graphql_devise 0.16.0 → 0.17.0

data/spec/requests/mutations/resend_confirmation_with_token_spec.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Resend confirmation with token' do
+  include_context 'with graphql query request'
+
+  let(:confirmed_at) { nil }
+  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
+  let(:email)        { user.email }
+  let(:id)           { user.id }
+  let(:confirm_url)  { 'https://google.com' }
+  let(:query) do
+    <<-GRAPHQL
+      mutation {
+        userResendConfirmationWithToken(
+          email:"#{email}",
+          confirmUrl:"#{confirm_url}"
+        ) {
+          message
+        }
+      }
+    GRAPHQL
+  end
+
+  context 'when confirm_url is not whitelisted' do
+    let(:confirm_url) { 'https://not-safe.com' }
+
+    it 'returns a not whitelisted confirm url error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+
+      expect(json_response[:errors]).to containing_exactly(
+        hash_including(
+          message:    "Redirect to '#{confirm_url}' not allowed.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+
+  context 'when params are correct' do
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email         = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        confirm_link  = email.css('a').first['href']
+        confirm_token = confirm_link.match(/\?confirmationToken\=(?<token>.+)\z/)[:token]
+
+        expect(User.confirm_by_token(confirm_token)).to eq(user)
+      end
+    end
+
+    context 'when email address uses different casing' do
+      let(:email) { 'mWallace@wallaceinc.com' }
+
+      it 'honors devise configuration for case insensitive fields' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+      end
+    end
+
+    context 'when the user has already been confirmed' do
+      before { user.confirm }
+
+      it 'does *NOT* send an email and raises an error' do
+        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+        expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(
+            message:    'Email was already confirmed, please try signing in',
+            extensions: { code: 'USER_ERROR' }
+          )
+        )
+      end
+    end
+  end
+
+  context 'when the email was changed' do
+    let(:confirmed_at) { 2.seconds.ago }
+    let(:email)        { 'new-email@wallaceinc.com' }
+    let(:new_email)    { email }
+
+    before do
+      user.update_with_email(
+        email:                    new_email,
+        schema_url:               'http://localhost/test',
+        confirmation_success_url: 'https://google.com'
+      )
+    end
+
+    it 'sends new confirmation email' do
+      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to include(
+        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+      )
+    end
+  end
+
+  context "when the email isn't in the system" do
+    let(:email) { 'notthere@gmail.com' }
+
+    it 'does *NOT* send an email and raises an error' do
+      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
+      expect(json_response[:data][:userResendConfirmationWithToken]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message:    "Unable to find user with email '#{email}'.",
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+end

data/spec/services/mount_method/operation_sanitizer_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe GraphqlDevise::MountMethod::OperationSanitizer do
     context 'when the operations passed are mutations' do
       let(:skipped)  { [] }
       let(:only)     { [] }
-      let(:default)  { { operation1: op_class1, operation2: op_class2 } }
+      let(:default)  { { operation1: { klass: op_class1 }, operation2: { klass: op_class2 } } }
 
       context 'when no other option besides default is passed' do
         it { is_expected.to eq(default) }
@@ -22,13 +22,13 @@ RSpec.describe GraphqlDevise::MountMethod::OperationSanitizer do
       context 'when there are only operations' do
         let(:only) { [:operation1] }
 
-        it { is_expected.to eq(operation1: op_class1) }
+        it { is_expected.to eq(operation1: { klass: op_class1 }) }
       end
 
       context 'when there are skipped operations' do
         let(:skipped) { [:operation2] }
 
-        it { is_expected.to eq(operation1: op_class1) }
+        it { is_expected.to eq(operation1: { klass: op_class1 }) }
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graphql_devise
 version: !ruby/object:Gem::Version
-  version: 0.16.0
+  version: 0.17.0
 platform: ruby
 authors:
 - Mario Celi
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-05-20 00:00:00.000000000 Z
+date: 2021-06-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_token_auth
@@ -337,9 +337,12 @@ files:
 - lib/graphql_devise/mount_method/options_validator.rb
 - lib/graphql_devise/mount_method/supported_options.rb
 - lib/graphql_devise/mutations/base.rb
+- lib/graphql_devise/mutations/confirm_registration_with_token.rb
 - lib/graphql_devise/mutations/login.rb
 - lib/graphql_devise/mutations/logout.rb
+- lib/graphql_devise/mutations/register.rb
 - lib/graphql_devise/mutations/resend_confirmation.rb
+- lib/graphql_devise/mutations/resend_confirmation_with_token.rb
 - lib/graphql_devise/mutations/send_password_reset.rb
 - lib/graphql_devise/mutations/send_password_reset_with_token.rb
 - lib/graphql_devise/mutations/sign_up.rb
@@ -366,6 +369,7 @@ files:
 - spec/dummy/app/graphql/dummy_schema.rb
 - spec/dummy/app/graphql/interpreter_schema.rb
 - spec/dummy/app/graphql/mutations/login.rb
+- spec/dummy/app/graphql/mutations/register.rb
 - spec/dummy/app/graphql/mutations/register_confirmed_user.rb
 - spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb
 - spec/dummy/app/graphql/mutations/sign_up.rb
@@ -443,9 +447,12 @@ files:
 - spec/requests/graphql_controller_spec.rb
 - spec/requests/mutations/additional_mutations_spec.rb
 - spec/requests/mutations/additional_queries_spec.rb
+- spec/requests/mutations/confirm_registration_with_token_spec.rb
 - spec/requests/mutations/login_spec.rb
 - spec/requests/mutations/logout_spec.rb
+- spec/requests/mutations/register_spec.rb
 - spec/requests/mutations/resend_confirmation_spec.rb
+- spec/requests/mutations/resend_confirmation_with_token_spec.rb
 - spec/requests/mutations/send_password_reset_spec.rb
 - spec/requests/mutations/send_password_reset_with_token_spec.rb
 - spec/requests/mutations/sign_up_spec.rb
@@ -503,7 +510,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: GraphQL queries and mutations on top of devise_token_auth
@@ -516,6 +523,7 @@ test_files:
 - spec/dummy/app/graphql/dummy_schema.rb
 - spec/dummy/app/graphql/interpreter_schema.rb
 - spec/dummy/app/graphql/mutations/login.rb
+- spec/dummy/app/graphql/mutations/register.rb
 - spec/dummy/app/graphql/mutations/register_confirmed_user.rb
 - spec/dummy/app/graphql/mutations/reset_admin_password_with_token.rb
 - spec/dummy/app/graphql/mutations/sign_up.rb
@@ -593,9 +601,12 @@ test_files:
 - spec/requests/graphql_controller_spec.rb
 - spec/requests/mutations/additional_mutations_spec.rb
 - spec/requests/mutations/additional_queries_spec.rb
+- spec/requests/mutations/confirm_registration_with_token_spec.rb
 - spec/requests/mutations/login_spec.rb
 - spec/requests/mutations/logout_spec.rb
+- spec/requests/mutations/register_spec.rb
 - spec/requests/mutations/resend_confirmation_spec.rb
+- spec/requests/mutations/resend_confirmation_with_token_spec.rb
 - spec/requests/mutations/send_password_reset_spec.rb
 - spec/requests/mutations/send_password_reset_with_token_spec.rb
 - spec/requests/mutations/sign_up_spec.rb