graphql_devise 0.12.0 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -1
  3. data/config/locales/en.yml +1 -0
  4. data/graphql_devise.gemspec +3 -1
  5. data/lib/graphql_devise.rb +8 -6
  6. data/lib/graphql_devise/default_operations/mutations.rb +6 -6
  7. data/lib/graphql_devise/default_operations/resolvers.rb +2 -2
  8. data/lib/graphql_devise/errors/authentication_error.rb +7 -0
  9. data/lib/graphql_devise/{detailed_user_error.rb → errors/detailed_user_error.rb} +1 -1
  10. data/lib/graphql_devise/errors/error_codes.rb +6 -0
  11. data/lib/graphql_devise/errors/execution_error.rb +4 -0
  12. data/lib/graphql_devise/{user_error.rb → errors/user_error.rb} +1 -1
  13. data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -2
  14. data/lib/graphql_devise/mount_method/operation_preparers/gql_name_setter.rb +1 -1
  15. data/lib/graphql_devise/mount_method/operation_preparers/mutation_field_setter.rb +3 -2
  16. data/lib/graphql_devise/mount_method/operation_preparers/resolver_type_setter.rb +1 -1
  17. data/lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb +1 -1
  18. data/lib/graphql_devise/mutations/resend_confirmation.rb +1 -4
  19. data/lib/graphql_devise/mutations/send_password_reset.rb +3 -1
  20. data/lib/graphql_devise/schema_plugin.rb +1 -1
  21. data/lib/graphql_devise/version.rb +1 -1
  22. data/spec/requests/mutations/resend_confirmation_spec.rb +2 -14
  23. data/spec/requests/mutations/send_password_reset_spec.rb +8 -3
  24. data/spec/requests/user_controller_spec.rb +5 -5
  25. data/spec/services/mount_method/operation_preparer_spec.rb +6 -1
  26. data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +14 -7
  27. data/spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb +18 -4
  28. metadata +78 -84
  29. data/lib/graphql_devise/error_codes.rb +0 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6929ccf18a8a9f8e7cd9b3f4f5e8388cf2b6d19617ed163f8b1c769820c14e57
4
- data.tar.gz: fb23c4d077deb50757905b0d28ed92764e8442b696273035d8a925c917e69fb4
3
+ metadata.gz: 64f2bd00ac9c5edc119bb83326ffa996ab57a5551474887281857ef10ee7abb9
4
+ data.tar.gz: a8e1b662d697f4e8f94faf41b3ccbfec9b4ae6eb295ee4ee004c80d0c2b723bb
5
5
  SHA512:
6
- metadata.gz: 7f76369100a4ad9f5e1814a759e5a358dd9a38548a105ee685baf38cd5b5a42f18c58f28f320fe2d607e1061c2cc12ed64bd82085b616179004e93720b4e3baa
7
- data.tar.gz: cce3f1d55751b40d6089e3a0f0b77563dbecf0298004eec3a9d40df2890ebf80b28fc8e8c95aeefb46878e7c71296c1444bff8145885f1aec014ba030253b1da
6
+ metadata.gz: c6be77b7524f9a3cbf17b047fc5fbedc5d2cc0158ee343bdb470fe468774d3c3c7b1b0e80f2d529d623e3e74f32bf6d61f1dd220ebc2e66d7863346cedafde25
7
+ data.tar.gz: c6264ad438bfbec20b53c77bf9997e0a2a6d4ef184488f0a4830e5cad7c7f8f01112e163ec1fb0b5ed86718e488899373706245f22fc6c754280c74daec8a510
@@ -1,6 +1,15 @@
1
1
  # Changelog
2
2
 
3
- ## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-11)
3
+ ## [v0.12.1](https://github.com/graphql-devise/graphql_devise/tree/v0.12.1) (2020-06-12)
4
+
5
+ [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.0...v0.12.1)
6
+
7
+ **Security fixes:**
8
+
9
+ - Insecure send password reset mutation? [\#98](https://github.com/graphql-devise/graphql_devise/issues/98)
10
+ - Avoid returning user information on password reset mutation [\#100](https://github.com/graphql-devise/graphql_devise/pull/100) ([00dav00](https://github.com/00dav00))
11
+
12
+ ## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-12)
4
13
 
