graphql_devise 0.15.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f90be997c50518d79c6b3fdaee2f896aeec557ca5084a6bac7059a518dd8ec3
-  data.tar.gz: e25b07dee790cd64a48a07970974c6ae3e2a567c9a75321f7af69c693140a342
+  metadata.gz: a59e0e9162a90d33da8e0d9738c6960db2286acd49db59d85bdc4c352402205b
+  data.tar.gz: c1255d172a2825dcc54f21f68151a64985346f2f2e3d4b236a77ff8ce40c40e4
 SHA512:
-  metadata.gz: 8453243ec0816b2fc828c13f1033b70e97ae71d68c2938af469a435f99a1b26369f0482a4abcda50fbf61c1a9d1fbde12b47a51f6fa42fdbb29afe5aa7f8760e
-  data.tar.gz: 0fb0ef651e1be37157948ce48e24690ec741e543abf5771ad85f6380a640efb9b772195b16132685887cef9eb8f03d923a12406c99877100c6f13408a70280d8
+  metadata.gz: 2df583c0be8b0df69c62c5663b7176a54b0e762b4800bdb01b6f90f8835446878fb7c45a5722f78a45a5903681e946c167f80d9d8b7cc23dfc872b7a956ec187
+  data.tar.gz: ae453c594be804358d5dec8a3f8f0526867352b2f77346e42c1c2ccab093df22d9c3f520b70e5e680afd292ab8d316efae3004f4555e4e0ac975e09b7ee0eb5d

data/Appraisals

@@ -3,6 +3,7 @@ appraise 'rails4.2-graphql1.8' do
   gem 'bundler', '~> 1.17'
   gem 'rails', github: 'rails/rails', branch: '4-2-stable'
   gem 'graphql', '~> 1.8.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -19,6 +20,7 @@ appraise 'rails5.0-graphql1.9' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-0-stable'
   gem 'graphql', '~> 1.9.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -35,6 +37,7 @@ appraise 'rails5.1-graphql1.9' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-1-stable'
   gem 'graphql', '~> 1.9.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -51,6 +54,7 @@ appraise 'rails5.2-graphql1.9' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.9.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -58,6 +62,7 @@ appraise 'rails5.2-graphql1.10' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.10.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -65,6 +70,7 @@ appraise 'rails5.2-graphql1.11' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.11.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 
@@ -72,6 +78,7 @@ appraise 'rails5.2-graphql1.12' do
   gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.12.0'
+  gem 'devise_token_auth', '< 1.2'
   gem 'rspec-rails', '< 4.0'
 end
 

data/CHANGELOG.md

@@ -1,5 +1,47 @@
 # Changelog
 
+## [v0.17.1](https://github.com/graphql-devise/graphql_devise/tree/v0.17.1) (2021-08-02)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.17.0...v0.17.1)
+
+**Implemented enhancements:**
+
+- Set context\[:current\_resource\] upon login [\#193](https://github.com/graphql-devise/graphql_devise/pull/193) ([TomasBarry](https://github.com/TomasBarry))
+
+**Merged pull requests:**
+
+- Improve README [\#190](https://github.com/graphql-devise/graphql_devise/pull/190) ([00dav00](https://github.com/00dav00))
+
+## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
+
+**Implemented enhancements:**
+
+- Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
+- Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
+- Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
+
+## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
+
+**Implemented enhancements:**
+
+- Allow checking of authenticaded resource via callable object [\#180](https://github.com/graphql-devise/graphql_devise/pull/180) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document authenticate with callable [\#181](https://github.com/graphql-devise/graphql_devise/pull/181) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.15.0](https://github.com/graphql-devise/graphql_devise/tree/v0.15.0) (2021-05-09)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.14.3...v0.15.0)

