graphql_devise 0.18.1 → 1.0.1

data/README.md

@@ -23,31 +23,30 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
       * [Configuring Model](#configuring-model)
       * [Email Reconfirmation](#email-reconfirmation)
          * [Current flow](#current-flow)
-         * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
       * [Customizing Email Templates](#customizing-email-templates)
       * [I18n](#i18n)
       * [Authenticating Controller Actions](#authenticating-controller-actions)
          * [Authenticate Resource in the Controller (>= v0.15.0)](#authenticate-resource-in-the-controller--v0150)
             * [Authentication Options](#authentication-options)
-         * [Authenticate Before Reaching Your GQL Schema (Deprecated)](#authenticate-before-reaching-your-gql-schema-deprecated)
-         * [Authenticate in an Existing Schema (Deprecated)](#authenticate-in-an-existing-schema-deprecated)
-            * [Authentication Options](#authentication-options-1)
-         * [Important](#important)
       * [Making Requests](#making-requests)
          * [Introspection query](#introspection-query)
          * [Mutations](#mutations)
-         * [Queries](#queries)
       * [Reset Password Flow](#reset-password-flow)
       * [More Configuration Options](#more-configuration-options)
          * [Devise Token Auth Initializer](#devise-token-auth-initializer)
          * [Devise Initializer](#devise-initializer)
+      * [GraphQL 2.0 Support (>= v1.0.0)](#graphql-20-support--v100)
       * [GraphQL Interpreter](#graphql-interpreter)
       * [Using Alongside Standard Devise](#using-alongside-standard-devise)
+   * [Changelog](#changelog)
    * [Future Work](#future-work)
+   * [Buy Us a Coffee](#buy-us-a-coffee)
+            * [BTC](#btc)
+            * [ADA](#ada)
    * [Contributing](#contributing)
    * [License](#license)
 
-<!-- Added by: david, at: jue jun 24 18:32:27 -05 2021 -->
+<!-- Added by: mcelicalderon, at: Wed Aug  3 22:04:10 -05 2022 -->
 
 <!--te-->
 
@@ -297,17 +296,11 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 ```ruby
 :login
 :logout
-:sign_up (deprecated)
 :register
-:update_password (deprecated)
 :update_password_with_token
-:send_password_reset (deprecated)
 :send_password_reset_with_token
-:resend_confirmation (deprecated)
 :resend_confirmation_with_token
 :confirm_registration_with_token
-:confirm_account (deprecated)
-:check_password_token (deprecated)
 ```
 
 ### Configuring Model
@@ -327,7 +320,7 @@ class User < ApplicationRecord
          :confirmable
 
   # including after calling the `devise` method is important.
-  include GraphqlDevise::Concerns::Model
+  include GraphqlDevise::Authenticatable
 end
 ```
 
@@ -369,31 +362,6 @@ user.update_with_email(
 )
 ```
 
-#### Deprecated flow - Do Not Use
-`update_with_email` requires two additional attributes when email will change or an error
-will be raised:
-
-- `schema_url`: The full url where your GQL schema is mounted. You can get this value from the
-controller available in the context of your mutations and queries like this:
-```ruby
-  context[:controller].full_url_without_params
-```
-- `confirmation_success_url`: This the full url where you want users to be redirected after
-the email has changed successfully (usually a front-end url). This value is mandatory
-unless you have set `default_confirm_success_url` in your devise_token_auth initializer.
-
-So, it's up to you where you require confirmation of changing emails.
-[Here's an example](https://github.com/graphql-devise/graphql_devise/blob/c4dcb17e98f8d84cc5ac002c66ed98a797d3bc82/spec/dummy/app/graphql/mutations/update_user.rb#L13)
-on how you might do this. And also a demonstration on the method usage:
-```ruby
-user.update_with_email(
-  name:                     'New Name',
-  email:                    'new@domain.com',
-  schema_url:               'http://localhost:3000/graphql',
-  confirmation_success_url: 'https://google.com'
-)
-```
-
 ### Customizing Email Templates
 The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
 so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -420,7 +388,7 @@ GQL schema execution like this:
 # app/controllers/my_controller.rb
 
 class MyController < ApplicationController
-  include GraphqlDevise::Concerns::SetUserByToken
+  include GraphqlDevise::SetUserByToken
 
   def my_action
     result = DummySchema.execute(params[:query], context: gql_devise_context(User))
@@ -433,7 +401,7 @@ end
 # app/controllers/my_controller.rb
 
 class MyController < ApplicationController
-  include GraphqlDevise::Concerns::SetUserByToken
+  include GraphqlDevise::SetUserByToken
 
   def my_action
     result = DummySchema.execute(params[:query], context: gql_devise_context(User, Admin))
@@ -479,87 +447,6 @@ module Types
 end
 ```
 
