graphql_devise 0.12.0 → 0.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6929ccf18a8a9f8e7cd9b3f4f5e8388cf2b6d19617ed163f8b1c769820c14e57
-  data.tar.gz: fb23c4d077deb50757905b0d28ed92764e8442b696273035d8a925c917e69fb4
+  metadata.gz: 64f2bd00ac9c5edc119bb83326ffa996ab57a5551474887281857ef10ee7abb9
+  data.tar.gz: a8e1b662d697f4e8f94faf41b3ccbfec9b4ae6eb295ee4ee004c80d0c2b723bb
 SHA512:
-  metadata.gz: 7f76369100a4ad9f5e1814a759e5a358dd9a38548a105ee685baf38cd5b5a42f18c58f28f320fe2d607e1061c2cc12ed64bd82085b616179004e93720b4e3baa
-  data.tar.gz: cce3f1d55751b40d6089e3a0f0b77563dbecf0298004eec3a9d40df2890ebf80b28fc8e8c95aeefb46878e7c71296c1444bff8145885f1aec014ba030253b1da
+  metadata.gz: c6be77b7524f9a3cbf17b047fc5fbedc5d2cc0158ee343bdb470fe468774d3c3c7b1b0e80f2d529d623e3e74f32bf6d61f1dd220ebc2e66d7863346cedafde25
+  data.tar.gz: c6264ad438bfbec20b53c77bf9997e0a2a6d4ef184488f0a4830e5cad7c7f8f01112e163ec1fb0b5ed86718e488899373706245f22fc6c754280c74daec8a510

data/CHANGELOG.md

@@ -1,6 +1,15 @@
 # Changelog
 
-## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-11)
+## [v0.12.1](https://github.com/graphql-devise/graphql_devise/tree/v0.12.1) (2020-06-12)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.0...v0.12.1)
+
+**Security fixes:**
+
+- Insecure send password reset mutation? [\#98](https://github.com/graphql-devise/graphql_devise/issues/98)
+- Avoid returning user information on password reset mutation [\#100](https://github.com/graphql-devise/graphql_devise/pull/100) ([00dav00](https://github.com/00dav00))
+
+## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-12)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.4...v0.12.0)
 

data/config/locales/en.yml

@@ -14,6 +14,7 @@ en:
       password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
       reset_token_not_found: "No user found for the specified reset token."
       reset_token_expired: "Reset password token is no longer valid."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
     sessions:
       bad_credentials: "Invalid login credentials. Please try again."
       not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"

data/graphql_devise.gemspec

@@ -21,7 +21,9 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
-  spec.test_files    = Dir['spec/**/*']
+  spec.test_files    = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").select { |f| f.match(%r{^spec/}) }
+  end
 
   spec.required_ruby_version = '>= 2.2.0'
 

data/lib/graphql_devise.rb

@@ -36,6 +36,14 @@ module GraphqlDevise
   end
 end
 
+require 'graphql_devise/engine'
+require 'graphql_devise/version'
+require 'graphql_devise/errors/error_codes'
+require 'graphql_devise/errors/execution_error'
+require 'graphql_devise/errors/user_error'
+require 'graphql_devise/errors/authentication_error'
+require 'graphql_devise/errors/detailed_user_error'
+
 require 'graphql_devise/concerns/controller_methods'
 require 'graphql_devise/schema'
 require 'graphql_devise/types/authenticatable_type'
@@ -46,12 +54,6 @@ require 'graphql_devise/default_operations/mutations'
 require 'graphql_devise/default_operations/resolvers'
 require 'graphql_devise/resolvers/dummy'
 