data/README.md

@@ -14,23 +14,25 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
    * [Installation](#installation)
       * [Running the Generator](#running-the-generator)
          * [Mounting the Schema in a Separate Route](#mounting-the-schema-in-a-separate-route)
-            * [Important](#important)
-         * [Mounting Operations in Your Own Schema (> v0.12.0)](#mounting-operations-in-your-own-schema--v0120)
-            * [Important](#important-1)
+         * [Mounting Operations in an Existing Schema (> v0.12.0)](#mounting-operations-in-an-existing-schema--v0120)
    * [Usage](#usage)
       * [Mounting Auth Schema on a Separate Route](#mounting-auth-schema-on-a-separate-route)
-      * [Mounting Operations Into Your Own Schema](#mounting-operations-into-your-own-schema)
+      * [Mounting Operations In an Existing Schema](#mounting-operations-in-an-existing-schema)
       * [Available Mount Options](#available-mount-options)
       * [Available Operations](#available-operations)
       * [Configuring Model](#configuring-model)
       * [Email Reconfirmation](#email-reconfirmation)
+         * [Current flow](#current-flow)
+         * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
       * [Customizing Email Templates](#customizing-email-templates)
       * [I18n](#i18n)
       * [Authenticating Controller Actions](#authenticating-controller-actions)
          * [Authenticate Resource in the Controller (>= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
+            * [Authentication Options](#authentication-options)
          * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
-         * [Authenticate in Your GQL Schema (Deprecated)](#authenticate-in-your-gql-schema-deprecated)
-         * [Important](#important-2)
+         * [Authenticate in an Existing Schema (Deprecated)](#authenticate-in-an-existing-schema-deprecated)
+            * [Authentication Options](#authentication-options-1)
+         * [Important](#important)
       * [Making Requests](#making-requests)
          * [Introspection query](#introspection-query)
          * [Mutations](#mutations)
@@ -45,7 +47,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
    * [Contributing](#contributing)
    * [License](#license)
 
-<!-- Added by: mcelicalderon, at: Sat May  8 12:32:03 -05 2021 -->
+<!-- Added by: david, at: jue jun 24 18:32:27 -05 2021 -->
 
 <!--te-->
 
@@ -79,11 +81,10 @@ Graphql Devise generator will execute `Devise` and `Devise Token Auth` generator
 ```bash
 $ bundle exec rails generate graphql_devise:install
 ```
-The generator accepts 2 params:
+The generator accepts 2 params and 1 option:
 - `user_class`: Model name in which `Devise` modules will be included. This uses a `find or create` strategy. Defaults to `User`.
 - `mount_path`: Path in which the dedicated graphql schema for devise will be mounted. Defaults to `/graphql_auth`.
-
-The option `mount` is available starting from `v0.12.0`. This option will allow you to mount the operations in your own schema instead of a dedicated one. When this option is provided `mount_path` param is not used.
+- `--mount`: This options is available starting from `v0.12.0`, it allows you to mount the operations in your own schema instead of a dedicated one. When provided `mount_path` param is ignored.
 
 #### Mounting the Schema in a Separate Route
 
@@ -106,12 +107,12 @@ Will do the following:
 `Admin` could be any model name you are going to be using for authentication,
 and `api/auth` could be any mount path you would like to use for auth.
 
-##### Important
+**Important**
  - Remember that by default this gem mounts a completely separate GraphQL schema on a separate controller in the route provided by the `at` option in the `mount_graphql_devise_for` method in the `config/routes.rb` file. If no `at` option is provided, the route will be `/graphql_auth`.
- - Avoid passing the `--mount` option or the gem will try to use an existing schema.
+ - Avoid passing the `--mount` option if you want to use a separate route and schema.
 
-#### Mounting Operations in Your Own Schema (> v0.12.0)
-To configure the gem to use your own GQL schema use the `--mount` option.
+#### Mounting Operations in an Existing Schema (> v0.12.0)
+To configure the gem to use an existing GQL schema use the `--mount` option.
 For instance the executing:
 
 ```bash
@@ -127,8 +128,8 @@ Will do the following:
   - Add `SchemaPlugin` to the specified schema.
 
 
-##### Important
- - When using the `--mount` option the `mount_path` params is ignored.
+**Important**
+ - When using the `--mount` option the `mount_path` param is ignored.
  - The generator will look for your schema under `app/graphql/` directory. We are expecting the name of the file is the same as the as the one passed in the mount option transformed with `underscore`. In the example, passing `MySchema`, will try to find the file `app/graphql/my_schema.rb`.
  - You can actually mount a resource's auth schema in a separate route and in your app's schema at the same time, but that's probably not a common scenario.
 
@@ -156,7 +157,7 @@ Rails.application.routes.draw do
     operations: {
       login: Mutations::Login
     },
-    skip: [:sign_up],
+    skip: [:register],
     additional_mutations: {
       # generates mutation { adminUserSignUp }
       admin_user_sign_up: Mutations::AdminUserSignUp
@@ -173,10 +174,10 @@ The second argument of the `mount_graphql_devise` method is a hash of options wh
 customize how the queries and mutations are mounted into the schema. For a list of available
 options go [here](#available-mount-options)
 
-### Mounting Operations Into Your Own Schema
+### Mounting Operations In an Existing Schema
 
-Starting with `v0.12.0` you can now mount the GQL operations provided by this gem into your
-app's main schema.
+Starting with `v0.12.0` you can mount the GQL operations provided by this gem into an
+existing schema in you app.
 
