graphql_devise 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +49 -23
- data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb +7 -1
- data/lib/graphql_devise/default_operations/mutations.rb +14 -8
- data/lib/graphql_devise/default_operations/resolvers.rb +2 -2
- data/lib/graphql_devise/model/with_email_updater.rb +34 -8
- data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +1 -1
- data/lib/graphql_devise/mount_method/operation_sanitizer.rb +13 -1
- data/lib/graphql_devise/mutations/confirm_registration_with_token.rb +30 -0
- data/lib/graphql_devise/mutations/register.rb +60 -0
- data/lib/graphql_devise/mutations/resend_confirmation_with_token.rb +44 -0
- data/lib/graphql_devise/mutations/sign_up.rb +1 -1
- data/lib/graphql_devise/version.rb +1 -1
- data/spec/dummy/app/graphql/dummy_schema.rb +4 -3
- data/spec/dummy/app/graphql/mutations/register.rb +14 -0
- data/spec/dummy/config/routes.rb +5 -4
- data/spec/graphql_devise/model/with_email_updater_spec.rb +97 -68
- data/spec/requests/mutations/confirm_registration_with_token_spec.rb +117 -0
- data/spec/requests/mutations/register_spec.rb +166 -0
- data/spec/requests/mutations/resend_confirmation_with_token_spec.rb +137 -0
- data/spec/services/mount_method/operation_sanitizer_spec.rb +3 -3
- metadata +14 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a20dcb1834cc319028e86a024014875122d1b6351fed8dcd27c3a82acff8969
|
4
|
+
data.tar.gz: 92d6109d57ef77cced08a1a6a0a946441be37ddd14b9d27c672b6203ad260a76
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1f28dd471b8e533d1f918101790c6f95734c54050b7e80e00e2832e77a9ab51f72b5f51c1805f94aa8983c39900d8c94e7b3ad41134b9801c39ac3fde403a66
|
7
|
+
data.tar.gz: ac53e7a59a66bad7e34eae6587f6d31b47ecee4cf26b2fe5280bb2e10e2b3e343f3b1efc8f034aeaf17d4a9e5b73c2e77032ec3fd1d3d2f2efc7e39ce28e186a
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,23 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
|
10
|
+
- Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
|
11
|
+
- Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
|
12
|
+
|
13
|
+
**Deprecated:**
|
14
|
+
|
15
|
+
- Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
|
16
|
+
|
17
|
+
**Merged pull requests:**
|
18
|
+
|
19
|
+
- Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
|
20
|
+
|
3
21
|
## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
|
4
22
|
|
5
23
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)
|
data/README.md
CHANGED
@@ -24,6 +24,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
|
|
24
24
|
* [Available Operations](#available-operations)
|
25
25
|
* [Configuring Model](#configuring-model)
|
26
26
|
* [Email Reconfirmation](#email-reconfirmation)
|
27
|
+
* [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
|
27
28
|
* [Customizing Email Templates](#customizing-email-templates)
|
28
29
|
* [I18n](#i18n)
|
29
30
|
* [Authenticating Controller Actions](#authenticating-controller-actions)
|
@@ -47,7 +48,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
|
|
47
48
|
* [Contributing](#contributing)
|
48
49
|
* [License](#license)
|
49
50
|
|
50
|
-
<!-- Added by: mcelicalderon, at:
|
51
|
+
<!-- Added by: mcelicalderon, at: Tue Jun 8 22:47:12 -05 2021 -->
|
51
52
|
|
52
53
|
<!--te-->
|
53
54
|
|
@@ -158,7 +159,7 @@ Rails.application.routes.draw do
|
|
158
159
|
operations: {
|
159
160
|
login: Mutations::Login
|
160
161
|
},
|
161
|
-
skip: [:
|
162
|
+
skip: [:register],
|
162
163
|
additional_mutations: {
|
163
164
|
# generates mutation { adminUserSignUp }
|