-require 'graphql_devise/engine'
-require 'graphql_devise/version'
-require 'graphql_devise/error_codes'
-require 'graphql_devise/user_error'
-require 'graphql_devise/detailed_user_error'
-
 require 'graphql_devise/mount_method/option_sanitizer'
 require 'graphql_devise/mount_method/options_validator'
 require 'graphql_devise/mount_method/operation_preparer'

data/lib/graphql_devise/default_operations/mutations.rb

@@ -9,12 +9,12 @@ require 'graphql_devise/mutations/update_password'
 module GraphqlDevise
   module DefaultOperations
     MUTATIONS = {
-      login:               GraphqlDevise::Mutations::Login,
-      logout:              GraphqlDevise::Mutations::Logout,
-      sign_up:             GraphqlDevise::Mutations::SignUp,
-      update_password:     GraphqlDevise::Mutations::UpdatePassword,
-      send_password_reset: GraphqlDevise::Mutations::SendPasswordReset,
-      resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
+      login:               { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
+      logout:              { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
+      sign_up:             { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
+      update_password:     { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
+      send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
+      resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
     }.freeze
   end
 end

data/lib/graphql_devise/default_operations/resolvers.rb

@@ -5,8 +5,8 @@ require 'graphql_devise/resolvers/confirm_account'
 module GraphqlDevise
   module DefaultOperations
     QUERIES = {
-      confirm_account:      GraphqlDevise::Resolvers::ConfirmAccount,
-      check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
+      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount },
+      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
     }.freeze
   end
 end

data/lib/graphql_devise/errors/authentication_error.rb

@@ -0,0 +1,7 @@
+module GraphqlDevise
+  class AuthenticationError < ExecutionError
+    def to_h
+      super.merge(extensions: { code: ERROR_CODES.fetch(:authentication_error) })
+    end
+  end
+end

data/lib/graphql_devise/{detailed_user_error.rb → errors/detailed_user_error.rb}

@@ -1,5 +1,5 @@
 module GraphqlDevise
-  class DetailedUserError < GraphQL::ExecutionError
+  class DetailedUserError < ExecutionError
     def initialize(message, errors:)
       @message = message
       @errors  = errors

data/lib/graphql_devise/errors/error_codes.rb

@@ -0,0 +1,6 @@
+module GraphqlDevise
+  ERROR_CODES = {
+    user_error:           'USER_ERROR',
+    authentication_error: 'AUTHENTICATION_ERROR'
+  }.freeze
+end

data/lib/graphql_devise/errors/execution_error.rb

@@ -0,0 +1,4 @@
+module GraphqlDevise
+  class ExecutionError < GraphQL::ExecutionError
+  end
+end

data/lib/graphql_devise/{user_error.rb → errors/user_error.rb}

@@ -1,5 +1,5 @@
 module GraphqlDevise
-  class UserError < GraphQL::ExecutionError
+  class UserError < ExecutionError
     def to_h
       super.merge(extensions: { code: ERROR_CODES.fetch(:user_error) })
     end

data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb

@@ -10,14 +10,18 @@ module GraphqlDevise
         end
 
         def call
-          @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation), result|
+          @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
             mapped_action = "#{@mapping_name}_#{action}"
+            operation     = operation_info[:klass]
+            options       = operation_info.except(:klass)
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),
               @preparer,
               OperationPreparers::ResourceNameSetter.new(@mapping_name)
-            ].reduce(child_class(operation)) { |prepared_operation, preparer| preparer.call(prepared_operation) }
+            ].reduce(child_class(operation)) do |prepared_operation, preparer|
+              preparer.call(prepared_operation, **options)
+            end
           end
         end
 

data/lib/graphql_devise/mount_method/operation_preparers/gql_name_setter.rb

@@ -6,7 +6,7 @@ module GraphqlDevise
           @mapping_name = mapping_name
         end
 
-        def call(operation)
+        def call(operation, **)
           operation.graphql_name(graphql_name)
 
           operation

data/lib/graphql_devise/mount_method/operation_preparers/mutation_field_setter.rb

@@ -6,9 +6,10 @@ module GraphqlDevise
           @authenticatable_type = authenticatable_type
         end
 
-        def call(mutation)
-          mutation.field(:authenticatable, @authenticatable_type, null: false)
+        def call(mutation, authenticatable: true)
+          return mutation unless authenticatable
 
