RubyGems - graphql_devise - Versions diffs - 0.18.2 → 1.0.0 - Mend

graphql_devise 0.18.2 → 1.0.0

Files changed (91) hide show

data/spec/requests/queries/check_password_token_spec.rb DELETED Viewed

@@ -1,149 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Check Password Token Requests' do
-  include_context 'with graphql query request'
-  let(:user)         { create(:user, :confirmed) }
-  let(:redirect_url) { 'https://google.com' }
-  context 'when using the user model' do
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          userCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    context 'when reset password token is valid' do
-      let(:token) { user.send(:set_reset_password_token) }
-      context 'when redirect_url is not provided' do
-        let(:redirect_url) { nil }
-        it 'returns authenticatable and credentials in the headers' do
-          get_request
-          expect(response).to include_auth_headers
-          expect(json_response[:data][:userCheckPasswordToken]).to match(
-            email: user.email
-          )
-        end
-      end
-      context 'when redirect url is provided' do
-        it 'redirects to redirect url' do
-          expect do
-            get_request
-            user.reload
-          end.to change { user.tokens.keys.count }.from(0).to(1).and(
-            change(user, :allow_password_change).from(false).to(true)
-          )
-          expect(response).to      redirect_to %r{\Ahttps://google.com}
-          expect(response.body).to include("client=#{user.reload.tokens.keys.first}")
-          expect(response.body).to include('access-token=')
-          expect(response.body).to include('uid=')
-          expect(response.body).to include('expiry=')
-        end
-        context 'when redirect_url is not whitelisted' do
-          let(:redirect_url) { 'https://not-safe.com' }
-          before { post_request }
-          it 'returns a not whitelisted redirect url error' do
-            expect(json_response[:errors]).to containing_exactly(
-              hash_including(
-                message:    "Redirect to '#{redirect_url}' not allowed.",
-                extensions: { code: 'USER_ERROR' }
-              )
-            )
-          end
-        end
-      end
-      context 'when token has expired' do
-        it 'returns an expired token error' do
-          travel_to 10.hours.ago do
-            token
-          end
-          get_request
-          expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'Reset password token is no longer valid.', extensions: { code: 'USER_ERROR' })
-          )
-        end
-      end
-    end
-    context 'when reset password token is not found' do
-      let(:token) { user.send(:set_reset_password_token) + 'invalid' }
-      it 'returns an error message' do
-        get_request
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(message: 'No user found for the specified reset token.', extensions: { code: 'USER_ERROR' })
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          adminCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'adminCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-  context 'when using the guest model' do
-    let(:token) { 'not_important' }
-    let(:query) do
-      <<-GRAPHQL
-        query {
-          guestCheckPasswordToken(
-            resetPasswordToken: "#{token}",
-            redirectUrl: "#{redirect_url}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    before { post_request }
-    it 'skips the sign up mutation' do
-      expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: "Field 'guestCheckPasswordToken' doesn't exist on type 'Query'")
-      )
-    end
-  end
-end

data/spec/requests/queries/confirm_account_spec.rb DELETED Viewed

@@ -1,137 +0,0 @@
-# frozen_string_literal: true
-require 'rails_helper'
-RSpec.describe 'Account confirmation' do
-  include_context 'with graphql query request'
-  context 'when using the user model' do
-    let(:user)     { create(:user, confirmed_at: nil) }
-    let(:redirect) { 'https://google.com' }
-    let(:query) do
-      <<-GRAPHQL
-        {
-          userConfirmAccount(
-            confirmationToken: "#{token}"
-            redirectUrl:       "#{redirect}"
-          ) {
-            email
-            name
-          }
-        }
-      GRAPHQL
-    end
-    context 'when confirmation token is correct' do
-      let(:token) { user.confirmation_token }
-      before do
-        user.send_confirmation_instructions(
-          template_path: ['graphql_devise/mailer'],
-          controller:    'graphql_devise/graphql',
-          schema_url:    'http://not-using-this-value.com/gql'
-        )
-      end
-      it 'confirms the resource and redirects to the sent url' do
-        expect do
-          get_request
-          user.reload
-        end.to(change(user, :confirmed_at).from(nil))
-        expect(response).to redirect_to("#{redirect}?account_confirmation_success=true")
-        expect(user).to be_active_for_authentication
-      end
-      context 'when redirect_url is not whitelisted' do
-        let(:redirect) { 'https://not-safe.com' }
-        it 'returns a not whitelisted redirect url error' do
-          expect { post_request }.to not_change(ActionMailer::Base.deliveries, :count)
-          expect(json_response[:errors]).to containing_exactly(
-            hash_including(
-              message:    "Redirect to '#{redirect}' not allowed.",
-              extensions: { code: 'USER_ERROR' }
-            )
-          )
-        end
-      end
-      context 'when unconfirmed_email is present' do
-        let(:user) { create(:user, :confirmed, unconfirmed_email: 'vvega@wallaceinc.com') }
-        it 'confirms the unconfirmed email and redirects' do
-          expect do
-            get_request
-            user.reload
-          end.to change(user, :email).from(user.email).to('vvega@wallaceinc.com').and(
-            change(user, :unconfirmed_email).from('vvega@wallaceinc.com').to(nil)
-          )
-          expect(response).to redirect_to("#{redirect}?account_confirmation_success=true")
-        end
-      end
-    end
-    context 'when reset password token is not found' do
-      let(:token) { "#{user.confirmation_token}-invalid" }
-      it 'does *NOT* confirm the user nor does the redirection' do
-        expect do
-          get_request
-          user.reload
-        end.not_to(change(user, :confirmed_at).from(nil))
-        expect(response).not_to be_redirect
-        expect(json_response[:errors]).to contain_exactly(
-          hash_including(
-            message:    'Invalid confirmation token. Please try again',
-            extensions: { code: 'USER_ERROR' }
-          )
-        )
-      end
-    end
-  end
-  context 'when using the admin model' do
-    let(:admin)    { create(:admin, confirmed_at: nil) }
-    let(:redirect) { 'https://google.com' }
-    let(:query) do
-      <<-GRAPHQL
-        {
-          adminConfirmAccount(
-            confirmationToken: "#{token}"
-            redirectUrl:       "#{redirect}"
-          ) {
-            email
-          }
-        }
-      GRAPHQL
-    end
-    context 'when confirmation token is correct' do
-      let(:token) { admin.confirmation_token }
-      before do
-        admin.send_confirmation_instructions(
-          template_path: ['graphql_devise/mailer'],
-          controller:    'graphql_devise/graphql',
-          schema_url:    'http://not-using-this-value.com/gql'
-        )
-      end
-      it 'confirms the resource, persists credentials on the DB and redirects to the sent url' do
-        expect do
-          get_request
-          admin.reload
-        end.to change(admin, :confirmed_at).from(nil).and(
-          change { admin.tokens.keys.count }.from(0).to(1)
-        )
-        expect(response).to redirect_to(/\A#{redirect}.+access\-token=/)
-        expect(admin).to be_active_for_authentication
-      end
-    end
-  end
-end