164
165
|
admin_user_sign_up: Mutations::AdminUserSignUp
|
@@ -190,7 +191,7 @@ class DummySchema < GraphQL::Schema
|
|
190
191
|
query: Types::QueryType,
|
191
192
|
mutation: Types::MutationType,
|
192
193
|
resource_loaders: [
|
193
|
-
GraphqlDevise::ResourceLoader.new(User, only: [:login, :
|
194
|
+
GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
|
194
195
|
]
|
195
196
|
)
|
196
197
|
|
@@ -298,13 +299,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
|
|
298
299
|
```ruby
|
299
300
|
:login
|
300
301
|
:logout
|
301
|
-
:sign_up
|
302
|
-
:
|
303
|
-
:
|
304
|
-
:check_password_token
|
305
|
-
:update_password
|
306
|
-
:send_password_reset_with_token
|
302
|
+
:sign_up (deprecated)
|
303
|
+
:register
|
304
|
+
:update_password (deprecated)
|
307
305
|
:update_password_with_token
|
306
|
+
:send_password_reset (deprecated)
|
307
|
+
:send_password_reset_with_token
|
308
|
+
:resend_confirmation (deprecated)
|
309
|
+
:resend_confirmation_with_token
|
310
|
+
:confirm_registration_with_token
|
311
|
+
:confirm_account (deprecated)
|
312
|
+
:check_password_token (deprecated)
|
308
313
|
```
|
309
314
|
|
310
315
|
### Configuring Model
|
@@ -332,6 +337,9 @@ The install generator can do this for you if you specify the `user_class` option
|
|
332
337
|
See [Installation](#installation) for details.
|
333
338
|
|
334
339
|
### Email Reconfirmation
|
340
|
+
We want reconfirmable in this gem to work separately
|
341
|
+
from DTA's or Devise (too much complexity in the model based on callbacks).
|
342
|
+
|
335
343
|
Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
|
336
344
|
in this gem to work on model basis instead of having a global configuration like in Devise.
|
337
345
|
**For this reason Devise's global `reconfirmable` setting is ignored.**
|
@@ -340,10 +348,29 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
|
|
340
348
|
1. Include the `:confirmable` module.
|
341
349
|
1. Has an `unconfirmed_email` column in the resource's table.
|
342
350
|
|
343
|
-
In order to trigger the reconfirmation email in a reconfirmable resource, you simply
|
351
|
+
In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
|
344
352
|
to call a different update method on your resource,`update_with_email`.
|
345
353
|
When the resource is not reconfirmable or the email is not updated, this method behaves exactly
|
346
354
|
the same as ActiveRecord's `update`.
|
355
|
+
|
356
|
+
`update_with_email` requires one additional attribute when email will change or an error
|
357
|
+
will be raised:
|
358
|
+
|
359
|
+
1. `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
|
360
|
+
a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
|
361
|
+
your client application.
|
362
|
+
|
363
|
+
So, it's up to you where you require confirmation of changing emails.
|
364
|
+
Here's a demonstration on the method usage:
|
365
|
+
```ruby
|
366
|
+
user.update_with_email(
|
367
|
+
name: 'New Name',
|
368
|
+
email: 'new@domain.com',
|
369
|
+
confirmation_url: 'https://google.com'
|
370
|
+
)
|
371
|
+
```
|
372
|
+
|
373
|
+
#### Deprecated flow - Do Not Use
|
347
374
|
`update_with_email` requires two additional attributes when email will change or an error
|
348
375
|
will be raised:
|
349
376
|
|
@@ -368,9 +395,6 @@ user.update_with_email(
|
|
368
395
|
)
|
369
396
|
```
|
370
397
|
|
371
|
-
We want reconfirmable in this gem to work separately
|
372
|
-
from DTA's or Devise (too much complexity in the model based on callbacks).
