graphql_devise 0.16.0 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 12c52068c8c538bc35dc67deb2d697101e1fa001419ccdbff23183e854f5f404
4
- data.tar.gz: 65afe18384fb742e8dbc300d19b227815ebe166997147031bbabd63742738205
3
+ metadata.gz: 2a20dcb1834cc319028e86a024014875122d1b6351fed8dcd27c3a82acff8969
4
+ data.tar.gz: 92d6109d57ef77cced08a1a6a0a946441be37ddd14b9d27c672b6203ad260a76
5
5
  SHA512:
6
- metadata.gz: fcf10385aeb27e02f283fa5b5d140f51352508d4a9973dd374edfe78b67a64cfa9b4183e39a8065af5a9697569fac4ed9c21aa007df26fd271b6739c2f9cd5a9
7
- data.tar.gz: d3f45d87972e29a325375c1868fced4ef377effcfba6be182c7d8c0b34bdfd6032db66097f0304416ff5966b532fea994d135be0ee48a070c2369668acc3beb2
6
+ metadata.gz: f1f28dd471b8e533d1f918101790c6f95734c54050b7e80e00e2832e77a9ab51f72b5f51c1805f94aa8983c39900d8c94e7b3ad41134b9801c39ac3fde403a66
7
+ data.tar.gz: ac53e7a59a66bad7e34eae6587f6d31b47ecee4cf26b2fe5280bb2e10e2b3e343f3b1efc8f034aeaf17d4a9e5b73c2e77032ec3fd1d3d2f2efc7e39ce28e186a
data/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
10
+ - Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
11
+ - Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
12
+
13
+ **Deprecated:**
14
+
15
+ - Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
16
+
17
+ **Merged pull requests:**
18
+
19
+ - Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
20
+
3
21
  ## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
4
22
 
5
23
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
data/README.md CHANGED
@@ -24,6 +24,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
24
24
  * [Available Operations](#available-operations)
25
25
  * [Configuring Model](#configuring-model)
26
26
  * [Email Reconfirmation](#email-reconfirmation)
27
+ * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
27
28
  * [Customizing Email Templates](#customizing-email-templates)
28
29
  * [I18n](#i18n)
29
30
  * [Authenticating Controller Actions](#authenticating-controller-actions)
@@ -47,7 +48,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
47
48
  * [Contributing](#contributing)
48
49
  * [License](#license)
49
50
 
50
- <!-- Added by: mcelicalderon, at: Wed May 19 21:25:22 -05 2021 -->
51
+ <!-- Added by: mcelicalderon, at: Tue Jun 8 22:47:12 -05 2021 -->
51
52
 
52
53
  <!--te-->
53
54
 
@@ -158,7 +159,7 @@ Rails.application.routes.draw do
158
159
  operations: {
159
160
  login: Mutations::Login
160
161
  },
161
- skip: [:sign_up],
162
+ skip: [:register],
162
163
  additional_mutations: {
163
164
  # generates mutation { adminUserSignUp }
164
165
  admin_user_sign_up: Mutations::AdminUserSignUp
@@ -190,7 +191,7 @@ class DummySchema < GraphQL::Schema
190
191
  query: Types::QueryType,
191
192
  mutation: Types::MutationType,
192
193
  resource_loaders: [
193
- GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
194
+ GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
194
195
  ]
195
196
  )
196
197
 
@@ -298,13 +299,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
298
299
  ```ruby
299
300
  :login
300
301
  :logout
301
- :sign_up
302
- :confirm_account
303
- :send_password_reset
304
- :check_password_token
305
- :update_password
306
- :send_password_reset_with_token
302
+ :sign_up (deprecated)
303
+ :register
304
+ :update_password (deprecated)
307
305
  :update_password_with_token
306
+ :send_password_reset (deprecated)
307
+ :send_password_reset_with_token
308
+ :resend_confirmation (deprecated)
309
+ :resend_confirmation_with_token
310
+ :confirm_registration_with_token
311
+ :confirm_account (deprecated)
312
+ :check_password_token (deprecated)
308
313
  ```
309
314
 
310
315
  ### Configuring Model
@@ -332,6 +337,9 @@ The install generator can do this for you if you specify the `user_class` option
332
337
  See [Installation](#installation) for details.
333
338
 
