
 # Using the mount method in your config/routes.rb file
-mount_graphql_devise_for('User', {})
+mount_graphql_devise_for(User, {})
 
 # Providing options to a GraphqlDevise::ResourceLoader
-GraphqlDevise::ResourceLoader.new('User', {})
+GraphqlDevise::ResourceLoader.new(User, {})
 ```
 
 1. `at`: Route where the GraphQL schema will be mounted on the Rails server.
@@ -385,7 +386,71 @@ Keep in mind that if your app uses multiple locales, you should set the `I18n.lo
 ### Authenticating Controller Actions
 When mounting the operation is in you own schema instead of a dedicated one, you will need to authenticate users in your controllers, just like in DTA. There are 2 alternatives to accomplish this.
 
-#### Authenticate Before Reaching Your GQL Schema
+#### Authenticate Resource in the Controller (>= v0.15.0)
+This authentication mechanism sets the resource by token in the controller, or it doesn't if credentials are invalid.
+You simply need to pass the return value of our `gql_devise_context` method in the context of your
+GQL schema execution like this:
+
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User))
+    render json: result unless performed?
+  end
+end
+```
+`gql_devise_context` receives as many models as you need to authenticate in the request, like this:
+```ruby
+# app/controllers/my_controller.rb
+
+class MyController < ApplicationController
+  include GraphqlDevise::Concerns::SetUserByToken
+
+  def my_action
+    result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+    render json: result unless performed?
+  end
+end
+```
+Internally in your own mutations and queries a key `current_resource` will be available in
+the context if a resource was successfully authenticated or `nil` otherwise.
+
+Keep in mind that sending multiple models to the `gql_devise_context` method means that depending
+on who makes the request, the context value `current_resource` might contain instances of the
+different models you provided.
+
+**Note:** If for any reason you need more control over how users are authenticated, you can use the `authenticate_model`
+method anywhere in your controller. The method will return the authenticated resource or nil if authentication fails.
+It will also set the instance variable `@resource` in the controller.
+
+Please note that by using this mechanism your GQL schema will be in control of what queries are
+restricted to authenticated users and you can only do this at the root level fields of your GQL
+schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
+so this can work.
+
+In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+```ruby
+module Types
+  class QueryType < Types::BaseObject
+    # user field used the default set in the Plugin's initializer
+    field :user, resolver: Resolvers::UserShow
+    # this field will never require authentication
+    field :public_field, String, null: false, authenticate: false
+    # this field requires authentication
+    field :private_field, String, null: false, authenticate: true
+  end
+end
+```
+**Important:** Currently, the only check the plugin does to see if the user is authenticated or not when executing
+the query, is verifying that `context[:current_resource].present?` in the GraphQL context.
+So, be careful not to populate that key of the context with values other than what `gql_devise_context`
+returns. The option to do more complex verifications will be added in the future.
+
+#### Authenticate Before Reaching Your GQL Schema (Deprecated)
 For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
 In our example our model is `User`, so it would look like this:
 ```ruby
@@ -397,7 +462,7 @@ class MyController < ApplicationController
   before_action :authenticate_user!
 
   def my_action
-    result = DummySchema.execute(params[:query], context: current_user: current_user)
+    result = DummySchema.execute(params[:query], context: { current_resource: current_user })
     render json: result unless performed?
   end
 end
@@ -406,7 +471,7 @@ end
 The install generator can include the concern in you application controller.
 If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
 
-#### Authenticate in Your GQL Schema
+#### Authenticate in Your GQL Schema (Deprecated)
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
 [here](#mounting-operations-into-your-own-schema).
 
@@ -423,7 +488,7 @@ class MyController < ApplicationController
 end
 ```
 The `graphql_context` method receives a symbol identifying the resource you are trying
-to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
+to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
 this snippet to find the symbol for more complex scenarios
 `resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
 array of resources if you mounted more than one into your schema. The gem will try to

data/app/controllers/graphql_devise/concerns/additional_controller_methods.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Concerns
+    module AdditionalControllerMethods
+      extend ActiveSupport::Concern
+
+      included do
+        attr_accessor :client_id, :token, :resource
+      end
+
+      def gql_devise_context(*models)
+        {
+          current_resource: authenticate_model(*models),
+          controller:       self
+        }
+      end
+
+      def authenticate_model(*models)
+        models.each do |model|
+          set_resource_by_token(model)
+          return @resource if @resource.present?
