RubyGems - graphql_devise - Versions diffs - 0.18.1 → 1.0.1 - Mend

graphql_devise 0.18.1 → 1.0.1

Files changed (95) hide show

data/spec/requests/mutations/resend_confirmation_spec.rb DELETED Viewed

@@ -1,153 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Resend confirmation' do
-  include_context 'with graphql query request'
-  let(:confirmed_at) { nil }
-  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:id)           { user.id }
-  let(:redirect)     { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userResendConfirmation(
-          email:"#{email}",
-          redirectUrl:"#{redirect}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect) { 'https://not-safe.com' }
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-        expect(link['href']).to include("#{custom_path}?")
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-    context 'when email address uses different casing' do
-      let(:email) { 'mWallace@wallaceinc.com' }
-      it 'honors devise configuration for case insensitive fields' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-      end
-    end
-    context 'when the user has already been confirmed' do
-      before { user.confirm }
-      it 'does *NOT* send an email and raises an error' do
-        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-        expect(json_response[:data][:userResendConfirmation]).to be_nil
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(
-            message:    'Email was already confirmed, please try signing in',
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-  end
-  context 'when the email was changed' do
-    let(:confirmed_at) { 2.seconds.ago }
-    let(:email)        { 'new-email@wallaceinc.com' }
-    let(:new_email)    { email }
-    before do
-      user.update_with_email(
-        email:                    new_email,
-        schema_url:               'http://localhost/test',
-        confirmation_success_url: 'https://google.com'
-      )
-    end
-    it 'sends new confirmation email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-      )
-    end
-  end
-  context "when the email isn't in the system" do
-    let(:email) { 'nothere@gmail.com' }
-    it 'does *NOT* send an email and raises an error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:data][:userResendConfirmation]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(
-          message:    "Unable to find user with email '#{email}'.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/send_password_reset_spec.rb DELETED Viewed

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Send Password Reset Requests' do
-  include_context 'with graphql query request'
-  let!(:user)        { create(:user, :confirmed, email: 'jwinnfield@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:redirect_url) { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userSendPasswordReset(
-          email:       "#{email}",
-          redirectUrl: "#{redirect_url}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect_url) { 'https://not-safe.com' }
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect_url}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends password reset  email' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-      it 'sends password reset  email' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include("#{custom_path}?")
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-  end
-  context 'when email address uses different casing' do
-    let(:email) { 'jWinnfield@wallaceinc.com' }
-    it 'honors devise configuration for case insensitive fields' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userSendPasswordReset]).to include(
-        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-      )
-    end
-  end
-  context 'when user email is not found' do
-    let(:email) { 'nothere@gmail.com' }
-    before { post_request }
-    it 'returns an error' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User was not found or was not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end

data/spec/requests/mutations/sign_up_spec.rb DELETED Viewed

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Sign Up process' do
-  include_context 'with graphql query request'
-  let(:name)     { Faker::Name.name }
-  let(:password) { Faker::Internet.password }
-  let(:email)    { Faker::Internet.email }
-  let(:redirect) { 'https://google.com' }
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          userSignUp(
-            email:                "#{email}"
-            name:                 "#{name}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken }
-            user {
-              email
-              name
-            }
-          }
-        }
-      GRAPHQL
-    end
-    context 'when redirect_url is not whitelisted' do
-      let(:redirect) { 'https://not-safe.com' }
-      it 'returns a not whitelisted redirect url error' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "Redirect to '#{redirect}' not allowed.",
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-    context 'when params are correct' do
-      it 'creates a new resource that requires confirmation' do
-        expect { post_request }.to(
-          change(User, :count).by(1)
-          .and(change(ActionMailer::Base.deliveries, :count).by(1))
-        )
-        user = User.last
-        expect(user).not_to be_active_for_authentication
-        expect(user.confirmed_at).to be_nil
-        expect(user).to be_valid_password(password)
-        expect(json_response[:data][:userSignUp]).to include(
-          credentials: nil,
-          user:        {
-            email: email,
-            name:  name
-          }
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect do
-          get link['href']
-          user.reload
-        end.to change { user.active_for_authentication? }.to(true)
-      end
-      context 'when email address uses different casing' do
-        let(:email) { 'miaWallace@wallaceinc.com' }
-        it 'honors devise configuration for case insensitive fields' do
-          expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-          expect(User.last.email).to eq('miawallace@wallaceinc.com')
-          expect(json_response[:data][:userSignUp]).to include(user: { email: 'miawallace@wallaceinc.com', name: name })
-        end
-      end
-    end
-    context 'when required params are missing' do
-      let(:email) { '' }
-      it 'does *NOT* create resource a resource nor send an email' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-        expect(json_response[:data][:userSignUp]).to be_nil
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "User couldn't be registered",
-            extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
-          )
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          adminSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminSignUp' doesn't exist on type 'Mutation'")
-      )
-    end
-  end
-  context 'when using the guest model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          guestSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken client uid }
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-    it 'returns credentials as no confirmation is required' do
-      expect { post_request }.to change(Guest, :count).from(0).to(1)
-      expect(json_response[:data][:guestSignUp]).to include(
-        authenticatable: { email: email },
-        credentials:     hash_including(
-          uid:    email,
-          client: Guest.last.tokens.keys.first
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/update_password_spec.rb DELETED Viewed

