RubyGems - graphql_devise - Versions diffs - 0.18.1 → 1.0.1 - Mend

graphql_devise 0.18.1 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

data/spec/requests/mutations/resend_confirmation_spec.rb DELETED Viewed

@@ -1,153 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Resend confirmation' do
-  include_context 'with graphql query request'
-  let(:confirmed_at) { nil }
-  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:id)           { user.id }
-  let(:redirect)     { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userResendConfirmation(
-          email:"#{email}",
-          redirectUrl:"#{redirect}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect) { 'https://not-safe.com' }
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-        expect(link['href']).to include("#{custom_path}?")
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-    context 'when email address uses different casing' do
-      let(:email) { 'mWallace@wallaceinc.com' }
-      it 'honors devise configuration for case insensitive fields' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-      end
-    end
-    context 'when the user has already been confirmed' do
-      before { user.confirm }
-      it 'does *NOT* send an email and raises an error' do
-        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-        expect(json_response[:data][:userResendConfirmation]).to be_nil
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(
-            message:    'Email was already confirmed, please try signing in',
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-  end
-  context 'when the email was changed' do
-    let(:confirmed_at) { 2.seconds.ago }
-    let(:email)        { 'new-email@wallaceinc.com' }
-    let(:new_email)    { email }
-    before do
-      user.update_with_email(
-        email:                    new_email,
-        schema_url:               'http://localhost/test',
-        confirmation_success_url: 'https://google.com'
-      )
-    end
-    it 'sends new confirmation email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-      )
-    end
-  end
-  context "when the email isn't in the system" do
-    let(:email) { 'nothere@gmail.com' }
-    it 'does *NOT* send an email and raises an error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:data][:userResendConfirmation]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(
-          message:    "Unable to find user with email '#{email}'.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/send_password_reset_spec.rb DELETED Viewed

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Send Password Reset Requests' do
-  include_context 'with graphql query request'
-  let!(:user)        { create(:user, :confirmed, email: 'jwinnfield@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:redirect_url) { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userSendPasswordReset(
-          email:       "#{email}",
-          redirectUrl: "#{redirect_url}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect_url) { 'https://not-safe.com' }
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect_url}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends password reset  email' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-      it 'sends password reset  email' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include("#{custom_path}?")
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-  end
-  context 'when email address uses different casing' do
-    let(:email) { 'jWinnfield@wallaceinc.com' }
-    it 'honors devise configuration for case insensitive fields' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userSendPasswordReset]).to include(
-        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-      )
-    end
-  end
-  context 'when user email is not found' do
-    let(:email) { 'nothere@gmail.com' }
-    before { post_request }
-    it 'returns an error' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User was not found or was not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end

data/spec/requests/mutations/sign_up_spec.rb DELETED Viewed

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Sign Up process' do
-  include_context 'with graphql query request'
-  let(:name)     { Faker::Name.name }
-  let(:password) { Faker::Internet.password }
-  let(:email)    { Faker::Internet.email }
-  let(:redirect) { 'https://google.com' }
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          userSignUp(
-            email:                "#{email}"
-            name:                 "#{name}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken }
-            user {
-              email
-              name
-            }
-          }
-        }
-      GRAPHQL
-    end
-    context 'when redirect_url is not whitelisted' do
-      let(:redirect) { 'https://not-safe.com' }
-      it 'returns a not whitelisted redirect url error' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "Redirect to '#{redirect}' not allowed.",
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-    context 'when params are correct' do
-      it 'creates a new resource that requires confirmation' do
-        expect { post_request }.to(
-          change(User, :count).by(1)
-          .and(change(ActionMailer::Base.deliveries, :count).by(1))
-        )
-        user = User.last
-        expect(user).not_to be_active_for_authentication
-        expect(user.confirmed_at).to be_nil
-        expect(user).to be_valid_password(password)
-        expect(json_response[:data][:userSignUp]).to include(
-          credentials: nil,
-          user:        {
-            email: email,
-            name:  name
-          }
-        )
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect do
-          get link['href']
-          user.reload
-        end.to change { user.active_for_authentication? }.to(true)
-      end
-      context 'when email address uses different casing' do
-        let(:email) { 'miaWallace@wallaceinc.com' }
-        it 'honors devise configuration for case insensitive fields' do
-          expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-          expect(User.last.email).to eq('miawallace@wallaceinc.com')
-          expect(json_response[:data][:userSignUp]).to include(user: { email: 'miawallace@wallaceinc.com', name: name })
-        end
-      end
-    end
-    context 'when required params are missing' do
-      let(:email) { '' }
-      it 'does *NOT* create resource a resource nor send an email' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-        expect(json_response[:data][:userSignUp]).to be_nil
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "User couldn't be registered",
-            extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
-          )
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          adminSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminSignUp' doesn't exist on type 'Mutation'")
-      )
-    end
-  end
-  context 'when using the guest model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          guestSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken client uid }
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-    it 'returns credentials as no confirmation is required' do
-      expect { post_request }.to change(Guest, :count).from(0).to(1)
-      expect(json_response[:data][:guestSignUp]).to include(
-        authenticatable: { email: email },
-        credentials:     hash_including(
-          uid:    email,
-          client: Guest.last.tokens.keys.first
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/update_password_spec.rb DELETED Viewed