5
14
  [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.4...v0.12.0)
6
15
 
@@ -14,6 +14,7 @@ en:
14
14
  password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
15
15
  reset_token_not_found: "No user found for the specified reset token."
16
16
  reset_token_expired: "Reset password token is no longer valid."
17
+ send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
17
18
  sessions:
18
19
  bad_credentials: "Invalid login credentials. Please try again."
19
20
  not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
@@ -21,7 +21,9 @@ Gem::Specification.new do |spec|
21
21
  spec.bindir = 'exe'
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ['lib']
24
- spec.test_files = Dir['spec/**/*']
24
+ spec.test_files = Dir.chdir(File.expand_path(__dir__)) do
25
+ `git ls-files -z`.split("\x0").select { |f| f.match(%r{^spec/}) }
26
+ end
25
27
 
26
28
  spec.required_ruby_version = '>= 2.2.0'
27
29
 
@@ -36,6 +36,14 @@ module GraphqlDevise
36
36
  end
37
37
  end
38
38
 
39
+ require 'graphql_devise/engine'
40
+ require 'graphql_devise/version'
41
+ require 'graphql_devise/errors/error_codes'
42
+ require 'graphql_devise/errors/execution_error'
43
+ require 'graphql_devise/errors/user_error'
44
+ require 'graphql_devise/errors/authentication_error'
45
+ require 'graphql_devise/errors/detailed_user_error'
46
+
39
47
  require 'graphql_devise/concerns/controller_methods'
40
48
  require 'graphql_devise/schema'
41
49
  require 'graphql_devise/types/authenticatable_type'
@@ -46,12 +54,6 @@ require 'graphql_devise/default_operations/mutations'
46
54
  require 'graphql_devise/default_operations/resolvers'
47
55
  require 'graphql_devise/resolvers/dummy'
48
56
 
49
- require 'graphql_devise/engine'
50
- require 'graphql_devise/version'
51
- require 'graphql_devise/error_codes'
52
- require 'graphql_devise/user_error'
53
- require 'graphql_devise/detailed_user_error'
54
-
55
57
  require 'graphql_devise/mount_method/option_sanitizer'
56
58
  require 'graphql_devise/mount_method/options_validator'
57
59
  require 'graphql_devise/mount_method/operation_preparer'
@@ -9,12 +9,12 @@ require 'graphql_devise/mutations/update_password'
9
9
  module GraphqlDevise
10
10
  module DefaultOperations
11
11
  MUTATIONS = {
12
- login: GraphqlDevise::Mutations::Login,
13
- logout: GraphqlDevise::Mutations::Logout,
14
- sign_up: GraphqlDevise::Mutations::SignUp,
15
- update_password: GraphqlDevise::Mutations::UpdatePassword,
16
- send_password_reset: GraphqlDevise::Mutations::SendPasswordReset,
17
- resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
12
+ login: { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
13
+ logout: { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
14
+ sign_up: { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
15
+ update_password: { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
16
+ send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
17
+ resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
18
18
  }.freeze
19
19
  end
20
20
  end
@@ -5,8 +5,8 @@ require 'graphql_devise/resolvers/confirm_account'
5
5
  module GraphqlDevise
6
6
  module DefaultOperations
7
7
  QUERIES = {
8
- confirm_account: GraphqlDevise::Resolvers::ConfirmAccount,
9
- check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
8
+ confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount },
9
+ check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
10
10
  }.freeze
11
11
  end
12
12
  end
@@ -0,0 +1,7 @@
1
+ module GraphqlDevise
2
+ class AuthenticationError < ExecutionError
3
+ def to_h
4
+ super.merge(extensions: { code: ERROR_CODES.fetch(:authentication_error) })
5
+ end
6
+ end
7
+ end
@@ -1,5 +1,5 @@
1
1
  module GraphqlDevise
2
- class DetailedUserError < GraphQL::ExecutionError
2
+ class DetailedUserError < ExecutionError
3
3
  def initialize(message, errors:)
4
4
  @message = message
5
5
  @errors = errors
@@ -0,0 +1,6 @@
1
+ module GraphqlDevise
2
+ ERROR_CODES = {
3
+ user_error: 'USER_ERROR',
4
+ authentication_error: 'AUTHENTICATION_ERROR'
5
+ }.freeze
6
+ end
@@ -0,0 +1,4 @@
1
+ module GraphqlDevise
2
+ class ExecutionError < GraphQL::ExecutionError
3
+ end
4
+ end
@@ -1,5 +1,5 @@
1
1
  module GraphqlDevise
2
- class UserError < GraphQL::ExecutionError
2
+ class UserError < ExecutionError
3
3
  def to_h
4
4
  super.merge(extensions: { code: ERROR_CODES.fetch(:user_error) })
5
5
  end
@@ -10,14 +10,18 @@ module GraphqlDevise
10
10
  end
11
11
 
12
12
  def call
13
- @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation), result|
13
+ @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
14
14
  mapped_action = "#{@mapping_name}_#{action}"
15
+ operation = operation_info[:klass]
16
+ options = operation_info.except(:klass)
15
17
 
