graphql_devise 0.14.3 → 0.17.1

data/spec/requests/mutations/resend_confirmation_with_token_spec.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Resend confirmation with token' do
+  include_context 'with graphql query request'
+
+  let(:confirmed_at) { nil }
+  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
+  let(:email)        { user.email }
+  let(:id)           { user.id }
+  let(:confirm_url)  { 'https://google.com' }
+  let(:query) do
+    <<-GRAPHQL
+      mutation {
+        userResendConfirmationWithToken(
+          email:"#{email}",
+          confirmUrl:"#{confirm_url}"
+        ) {
+          message
+        }
+      }
+    GRAPHQL
+  end
+
+  context 'when confirm_url is not whitelisted' do
+    let(:confirm_url) { 'https://not-safe.com' }
+
+    it 'returns a not whitelisted confirm url error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+
+      expect(json_response[:errors]).to containing_exactly(
+        hash_including(
+          message:    "Redirect to '#{confirm_url}' not allowed.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+
+  context 'when params are correct' do
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+
+    context 'when email address uses different casing' do
+      let(:email) { 'mWallace@wallaceinc.com' }
+
+      it 'honors devise configuration for case insensitive fields' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+      end
+    end
+
+    context 'when the user has already been confirmed' do
+      before { user.confirm }
+
+      it 'does *NOT* send an email and raises an error' do
+        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(
+            message:    'Email was already confirmed, please try signing in',
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
+    end
+  end
+
+  context 'when the email was changed' do
+    let(:confirmed_at) { 2.seconds.ago }
+    let(:email)        { 'new-email@wallaceinc.com' }
+    let(:new_email)    { email }
+
+    before do
+      user.update_with_email(
+        email:                    new_email,
+        schema_url:               'http://localhost/test',
+        confirmation_success_url: 'https://google.com'
+      )
+    end
+
+    it 'sends new confirmation email' do
+      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+      )
+    end
+  end
+
+  context "when the email isn't in the system" do
+    let(:email) { 'notthere@gmail.com' }
+
+    it 'does *NOT* send an email and raises an error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message:    "Unable to find user with email '#{email}'.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+end

data/spec/requests/user_controller_spec.rb

@@ -5,6 +5,14 @@ require 'rails_helper'
 RSpec.describe "Integrations with the user's controller" do
   include_context 'with graphql query request'
 
+  shared_examples 'returns a must authenticate error' do |field|
+    it 'returns a must sign in error' do
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: "#{field} field requires authentication", extensions: { code: 'AUTHENTICATION_ERROR' })
+      )
+    end
+  end
+
   let(:user) { create(:user, :confirmed) }
 
   describe 'publicField' do
@@ -42,6 +50,22 @@ RSpec.describe "Integrations with the user's controller" do
       GRAPHQL
     end
 
+    context 'when authenticating before using the GQL schema' do
+      before { post_request('/api/v1/controller_auth') }
+
+      context 'when user is authenticated' do
+        let(:headers) { create(:schema_user).create_new_auth_token }
+
+        it 'allows authentication at the controller level' do
+          expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'privateField'
+      end
+    end
+
     context 'when using a regular schema' do
       before { post_request('/api/v1/graphql') }
 
@@ -62,11 +86,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'privateField'
       end
 
       context 'when using the failing route' do
@@ -91,11 +111,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'privateField'
       end
     end
   end
@@ -121,11 +137,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'dummyMutation'
       end
     end
 
@@ -141,11 +153,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'dummyMutation'
       end
     end
   end
@@ -179,11 +187,7 @@ RSpec.describe "Integrations with the user's controller" do
       end
 
       context 'when user is not authenticated' do
-        it 'returns a must sign in error' do
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
-          )
-        end
+        it_behaves_like 'returns a must authenticate error', 'user'
       end
     end
 