+        end
+
+        nil
+      end
+
+      def resource_class(resource = nil)
+        # Return the resource class instead of looking for a Devise mapping if resource is already a resource class
+        return resource if resource.respond_to?(:find_by)
+
+        super
+      end
+
+      def full_url_without_params
+        request.base_url + request.path
+      end
+
+      def set_resource_by_token(resource)
+        set_user_by_token(resource)
+      end
+
+      def graphql_context(resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          `graphql_context` is deprecated and will be removed in a future version of this gem.
+           Use `gql_devise_context(model)` instead.
+
+           EXAMPLE
+           include GraphqlDevise::Concerns::SetUserByToken
+
+           DummySchema.execute(params[:query], context: gql_devise_context(User))
+           DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+        DEPRECATION
+
+        {
+          resource_name: resource_name,
+          controller:    self
+        }
+      end
+
+      def build_redirect_headers(access_token, client, redirect_header_options = {})
+        {
+          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
+          DeviseTokenAuth.headers_names[:client] => client,
+          :config => params[:config],
+          :client_id => client,
+          :token => access_token
+        }.merge(redirect_header_options)
+      end
+    end
+  end
+end

data/app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -2,34 +2,12 @@
 
 module GraphqlDevise
   module Concerns
-    SetUserByToken = DeviseTokenAuth::Concerns::SetUserByToken
+    module SetUserByToken
+      extend ActiveSupport::Concern
 
-    SetUserByToken.module_eval do
-      attr_accessor :client_id, :token, :resource
-
-      def full_url_without_params
-        request.base_url + request.path
-      end
-
-      def set_resource_by_token(resource)
-        set_user_by_token(resource)
-      end
-
-      def graphql_context(resource_name)
-        {
-          resource_name: resource_name,
-          controller:    self
-        }
-      end
-
-      def build_redirect_headers(access_token, client, redirect_header_options = {})
-        {
-          DeviseTokenAuth.headers_names[:"access-token"] => access_token,
-          DeviseTokenAuth.headers_names[:client] => client,
-          :config => params[:config],
-          :client_id => client,
-          :token => access_token
-        }.merge(redirect_header_options)
+      included do
+        include DeviseTokenAuth::Concerns::SetUserByToken
+        include GraphqlDevise::Concerns::AdditionalControllerMethods
       end
     end
   end

data/app/helpers/graphql_devise/mailer_helper.rb

@@ -3,7 +3,7 @@
 module GraphqlDevise
   module MailerHelper
     def confirmation_query(resource_name:, token:, redirect_url:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}ConfirmAccount"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
@@ -19,7 +19,7 @@ module GraphqlDevise
     end
 
     def password_reset_query(token:, redirect_url:, resource_name:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}CheckPasswordToken"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}CheckPasswordToken"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){

data/app/models/graphql_devise/concerns/additional_model_methods.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'graphql_devise/model/with_email_updater'
+
+module GraphqlDevise
+  module Concerns
+    module AdditionalModelMethods
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def reconfirmable
+          devise_modules.include?(:confirmable) && column_names.include?('unconfirmed_email')
+        end
+      end
+
+      def update_with_email(attributes = {})
+        GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+      end
+    end
+  end
+end

data/app/models/graphql_devise/concerns/model.rb

@@ -4,17 +4,14 @@ require 'graphql_devise/model/with_email_updater'
 
 module GraphqlDevise
   module Concerns
-    Model = DeviseTokenAuth::Concerns::User
+    module Model
+      extend ActiveSupport::Concern
 
-    Model.module_eval do
-      class_methods do
-        def reconfirmable
-          devise_modules.include?(:confirmable) && column_names.include?('unconfirmed_email')
-        end
-      end
+      included do