@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Update Password Requests' do
-  shared_examples 'successful password update' do
-    it 'updates the password' do
-      expect do
-        post_request
-        user.reload
-      end.to change(user, :encrypted_password)
-      expect(response).to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to match(
-        authenticatable: { email: user.email }
-      )
-      expect(json_response[:errors]).to be_nil
-      expect(user).to be_valid_password(password)
-    end
-  end
-  include_context 'with graphql query request'
-  let(:password)              { 'safePassw0rd!' }
-  let(:password_confirmation) { 'safePassw0rd!' }
-  let(:original_password)     { 'current_password' }
-  let(:current_password)      { original_password }
-  let(:allow_password_change) { false }
-  let(:user)                  { create(:user, :confirmed, password: original_password, allow_password_change: allow_password_change) }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userUpdatePassword(
-          password: "#{password}",
-          passwordConfirmation: "#{password_confirmation}",
-          currentPassword: "#{current_password}"
-        ) {
-          authenticatable { email }
-        }
-      }
-    GRAPHQL
-  end
-  context 'when user is logged in' do
-    let(:headers) { user.create_new_auth_token }
-    context 'when currentPassword is not provided' do
-      let(:current_password) { nil }
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-        it_behaves_like 'successful password update'
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-      context 'when allow_password_change is false' do
-        it 'does not update the password' do
-          expect do
-            post_request
-            user.reload
-          end.not_to change(user, :encrypted_password)
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userUpdatePassword]).to be_nil
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(
-              message:    'Unable to update user password',
-              extensions: { code: 'USER_ERROR', detailed_errors: ["Current password can't be blank"] }
-            )
-          )
-        end
-      end
-    end
-    context 'when currentPassword is provided' do
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-        it_behaves_like 'successful password update'
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-      context 'when allow_password_change is false' do
-        it_behaves_like 'successful password update'
-      end
-    end
-  end
-  context 'when user is not logged in' do
-    it 'does not update the password' do
-      expect do
-        post_request
-        user.reload
-      end.not_to change(user, :encrypted_password)
-      expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User is not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end

data/spec/requests/queries/check_password_token_spec.rb DELETED Viewed

@@ -1,149 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Check Password Token Requests' do
-  include_context 'with graphql query request'
-  let(:user)         { create(:user, :confirmed) }
-  let(:redirect_url) { 'https://google.com' }
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          userCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    context 'when reset password token is valid' do
-      let(:token) { user.send(:set_reset_password_token) }
-      context 'when redirect_url is not provided' do
-        let(:redirect_url) { nil }
-        it 'returns authenticatable and credentials in the headers' do
-          get_request
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userCheckPasswordToken]).to match(
-            email: user.email
-          )
-        end
-      end
-      context 'when redirect url is provided' do
-        it 'redirects to redirect url' do
-          expect do
-            get_request
-            user.reload
-          end.to change { user.tokens.keys.count }.from(0).to(1).and(
-            change(user, :allow_password_change).from(false).to(true)
-          )
-          expect(response).to      redirect_to %r{\Ahttps://google.com}
-          expect(response.body).to include("client=#{user.reload.tokens.keys.first}")
-          expect(response.body).to include('access-token=')
-          expect(response.body).to include('uid=')
-          expect(response.body).to include('expiry=')
-        end
-        context 'when redirect_url is not whitelisted' do
-          let(:redirect_url) { 'https://not-safe.com' }
-          before { post_request }
-          it 'returns a not whitelisted redirect url error' do
-            expect(json_response[:errors]).to containing_exactly(
-              hash_including(
-                message:    "Redirect to '#{redirect_url}' not allowed.",
-                extensions: { code: 'USER_ERROR' }
-              )
-            )
-          end
-        end
-      end
-      context 'when token has expired' do
-        it 'returns an expired token error' do
-          travel_to 10.hours.ago do
-            token
-          end
-          get_request
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'Reset password token is no longer valid.', extensions: { code: 'USER_ERROR' })
-          )
-        end
-      end
-    end
-    context 'when reset password token is not found' do
-      let(:token) { user.send(:set_reset_password_token) + 'invalid' }
-      it 'returns an error message' do
-        get_request
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(message: 'No user found for the specified reset token.', extensions: { code: 'USER_ERROR' })
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          adminCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-  context 'when using the guest model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          guestCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'guestCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-end