@@ -251,4 +255,61 @@ RSpec.describe "Integrations with the user's controller" do
       )
     end
   end
+
+  describe 'vipField' do
+    let(:error_message) { 'Field available only for VIP Users' }
+    let(:query) do
+      <<-GRAPHQL
+        query { vipField }
+      GRAPHQL
+    end
+
+    context 'when using a regular schema' do
+      before { post_request('/api/v1/graphql') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        context 'when schema user is VIP' do
+          let(:user) { create(:user, :confirmed, vip: true) }
+
+          it 'allows to perform the query' do
+            expect(json_response[:data][:vipField]).to eq(error_message)
+          end
+        end
+
+        context 'when schema user is not VIP' do
+          it_behaves_like 'returns a must authenticate error', 'vipField'
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'vipField'
+      end
+    end
+
+    context 'when using the interpreter schema' do
+      before { post_request('/api/v1/interpreter') }
+
+      context 'when user is authenticated' do
+        let(:headers) { user.create_new_auth_token }
+
+        context 'when schema user is VIP' do
+          let(:user) { create(:user, :confirmed, vip: true) }
+
+          it 'allows to perform the query' do
+            expect(json_response[:data][:vipField]).to eq(error_message)
+          end
+        end
+
+        context 'when schema user is not VIP' do
+          it_behaves_like 'returns a must authenticate error', 'vipField'
+        end
+      end
+
+      context 'when user is not authenticated' do
+        it_behaves_like 'returns a must authenticate error', 'vipField'
+      end
+    end
+  end
 end

data/spec/services/mount_method/operation_preparer_spec.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
   describe '#call' do
     subject(:prepared_operations) do
       described_class.new(
-        mapping_name:          mapping,
+        model:                 model,
         selected_operations:   selected,
         preparer:              preparer,
         custom:                custom,
@@ -15,14 +15,14 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
     end
 
     let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
-    let(:mapping)      { :user }
+    let(:model)        { User }
     let(:preparer)     { double(:preparer, call: logout_class) }
     let(:custom)       { { login: double(:custom_login, graphql_name: nil) } }
     let(:additional)   { { user_additional: double(:user_additional) } }
     let(:selected) do
       {
-        login: { klass: double(:login_default) },
-        logout:{ klass: logout_class }
+        login:  { klass: double(:login_default) },
+        logout: { klass: logout_class }
       }
     end
 

data/spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb

@@ -1,14 +1,14 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPreparer do
   describe '#call' do
-    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, mapping_name: mapping_name).call }
+    subject(:prepared) { described_class.new(selected_keys: selected_keys, custom_operations: operations, model: model).call }
 
     let(:login_operation)  { double(:confirm_operation, graphql_name: nil) }
     let(:logout_operation) { double(:sign_up_operation, graphql_name: nil) }
-    let(:mapping_name)     { :user }
+    let(:model)            { User }
     let(:operations)       { { login: login_operation, logout: logout_operation, invalid: double(:invalid) } }
     let(:selected_keys)    { [:login, :logout, :sign_up, :confirm] }
 
@@ -22,8 +22,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::CustomOperationPr
 
       prepared
 
-      expect(login_operation.instance_variable_get(:@resource_name)).to eq(:user)
-      expect(logout_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(login_operation.instance_variable_get(:@resource_klass)).to eq(User)
+      expect(logout_operation.instance_variable_get(:@resource_klass)).to eq(User)
     end
 
     context 'when no selected keys are provided' do

data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb

@@ -1,17 +1,17 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationPreparer do
   describe '#call' do
     subject(:prepared) { default_preparer.call }
 
-    let(:default_preparer)  { described_class.new(selected_operations: operations, custom_keys: custom_keys, mapping_name: mapping_name, preparer: preparer) }
+    let(:default_preparer)  { described_class.new(selected_operations: operations, custom_keys: custom_keys, model: model, preparer: preparer) }
     let(:confirm_operation) { double(:confirm_operation, graphql_name: nil) }
     let(:sign_up_operation) { double(:sign_up_operation, graphql_name: nil) }
     let(:login_operation)   { double(:confirm_operation, graphql_name: nil) }
     let(:logout_operation)  { double(:sign_up_operation, graphql_name: nil) }
-    let(:mapping_name)      { :user }
+    let(:model)             { User }
     let(:preparer)          { double(:preparer) }
     let(:custom_keys)       { [:login, :logout] }
     let(:operations) do
@@ -46,8 +46,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
 