+        include DeviseTokenAuth::Concerns::User
+        include GraphqlDevise::Concerns::AdditionalModelMethods
 
-      def update_with_email(attributes = {})
-        GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+        GraphqlDevise.configure_warden_serializer_for_model(self)
       end
     end
   end

data/lib/generators/graphql_devise/install_generator.rb

@@ -83,7 +83,7 @@ module GraphqlDevise
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('#{user_class}'),
+      GraphqlDevise::ResourceLoader.new(#{user_class})
     ]
   )
 RUBY

data/lib/graphql_devise.rb

@@ -20,22 +20,36 @@ module GraphqlDevise
     @schema_loaded = true
   end
 
-  def self.resource_mounted?(mapping_name)
-    @mounted_resources.include?(mapping_name)
+  def self.resource_mounted?(model)
+    @mounted_resources.include?(model)
   end
 
-  def self.mount_resource(mapping_name)
-    @mounted_resources << mapping_name
+  def self.mount_resource(model)
+    @mounted_resources << model
   end
 
   def self.add_mapping(mapping_name, resource)
-    return if Devise.mappings.key?(mapping_name)
+    return if Devise.mappings.key?(mapping_name.to_sym)
 
     Devise.add_mapping(
       mapping_name.to_s.pluralize.to_sym,
-      module: :devise, class_name: resource
+      module: :devise, class_name: resource.to_s
     )
   end
+
+  def self.to_mapping_name(resource)
+    resource.to_s.underscore.tr('/', '_')
+  end
+
+  def self.configure_warden_serializer_for_model(model)
+    Devise.warden_config.serialize_into_session(to_mapping_name(model)) do |record|
+      model.serialize_into_session(record)
+    end
+
+    Devise.warden_config.serialize_from_session(to_mapping_name(model)) do |args|
+      model.serialize_from_session(*args)
+    end
+  end
 end
 
 require 'graphql_devise/engine'

data/lib/graphql_devise/concerns/controller_methods.rb

@@ -40,11 +40,11 @@ module GraphqlDevise
       end
 
       def resource_name
-        self.class.instance_variable_get(:@resource_name)
+        GraphqlDevise.to_mapping_name(resource_class)
       end
 
       def resource_class
-        controller.send(:resource_class, resource_name)
+        self.class.instance_variable_get(:@resource_klass)
       end
 
       def recoverable_enabled?
@@ -60,7 +60,7 @@ module GraphqlDevise
       end
 
       def current_resource
-        @current_resource ||= controller.send(:set_user_by_token, resource_name)
+        @current_resource ||= controller.send(:set_resource_by_token, resource_class)
       end
 
       def client

data/lib/graphql_devise/mount_method/operation_preparer.rb

@@ -3,17 +3,17 @@
 require_relative 'operation_preparers/gql_name_setter'
 require_relative 'operation_preparers/mutation_field_setter'
 require_relative 'operation_preparers/resolver_type_setter'
-require_relative 'operation_preparers/resource_name_setter'
+require_relative 'operation_preparers/resource_klass_setter'
 require_relative 'operation_preparers/default_operation_preparer'
 require_relative 'operation_preparers/custom_operation_preparer'
 
 module GraphqlDevise
   module MountMethod
     class OperationPreparer
-      def initialize(mapping_name:, selected_operations:, preparer:, custom:, additional_operations:)
+      def initialize(model:, selected_operations:, preparer:, custom:, additional_operations:)
         @selected_operations   = selected_operations
         @preparer              = preparer
-        @mapping_name          = mapping_name
+        @model                 = model
         @custom                = custom
         @additional_operations = additional_operations
       end
@@ -22,18 +22,18 @@ module GraphqlDevise
         default_operations = OperationPreparers::DefaultOperationPreparer.new(
           selected_operations: @selected_operations,
           custom_keys:         @custom.keys,
-          mapping_name:        @mapping_name,
+          model:               @model,
           preparer:            @preparer
         ).call
 
         custom_operations = OperationPreparers::CustomOperationPreparer.new(
           selected_keys:     @selected_operations.keys,
           custom_operations: @custom,
-          mapping_name:      @mapping_name
+          model:             @model
         ).call
 
         additional_operations = @additional_operations.each_with_object({}) do |(action, operation), result|