 ```ruby
 # app/graphql/dummy_schema.rb
@@ -188,7 +189,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
     ]
   )
 
@@ -296,13 +297,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 ```ruby
 :login
 :logout
-:sign_up
-:confirm_account
-:send_password_reset
-:check_password_token
-:update_password
-:send_password_reset_with_token
+:sign_up (deprecated)
+:register
+:update_password (deprecated)
 :update_password_with_token
+:send_password_reset (deprecated)
+:send_password_reset_with_token
+:resend_confirmation (deprecated)
+:resend_confirmation_with_token
+:confirm_registration_with_token
+:confirm_account (deprecated)
+:check_password_token (deprecated)
 ```
 
 ### Configuring Model
@@ -330,6 +335,9 @@ The install generator can do this for you if you specify the `user_class` option
 See [Installation](#installation) for details.
 
 ### Email Reconfirmation
+We want reconfirmable in this gem to work separately
+from DTA's or Devise (too much complexity in the model based on callbacks).
+
 Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
 in this gem to work on model basis instead of having a global configuration like in Devise.
 **For this reason Devise's global `reconfirmable` setting is ignored.**
@@ -338,19 +346,39 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
 1. Include the `:confirmable` module.
 1. Has an `unconfirmed_email` column in the resource's table.
 
-In order to trigger the reconfirmation email in a reconfirmable resource, you simply needi
+In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
 to call a different update method on your resource,`update_with_email`.
 When the resource is not reconfirmable or the email is not updated, this method behaves exactly
 the same as ActiveRecord's `update`.
+
+#### Current flow
+`update_with_email` requires one additional attribute when email will change or an error
+will be raised:
+
+- `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
+a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
+your client application.
+
+So, it's up to you where you require confirmation of changing emails.
+Here's a demonstration on the method usage:
+```ruby
+user.update_with_email(
+  name:             'New Name',
+  email:            'new@domain.com',
+  confirmation_url: 'https://google.com'
+)
+```
+
+#### Deprecated flow - Do Not Use
 `update_with_email` requires two additional attributes when email will change or an error
 will be raised:
 
-1. `schema_url`: The full url where your GQL schema is mounted. You can get this value from the
+- `schema_url`: The full url where your GQL schema is mounted. You can get this value from the
 controller available in the context of your mutations and queries like this:
 ```ruby
   context[:controller].full_url_without_params
 ```
-1. `confirmation_success_url`: This the full url where you want users to be redirected after
+- `confirmation_success_url`: This the full url where you want users to be redirected after
 the email has changed successfully (usually a front-end url). This value is mandatory
 unless you have set `default_confirm_success_url` in your devise_token_auth initializer.
 
@@ -366,9 +394,6 @@ user.update_with_email(
 )
 ```
 
- We want reconfirmable in this gem to work separately
- from DTA's or Devise (too much complexity in the model based on callbacks).
-
 ### Customizing Email Templates
 The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
 so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -432,7 +457,13 @@ restricted to authenticated users and you can only do this at the root level fie
 schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
 so this can work.
 
-In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+##### Authentication Options
+Whether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
 ```ruby
 module Types
   class QueryType < Types::BaseObject
@@ -442,13 +473,11 @@ module Types
     field :public_field, String, null: false, authenticate: false
     # this field requires authentication
     field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
   end
 end
 ```
-**Important:** Currently, the only check the plugin does to see if the user is authenticated or not when executing
-the query, is verifying that `context[:current_resource].present?` in the GraphQL context.
-So, be careful not to populate that key of the context with values other than what `gql_devise_context`
-returns. The option to do more complex verifications will be added in the future.
 
 #### Authenticate Before Reaching Your GQL Schema (Deprecated)
 For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
@@ -471,7 +500,7 @@ end
 The install generator can include the concern in you application controller.
 If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
 
-#### Authenticate in Your GQL Schema (Deprecated)
+#### Authenticate in an Existing Schema (Deprecated)
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
 [here](#mounting-operations-into-your-own-schema).
 