+          mutation.field(:authenticatable, @authenticatable_type, null: false)
           mutation
         end
       end

data/lib/graphql_devise/mount_method/operation_preparers/resolver_type_setter.rb

@@ -6,7 +6,7 @@ module GraphqlDevise
           @authenticatable_type = authenticatable_type
         end
 
-        def call(resolver)
+        def call(resolver, **)
           resolver.type(@authenticatable_type, null: false)
 
           resolver

data/lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb

@@ -6,7 +6,7 @@ module GraphqlDevise
           @name = name
         end
 
-        def call(operation)
+        def call(operation, **)
           operation.instance_variable_set(:@resource_name, @name)
 
           operation

data/lib/graphql_devise/mutations/resend_confirmation.rb

@@ -22,10 +22,7 @@ module GraphqlDevise
             template_path: ['graphql_devise/mailer']
           )
 
-          {
-            authenticatable: resource,
-            message:       I18n.t('graphql_devise.confirmations.send_instructions', email: email)
-          }
+          { message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }
         else
           raise_user_error(I18n.t('graphql_devise.confirmations.user_not_found', email: email))
         end

data/lib/graphql_devise/mutations/send_password_reset.rb

@@ -4,6 +4,8 @@ module GraphqlDevise
       argument :email,        String, required: true
       argument :redirect_url, String, required: true
 
+      field :message, String, null: false
+
       def resolve(email:, redirect_url:)
         resource = find_resource(:email, get_case_insensitive_field(:email, email))
 
@@ -18,7 +20,7 @@ module GraphqlDevise
           )
 
           if resource.errors.empty?
-            { authenticatable: resource }
+            { message: I18n.t('graphql_devise.passwords.send_instructions') }
           else
             raise_user_error_list(I18n.t('graphql_devise.invalid_resource'), errors: resource.errors.full_messages)
           end

data/lib/graphql_devise/schema_plugin.rb

@@ -1,6 +1,6 @@
 module GraphqlDevise
   class SchemaPlugin
-    DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::UserError, "#{field} field requires authentication" }
+    DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::AuthenticationError, "#{field} field requires authentication" }
 
     def initialize(query: nil, mutation: nil, authenticate_default: true, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
       @query                = query

data/lib/graphql_devise/version.rb

@@ -1,3 +1,3 @@
 module GraphqlDevise
-  VERSION = '0.12.0'.freeze
+  VERSION = '0.12.1'.freeze
 end

data/spec/requests/mutations/resend_confirmation_spec.rb

@@ -15,10 +15,6 @@ RSpec.describe 'Resend confirmation' do
           redirectUrl:"#{redirect}"
         ) {
           message
-          authenticatable {
-            id
-            email
-          }
         }
       }
     GRAPHQL
@@ -28,11 +24,7 @@ RSpec.describe 'Resend confirmation' do
     it 'sends an email to the user with confirmation url and returns a success message' do
       expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
       expect(json_response[:data][:userResendConfirmation]).to include(
-        message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-        authenticatable: {
-          id:    id,
-          email: email
-        }
+        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
       )
 
       email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
@@ -56,11 +48,7 @@ RSpec.describe 'Resend confirmation' do
       it 'honors devise configuration for case insensitive fields' do
         expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
         expect(json_response[:data][:userResendConfirmation]).to include(
-          message:         'You will receive an email with instructions for how to confirm your email address in a few minutes.',
-          authenticatable: {
-            id:    id,
-            email: user.email
-          }
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
         )
       end
     end

data/spec/requests/mutations/send_password_reset_spec.rb

@@ -13,9 +13,7 @@ RSpec.describe 'Send Password Reset Requests' do
           email:       "#{email}",
           redirectUrl: "#{redirect_url}"
         ) {
-          authenticatable {
-            email
-          }
+          message
         }
       }
     GRAPHQL
@@ -25,6 +23,10 @@ RSpec.describe 'Send Password Reset Requests' do
     it 'sends password reset  email' do
       expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
 
+      expect(json_response[:data][:userSendPasswordReset]).to include(
+        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+      )
+
       email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
       link  = email.css('a').first
 