|
373
|
-
|
374
398
|
### Customizing Email Templates
|
375
399
|
The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
|
376
400
|
so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
|
@@ -547,20 +571,22 @@ If you are using the schema plugin, you can require authentication before doing
|
|
547
571
|
|
548
572
|
Operation | Description | Example
|
549
573
|
:--- | :--- | :------------------:
|
550
|
-
login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
|
551
|
-
logout | | userLogout: UserLogoutPayload
|
552
|
-
signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
|
553
|
-
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
574
|
+
login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
|
575
|
+
logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
|
576
|
+
signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
|
577
|
+
register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
|
578
|
+
sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
|
579
|
+
updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
|
580
|
+
resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
|
581
|
+
resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
|
582
|
+
sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
|
583
|
+
updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
|
558
584
|
|
559
585
|
#### Queries
|
560
586
|
Operation | Description | Example
|
561
587
|
:--- | :--- | :------------------:
|
562
|
-
confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
|
563
|
-
checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
|
588
|
+
confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
|
589
|
+
checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
|
564
590
|
|
565
591
|
The reason for having 2 queries is that these 2 are going to be accessed when clicking on
|
566
592
|
the confirmation and reset password email urls. There is no limitation for making mutation
|
@@ -2,4 +2,10 @@
|
|
2
2
|
|
3
3
|
<p><%= t('.confirm_link_msg') %></p>
|
4
4
|
|
5
|
-
<p
|
5
|
+
<p>
|
6
|
+
<% if message['schema_url'].present? %>
|
7
|
+
<%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
|
8
|
+
<% else %>
|
9
|
+
<%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
|
10
|
+
<% end %>
|
11
|
+
</p>
|
@@ -4,23 +4,29 @@ require 'graphql_devise/mutations/base'
|
|
4
4
|
require 'graphql_devise/mutations/login'
|
5
5
|
require 'graphql_devise/mutations/logout'
|
6
6
|
require 'graphql_devise/mutations/resend_confirmation'
|
7
|
+
require 'graphql_devise/mutations/resend_confirmation_with_token'
|
7
8
|
require 'graphql_devise/mutations/send_password_reset'
|
8
9
|
require 'graphql_devise/mutations/send_password_reset_with_token'
|
9
10
|
require 'graphql_devise/mutations/sign_up'
|
11
|
+
require 'graphql_devise/mutations/register'
|
10
12
|
require 'graphql_devise/mutations/update_password'
|
11
13
|
require 'graphql_devise/mutations/update_password_with_token'
|
14
|
+
require 'graphql_devise/mutations/confirm_registration_with_token'
|
12
15
|
|
13
16
|
module GraphqlDevise
|
14
17
|
module DefaultOperations
|
15
18
|
MUTATIONS = {
|
16
|
-
login:
|
17
|
-
logout:
|
18
|
-
sign_up:
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
19
|
+
login: { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
|
20
|
+
logout: { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
|
21
|
+
sign_up: { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true, deprecation_reason: 'use register instead' },
|
22
|
+
register: { klass: GraphqlDevise::Mutations::Register, authenticatable: true },
|
23
|
+
update_password: { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true, deprecation_reason: 'use update_password_with_token instead' },
|
24
|
+
update_password_with_token: { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
|
25
|
+
send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false, deprecation_reason: 'use send_password_reset_with_token instead' },
|
26
|
+
send_password_reset_with_token: { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
|
27
|
+
resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false, deprecation_reason: 'use resend_confirmation_with_token instead' },
|
28
|
+
resend_confirmation_with_token: { klass: GraphqlDevise::Mutations::ResendConfirmationWithToken, authenticatable: false },
|
29
|
+