-          result[action] = OperationPreparers::ResourceNameSetter.new(@mapping_name).call(operation)
+          result[action] = OperationPreparers::ResourceKlassSetter.new(@model).call(operation)
         end
 
         default_operations.merge(custom_operations).merge(additional_operations)

data/lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb

@@ -4,19 +4,21 @@ module GraphqlDevise
   module MountMethod
     module OperationPreparers
       class CustomOperationPreparer
-        def initialize(selected_keys:, custom_operations:, mapping_name:)
+        def initialize(selected_keys:, custom_operations:, model:)
           @selected_keys     = selected_keys
           @custom_operations = custom_operations
-          @mapping_name      = mapping_name
+          @model             = model
         end
 
         def call
+          mapping_name = GraphqlDevise.to_mapping_name(@model)
+
           @custom_operations.slice(*@selected_keys).each_with_object({}) do |(action, operation), result|
-            mapped_action = "#{@mapping_name}_#{action}"
+            mapped_action = "#{mapping_name}_#{action}"
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
-              OperationPreparers::ResourceNameSetter.new(@mapping_name)
+              OperationPreparers::ResourceKlassSetter.new(@model)
             ].reduce(operation) { |prepared_operation, preparer| preparer.call(prepared_operation) }
           end
         end

data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb

@@ -4,23 +4,25 @@ module GraphqlDevise
   module MountMethod
     module OperationPreparers
       class DefaultOperationPreparer
-        def initialize(selected_operations:, custom_keys:, mapping_name:, preparer:)
+        def initialize(selected_operations:, custom_keys:, model:, preparer:)
           @selected_operations = selected_operations
           @custom_keys         = custom_keys
-          @mapping_name        = mapping_name
+          @model               = model
           @preparer            = preparer
         end
 
         def call
+          mapping_name = GraphqlDevise.to_mapping_name(@model)
+
           @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
-            mapped_action = "#{@mapping_name}_#{action}"
+            mapped_action = "#{mapping_name}_#{action}"
             operation     = operation_info[:klass]
             options       = operation_info.except(:klass)
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
               @preparer,
-              OperationPreparers::ResourceNameSetter.new(@mapping_name)
+              OperationPreparers::ResourceKlassSetter.new(@model)
             ].reduce(child_class(operation)) do |prepared_operation, preparer|
               preparer.call(prepared_operation, **options)
             end

data/lib/graphql_devise/mount_method/operation_preparers/{resource_name_setter.rb → resource_klass_setter.rb}

@@ -3,13 +3,13 @@
 module GraphqlDevise
   module MountMethod
     module OperationPreparers
-      class ResourceNameSetter
-        def initialize(name)
-          @name = name
+      class ResourceKlassSetter
+        def initialize(klass)
+          @klass = klass
         end
 
         def call(operation, **)
-          operation.instance_variable_set(:@resource_name, @name)
+          operation.instance_variable_set(:@resource_klass, @klass)
 
           operation
         end

data/lib/graphql_devise/resolvers/confirm_account.rb

@@ -32,7 +32,7 @@ module GraphqlDevise
           end
 
           controller.redirect_to(redirect_to_link)
-          { authenticatable: resource }
+          resource
         else
           raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
         end

data/lib/graphql_devise/resource_loader.rb

@@ -10,12 +10,27 @@ module GraphqlDevise
     end
 
     def call(query, mutation)
-      mapping_name = @resource.to_s.underscore.tr('/', '_').to_sym
-
       # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
       clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!
 
-      return clean_options if GraphqlDevise.resource_mounted?(mapping_name) && @routing
+      model = if @resource.is_a?(String)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing a String as the model you want to mount is deprecated and will be removed in a future version of
+          this gem. Please use the actual model constant instead.