@@ -506,7 +535,13 @@ restricted to authenticated users and you can only do this at the root level fie
 schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
 so this can work.
 
-In you main app's schema this is how you might specify if a field needs to be authenticated or not:
+##### Authentication Options
+Whether you setup authentications as a default in the plugin, or you do it at the field level,
+these are the options you can use:
+1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
+1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
+
+In your main app's schema this is how you might specify if a field needs to be authenticated or not:
 ```ruby
 module Types
   class QueryType < Types::BaseObject
@@ -516,6 +551,8 @@ module Types
     field :public_field, String, null: false, authenticate: false
     # this field requires authentication
     field :private_field, String, null: false, authenticate: true
+    # this field requires authenticated users to also be admins
+    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
   end
 end
 ```
@@ -533,20 +570,22 @@ If you are using the schema plugin, you can require authentication before doing
 
 Operation | Description | Example
 :--- | :--- | :------------------:
-login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
-logout | | userLogout: UserLogoutPayload
-signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
-updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
-resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
-sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
+logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
+signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
+register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
+resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
+resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
+sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
+updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
 
 #### Queries
 Operation | Description | Example
 :--- | :--- | :------------------:
-confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
-checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
+confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
+checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
 
 The reason for having 2 queries is that these 2 are going to be accessed when clicking on
 the confirmation and reset password email urls. There is no limitation for making mutation

data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,10 @@
 
 <p><%= t('.confirm_link_msg') %></p>
 
-<p><%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %></p>
+<p>
+  <% if message['schema_url'].present? %>
+    <%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
+  <% else %>
+    <%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
+  <% end %>
+</p>

data/graphql_devise.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.2.0'
 
   spec.add_dependency 'devise_token_auth', '>= 0.1.43', '< 2.0'
-  spec.add_dependency 'graphql', '>= 1.8', '< 1.13.0'
+  spec.add_dependency 'graphql', '>= 1.8', '< 1.14.0'
   spec.add_dependency 'rails', '>= 4.2', '< 6.2'
 
   spec.add_development_dependency 'appraisal'

data/lib/graphql_devise/default_operations/mutations.rb

@@ -4,23 +4,29 @@ require 'graphql_devise/mutations/base'
 require 'graphql_devise/mutations/login'
 require 'graphql_devise/mutations/logout'
 require 'graphql_devise/mutations/resend_confirmation'
+require 'graphql_devise/mutations/resend_confirmation_with_token'
 require 'graphql_devise/mutations/send_password_reset'
 require 'graphql_devise/mutations/send_password_reset_with_token'
 require 'graphql_devise/mutations/sign_up'
+require 'graphql_devise/mutations/register'
 require 'graphql_devise/mutations/update_password'
 require 'graphql_devise/mutations/update_password_with_token'
+require 'graphql_devise/mutations/confirm_registration_with_token'
 
 module GraphqlDevise
   module DefaultOperations
     MUTATIONS = {
-      login:                          { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
-      logout:                         { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
-      sign_up:                        { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
-      update_password:                { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
-      update_password_with_token:     { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
-      send_password_reset:            { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
-      send_password_reset_with_token: { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
-      resend_confirmation:            { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
+      login:                           { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
+      logout:                          { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
+      sign_up:                         { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true, deprecation_reason: 'use register instead' },
+      register:                        { klass: GraphqlDevise::Mutations::Register, authenticatable: true },
+      update_password:                 { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true, deprecation_reason: 'use update_password_with_token instead' },
+      update_password_with_token:      { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
+      send_password_reset:             { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false, deprecation_reason: 'use send_password_reset_with_token instead' },
+      send_password_reset_with_token:  { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
+      resend_confirmation:             { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false, deprecation_reason: 'use resend_confirmation_with_token instead' },
+      resend_confirmation_with_token:  { klass: GraphqlDevise::Mutations::ResendConfirmationWithToken, authenticatable: false },
+      confirm_registration_with_token: { klass: GraphqlDevise::Mutations::ConfirmRegistrationWithToken, authenticatable: true }
     }.freeze
   end
 end