-#### Authenticate Before Reaching Your GQL Schema (Deprecated)
-For this you will need to call `authenticate_<model>!` in a `before_action` controller hook.
-In our example our model is `User`, so it would look like this:
-```ruby
-# app/controllers/my_controller.rb
-
-class MyController < ApplicationController
-  include GraphqlDevise::Concerns::SetUserByToken
-
-  before_action :authenticate_user!
-
-  def my_action
-    result = DummySchema.execute(params[:query], context: { current_resource: current_user })
-    render json: result unless performed?
-  end
-end
-```
-
-The install generator can include the concern in you application controller.
-If authentication fails for a request, execution will halt and a REST error will be returned since the request never reaches your GQL schema.
-
-#### Authenticate in an Existing Schema (Deprecated)
-For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
-[here](#mounting-operations-into-your-own-schema).
-
-```ruby
-# app/controllers/my_controller.rb
-
-class MyController < ApplicationController
-  include GraphqlDevise::Concerns::SetUserByToken
-
-  def my_action
-    result = DummySchema.execute(params[:query], context: graphql_context(:user))
-    render json: result unless performed?
-  end
-end
-```
-The `graphql_context` method receives a symbol identifying the resource you are trying
-to authenticate. So if you mounted the `User` resource, the symbol is `:user`. You can use
-this snippet to find the symbol for more complex scenarios
-`resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
-array of resources if you mounted more than one into your schema. The gem will try to
-authenticate a resource for each element on the array until it finds one.
-
-Internally in your own mutations and queries a key `current_resource` will be available in
-the context if a resource was successfully authenticated or `nil` otherwise.
-
-Keep in mind that sending multiple values to the `graphql_context` method means that depending
-on who makes the request, the context value `current_resource` might contain instances of the
-different models you might have mounted into the schema.
-
-Please note that by using this mechanism your GQL schema will be in control of what queries are
-restricted to authenticated users and you can only do this at the root level fields of your GQL
-schema. Configure the plugin as explained [here](#mounting-operations-into-your-own-schema)
-so this can work.
-
-##### Authentication Options
-Whether you setup authentications as a default in the plugin, or you do it at the field level,
-these are the options you can use:
-1. **Any truthy value:** If `current_resource` is not `.present?`, query will return an authentication error.
-1. **A callable object:** Provided object will be called with `current_resource` as the only argument if `current_resource` is `.present?`. If return value of the callable object is false, query will return an authentication error.
-
-In your main app's schema this is how you might specify if a field needs to be authenticated or not:
-```ruby
-module Types
-  class QueryType < Types::BaseObject
-    # user field used the default set in the Plugin's initializer
-    field :user, resolver: Resolvers::UserShow
-    # this field will never require authentication
-    field :public_field, String, null: false, authenticate: false
-    # this field requires authentication
-    field :private_field, String, null: false, authenticate: true
-    # this field requires authenticated users to also be admins
-    field :admin_field, String, null: false, authenticate: ->(user) { user.admin? }
-  end
-end
-```
-
-#### Important
-Remember to check `performed?` before rendering the result of the graphql operation. This is required because some operations perform a redirect and without this check you will get a `AbstractController::DoubleRenderError`.
-
 ### Making Requests
 Here is a list of the available mutations and queries assuming your mounted model is `User`.
 
@@ -572,30 +459,10 @@ Operation | Description | Example
 :--- | :--- | :------------------:
 login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
 logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
-signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
 register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
 sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
 updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
-resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
 resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
-sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
-updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
-
-#### Queries
-Operation | Description | Example
-:--- | :--- | :------------------:
-confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
-checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
-
-The reason for having 2 queries is that these 2 are going to be accessed when clicking on
-the confirmation and reset password email urls. There is no limitation for making mutation
-requests using the `GET` method on the Rails side, but looks like there might be a limitation
-on the [Apollo Client](https://www.apollographql.com/docs/apollo-server/v1/requests/#get-requests).
-
-We will continue to build better docs for the gem after this first release, but in the mean time
-you can use [our specs](spec/requests) to better understand how to use the gem.
-Also, the [dummy app](spec/dummy) used in our specs will give you
-a clear idea on how to configure the gem on your Rails application.
 