16
18
  result[mapped_action.to_sym] = [
17
19
  OperationPreparers::GqlNameSetter.new(mapped_action),
18
20
  @preparer,
19
21
  OperationPreparers::ResourceNameSetter.new(@mapping_name)
20
- ].reduce(child_class(operation)) { |prepared_operation, preparer| preparer.call(prepared_operation) }
22
+ ].reduce(child_class(operation)) do |prepared_operation, preparer|
23
+ preparer.call(prepared_operation, **options)
24
+ end
21
25
  end
22
26
  end
23
27
 
@@ -6,7 +6,7 @@ module GraphqlDevise
6
6
  @mapping_name = mapping_name
7
7
  end
8
8
 
9
- def call(operation)
9
+ def call(operation, **)
10
10
  operation.graphql_name(graphql_name)
11
11
 
12
12
  operation
@@ -6,9 +6,10 @@ module GraphqlDevise
6
6
  @authenticatable_type = authenticatable_type
7
7
  end
8
8
 
9
- def call(mutation)
10
- mutation.field(:authenticatable, @authenticatable_type, null: false)
9
+ def call(mutation, authenticatable: true)
10
+ return mutation unless authenticatable
11
11
 
12
+ mutation.field(:authenticatable, @authenticatable_type, null: false)
12
13
  mutation
13
14
  end
14
15
  end
@@ -6,7 +6,7 @@ module GraphqlDevise
6
6
  @authenticatable_type = authenticatable_type
7
7
  end
8
8
 
9
- def call(resolver)
9
+ def call(resolver, **)
10
10
  resolver.type(@authenticatable_type, null: false)
11
11
 
12
12
  resolver
@@ -6,7 +6,7 @@ module GraphqlDevise
6
6
  @name = name
7
7
  end
8
8
 
9
- def call(operation)
9
+ def call(operation, **)
10
10
  operation.instance_variable_set(:@resource_name, @name)
11
11
 
12
12
  operation
@@ -22,10 +22,7 @@ module GraphqlDevise
22
22
  template_path: ['graphql_devise/mailer']
23
23
  )
24
24
 
25
- {
26
- authenticatable: resource,
27
- message: I18n.t('graphql_devise.confirmations.send_instructions', email: email)
28
- }
25
+ { message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }
29
26
  else
30
27
  raise_user_error(I18n.t('graphql_devise.confirmations.user_not_found', email: email))
31
28
  end
@@ -4,6 +4,8 @@ module GraphqlDevise
4
4
  argument :email, String, required: true
5
5
  argument :redirect_url, String, required: true
6
6
 
7
+ field :message, String, null: false
8
+
7
9
  def resolve(email:, redirect_url:)
8
10
  resource = find_resource(:email, get_case_insensitive_field(:email, email))
9
11
 
@@ -18,7 +20,7 @@ module GraphqlDevise
18
20
  )
19
21
 
20
22
  if resource.errors.empty?
21
- { authenticatable: resource }
23
+ { message: I18n.t('graphql_devise.passwords.send_instructions') }
22
24
  else
23
25
  raise_user_error_list(I18n.t('graphql_devise.invalid_resource'), errors: resource.errors.full_messages)
24
26
  end
@@ -1,6 +1,6 @@
1
1
  module GraphqlDevise
2
2
  class SchemaPlugin
3
- DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::UserError, "#{field} field requires authentication" }
3
+ DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::AuthenticationError, "#{field} field requires authentication" }
4
4
 
5
5
  def initialize(query: nil, mutation: nil, authenticate_default: true, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
6
6
  @query = query
@@ -1,3 +1,3 @@
1
1
  module GraphqlDevise
2
- VERSION = '0.12.0'.freeze
2
+ VERSION = '0.12.1'.freeze
3
3
  end
@@ -15,10 +15,6 @@ RSpec.describe 'Resend confirmation' do
15
15
  redirectUrl:"#{redirect}"
16
16
  ) {
17
17
  message
18
- authenticatable {
19
- id
20
- email
21
- }
22
18
  }
23
19
  }
24
20
  GRAPHQL
@@ -28,11 +24,7 @@ RSpec.describe 'Resend confirmation' do
28
24
  it 'sends an email to the user with confirmation url and returns a success message' do
29
25
  expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
30
26
  expect(json_response[:data][:userResendConfirmation]).to include(
31
- message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.',
32
- authenticatable: {
33
- id: id,
34
- email: email
35
- }
27
+ message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
36
28
  )
37
29
 
