graphql_devise 0.18.2 → 1.0.0

data/lib/graphql_devise/rails/routes.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module ActionDispatch::Routing
-  class Mapper
-    def mount_graphql_devise_for(resource, options = {})
-      clean_options = GraphqlDevise::ResourceLoader.new(resource, options, true).call(
-        GraphqlDevise::Types::QueryType,
-        GraphqlDevise::Types::MutationType
-      )
-
-      post clean_options.at, to: 'graphql_devise/graphql#auth'
-      get  clean_options.at, to: 'graphql_devise/graphql#auth'
-    end
-  end
-end

data/lib/graphql_devise/resolvers/check_password_token.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module GraphqlDevise
-  module Resolvers
-    class CheckPasswordToken < Base
-      argument :reset_password_token, String, required: true
-      argument :redirect_url,         String, required: false
-
-      def resolve(reset_password_token:, redirect_url: nil)
-        resource = resource_class.with_reset_password_token(reset_password_token)
-        raise_user_error(I18n.t('graphql_devise.passwords.reset_token_not_found')) if resource.blank?
-
-        if resource.reset_password_period_valid?
-          token_info = client_and_token(resource.create_token)
-
-          resource.skip_confirmation! if confirmable_enabled? && !resource.confirmed_at
-          resource.allow_password_change = true if recoverable_enabled?
-
-          resource.save!
-
-          yield resource if block_given?
-
-          redirect_header_options = { reset_password: true }
-          built_redirect_headers = redirect_headers(
-            token_info,
-            redirect_header_options
-          )
-
-          if redirect_url.present?
-            check_redirect_url_whitelist!(redirect_url)
-            controller.redirect_to(resource.build_auth_url(redirect_url, built_redirect_headers))
-          else
-            set_auth_headers(resource)
-          end
-
-          resource
-        else
-          raise_user_error(I18n.t('graphql_devise.passwords.reset_token_expired'))
-        end
-      end
-    end
-  end
-end

data/lib/graphql_devise/resolvers/confirm_account.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module GraphqlDevise
-  module Resolvers
-    class ConfirmAccount < Base
-      argument :confirmation_token, String, required: true
-      argument :redirect_url,       String, required: true
-
-      def resolve(confirmation_token:, redirect_url:)
-        check_redirect_url_whitelist!(redirect_url)
-
-        resource = resource_class.confirm_by_token(confirmation_token)
-
-        if resource.errors.empty?
-          yield resource if block_given?
-
-          redirect_header_options = { account_confirmation_success: true }
-
-          redirect_to_link = if controller.signed_in?(resource_name)
-            url = resource.build_auth_url(
-              redirect_url,
-              redirect_headers(
-                client_and_token(resource.create_token),
-                redirect_header_options
-              )
-            )
-            resource.save!
-
-            url
-          else
-            DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
-          end
-
-          controller.redirect_to(redirect_to_link)
-          resource
-        else
-          raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
-        end
-      end
-    end
-  end
-end

data/spec/dummy/app/graphql/mutations/sign_up.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module Mutations
-  class SignUp < GraphqlDevise::Mutations::SignUp
-    argument :name, String, required: false
-
-    field :user, Types::UserType, null: true
-
-    def resolve(email:, **attrs)
-      original_payload = super
-      original_payload.merge(user: original_payload[:authenticatable])
-    end
-  end
-end

data/spec/dummy/app/graphql/resolvers/confirm_admin_account.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module Resolvers
-  class ConfirmAdminAccount < GraphqlDevise::Resolvers::ConfirmAccount
-    type Types::AdminType, null: false
-
-    def resolve(confirmation_token:, redirect_url:)
-      super do |admin|
-        controller.sign_in(admin)
-      end
-    end
-  end
-end