 ### Reset Password Flow
 This gem supports two password recovery flows. The most recently implemented is preferred and
@@ -638,6 +505,48 @@ In this section the most important configurations will be highlighted.
 
 **Note:** Remember this gem adds a layer on top of Devise, so some configurations might not apply.
 
+### GraphQL 2.0 Support (>= v1.0.0)
+This gem now supports [GraphQL Ruby](https://github.com/rmosolgo/graphql-ruby) v2.
+There's one manual step you need to take in order for this to work.
+
+You need a custom `field_class` in your `MutationType` and `QueryType`. If you don't have one setup already, you can simply add the one
+this gem provides, like this:
+
+```ruby
+module Types
+  class MutationType < BaseObject
+    field_class GraphqlDevise::Types::BaseField
+  end
+end
+
+module Types
+  class QueryType < Types::BaseObject
+    field_class GraphqlDevise::Types::BaseField
+  end
+end
+```
+
+If you already have a `field_class` defined in any of your types, the only thing you need to do is add another `kwarg`
+to that class initializer (`authenticate`) and make that value available through an attribute reader.
+
+The next example is this gem's implementation of a custom class, but you can implement your own however you see fit
+as long as you expose an `authenticate` public method with the value that was passed to the initializer.
+
+```ruby
+module GraphqlDevise
+  module Types
+    class BaseField < GraphQL::Schema::Field
+      def initialize(*args, authenticate: nil, **kwargs, &block)
+        @authenticate = authenticate
+        super(*args, **kwargs, &block)
+      end
+
+      attr_reader :authenticate
+    end
+  end
+end
+```
+
 ### GraphQL Interpreter
 GraphQL-Ruby `>= 1.9.0` includes a new runtime module which you may use for your schema.
 Eventually, it will become the default. You can read more about it
@@ -653,6 +562,9 @@ information you can check [this answer here](https://github.com/lynndylanhurley/
 This gem supports the same and should be easier to handle email templates due to the fact we don't override
 standard Devise templates.
 
+## Changelog
+Full list of changes in [CHANGELOG.md](CHANGELOG.md)
+
 ## Future Work
 We will continue to improve the gem and add better docs.
 
@@ -661,6 +573,23 @@ We will continue to improve the gem and add better docs.
 1. Add support for unlockable and other Devise modules.
 1. Add feature specs for confirm account and reset password flows.
 
+We will continue to build better docs for the gem after this first release, but in the mean time
+you can use [our specs](spec/requests) to better understand how to use the gem.
+Also, the [dummy app](spec/dummy) used in our specs will give you
+a clear idea on how to configure the gem on your Rails application.
+
+## Buy Us a Coffee
+If you'd like to support our work, you are welcome to do so!
+
+##### BTC
+```
+bc1qntlmyl24wuf6y5jyn2vg8kduss57dwtyrcflyq
+```
+##### ADA
+```
+addr1q8e8cjzutzptcrfgjgsjl3k4t4xy5ucrmkf2dmq9qn966q8saucty53avujfc9yu9vfk7266auhdx9fz4fsryzeagqds893nfw
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/graphql-devise/graphql_devise.

data/app/controllers/graphql_devise/graphql_controller.rb

@@ -4,17 +4,17 @@ require_dependency 'graphql_devise/application_controller'
 
 module GraphqlDevise
   class GraphqlController < ApplicationController
-    include GraphqlDevise::SetUserByToken
+    include SetUserByToken
 
     def auth
       result = if params[:_json]
-        GraphqlDevise::Schema.multiplex(
+        Schema.multiplex(
           params[:_json].map do |param|
             { query: param[:query] }.merge(execute_params(param))
           end
         )
       else
-        GraphqlDevise::Schema.execute(params[:query], **execute_params(params))
+        Schema.execute(params[:query], **execute_params(params))
       end
 
       render json: result unless performed?

data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -3,9 +3,5 @@
 <p><%= t('.confirm_link_msg') %></p>
 
 <p>
-  <% if message['schema_url'].present? %>
-    <%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
-  <% else %>
-    <%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
-  <% end %>
+  <%= link_to t('.confirm_account_link'), "#{message['redirect-url'].to_s}?#{{ confirmationToken: @token }.to_query}" %>
 </p>

data/config/routes.rb

@@ -14,7 +14,5 @@ GraphqlDevise::Engine.routes.draw do
     GraphqlDevise::Schema.query(GraphqlDevise::Types::QueryType)
 