+
+          EXAMPLE
+
+          GraphqlDevise::ResourceLoader.new(User) # instead of GraphqlDevise::ResourceLoader.new('User')
+
+          mount_graphql_devise_for User # instead of mount_graphql_devise_for 'User'
+        DEPRECATION
+        @resource.constantize
+      else
+        @resource
+      end
+
+      # Necesary when mounting a resource via route file as Devise forces the reloading of routes
+      return clean_options if GraphqlDevise.resource_mounted?(model) && @routing
 
       validate_options!(clean_options)
 
@@ -23,7 +38,7 @@ module GraphqlDevise
                              "Types::#{@resource}Type".safe_constantize ||
                              GraphqlDevise::Types::AuthenticatableType
 
-      prepared_mutations = prepare_mutations(mapping_name, clean_options, authenticatable_type)
+      prepared_mutations = prepare_mutations(model, clean_options, authenticatable_type)
 
       if prepared_mutations.any? && mutation.blank?
         raise GraphqlDevise::Error, 'You need to provide a mutation type unless all mutations are skipped'
@@ -33,7 +48,7 @@ module GraphqlDevise
         mutation.field(action, mutation: prepared_mutation, authenticate: false)
       end
 
-      prepared_resolvers = prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+      prepared_resolvers = prepare_resolvers(model, clean_options, authenticatable_type)
 
       if prepared_resolvers.any? && query.blank?
         raise GraphqlDevise::Error, 'You need to provide a query type unless all queries are skipped'
@@ -43,17 +58,17 @@ module GraphqlDevise
         query.field(action, resolver: resolver, authenticate: false)
       end
 
-      GraphqlDevise.add_mapping(mapping_name, @resource)
-      GraphqlDevise.mount_resource(mapping_name) if @routing
+      GraphqlDevise.add_mapping(GraphqlDevise.to_mapping_name(@resource).to_sym, @resource)
+      GraphqlDevise.mount_resource(model) if @routing
 
       clean_options
     end
 
     private
 
-    def prepare_resolvers(mapping_name, clean_options, authenticatable_type)
+    def prepare_resolvers(model, clean_options, authenticatable_type)
       GraphqlDevise::MountMethod::OperationPreparer.new(
-        mapping_name:          mapping_name,
+        model:                 model,
         custom:                clean_options.operations,
         additional_operations: clean_options.additional_queries,
         preparer:              GraphqlDevise::MountMethod::OperationPreparers::ResolverTypeSetter.new(authenticatable_type),
@@ -63,9 +78,9 @@ module GraphqlDevise
       ).call
     end
 
-    def prepare_mutations(mapping_name, clean_options, authenticatable_type)
+    def prepare_mutations(model, clean_options, authenticatable_type)
       GraphqlDevise::MountMethod::OperationPreparer.new(
-        mapping_name:          mapping_name,
+        model:                 model,
         custom:                clean_options.operations,
         additional_operations: clean_options.additional_mutations,
         preparer:              GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter.new(authenticatable_type),

data/lib/graphql_devise/schema_plugin.rb

@@ -16,7 +16,6 @@ module GraphqlDevise
 
       # Must happen on initialize so operations are loaded before the types are added to the schema on GQL < 1.10
       load_fields
-      reconfigure_warden!
     end
 
     def use(schema_definition)
@@ -31,6 +30,20 @@ module GraphqlDevise
       auth_required = authenticate_option(field, trace_data)
       context       = context_from_data(trace_data)
 
+      if context.key?(:resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing `resource_name` as part of the GQL context, or doing so by using the `graphql_context(resource_name)`
+          method on your controller is deprecated and will be removed in a future version of this gem.
+          Please use `gql_devise_context` in you controller instead.