data/spec/requests/mutations/resend_confirmation_spec.rb

@@ -1,153 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe 'Resend confirmation' do
-  include_context 'with graphql query request'
-
-  let(:confirmed_at) { nil }
-  let!(:user)        { create(:user, confirmed_at: nil, email: 'mwallace@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:id)           { user.id }
-  let(:redirect)     { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userResendConfirmation(
-          email:"#{email}",
-          redirectUrl:"#{redirect}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect) { 'https://not-safe.com' }
-
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-
-      it 'sends an email to the user with confirmation url and returns a success message' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        confirm_link_msg_text = email.css('p')[1].inner_html
-        confirm_account_link_text = link.inner_html
-
-        expect(link['href']).to include("#{custom_path}?")
-        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-        expect(confirm_account_link_text).to eq('Confirm my account')
-
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
-      end
-    end
-
-    context 'when email address uses different casing' do
-      let(:email) { 'mWallace@wallaceinc.com' }
-
-      it 'honors devise configuration for case insensitive fields' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-        expect(json_response[:data][:userResendConfirmation]).to include(
-          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-        )
-      end
-    end
-
-    context 'when the user has already been confirmed' do
-      before { user.confirm }
-
-      it 'does *NOT* send an email and raises an error' do
-        expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-        expect(json_response[:data][:userResendConfirmation]).to be_nil
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(
-            message:    'Email was already confirmed, please try signing in',
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-  end
-
-  context 'when the email was changed' do
-    let(:confirmed_at) { 2.seconds.ago }
-    let(:email)        { 'new-email@wallaceinc.com' }
-    let(:new_email)    { email }
-
-    before do
-      user.update_with_email(
-        email:                    new_email,
-        schema_url:               'http://localhost/test',
-        confirmation_success_url: 'https://google.com'
-      )
-    end
-
-    it 'sends new confirmation email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(ActionMailer::Base.deliveries.first.to).to contain_exactly(new_email)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-      )
-    end
-  end
-
-  context "when the email isn't in the system" do
-    let(:email) { 'nothere@gmail.com' }
-
-    it 'does *NOT* send an email and raises an error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-      expect(json_response[:data][:userResendConfirmation]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(
-          message:    "Unable to find user with email '#{email}'.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/send_password_reset_spec.rb

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe 'Send Password Reset Requests' do
-  include_context 'with graphql query request'
-
-  let!(:user)        { create(:user, :confirmed, email: 'jwinnfield@wallaceinc.com') }
-  let(:email)        { user.email }
-  let(:redirect_url) { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userSendPasswordReset(
-          email:       "#{email}",
-          redirectUrl: "#{redirect_url}"
-        ) {
-          message
-        }
-      }
-    GRAPHQL
-  end
-
-  context 'when redirect_url is not whitelisted' do
-    let(:redirect_url) { 'https://not-safe.com' }
-
-    it 'returns a not whitelisted redirect url error' do
-      expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message:    "Redirect to '#{redirect_url}' not allowed.",
-          extensions: { code: 'USER_ERROR' }
-        )
-      )
-    end
-  end
-
-  context 'when params are correct' do
-    context 'when using the gem schema' do
-      it 'sends password reset  email' do
-        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include('/api/v1/graphql_auth?')
-
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-
-    context 'when using a custom schema' do
-      let(:custom_path) { '/api/v1/graphql' }
-
-      it 'sends password reset  email' do
-        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
-
-        expect(json_response[:data][:userSendPasswordReset]).to include(
-          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-        )
-
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-        expect(link['href']).to include("#{custom_path}?")
-
-        expect do
-          get link['href']
-          user.reload
-        end.to change(user, :allow_password_change).from(false).to(true)
-      end
-    end
-  end
-
-  context 'when email address uses different casing' do
-    let(:email) { 'jWinnfield@wallaceinc.com' }
-
-    it 'honors devise configuration for case insensitive fields' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userSendPasswordReset]).to include(
-        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-      )
-    end
-  end
-
-  context 'when user email is not found' do
-    let(:email) { 'nothere@gmail.com' }
-
-    before { post_request }
-
-    it 'returns an error' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User was not found or was not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end