@@ -41,6 +43,9 @@ RSpec.describe 'Send Password Reset Requests' do
 
     it 'honors devise configuration for case insensitive fields' do
       expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+      expect(json_response[:data][:userSendPasswordReset]).to include(
+        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+      )
     end
   end
 

data/spec/requests/user_controller_spec.rb

@@ -54,7 +54,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         it 'returns a must sign in error' do
           expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'USER_ERROR' })
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
           )
         end
       end
@@ -74,7 +74,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         it 'returns a must sign in error' do
           expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'privateField field requires authentication', extensions: { code: 'USER_ERROR' })
+            hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
           )
         end
       end
@@ -104,7 +104,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         it 'returns a must sign in error' do
           expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'USER_ERROR' })
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
           )
         end
       end
@@ -124,7 +124,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         it 'returns a must sign in error' do
           expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'USER_ERROR' })
+            hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
           )
         end
       end
@@ -162,7 +162,7 @@ RSpec.describe "Integrations with the user's controller" do
       context 'when user is not authenticated' do
         it 'returns a must sign in error' do
           expect(json_response[:errors]).to contain_exactly(
-            hash_including(message: 'user field requires authentication', extensions: { code: 'USER_ERROR' })
+            hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
           )
         end
       end

data/spec/services/mount_method/operation_preparer_spec.rb

@@ -14,10 +14,15 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
 
     let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
     let(:mapping)      { :user }
-    let(:selected)     { { login: double(:login_default), logout: logout_class } }
     let(:preparer)     { double(:preparer, call: logout_class) }
     let(:custom)       { { login: double(:custom_login, graphql_name: nil) } }
     let(:additional)   { { user_additional: double(:user_additional) } }
+    let(:selected) do
+      {
+        login: { klass: double(:login_default) },
+        logout:{ klass: logout_class }
+      }
+    end
 
     it 'is expected to return all provided operation keys' do
       expect(prepared_operations.keys).to contain_exactly(

data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb

@@ -11,18 +11,25 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
     let(:logout_operation)  { double(:sign_up_operation, graphql_name: nil) }
     let(:mapping_name)      { :user }
     let(:preparer)          { double(:preparer) }
-    let(:operations)        { { login: login_operation, logout: logout_operation, sign_up: sign_up_operation, confirm: confirm_operation } }
     let(:custom_keys)       { [:login, :logout] }
+    let(:operations) do
+      {
+        confirm: { klass: confirm_operation, authenticatable: false },
+        sign_up: { klass: sign_up_operation, authenticatable: true },
+        login:   { klass: login_operation, authenticatable: true },
+        logout:  { klass: logout_operation, authenticatable: true }
+      }
+    end
 
     before do
       allow(default_preparer).to receive(:child_class).with(confirm_operation).and_return(confirm_operation)
       allow(default_preparer).to receive(:child_class).with(sign_up_operation).and_return(sign_up_operation)
       allow(default_preparer).to receive(:child_class).with(login_operation).and_return(login_operation)
       allow(default_preparer).to receive(:child_class).with(logout_operation).and_return(logout_operation)
-      allow(preparer).to receive(:call).with(confirm_operation).and_return(confirm_operation)
-      allow(preparer).to receive(:call).with(sign_up_operation).and_return(sign_up_operation)
-      allow(preparer).to receive(:call).with(login_operation).and_return(login_operation)
-      allow(preparer).to receive(:call).with(logout_operation).and_return(logout_operation)
+      allow(preparer).to receive(:call).with(confirm_operation, authenticatable: false).and_return(confirm_operation)
+      allow(preparer).to receive(:call).with(sign_up_operation, authenticatable: true).and_return(sign_up_operation)
+      allow(preparer).to receive(:call).with(login_operation, authenticatable: true).and_return(login_operation)
+      allow(preparer).to receive(:call).with(logout_operation, authenticatable: true).and_return(logout_operation)
     end
 
     it 'returns only those operations with no custom operation provided' do
@@ -32,8 +39,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
     it 'prepares default operations' do
       expect(confirm_operation).to receive(:graphql_name).with('UserConfirm')
       expect(sign_up_operation).to receive(:graphql_name).with('UserSignUp')
-      expect(preparer).to receive(:call).with(confirm_operation)
-      expect(preparer).to receive(:call).with(sign_up_operation)
+      expect(preparer).to receive(:call).with(confirm_operation, authenticatable: false)
+      expect(preparer).to receive(:call).with(sign_up_operation, authenticatable: true)
 
       prepared
 

data/spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb

@@ -2,15 +2,29 @@ require 'spec_helper'
 
 RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter do
   describe '#call' do
-    subject(:prepared_operation) { described_class.new(field_type).call(operation) }
+    subject(:prepared_operation) { described_class.new(field_type).call(operation, authenticatable: authenticatable) }
 
     let(:operation)  { double(:operation) }
     let(:field_type) { double(:type) }
 
-    it 'sets a field for the mutation' do
-      expect(operation).to receive(:field).with(:authenticatable, field_type, null: false)
+    context 'when resource is authtenticable' do
+      let(:authenticatable) { true }
 
-      prepared_operation
+      it 'sets a field for the mutation' do
+        expect(operation).to receive(:field).with(:authenticatable, field_type, null: false)
+
+        prepared_operation
+      end
+    end
+
+    context 'when resource is *NOT* authtenticable' do
+      let(:authenticatable) { false }
+
+      it 'does *NOT* set a field for the mutation' do
+        expect(operation).not_to receive(:field)
+
+        prepared_operation
+      end
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graphql_devise
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.12.1
 platform: ruby
 authors:
 - Mario Celi
@@ -308,9 +308,12 @@ files:
 - lib/graphql_devise/concerns/controller_methods.rb
 - lib/graphql_devise/default_operations/mutations.rb
 - lib/graphql_devise/default_operations/resolvers.rb
-- lib/graphql_devise/detailed_user_error.rb
 - lib/graphql_devise/engine.rb
-- lib/graphql_devise/error_codes.rb
+- lib/graphql_devise/errors/authentication_error.rb
+- lib/graphql_devise/errors/detailed_user_error.rb
+- lib/graphql_devise/errors/error_codes.rb
+- lib/graphql_devise/errors/execution_error.rb
+- lib/graphql_devise/errors/user_error.rb
 - lib/graphql_devise/mount_method/operation_preparer.rb
 - lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb
 - lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb
@@ -348,7 +351,6 @@ files:
 - lib/graphql_devise/types/credential_type.rb
 - lib/graphql_devise/types/mutation_type.rb
 - lib/graphql_devise/types/query_type.rb
-- lib/graphql_devise/user_error.rb
 - lib/graphql_devise/version.rb
 - spec/dummy/README.md
 - spec/dummy/Rakefile
@@ -405,7 +407,6 @@ files:
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
 - spec/dummy/config/spring.rb
-- spec/dummy/db/development.sqlite3
 - spec/dummy/db/migrate/20190815114303_create_users.rb
 - spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
 - spec/dummy/db/migrate/20190916012505_create_admins.rb
@@ -413,9 +414,6 @@ files:
 - spec/dummy/db/migrate/20200321121807_create_users_customers.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/db/seeds.rb
-- spec/dummy/db/test.sqlite3
-- spec/dummy/log/development.log
-- spec/dummy/log/test.log
 - spec/dummy/public/robots.txt
 - spec/factories/admins.rb
 - spec/factories/guests.rb
@@ -489,116 +487,112 @@ signing_key:
 specification_version: 4
 summary: GraphQL queries and mutations on top of devise_token_auth
 test_files:
-- spec/spec_helper.rb
-- spec/dummy/app/mailers/application_mailer.rb
-- spec/dummy/app/models/guest.rb
-- spec/dummy/app/models/admin.rb
-- spec/dummy/app/models/users/customer.rb
-- spec/dummy/app/models/users.rb
-- spec/dummy/app/models/application_record.rb
-- spec/dummy/app/models/user.rb
+- spec/dummy/README.md
+- spec/dummy/Rakefile
+- spec/dummy/app/assets/config/manifest.js
+- spec/dummy/app/controllers/api/v1/graphql_controller.rb
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/graphql/dummy_schema.rb
 - spec/dummy/app/graphql/interpreter_schema.rb
-- spec/dummy/app/graphql/types/custom_admin_type.rb