confirm_registration_with_token: { klass: GraphqlDevise::Mutations::ConfirmRegistrationWithToken, authenticatable: true }
|
24
30
|
}.freeze
|
25
31
|
end
|
26
32
|
end
|
@@ -7,8 +7,8 @@ require 'graphql_devise/resolvers/confirm_account'
|
|
7
7
|
module GraphqlDevise
|
8
8
|
module DefaultOperations
|
9
9
|
QUERIES = {
|
10
|
-
confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount },
|
11
|
-
check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
|
10
|
+
confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount, deprecation_reason: 'use the new confirmation flow as it does not require this query anymore' },
|
11
|
+
check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken, deprecation_reason: 'use the new password reset flow as it does not require this query anymore' }
|
12
12
|
}.freeze
|
13
13
|
end
|
14
14
|
end
|
@@ -4,12 +4,14 @@ module GraphqlDevise
|
|
4
4
|
module Model
|
5
5
|
class WithEmailUpdater
|
6
6
|
def initialize(resource, attributes)
|
7
|
-
@attributes = attributes
|
7
|
+
@attributes = attributes.with_indifferent_access
|
8
8
|
@resource = resource
|
9
9
|
end
|
10
10
|
|
11
11
|
def call
|
12
|
-
|
12
|
+
check_deprecated_attributes
|
13
|
+
|
14
|
+
resource_attributes = @attributes.except(:schema_url, :confirmation_success_url, :confirmation_url)
|
13
15
|
return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
|
14
16
|
|
15
17
|
@resource.assign_attributes(resource_attributes)
|
@@ -27,16 +29,31 @@ module GraphqlDevise
|
|
27
29
|
else
|
28
30
|
raise(
|
29
31
|
GraphqlDevise::Error,
|
30
|
-
'Method `update_with_email` requires
|
32
|
+
'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
|
31
33
|
)
|
32
34
|
end
|
33
35
|
end
|
34
36
|
|
35
37
|
private
|
36
38
|
|
39
|
+
def check_deprecated_attributes
|
40
|
+
if [@attributes[:schema_url], @attributes[:confirmation_success_url]].any?(&:present?)
|
41
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
|
42
|
+
Providing `schema_url` and `confirmation_success_url` to `update_with_email` is deprecated and will be
|
43
|
+
removed in a future version of this gem.
|
44
|
+
|
45
|
+
Now you must only provide `confirmation_url` and the email will contain the new format of the confirmation
|
46
|
+
url that needs to be used with the new `confirmRegistrationWithToken` on the client application.
|
47
|
+
DEPRECATION
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
37
51
|
def required_reconfirm_attributes?
|
38
|
-
@attributes[:schema_url].present?
|
39
|
-
|
52
|
+
if @attributes[:schema_url].present?
|
53
|
+
[@attributes[:confirmation_success_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
|
54
|
+
else
|
55
|
+
[@attributes[:confirmation_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
|
56
|
+
end
|
40
57
|
end
|
41
58
|
|
42
59
|
def requires_reconfirmation?(resource_attributes)
|
@@ -60,13 +77,22 @@ module GraphqlDevise
|
|
60
77
|
end
|
61
78
|
end
|
62
79
|
|
80
|
+
def confirmation_method_params
|
81
|
+
if @attributes[:schema_url].present?
|
82
|
+
{
|
83
|
+
redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
|
84
|
+
schema_url: @attributes[:schema_url]
|
85
|
+
}
|
86
|
+
else
|
87
|
+
{ redirect_url: @attributes[:confirmation_url] || DeviseTokenAuth.default_confirm_success_url }
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
63
91
|
def send_confirmation_instructions(saved)
|
64
92
|
return unless saved
|
65
93
|
|
66
94
|
@resource.send_confirmation_instructions(
|
67
|
-
|
68
|
-
template_path: ['graphql_devise/mailer'],
|
69
|
-
schema_url: @attributes[:schema_url]
|
95
|
+
confirmation_method_params.merge(template_path: ['graphql_devise/mailer'])
|
70
96
|
)
|
71
97
|
end
|
72
98
|
end
|
@@ -17,7 +17,7 @@ module GraphqlDevise
|
|
17
17
|
@selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
|
18
18
|
mapped_action = "#{mapping_name}_#{action}"
|
19
19
|
operation = operation_info[:klass]
|
20
|
-
options = operation_info.except(:klass)
|
20
|
+
options = operation_info.except(:klass, :deprecation_reason)
|
21
21
|
|
22
22
|
result[mapped_action.to_sym] = [
|
23
23
|
OperationPreparers::GqlNameSetter.new(mapped_action),
|
@@ -18,13 +18,25 @@ module GraphqlDevise
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def call
|
21
|
-
if @only.present?
|
21
|
+
operations = if @only.present?
|
22
22
|
@default.slice(*@only)
|
23
23
|
elsif @skipped.present?