data/lib/graphql_devise/default_operations/resolvers.rb

@@ -7,8 +7,8 @@ require 'graphql_devise/resolvers/confirm_account'
 module GraphqlDevise
   module DefaultOperations
     QUERIES = {
-      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount },
-      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
+      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount, deprecation_reason: 'use the new confirmation flow as it does not require this query anymore' },
+      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken, deprecation_reason: 'use the new password reset flow as it does not require this query anymore' }
     }.freeze
   end
 end

data/lib/graphql_devise/model/with_email_updater.rb

@@ -4,12 +4,14 @@ module GraphqlDevise
   module Model
     class WithEmailUpdater
       def initialize(resource, attributes)
-        @attributes = attributes
+        @attributes = attributes.with_indifferent_access
         @resource   = resource
       end
 
       def call
-        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url)
+        check_deprecated_attributes
+
+        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url, :confirmation_url)
         return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
 
         @resource.assign_attributes(resource_attributes)
@@ -27,16 +29,31 @@ module GraphqlDevise
         else
           raise(
             GraphqlDevise::Error,
-            'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
+            'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
           )
         end
       end
 
       private
 
+      def check_deprecated_attributes
+        if [@attributes[:schema_url], @attributes[:confirmation_success_url]].any?(&:present?)
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+            Providing `schema_url` and `confirmation_success_url` to `update_with_email` is deprecated and will be
+            removed in a future version of this gem.
+
+            Now you must only provide `confirmation_url` and the email will contain the new format of the confirmation
+            url that needs to be used with the new `confirmRegistrationWithToken` on the client application.
+          DEPRECATION
+        end
+      end
+
       def required_reconfirm_attributes?
-        @attributes[:schema_url].present? &&
-          (@attributes[:confirmation_success_url].present? || DeviseTokenAuth.default_confirm_success_url.present?)
+        if @attributes[:schema_url].present?
+          [@attributes[:confirmation_success_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        else
+          [@attributes[:confirmation_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        end
       end
 
       def requires_reconfirmation?(resource_attributes)
@@ -60,13 +77,22 @@ module GraphqlDevise
         end
       end
 
+      def confirmation_method_params
+        if @attributes[:schema_url].present?
+          {
+            redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
+            schema_url:   @attributes[:schema_url]
+          }
+        else
+          { redirect_url: @attributes[:confirmation_url] || DeviseTokenAuth.default_confirm_success_url }
+        end
+      end
+
       def send_confirmation_instructions(saved)
         return unless saved
 
         @resource.send_confirmation_instructions(
-          redirect_url:  @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
-          template_path: ['graphql_devise/mailer'],
-          schema_url:    @attributes[:schema_url]
+          confirmation_method_params.merge(template_path: ['graphql_devise/mailer'])
         )
       end
     end

data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb

@@ -17,7 +17,7 @@ module GraphqlDevise
           @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
             mapped_action = "#{mapping_name}_#{action}"
             operation     = operation_info[:klass]
-            options       = operation_info.except(:klass)
+            options       = operation_info.except(:klass, :deprecation_reason)
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),

data/lib/graphql_devise/mount_method/operation_sanitizer.rb

@@ -18,13 +18,25 @@ module GraphqlDevise
       end
 
       def call
-        if @only.present?
+        operations = if @only.present?
           @default.slice(*@only)
         elsif @skipped.present?
           @default.except(*@skipped)
         else
           @default
         end
+
+        operations.each do |operation, values|
+          next if values[:deprecation_reason].blank?
+
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+              `#{operation}` is deprecated and will be removed in a future version of this gem.
+              #{values[:deprecation_reason]}
+
+              You can supress this message by skipping `#{operation}` on your ResourceLoader or the
+              mount_graphql_devise_for method on your routes file.
+          DEPRECATION
+        end
       end
     end
   end

data/lib/graphql_devise/mutations/confirm_registration_with_token.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class ConfirmRegistrationWithToken < Base
+      argument :confirmation_token, String, required: true
+
+      field :credentials,
+            GraphqlDevise::Types::CredentialType,
+            null:        true,
+            description: 'Authentication credentials. Null unless user is signed in after confirmation.'
+
+      def resolve(confirmation_token:)
+        resource = resource_class.confirm_by_token(confirmation_token)
+
+        if resource.errors.empty?
+          yield resource if block_given?
+
+          response_payload = { authenticatable: resource }
+
+          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+
+          response_payload
+        else
+          raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
+        end
+      end
+    end
+  end
+end