38
30
  email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
@@ -56,11 +48,7 @@ RSpec.describe 'Resend confirmation' do
56
48
  it 'honors devise configuration for case insensitive fields' do
57
49
  expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
58
50
  expect(json_response[:data][:userResendConfirmation]).to include(
59
- message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.',
60
- authenticatable: {
61
- id: id,
62
- email: user.email
63
- }
51
+ message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
64
52
  )
65
53
  end
66
54
  end
@@ -13,9 +13,7 @@ RSpec.describe 'Send Password Reset Requests' do
13
13
  email: "#{email}",
14
14
  redirectUrl: "#{redirect_url}"
15
15
  ) {
16
- authenticatable {
17
- email
18
- }
16
+ message
19
17
  }
20
18
  }
21
19
  GRAPHQL
@@ -25,6 +23,10 @@ RSpec.describe 'Send Password Reset Requests' do
25
23
  it 'sends password reset email' do
26
24
  expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
27
25
 
26
+ expect(json_response[:data][:userSendPasswordReset]).to include(
27
+ message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
28
+ )
29
+
28
30
  email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
29
31
  link = email.css('a').first
30
32
 
@@ -41,6 +43,9 @@ RSpec.describe 'Send Password Reset Requests' do
41
43
 
42
44
  it 'honors devise configuration for case insensitive fields' do
43
45
  expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
46
+ expect(json_response[:data][:userSendPasswordReset]).to include(
47
+ message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
48
+ )
44
49
  end
45
50
  end
46
51
 
@@ -54,7 +54,7 @@ RSpec.describe "Integrations with the user's controller" do
54
54
  context 'when user is not authenticated' do
55
55
  it 'returns a must sign in error' do
56
56
  expect(json_response[:errors]).to contain_exactly(
57
- hash_including(message: 'privateField field requires authentication', extensions: { code: 'USER_ERROR' })
57
+ hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
58
58
  )
59
59
  end
60
60
  end
@@ -74,7 +74,7 @@ RSpec.describe "Integrations with the user's controller" do
74
74
  context 'when user is not authenticated' do
75
75
  it 'returns a must sign in error' do
76
76
  expect(json_response[:errors]).to contain_exactly(
77
- hash_including(message: 'privateField field requires authentication', extensions: { code: 'USER_ERROR' })
77
+ hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
78
78
  )
79
79
  end
80
80
  end
@@ -104,7 +104,7 @@ RSpec.describe "Integrations with the user's controller" do
104
104
  context 'when user is not authenticated' do
105
105
  it 'returns a must sign in error' do
106
106
  expect(json_response[:errors]).to contain_exactly(
107
- hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'USER_ERROR' })
107
+ hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
108
108
  )
109
109
  end
110
110
  end
@@ -124,7 +124,7 @@ RSpec.describe "Integrations with the user's controller" do
124
124
  context 'when user is not authenticated' do
125
125
  it 'returns a must sign in error' do
126
126
  expect(json_response[:errors]).to contain_exactly(
127
- hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'USER_ERROR' })
127
+ hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
128
128
  )
129
129
  end
130
130
  end
@@ -162,7 +162,7 @@ RSpec.describe "Integrations with the user's controller" do
162
162
  context 'when user is not authenticated' do
163
163
  it 'returns a must sign in error' do
164
164
  expect(json_response[:errors]).to contain_exactly(
165
- hash_including(message: 'user field requires authentication', extensions: { code: 'USER_ERROR' })
165
+ hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
166
166
  )
167
167
  end
168
168
  end
@@ -14,10 +14,15 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
14
14
 
15
15
  let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
16
16
  let(:mapping) { :user }
17
- let(:selected) { { login: double(:login_default), logout: logout_class } }
18
17
  let(:preparer) { double(:preparer, call: logout_class) }
19
18
  let(:custom) { { login: double(:custom_login, graphql_name: nil) } }
20
19
  let(:additional) { { user_additional: double(:user_additional) } }
20
+ let(:selected) do
21
+ {
22
+ login: { klass: double(:login_default) },
23
+ logout:{ klass: logout_class }
24
+ }
25
+ end
21
26
 
22
27
  it 'is expected to return all provided operation keys' do
23
28
  expect(prepared_operations.keys).to contain_exactly(
@@ -11,18 +11,25 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
11
11
  let(:logout_operation) { double(:sign_up_operation, graphql_name: nil) }
12
12
  let(:mapping_name) { :user }
13
13
  let(:preparer) { double(:preparer) }
14
- let(:operations) { { login: login_operation, logout: logout_operation, sign_up: sign_up_operation, confirm: confirm_operation } }
15
14
  let(:custom_keys) { [:login, :logout] }
15
+ let(:operations) do
16
+ {
17
+ confirm: { klass: confirm_operation, authenticatable: false },
18
+ sign_up: { klass: sign_up_operation, authenticatable: true },
19
+ login: { klass: login_operation, authenticatable: true },
20
+ logout: { klass: logout_operation, authenticatable: true }
21
+ }
22
+ end
16
23
 