334
339
  ### Email Reconfirmation
340
+ We want reconfirmable in this gem to work separately
341
+ from DTA's or Devise (too much complexity in the model based on callbacks).
342
+
335
343
  Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
336
344
  in this gem to work on model basis instead of having a global configuration like in Devise.
337
345
  **For this reason Devise's global `reconfirmable` setting is ignored.**
@@ -340,10 +348,29 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
340
348
  1. Include the `:confirmable` module.
341
349
  1. Has an `unconfirmed_email` column in the resource's table.
342
350
 
343
- In order to trigger the reconfirmation email in a reconfirmable resource, you simply needi
351
+ In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
344
352
  to call a different update method on your resource,`update_with_email`.
345
353
  When the resource is not reconfirmable or the email is not updated, this method behaves exactly
346
354
  the same as ActiveRecord's `update`.
355
+
356
+ `update_with_email` requires one additional attribute when email will change or an error
357
+ will be raised:
358
+
359
+ 1. `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
360
+ a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
361
+ your client application.
362
+
363
+ So, it's up to you where you require confirmation of changing emails.
364
+ Here's a demonstration on the method usage:
365
+ ```ruby
366
+ user.update_with_email(
367
+ name: 'New Name',
368
+ email: 'new@domain.com',
369
+ confirmation_url: 'https://google.com'
370
+ )
371
+ ```
372
+
373
+ #### Deprecated flow - Do Not Use
347
374
  `update_with_email` requires two additional attributes when email will change or an error
348
375
  will be raised:
349
376
 