data/spec/requests/mutations/sign_up_spec.rb

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe 'Sign Up process' do
-  include_context 'with graphql query request'
-
-  let(:name)     { Faker::Name.name }
-  let(:password) { Faker::Internet.password }
-  let(:email)    { Faker::Internet.email }
-  let(:redirect) { 'https://google.com' }
-
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          userSignUp(
-            email:                "#{email}"
-            name:                 "#{name}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken }
-            user {
-              email
-              name
-            }
-          }
-        }
-      GRAPHQL
-    end
-
-    context 'when redirect_url is not whitelisted' do
-      let(:redirect) { 'https://not-safe.com' }
-
-      it 'returns a not whitelisted redirect url error' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "Redirect to '#{redirect}' not allowed.",
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-
-    context 'when params are correct' do
-      it 'creates a new resource that requires confirmation' do
-        expect { post_request }.to(
-          change(User, :count).by(1)
-          .and(change(ActionMailer::Base.deliveries, :count).by(1))
-        )
-
-        user = User.last
-
-        expect(user).not_to be_active_for_authentication
-        expect(user.confirmed_at).to be_nil
-        expect(user).to be_valid_password(password)
-        expect(json_response[:data][:userSignUp]).to include(
-          credentials: nil,
-          user:        {
-            email: email,
-            name:  name
-          }
-        )
-
-        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-        link  = email.css('a').first
-
-        expect do
-          get link['href']
-          user.reload
-        end.to change { user.active_for_authentication? }.to(true)
-      end
-
-      context 'when email address uses different casing' do
-        let(:email) { 'miaWallace@wallaceinc.com' }
-
-        it 'honors devise configuration for case insensitive fields' do
-          expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-          expect(User.last.email).to eq('miawallace@wallaceinc.com')
-          expect(json_response[:data][:userSignUp]).to include(user: { email: 'miawallace@wallaceinc.com', name: name })
-        end
-      end
-    end
-
-    context 'when required params are missing' do
-      let(:email) { '' }
-
-      it 'does *NOT* create resource a resource nor send an email' do
-        expect { post_request }.to(
-          not_change(User, :count)
-          .and(not_change(ActionMailer::Base.deliveries, :count))
-        )
-
-        expect(json_response[:data][:userSignUp]).to be_nil
-        expect(json_response[:errors]).to containing_exactly(
-          hash_including(
-            message:    "User couldn't be registered",
-            extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
-          )
-        )
-      end
-    end
-  end
-
-  context 'when using the admin model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          adminSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-
-    before { post_request }
-
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminSignUp' doesn't exist on type 'Mutation'")
-      )
-    end
-  end
-
-  context 'when using the guest model' do
-    let(:query) do
-      <<-GRAPHQL
-        mutation {
-          guestSignUp(
-            email:                "#{email}"
-            password:             "#{password}"
-            passwordConfirmation: "#{password}"
-            confirmSuccessUrl:    "#{redirect}"
-          ) {
-            credentials { accessToken client uid }
-            authenticatable {
-              email
-            }
-          }
-        }
-      GRAPHQL
-    end
-
-    it 'returns credentials as no confirmation is required' do
-      expect { post_request }.to change(Guest, :count).from(0).to(1)
-
-      expect(json_response[:data][:guestSignUp]).to include(
-        authenticatable: { email: email },
-        credentials:     hash_including(
-          uid:    email,
-          client: Guest.last.tokens.keys.first
-        )
-      )
-    end
-  end
-end

data/spec/requests/mutations/update_password_spec.rb

@@ -1,116 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-RSpec.describe 'Update Password Requests' do
-  shared_examples 'successful password update' do
-    it 'updates the password' do
-      expect do
-        post_request
-        user.reload
-      end.to change(user, :encrypted_password)
-
-      expect(response).to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to match(
-        authenticatable: { email: user.email }
-      )
-      expect(json_response[:errors]).to be_nil
-      expect(user).to be_valid_password(password)
-    end
-  end
-
-  include_context 'with graphql query request'
-
-  let(:password)              { 'safePassw0rd!' }
-  let(:password_confirmation) { 'safePassw0rd!' }
-  let(:original_password)     { 'current_password' }
-  let(:current_password)      { original_password }
-  let(:allow_password_change) { false }
-  let(:user)                  { create(:user, :confirmed, password: original_password, allow_password_change: allow_password_change) }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userUpdatePassword(
-          password: "#{password}",
-          passwordConfirmation: "#{password_confirmation}",
-          currentPassword: "#{current_password}"
-        ) {
-          authenticatable { email }
-        }
-      }
-    GRAPHQL
-  end
-
-  context 'when user is logged in' do
-    let(:headers) { user.create_new_auth_token }
-
-    context 'when currentPassword is not provided' do
-      let(:current_password) { nil }
-
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-
-        it_behaves_like 'successful password update'
-
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-
-      context 'when allow_password_change is false' do
-        it 'does not update the password' do
-          expect do
-            post_request
-            user.reload
-          end.not_to change(user, :encrypted_password)
-
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userUpdatePassword]).to be_nil
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(
-              message:    'Unable to update user password',
-              extensions: { code: 'USER_ERROR', detailed_errors: ["Current password can't be blank"] }
-            )
-          )
-        end
-      end
-    end
-
-    context 'when currentPassword is provided' do
-      context 'when allow_password_change is true' do
-        let(:allow_password_change) { true }
-
-        it_behaves_like 'successful password update'
-
-        it 'sets allow_password_change to false' do
-          expect do
-            post_request
-            user.reload
-          end.to change(user, :allow_password_change).from(true).to(false)
-        end
-      end
-
-      context 'when allow_password_change is false' do
-        it_behaves_like 'successful password update'
-      end
-    end
-  end
-
-  context 'when user is not logged in' do
-    it 'does not update the password' do
-      expect do
-        post_request
-        user.reload
-      end.not_to change(user, :encrypted_password)
-
-      expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userUpdatePassword]).to be_nil
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'User is not logged in.', extensions: { code: 'USER_ERROR' })
-      )
-    end
-  end
-end