-- spec/dummy/app/graphql/types/mutation_type.rb
-- spec/dummy/app/graphql/types/query_type.rb
-- spec/dummy/app/graphql/types/base_object.rb
-- spec/dummy/app/graphql/types/user_type.rb
-- spec/dummy/app/graphql/mutations/register_confirmed_user.rb
 - spec/dummy/app/graphql/mutations/login.rb
+- spec/dummy/app/graphql/mutations/register_confirmed_user.rb
 - spec/dummy/app/graphql/mutations/sign_up.rb
 - spec/dummy/app/graphql/resolvers/public_user.rb
 - spec/dummy/app/graphql/resolvers/user_show.rb
-- spec/dummy/app/graphql/dummy_schema.rb
+- spec/dummy/app/graphql/types/base_object.rb
+- spec/dummy/app/graphql/types/custom_admin_type.rb
+- spec/dummy/app/graphql/types/mutation_type.rb
+- spec/dummy/app/graphql/types/query_type.rb
+- spec/dummy/app/graphql/types/user_type.rb
 - spec/dummy/app/jobs/application_job.rb
-- spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/controllers/api/v1/graphql_controller.rb
+- spec/dummy/app/mailers/application_mailer.rb
+- spec/dummy/app/models/admin.rb
+- spec/dummy/app/models/application_record.rb
+- spec/dummy/app/models/guest.rb
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/models/users.rb
+- spec/dummy/app/models/users/customer.rb
 - spec/dummy/app/views/layouts/mailer.html.erb
 - spec/dummy/app/views/layouts/mailer.text.erb
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/bin/update
-- spec/dummy/bin/rake
-- spec/dummy/bin/setup
 - spec/dummy/bin/bundle
 - spec/dummy/bin/rails
-- spec/dummy/config/secrets.yml
-- spec/dummy/config/routes.rb
-- spec/dummy/config/environments/production.rb
-- spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/test.rb
-- spec/dummy/config/spring.rb
-- spec/dummy/config/master.key
-- spec/dummy/config/environment.rb
+- spec/dummy/bin/rake
+- spec/dummy/bin/setup
+- spec/dummy/bin/update
+- spec/dummy/config.ru
 - spec/dummy/config/application.rb
-- spec/dummy/config/puma.rb
 - spec/dummy/config/credentials.yml.enc
 - spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/application_controller_renderer.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/cors.rb
+- spec/dummy/config/initializers/devise.rb
 - spec/dummy/config/initializers/devise_token_auth.rb
-- spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/initializers/i18n.rb
-- spec/dummy/config/initializers/devise.rb
 - spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/cors.rb
-- spec/dummy/config.ru
-- spec/dummy/README.md
-- spec/dummy/Rakefile
-- spec/dummy/public/robots.txt
-- spec/dummy/db/schema.rb
-- spec/dummy/db/seeds.rb
-- spec/dummy/db/test.sqlite3
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/master.key
+- spec/dummy/config/puma.rb
+- spec/dummy/config/routes.rb
+- spec/dummy/config/secrets.yml
+- spec/dummy/config/spring.rb
+- spec/dummy/db/migrate/20190815114303_create_users.rb
+- spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
 - spec/dummy/db/migrate/20190916012505_create_admins.rb
 - spec/dummy/db/migrate/20191013213045_create_guests.rb
 - spec/dummy/db/migrate/20200321121807_create_users_customers.rb
-- spec/dummy/db/migrate/20190815114303_create_users.rb
-- spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
-- spec/dummy/db/development.sqlite3
-- spec/dummy/log/test.log
-- spec/dummy/log/development.log
+- spec/dummy/db/schema.rb
+- spec/dummy/db/seeds.rb
+- spec/dummy/public/robots.txt
+- spec/factories/admins.rb
+- spec/factories/guests.rb
+- spec/factories/users.rb
+- spec/factories/users_customers.rb
+- spec/generators/graphql_devise/install_generator_spec.rb
 - spec/graphql_devise_spec.rb
 - spec/models/user_spec.rb
+- spec/rails_helper.rb
 - spec/requests/graphql_controller_spec.rb