+
+          EXAMPLE
+          include GraphqlDevise::Concerns::SetUserByToken
+
+          DummySchema.execute(params[:query], context: gql_devise_context(User))
+          DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
+        DEPRECATION
+      end
+
       if auth_required && !(public_introspection && introspection_field?(field))
         context = set_current_resource(context)
         raise_on_missing_resource(context, field)
@@ -102,11 +115,6 @@ module GraphqlDevise
       auth_required.nil? ? @authenticate_default : auth_required
     end
 
-    def reconfigure_warden!
-      Devise.class_variable_set(:@@warden_configured, nil)
-      Devise.configure_warden!
-    end
-
     def load_fields
       @resource_loaders.each do |resource_loader|
         raise Error, 'Invalid resource loader instance' unless resource_loader.instance_of?(GraphqlDevise::ResourceLoader)

data/lib/graphql_devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module GraphqlDevise
-  VERSION = '0.14.3'.freeze
+  VERSION = '0.15.0'.freeze
 end

data/spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -19,6 +19,17 @@ module Api
         render json: DummySchema.execute(params[:query], context: graphql_context([:user, :fail]))
       end
 
+      def controller_auth
+        result = DummySchema.execute(
+          params[:query],
+          operation_name: params[:operationName],
+          variables:      ensure_hash(params[:variables]),
+          context:        gql_devise_context(SchemaUser, User)
+        )
+
+        render json: result unless performed?
+      end
+
       private
 
       def execute_params(item)

data/spec/dummy/config/routes.rb

@@ -11,7 +11,7 @@ Rails.application.routes.draw do
   }
 
   mount_graphql_devise_for(
-    'Admin',
+    Admin,
     authenticatable_type: Types::CustomAdminType,
     skip:                 [:sign_up, :check_password_token],
     operations:           {
@@ -37,4 +37,5 @@ Rails.application.routes.draw do
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
   post '/api/v1/failing', to: 'api/v1/graphql#failing_resource_name'
+  post '/api/v1/controller_auth', to: 'api/v1/graphql#controller_auth'
 end

data/spec/generators/graphql_devise/install_generator_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe GraphqlDevise::InstallGenerator, type: :generator do
 
       assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
 
-      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new('Admin')")}/
+      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new(Admin)")}/
     end
   end
 

data/spec/graphql/user_queries_spec.rb

@@ -78,7 +78,9 @@ RSpec.describe 'Users controller specs' do
     let(:query) do
       <<-GRAPHQL
         query {
-          user(id: #{user.id}) {
+          user(
+            id: #{user.id}
+          ) {
             id
             email
           }

data/spec/requests/graphql_controller_spec.rb

@@ -74,7 +74,7 @@ RSpec.describe GraphqlDevise::GraphqlController do
   end
 
   def post_request(path)
-    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.0.0') || Rails::VERSION::MAJOR >= 5
+    if Rails::VERSION::MAJOR >= 5
       post(path, params: params)
     else
       post(path, params)

data/spec/requests/user_controller_spec.rb

@@ -42,6 +42,26 @@ RSpec.describe "Integrations with the user's controller" do
       GRAPHQL
     end
 
+    context 'when authenticating before using the GQL schema' do
+      before { post_request('/api/v1/controller_auth') }
+
+      context 'when user is authenticated' do
+        let(:headers) { create(:schema_user).create_new_auth_token }
+
+        it 'allows authentication at the controller level' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it 'returns a must sign in error' do
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
+          )
+        end
+      end
+    end
+
     context 'when using a regular schema' do
       before { post_request('/api/v1/graphql') }
 

data/spec/services/mount_method/operation_preparer_spec.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
   describe '#call' do
     subject(:prepared_operations) do
       described_class.new(
-        mapping_name:          mapping,
+        model:                 model,
         selected_operations:   selected,
         preparer:              preparer,
         custom:                custom,
@@ -15,14 +15,14 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
     end
 