@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Update Password Requests' do
-  shared_examples 'successful password update' do
-    it 'updates the password' do
-      expect do
-        post_request
-        user.reload
-      end.to change(user, :encrypted_password)
-      expect(response).to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to match(
-        authenticatable: { email: user.email }
-      )
-      expect(json_response[:errors]).to be_nil
-      expect(user).to be_valid_password(password)
-    end
-  end
-  include_context 'with graphql query request'
-  let(:password)              { 'safePassw0rd!' }
-  let(:password_confirmation) { 'safePassw0rd!' }
-  let(:original_password)     { 'current_password' }
-  let(:current_password)      { original_password }
-  let(:allow_password_change) { false }
-  let(:user)                  { create(:user, :confirmed, password: original_password, allow_password_change: allow_password_change) }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userUpdatePassword(
-          password: "#{password}",
-          passwordConfirmation: "#{password_confirmation}",
-          currentPassword: "#{current_password}"
-        ) {
-          authenticatable { email }
-        }
-      }
-    GRAPHQL
-  end
-  context 'when user is logged in' do
-    let(:headers) { user.create_new_auth_token }
-    context 'when currentPassword is not provided' do
-      let(:current_password) { nil }
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-        it_behaves_like 'successful password update'
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-      context 'when allow_password_change is false' do
-        it 'does not update the password' do
-          expect do
-            post_request
-            user.reload
-          end.not_to change(user, :encrypted_password)
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userUpdatePassword]).to be_nil
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(
-              message:    'Unable to update user password',
-              extensions: { code: 'USER_ERROR', detailed_errors: ["Current password can't be blank"] }
-            )
-          )
-        end
-      end
-    end
-    context 'when currentPassword is provided' do
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-        it_behaves_like 'successful password update'
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-      context 'when allow_password_change is false' do
-        it_behaves_like 'successful password update'
-      end
-    end
-  end
-  context 'when user is not logged in' do
-    it 'does not update the password' do
-      expect do
-        post_request
-        user.reload
-      end.not_to change(user, :encrypted_password)
-      expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User is not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end

data/spec/requests/queries/check_password_token_spec.rb DELETED Viewed

@@ -1,149 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Check Password Token Requests' do
-  include_context 'with graphql query request'
-  let(:user)         { create(:user, :confirmed) }
-  let(:redirect_url) { 'https://google.com' }
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          userCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    context 'when reset password token is valid' do
-      let(:token) { user.send(:set_reset_password_token) }
-      context 'when redirect_url is not provided' do
-        let(:redirect_url) { nil }
-        it 'returns authenticatable and credentials in the headers' do
-          get_request
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userCheckPasswordToken]).to match(
-            email: user.email
-          )
-        end
-      end
-      context 'when redirect url is provided' do
-        it 'redirects to redirect url' do
-          expect do
-            get_request
-            user.reload
-          end.to change { user.tokens.keys.count }.from(0).to(1).and(
-            change(user, :allow_password_change).from(false).to(true)
-          )
-          expect(response).to      redirect_to %r{\Ahttps://google.com}
-          expect(response.body).to include("client=#{user.reload.tokens.keys.first}")
-          expect(response.body).to include('access-token=')
-          expect(response.body).to include('uid=')
-          expect(response.body).to include('expiry=')
-        end
-        context 'when redirect_url is not whitelisted' do
-          let(:redirect_url) { 'https://not-safe.com' }
-          before { post_request }
-          it 'returns a not whitelisted redirect url error' do
-            expect(json_response[:errors]).to containing_exactly(
-              hash_including(
-                message:    "Redirect to '#{redirect_url}' not allowed.",
-                extensions: { code: 'USER_ERROR' }
-              )
-            )
-          end
-        end
-      end
-      context 'when token has expired' do
-        it 'returns an expired token error' do
-          travel_to 10.hours.ago do
-            token
-          end
-          get_request
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'Reset password token is no longer valid.', extensions: { code: 'USER_ERROR' })
-          )
-        end
-      end
-    end
-    context 'when reset password token is not found' do
-      let(:token) { user.send(:set_reset_password_token) + 'invalid' }
-      it 'returns an error message' do
-        get_request
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(message: 'No user found for the specified reset token.', extensions: { code: 'USER_ERROR' })
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          adminCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-  context 'when using the guest model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          guestCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'guestCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-end