-- spec/requests/user_controller_spec.rb
+- spec/requests/mutations/additional_mutations_spec.rb
+- spec/requests/mutations/additional_queries_spec.rb
 - spec/requests/mutations/login_spec.rb
 - spec/requests/mutations/logout_spec.rb
+- spec/requests/mutations/resend_confirmation_spec.rb
 - spec/requests/mutations/send_password_reset_spec.rb
-- spec/requests/mutations/update_password_spec.rb
-- spec/requests/mutations/additional_mutations_spec.rb
-- spec/requests/mutations/additional_queries_spec.rb
 - spec/requests/mutations/sign_up_spec.rb
-- spec/requests/mutations/resend_confirmation_spec.rb
-- spec/requests/queries/confirm_account_spec.rb
+- spec/requests/mutations/update_password_spec.rb
 - spec/requests/queries/check_password_token_spec.rb
-- spec/support/factory_bot.rb
-- spec/support/contexts/graphql_request.rb
-- spec/support/requests/auth_helpers.rb
-- spec/support/requests/json_helpers.rb
-- spec/support/matchers/not_change_matcher.rb
-- spec/support/matchers/auth_headers_matcher.rb
-- spec/factories/admins.rb
-- spec/factories/users.rb
-- spec/factories/guests.rb
-- spec/factories/users_customers.rb
-- spec/generators/graphql_devise/install_generator_spec.rb
-- spec/rails_helper.rb
-- spec/services/schema_plugin_spec.rb
-- spec/services/mount_method/option_sanitizers/class_checker_spec.rb
-- spec/services/mount_method/option_sanitizers/array_checker_spec.rb
-- spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
-- spec/services/mount_method/option_sanitizers/string_checker_spec.rb
-- spec/services/mount_method/option_sanitizer_spec.rb
-- spec/services/mount_method/options_validator_spec.rb
+- spec/requests/queries/confirm_account_spec.rb
+- spec/requests/user_controller_spec.rb
 - spec/services/mount_method/operation_preparer_spec.rb
-- spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
+- spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb
 - spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb
+- spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
+- spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
 - spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb
 - spec/services/mount_method/operation_preparers/resource_name_setter_spec.rb
-- spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
-- spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb
-- spec/services/mount_method/option_validators/supported_operations_validator_spec.rb
+- spec/services/mount_method/operation_sanitizer_spec.rb
+- spec/services/mount_method/option_sanitizer_spec.rb
+- spec/services/mount_method/option_sanitizers/array_checker_spec.rb
+- spec/services/mount_method/option_sanitizers/class_checker_spec.rb
+- spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
+- spec/services/mount_method/option_sanitizers/string_checker_spec.rb
 - spec/services/mount_method/option_validators/provided_operations_validator_spec.rb
 - spec/services/mount_method/option_validators/skip_only_validator_spec.rb
-- spec/services/mount_method/operation_sanitizer_spec.rb
+- spec/services/mount_method/option_validators/supported_operations_validator_spec.rb
+- spec/services/mount_method/options_validator_spec.rb
 - spec/services/resource_loader_spec.rb
+- spec/services/schema_plugin_spec.rb
+- spec/spec_helper.rb
+- spec/support/contexts/graphql_request.rb
+- spec/support/factory_bot.rb
+- spec/support/matchers/auth_headers_matcher.rb
+- spec/support/matchers/not_change_matcher.rb
+- spec/support/requests/auth_helpers.rb
+- spec/support/requests/json_helpers.rb

data/lib/graphql_devise/error_codes.rb

@@ -1,5 +0,0 @@
-module GraphqlDevise
-  ERROR_CODES = {
-    user_error: 'USER_ERROR'
-  }.freeze
-end