     GraphqlDevise.load_schema
-
-    Devise.mailer.helper(GraphqlDevise::MailerHelper)
   end
 end

data/graphql_devise.gemspec

@@ -25,14 +25,15 @@ Gem::Specification.new do |spec|
     `git ls-files -z`.split("\x0").select { |f| f.match(%r{^spec/}) }
   end
 
-  spec.required_ruby_version = '>= 2.2.0'
+  spec.required_ruby_version = '>= 2.4.4'
 
   spec.add_dependency 'devise_token_auth', '>= 0.1.43', '< 2.0'
-  spec.add_dependency 'graphql', '>= 1.8', '< 1.14.0'
+  spec.add_dependency 'graphql', '>= 1.8', '< 2.1'
   spec.add_dependency 'rails', '>= 4.2', '< 6.2'
+  spec.add_dependency 'zeitwerk'
 
   spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'coveralls-ruby', '~> 0.2'
+  spec.add_development_dependency 'coveralls_reborn'
   spec.add_development_dependency 'factory_bot'
   spec.add_development_dependency 'faker'
   spec.add_development_dependency 'generator_spec'
@@ -41,8 +42,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'pry-byebug'
   spec.add_development_dependency 'rake', '>= 12.3.3'
   spec.add_development_dependency 'rspec-rails', '~> 4.0'
-  spec.add_development_dependency 'rubocop', '0.68.1'
-  spec.add_development_dependency 'rubocop-performance'
-  spec.add_development_dependency 'rubocop-rspec'
+  spec.add_development_dependency 'rubocop', '< 0.82.0'
+  spec.add_development_dependency 'rubocop-performance', '< 1.6.0'
+  spec.add_development_dependency 'rubocop-rails', '< 2.6.0'
+  spec.add_development_dependency 'rubocop-rspec', '< 1.39.0'
   spec.add_development_dependency 'sqlite3', '~> 1.3'
 end

data/lib/generators/graphql_devise/install_generator.rb

@@ -38,7 +38,7 @@ module GraphqlDevise
       if options['mount'] != 'separate_route'
         gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')
       else
-        gem_route = "mount_graphql_devise_for '#{user_class}', at: '#{mount_path}'"
+        gem_route = "mount_graphql_devise_for #{user_class}, at: '#{mount_path}'"
 
         if file_contains_str?(routes_file, gem_route)
           gsub_file(routes_file, /^\s+#{Regexp.escape(dta_route + "\n")}/i, '')

data/lib/graphql_devise/concerns/additional_controller_methods.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module AdditionalControllerMethods
+    extend ActiveSupport::Concern
+
+    included do
+      attr_accessor :client_id, :token, :resource
+    end
+
+    def gql_devise_context(*models)
+      {
+        current_resource: authenticate_model(*models),
+        controller:       self
+      }
+    end
+
+    def authenticate_model(*models)
+      models.each do |model|
+        set_resource_by_token(model)
+        return @resource if @resource.present?
+      end
+
+      nil
+    end
+
+    def resource_class(resource = nil)
+      # Return the resource class instead of looking for a Devise mapping if resource is already a resource class
+      return resource if resource.respond_to?(:find_by)
+
+      super
+    end
+
+    def set_resource_by_token(resource)
+      set_user_by_token(resource)
+    end
+
+    def build_redirect_headers(access_token, client, redirect_header_options = {})
+      {
+        DeviseTokenAuth.headers_names[:'access-token'] => access_token,
+        DeviseTokenAuth.headers_names[:client] => client,
+        :config => params[:config],
+        :client_id => client,
+        :token => access_token
+      }.merge(redirect_header_options)
+    end
+  end
+end

data/lib/graphql_devise/concerns/additional_model_methods.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module AdditionalModelMethods
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def reconfirmable
+        devise_modules.include?(:confirmable) && column_names.include?('unconfirmed_email')
+      end
+    end
+
+    def update_with_email(attributes = {})
+      GraphqlDevise::Model::WithEmailUpdater.new(self, attributes).call
+    end
+  end
+end

data/lib/graphql_devise/concerns/authenticatable.rb

@@ -6,7 +6,7 @@ module GraphqlDevise
 
     included do
       include DeviseTokenAuth::Concerns::User
-      include GraphqlDevise::Concerns::AdditionalModelMethods
+      include AdditionalModelMethods
 
       ::GraphqlDevise.configure_warden_serializer_for_model(self)
     end