     let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
-    let(:mapping)      { :user }
+    let(:model)        { User }
     let(:preparer)     { double(:preparer, call: logout_class) }
     let(:custom)       { { login: double(:custom_login, graphql_name: nil) } }
     let(:additional)   { { user_additional: double(:user_additional) } }
     let(:selected) do
       {
-        login: { klass: double(:login_default) },
-        logout:{ klass: logout_class }
+        login:  { klass: double(:login_default) },
+        logout: { klass: logout_class }
       }
     end
 

data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPreparer do
   describe '#call' do
-    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, mapping_name: mapping_name).call }
+    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, model: model).call }
 
     let(:login_operation)  { double(:confirm_operation, graphql_name: nil) }
     let(:logout_operation) { double(:sign_up_operation, graphql_name: nil) }
-    let(:mapping_name)     { :user }
+    let(:model)            { User }
     let(:operations)       { { login: login_operation, logout: logout_operation, invalid: double(:invalid) } }
     let(:selected_keys)    { [:login, :logout, :sign_up, :confirm] }
 
@@ -22,8 +22,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPr
 
       prepared
 
-      expect(login_operation.instance_variable_get(:@resource_name)).to eq(:user)
-      expect(logout_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(login_operation.instance_variable_get(:@resource_klass)).to eq(User)
+      expect(logout_operation.instance_variable_get(:@resource_klass)).to eq(User)
     end
 
     context 'when no selected keys are provided' do

data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationPreparer do
   describe '#call' do
     subject(:prepared) { default_preparer.call }
 
-    let(:default_preparer)  { described_class.new(selected_operations: operations, custom_keys: custom_keys, mapping_name: mapping_name, preparer: preparer) }
+    let(:default_preparer)  { described_class.new(selected_operations: operations, custom_keys: custom_keys, model: model, preparer: preparer) }
     let(:confirm_operation) { double(:confirm_operation, graphql_name: nil) }
     let(:sign_up_operation) { double(:sign_up_operation, graphql_name: nil) }
     let(:login_operation)   { double(:confirm_operation, graphql_name: nil) }
     let(:logout_operation)  { double(:sign_up_operation, graphql_name: nil) }
-    let(:mapping_name)      { :user }
+    let(:model)             { User }
     let(:preparer)          { double(:preparer) }
     let(:custom_keys)       { [:login, :logout] }
     let(:operations) do
@@ -46,8 +46,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
 
       prepared
 
-      expect(confirm_operation.instance_variable_get(:@resource_name)).to eq(:user)
-      expect(sign_up_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(confirm_operation.instance_variable_get(:@resource_klass)).to eq(User)
+      expect(sign_up_operation.instance_variable_get(:@resource_klass)).to eq(User)
     end
 
     context 'when no custom keys are provided' do

data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb}

@@ -1,16 +1,16 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
-RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::ResourceNameSetter do
+RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::ResourceKlassSetter do
   describe '#call' do
-    subject(:prepared_operation) { described_class.new(mapping_name).call(operation) }
+    subject(:prepared_operation) { described_class.new(model).call(operation) }
 
-    let(:operation)    { double(:operation) }
-    let(:mapping_name) { :user }
+    let(:operation) { double(:operation) }
+    let(:model) { User }
 
     it 'sets a gql name to the operation' do
-      expect(prepared_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(prepared_operation.instance_variable_get(:@resource_klass)).to eq(model)
     end
   end
 end

data/spec/services/resource_loader_spec.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::ResourceLoader do
   describe '#call' do
@@ -15,8 +15,8 @@ RSpec.describe GraphqlDevise::ResourceLoader do
 
     before do
       allow(GraphqlDevise).to receive(:add_mapping).with(:user, resource)
-      allow(GraphqlDevise).to receive(:resource_mounted?).with(:user).and_return(mounted)
-      allow(GraphqlDevise).to receive(:mount_resource).with(:user)