@@ -368,9 +395,6 @@ user.update_with_email(
368
395
  )
369
396
  ```
370
397
 
371
- We want reconfirmable in this gem to work separately
372
- from DTA's or Devise (too much complexity in the model based on callbacks).
373
-
374
398
  ### Customizing Email Templates
375
399
  The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
376
400
  so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -547,20 +571,22 @@ If you are using the schema plugin, you can require authentication before doing
547
571
 
548
572
  Operation | Description | Example
549
573
  :--- | :--- | :------------------:
550
- login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
551
- logout | | userLogout: UserLogoutPayload
552
- signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
553
- sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
554
- updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
555
- resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
556
- sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
557
- updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
574
+ login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
575
+ logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
576
+ signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
577
+ register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
578
+ sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
579
+ updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
580
+ resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
581
+ resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
582
+ sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
583
+ updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
558
584
 
559
585
  #### Queries
560
586
  Operation | Description | Example
561
587
  :--- | :--- | :------------------:
562
- confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
563
- checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
588
+ confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
589
+ checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
564
590
 
565
591
  The reason for having 2 queries is that these 2 are going to be accessed when clicking on
566
592
  the confirmation and reset password email urls. There is no limitation for making mutation
@@ -2,4 +2,10 @@
2
2
 
3
3
  <p><%= t('.confirm_link_msg') %></p>
4
4
 
5
- <p><%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %></p>
5
+ <p>
6
+ <% if message['schema_url'].present? %>
7
+ <%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
8
+ <% else %>
9
+ <%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
10
+ <% end %>
11
+ </p>
@@ -4,23 +4,29 @@ require 'graphql_devise/mutations/base'
4
4
  require 'graphql_devise/mutations/login'
5
5
  require 'graphql_devise/mutations/logout'
6
6
  require 'graphql_devise/mutations/resend_confirmation'
7
+ require 'graphql_devise/mutations/resend_confirmation_with_token'
7
8
  require 'graphql_devise/mutations/send_password_reset'
8
9
  require 'graphql_devise/mutations/send_password_reset_with_token'
9
10
  require 'graphql_devise/mutations/sign_up'
11
+ require 'graphql_devise/mutations/register'
10
12
  require 'graphql_devise/mutations/update_password'
11
13
  require 'graphql_devise/mutations/update_password_with_token'
14
+ require 'graphql_devise/mutations/confirm_registration_with_token'
12
15
 
13
16
  module GraphqlDevise
14
17
  module DefaultOperations
15
18
  MUTATIONS = {
16
- login: { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
17
- logout: { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
18
- sign_up: { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
19
- update_password: { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
20
- update_password_with_token: { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
21
- send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
22
- send_password_reset_with_token: { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
23
- resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
19
+ login: { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
20
+ logout: { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
21
+ sign_up: { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true, deprecation_reason: 'use register instead' },
22
+ register: { klass: GraphqlDevise::Mutations::Register, authenticatable: true },
23
+ update_password: { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true, deprecation_reason: 'use update_password_with_token instead' },
24
+ update_password_with_token: { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
25
+ send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false, deprecation_reason: 'use send_password_reset_with_token instead' },
26
+ send_password_reset_with_token: { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
27
+ resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false, deprecation_reason: 'use resend_confirmation_with_token instead' },
28
+ resend_confirmation_with_token: { klass: GraphqlDevise::Mutations::ResendConfirmationWithToken, authenticatable: false },
29
+ confirm_registration_with_token: { klass: GraphqlDevise::Mutations::ConfirmRegistrationWithToken, authenticatable: true }
24
30
  }.freeze
25
31
  end
26
32
  end
@@ -7,8 +7,8 @@ require 'graphql_devise/resolvers/confirm_account'
7
7
  module GraphqlDevise
8
8
  module DefaultOperations
9
9
  QUERIES = {
10
- confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount },
11
- check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
10
+ confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount, deprecation_reason: 'use the new confirmation flow as it does not require this query anymore' },
11
+ check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken, deprecation_reason: 'use the new password reset flow as it does not require this query anymore' }
12
12
  }.freeze
13
13
  end
14
14
  end
@@ -4,12 +4,14 @@ module GraphqlDevise
4
4
  module Model
5
5
  class WithEmailUpdater
6
6
  def initialize(resource, attributes)
7
- @attributes = attributes
7
+ @attributes = attributes.with_indifferent_access
8
8
  @resource = resource
9
9
  end
10
10
 
11
11
  def call
12
- resource_attributes = @attributes.except(:schema_url, :confirmation_success_url)