|
24
24
|
@default.except(*@skipped)
|
25
25
|
else
|
26
26
|
@default
|
27
27
|
end
|
28
|
+
|
29
|
+
operations.each do |operation, values|
|
30
|
+
next if values[:deprecation_reason].blank?
|
31
|
+
|
32
|
+
ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
|
33
|
+
`#{operation}` is deprecated and will be removed in a future version of this gem.
|
34
|
+
#{values[:deprecation_reason]}
|
35
|
+
|
36
|
+
You can supress this message by skipping `#{operation}` on your ResourceLoader or the
|
37
|
+
mount_graphql_devise_for method on your routes file.
|
38
|
+
DEPRECATION
|
39
|
+
end
|
28
40
|
end
|
29
41
|
end
|
30
42
|
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module GraphqlDevise
|
4
|
+
module Mutations
|
5
|
+
class ConfirmRegistrationWithToken < Base
|
6
|
+
argument :confirmation_token, String, required: true
|
7
|
+
|
8
|
+
field :credentials,
|
9
|
+
GraphqlDevise::Types::CredentialType,
|
10
|
+
null: true,
|
11
|
+
description: 'Authentication credentials. Null unless user is signed in after confirmation.'
|
12
|
+
|
13
|
+
def resolve(confirmation_token:)
|
14
|
+
resource = resource_class.confirm_by_token(confirmation_token)
|
15
|
+
|
16
|
+
if resource.errors.empty?
|
17
|
+
yield resource if block_given?
|
18
|
+
|
19
|
+
response_payload = { authenticatable: resource }
|
20
|
+
|
21
|
+
response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
|
22
|
+
|
23
|
+
response_payload
|
24
|
+
else
|
25
|
+
raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module GraphqlDevise
|
4
|
+
module Mutations
|
5
|
+
class Register < Base
|
6
|
+
argument :email, String, required: true
|
7
|
+
argument :password, String, required: true
|
8
|
+
argument :password_confirmation, String, required: true
|
9
|
+
argument :confirm_url, String, required: false
|
10
|
+
|
11
|
+
field :credentials,
|
12
|
+
GraphqlDevise::Types::CredentialType,
|
13
|
+
null: true,
|
14
|
+
description: 'Authentication credentials. Null if after signUp resource is not active for authentication (e.g. Email confirmation required).'
|
15
|
+
|
16
|
+
def resolve(confirm_url: nil, **attrs)
|
17
|
+
resource = build_resource(attrs.merge(provider: provider))
|
18
|
+
raise_user_error(I18n.t('graphql_devise.resource_build_failed')) if resource.blank?
|
19
|
+
|
20
|
+
redirect_url = confirm_url || DeviseTokenAuth.default_confirm_success_url
|
21
|
+
if confirmable_enabled? && redirect_url.blank?
|
22
|
+
raise_user_error(I18n.t('graphql_devise.registrations.missing_confirm_redirect_url'))
|
23
|
+
end
|
24
|
+
|
25
|
+
check_redirect_url_whitelist!(redirect_url)
|
26
|
+
|
27
|
+
resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!)
|
28
|
+
|
29
|
+
if resource.save
|
30
|
+
yield resource if block_given?
|
31
|
+
|
32
|
+
unless resource.confirmed?
|
33
|
+
resource.send_confirmation_instructions(
|
34
|
+
redirect_url: redirect_url,
|
35
|
+
template_path: ['graphql_devise/mailer']
|
36
|
+
)
|
37
|
+
end
|
38
|
+
|
39
|
+
response_payload = { authenticatable: resource }
|
40
|
+
|
41
|
+
response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
|
42
|
+
|
43
|
+
response_payload
|
44
|
+
else
|
45
|
+
resource.try(:clean_up_passwords)
|
46
|
+
raise_user_error_list(
|
47
|
+
I18n.t('graphql_devise.registration_failed'),
|
48
|
+
errors: resource.errors.full_messages
|
49
|
+
)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def build_resource(attrs)
|
56
|
+
resource_class.new(attrs)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|