+      allow(GraphqlDevise).to receive(:resource_mounted?).with(User).and_return(mounted)
+      allow(GraphqlDevise).to receive(:mount_resource).with(User)
     end
 
     it 'loads operations into the provided types' do
@@ -64,13 +64,13 @@ RSpec.describe GraphqlDevise::ResourceLoader do
 
       it 'adds mappings' do
         expect(GraphqlDevise).to receive(:add_mapping).with(:user, resource)
-        expect(GraphqlDevise).to receive(:mount_resource).with(:user)
+        expect(GraphqlDevise).to receive(:mount_resource).with(User)
 
         loader
       end
 
       context 'when resource was already mounted' do
-        before { allow(GraphqlDevise).to receive(:resource_mounted?).with(:user).and_return(true) }
+        before { allow(GraphqlDevise).to receive(:resource_mounted?).with(User).and_return(true) }
 
         it 'skips schema loading' do
           expect(query).not_to         receive(:field)

data/spec/support/contexts/graphql_request.rb

@@ -4,7 +4,7 @@ RSpec.shared_context 'with graphql query request' do
   let(:headers)   { {} }
   let(:variables) { {} }
   let(:graphql_params) do
-    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.0.0') || Rails::VERSION::MAJOR >= 5
+    if Rails::VERSION::MAJOR >= 5
       { params: { query: query, variables: variables }, headers: headers }
     else
       [{ query: query, variables: variables }, headers]
@@ -20,7 +20,7 @@ RSpec.shared_context 'with graphql query request' do
   end
 
   def send_request(path, method)
-    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.0.0') || Rails::VERSION::MAJOR >= 5
+    if Rails::VERSION::MAJOR >= 5
       public_send(method, path, **graphql_params)
     else
       public_send(method, path, *graphql_params)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graphql_devise
 version: !ruby/object:Gem::Version
-  version: 0.14.3
+  version: 0.15.0
 platform: ruby
 authors:
 - Mario Celi
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-04-28 00:00:00.000000000 Z
+date: 2021-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_token_auth
@@ -289,10 +289,12 @@ files:
 - README.md
 - Rakefile
 - app/controllers/graphql_devise/application_controller.rb
+- app/controllers/graphql_devise/concerns/additional_controller_methods.rb
 - app/controllers/graphql_devise/concerns/set_user_by_token.rb
 - app/controllers/graphql_devise/graphql_controller.rb
 - app/helpers/graphql_devise/application_helper.rb
 - app/helpers/graphql_devise/mailer_helper.rb
+- app/models/graphql_devise/concerns/additional_model_methods.rb
 - app/models/graphql_devise/concerns/model.rb
 - app/views/.keep
 - app/views/graphql_devise/mailer/confirmation_instructions.html.erb
@@ -322,7 +324,7 @@ files:
 - lib/graphql_devise/mount_method/operation_preparers/gql_name_setter.rb
 - lib/graphql_devise/mount_method/operation_preparers/mutation_field_setter.rb
 - lib/graphql_devise/mount_method/operation_preparers/resolver_type_setter.rb
-- lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb
+- lib/graphql_devise/mount_method/operation_preparers/resource_klass_setter.rb
 - lib/graphql_devise/mount_method/operation_sanitizer.rb
 - lib/graphql_devise/mount_method/option_sanitizer.rb
 - lib/graphql_devise/mount_method/option_sanitizers/array_checker.rb
@@ -458,7 +460,7 @@ files:
 - spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
 - spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
 - spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb
-- spec/services/mount_method/operation_preparers/resource_name_setter_spec.rb
+- spec/services/mount_method/operation_preparers/resource_klass_setter_spec.rb
 - spec/services/mount_method/operation_sanitizer_spec.rb
 - spec/services/mount_method/option_sanitizer_spec.rb
 - spec/services/mount_method/option_sanitizers/array_checker_spec.rb
@@ -500,7 +502,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: GraphQL queries and mutations on top of devise_token_auth
@@ -607,7 +609,7 @@ test_files:
 - spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
 - spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
 - spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb
-- spec/services/mount_method/operation_preparers/resource_name_setter_spec.rb
+- spec/services/mount_method/operation_preparers/resource_klass_setter_spec.rb
 - spec/services/mount_method/operation_sanitizer_spec.rb
 - spec/services/mount_method/option_sanitizer_spec.rb
 - spec/services/mount_method/option_sanitizers/array_checker_spec.rb