12
+ check_deprecated_attributes
13
+
14
+ resource_attributes = @attributes.except(:schema_url, :confirmation_success_url, :confirmation_url)
13
15
  return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
14
16
 
15
17
  @resource.assign_attributes(resource_attributes)
@@ -27,16 +29,31 @@ module GraphqlDevise
27
29
  else
28
30
  raise(
29
31
  GraphqlDevise::Error,
30
- 'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
32
+ 'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
31
33
  )
32
34
  end
33
35
  end
34
36
 
35
37
  private
36
38
 
39
+ def check_deprecated_attributes
40
+ if [@attributes[:schema_url], @attributes[:confirmation_success_url]].any?(&:present?)
41
+ ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
42
+ Providing `schema_url` and `confirmation_success_url` to `update_with_email` is deprecated and will be
43
+ removed in a future version of this gem.
44
+
45
+ Now you must only provide `confirmation_url` and the email will contain the new format of the confirmation
46
+ url that needs to be used with the new `confirmRegistrationWithToken` on the client application.
47
+ DEPRECATION
48
+ end
49
+ end
50
+
37
51
  def required_reconfirm_attributes?
38
- @attributes[:schema_url].present? &&
39
- (@attributes[:confirmation_success_url].present? || DeviseTokenAuth.default_confirm_success_url.present?)
52
+ if @attributes[:schema_url].present?
53
+ [@attributes[:confirmation_success_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
54
+ else
55
+ [@attributes[:confirmation_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
56
+ end
40
57
  end
41
58
 
42
59
  def requires_reconfirmation?(resource_attributes)
@@ -60,13 +77,22 @@ module GraphqlDevise
60
77
  end
61
78
  end
62
79
 
80
+ def confirmation_method_params
81
+ if @attributes[:schema_url].present?
82
+ {
83
+ redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
84
+ schema_url: @attributes[:schema_url]
85
+ }
86
+ else
87
+ { redirect_url: @attributes[:confirmation_url] || DeviseTokenAuth.default_confirm_success_url }
88
+ end
89
+ end
90
+
63
91
  def send_confirmation_instructions(saved)
64
92
  return unless saved
65
93
 
66
94
  @resource.send_confirmation_instructions(
67
- redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
68
- template_path: ['graphql_devise/mailer'],
69
- schema_url: @attributes[:schema_url]
95
+ confirmation_method_params.merge(template_path: ['graphql_devise/mailer'])
70
96
  )
71
97
  end
72
98
  end
@@ -17,7 +17,7 @@ module GraphqlDevise
17
17
  @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
18
18
  mapped_action = "#{mapping_name}_#{action}"
19
19
  operation = operation_info[:klass]
20
- options = operation_info.except(:klass)
20
+ options = operation_info.except(:klass, :deprecation_reason)
21
21
 
22
22
  result[mapped_action.to_sym] = [
23
23
  OperationPreparers::GqlNameSetter.new(mapped_action),
@@ -18,13 +18,25 @@ module GraphqlDevise
18
18
  end
19
19
 
20
20
  def call
21
- if @only.present?
21
+ operations = if @only.present?
22
22
  @default.slice(*@only)
23
23
  elsif @skipped.present?
24
24
  @default.except(*@skipped)
25
25
  else
26
26
  @default
27
27
  end
28
+
29
+ operations.each do |operation, values|
30
+ next if values[:deprecation_reason].blank?
31
+
32
+ ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
33
+ `#{operation}` is deprecated and will be removed in a future version of this gem.
34
+ #{values[:deprecation_reason]}
35
+
36
+ You can supress this message by skipping `#{operation}` on your ResourceLoader or the
37
+ mount_graphql_devise_for method on your routes file.
38
+ DEPRECATION
39
+ end
28
40
  end
29
41
  end
30
42
  end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ module GraphqlDevise
4
+ module Mutations
5
+ class ConfirmRegistrationWithToken < Base
6
+ argument :confirmation_token, String, required: true
7
+
8
+ field :credentials,
9
+ GraphqlDevise::Types::CredentialType,
10
+ null: true,
11
+ description: 'Authentication credentials. Null unless user is signed in after confirmation.'
12
+
13
+ def resolve(confirmation_token:)
14
+ resource = resource_class.confirm_by_token(confirmation_token)
15
+
16
+ if resource.errors.empty?
17
+ yield resource if block_given?
18
+
19
+ response_payload = { authenticatable: resource }
20
+
21
+ response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
22
+
23
+ response_payload
24
+ else
25
+ raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ module GraphqlDevise
4
+ module Mutations
5
+ class Register < Base
6
+ argument :email, String, required: true
7
+ argument :password, String, required: true
8
+ argument :password_confirmation, String, required: true
9
+ argument :confirm_url, String, required: false
10
+
11
+ field :credentials,
12
+ GraphqlDevise::Types::CredentialType,
13
+ null: true,
14
+ description: 'Authentication credentials. Null if after signUp resource is not active for authentication (e.g. Email confirmation required).'
15
+
16
+ def resolve(confirm_url: nil, **attrs)
17
+ resource = build_resource(attrs.merge(provider: provider))
18
+ raise_user_error(I18n.t('graphql_devise.resource_build_failed')) if resource.blank?
19
+
20
+ redirect_url = confirm_url || DeviseTokenAuth.default_confirm_success_url
21
+ if confirmable_enabled? && redirect_url.blank?
22
+ raise_user_error(I18n.t('graphql_devise.registrations.missing_confirm_redirect_url'))
23
+ end
24
+
25
+ check_redirect_url_whitelist!(redirect_url)
26
+
27
+ resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!)
28
+
29
+ if resource.save
30
+ yield resource if block_given?
31
+
32
+ unless resource.confirmed?
33
+ resource.send_confirmation_instructions(
34
+ redirect_url: redirect_url,
35
+ template_path: ['graphql_devise/mailer']
36
+ )
37
+ end
38
+
39
+ response_payload = { authenticatable: resource }
40
+
41
+ response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
42
+
43
+ response_payload
44
+ else
45
+ resource.try(:clean_up_passwords)
46
+ raise_user_error_list(
47
+ I18n.t('graphql_devise.registration_failed'),
48
+ errors: resource.errors.full_messages
49
+ )
50
+ end
51
+ end
52
+
53
+ private
54
+
55
+ def build_resource(attrs)
56
+ resource_class.new(attrs)
57
+ end
58
+ end
59
+ end
60
+ end