       prepared
 
-      expect(confirm_operation.instance_variable_get(:@resource_name)).to eq(:user)
-      expect(sign_up_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(confirm_operation.instance_variable_get(:@resource_klass)).to eq(User)
+      expect(sign_up_operation.instance_variable_get(:@resource_klass)).to eq(User)
     end
 
     context 'when no custom keys are provided' do

data/spec/services/mount_method/operation_preparers/{resource_name_setter_spec.rb → resource_klass_setter_spec.rb}

@@ -1,16 +1,16 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
-RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::ResourceNameSetter do
+RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::ResourceKlassSetter do
   describe '#call' do
-    subject(:prepared_operation) { described_class.new(mapping_name).call(operation) }
+    subject(:prepared_operation) { described_class.new(model).call(operation) }
 
-    let(:operation)    { double(:operation) }
-    let(:mapping_name) { :user }
+    let(:operation) { double(:operation) }
+    let(:model) { User }
 
     it 'sets a gql name to the operation' do
-      expect(prepared_operation.instance_variable_get(:@resource_name)).to eq(:user)
+      expect(prepared_operation.instance_variable_get(:@resource_klass)).to eq(model)
     end
   end
 end

data/spec/services/mount_method/operation_sanitizer_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe GraphqlDevise::MountMethod::OperationSanitizer do
     context 'when the operations passed are mutations' do
       let(:skipped)  { [] }
       let(:only)     { [] }
-      let(:default)  { { operation1: op_class1, operation2: op_class2 } }
+      let(:default)  { { operation1: { klass: op_class1 }, operation2: { klass: op_class2 } } }
 
       context 'when no other option besides default is passed' do
         it { is_expected.to eq(default) }
@@ -22,13 +22,13 @@ RSpec.describe GraphqlDevise::MountMethod::OperationSanitizer do
       context 'when there are only operations' do
         let(:only) { [:operation1] }
 
-        it { is_expected.to eq(operation1: op_class1) }
+        it { is_expected.to eq(operation1: { klass: op_class1 }) }
       end
 
       context 'when there are skipped operations' do
         let(:skipped) { [:operation2] }
 
-        it { is_expected.to eq(operation1: op_class1) }
+        it { is_expected.to eq(operation1: { klass: op_class1 }) }
       end
     end
   end

data/spec/services/resource_loader_spec.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'spec_helper'
+require 'rails_helper'
 
 RSpec.describe GraphqlDevise::ResourceLoader do
   describe '#call' do
@@ -15,8 +15,8 @@ RSpec.describe GraphqlDevise::ResourceLoader do
 
     before do
       allow(GraphqlDevise).to receive(:add_mapping).with(:user, resource)
-      allow(GraphqlDevise).to receive(:resource_mounted?).with(:user).and_return(mounted)
-      allow(GraphqlDevise).to receive(:mount_resource).with(:user)
+      allow(GraphqlDevise).to receive(:resource_mounted?).with(User).and_return(mounted)
+      allow(GraphqlDevise).to receive(:mount_resource).with(User)
     end
 
     it 'loads operations into the provided types' do
@@ -64,13 +64,13 @@ RSpec.describe GraphqlDevise::ResourceLoader do
 
       it 'adds mappings' do
         expect(GraphqlDevise).to receive(:add_mapping).with(:user, resource)
-        expect(GraphqlDevise).to receive(:mount_resource).with(:user)
+        expect(GraphqlDevise).to receive(:mount_resource).with(User)
 
         loader
       end
 
       context 'when resource was already mounted' do
-        before { allow(GraphqlDevise).to receive(:resource_mounted?).with(:user).and_return(true) }
+        before { allow(GraphqlDevise).to receive(:resource_mounted?).with(User).and_return(true) }
 
         it 'skips schema loading' do
           expect(query).not_to         receive(:field)