17
24
  before do
18
25
  allow(default_preparer).to receive(:child_class).with(confirm_operation).and_return(confirm_operation)
19
26
  allow(default_preparer).to receive(:child_class).with(sign_up_operation).and_return(sign_up_operation)
20
27
  allow(default_preparer).to receive(:child_class).with(login_operation).and_return(login_operation)
21
28
  allow(default_preparer).to receive(:child_class).with(logout_operation).and_return(logout_operation)
22
- allow(preparer).to receive(:call).with(confirm_operation).and_return(confirm_operation)
23
- allow(preparer).to receive(:call).with(sign_up_operation).and_return(sign_up_operation)
24
- allow(preparer).to receive(:call).with(login_operation).and_return(login_operation)
25
- allow(preparer).to receive(:call).with(logout_operation).and_return(logout_operation)
29
+ allow(preparer).to receive(:call).with(confirm_operation, authenticatable: false).and_return(confirm_operation)
30
+ allow(preparer).to receive(:call).with(sign_up_operation, authenticatable: true).and_return(sign_up_operation)
31
+ allow(preparer).to receive(:call).with(login_operation, authenticatable: true).and_return(login_operation)
32
+ allow(preparer).to receive(:call).with(logout_operation, authenticatable: true).and_return(logout_operation)
26
33
  end
27
34
 
28
35
  it 'returns only those operations with no custom operation provided' do
@@ -32,8 +39,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
32
39
  it 'prepares default operations' do
33
40
  expect(confirm_operation).to receive(:graphql_name).with('UserConfirm')
34
41
  expect(sign_up_operation).to receive(:graphql_name).with('UserSignUp')
35
- expect(preparer).to receive(:call).with(confirm_operation)
36
- expect(preparer).to receive(:call).with(sign_up_operation)
42
+ expect(preparer).to receive(:call).with(confirm_operation, authenticatable: false)
43
+ expect(preparer).to receive(:call).with(sign_up_operation, authenticatable: true)
37
44
 
38
45
  prepared
39
46
 
@@ -2,15 +2,29 @@ require 'spec_helper'
2
2
 
3
3
  RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter do
4
4
  describe '#call' do
5
- subject(:prepared_operation) { described_class.new(field_type).call(operation) }
5
+ subject(:prepared_operation) { described_class.new(field_type).call(operation, authenticatable: authenticatable) }
6
6
 
7
7
  let(:operation) { double(:operation) }
8
8
  let(:field_type) { double(:type) }
9
9
 
10
- it 'sets a field for the mutation' do
11
- expect(operation).to receive(:field).with(:authenticatable, field_type, null: false)
10
+ context 'when resource is authtenticable' do
11
+ let(:authenticatable) { true }
12
12
 
13
- prepared_operation
13
+ it 'sets a field for the mutation' do
14
+ expect(operation).to receive(:field).with(:authenticatable, field_type, null: false)
15
+
16
+ prepared_operation
17
+ end
18
+ end
19
+
20
+ context 'when resource is *NOT* authtenticable' do
21
+ let(:authenticatable) { false }
22
+
23
+ it 'does *NOT* set a field for the mutation' do
24
+ expect(operation).not_to receive(:field)
25
+
26
+ prepared_operation
27
+ end
14
28
  end
15
29
  end
16
30
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: graphql_devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.0
4
+ version: 0.12.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mario Celi
@@ -308,9 +308,12 @@ files:
308
308
  - lib/graphql_devise/concerns/controller_methods.rb
309
309
  - lib/graphql_devise/default_operations/mutations.rb
310
310
  - lib/graphql_devise/default_operations/resolvers.rb
311
- - lib/graphql_devise/detailed_user_error.rb
312
311
  - lib/graphql_devise/engine.rb
313
- - lib/graphql_devise/error_codes.rb
312
+ - lib/graphql_devise/errors/authentication_error.rb
313
+ - lib/graphql_devise/errors/detailed_user_error.rb
314
+ - lib/graphql_devise/errors/error_codes.rb
315
+ - lib/graphql_devise/errors/execution_error.rb
316
+ - lib/graphql_devise/errors/user_error.rb
314
317
  - lib/graphql_devise/mount_method/operation_preparer.rb
315
318
  - lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb
316
319
  - lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb
@@ -348,7 +351,6 @@ files:
348
351
  - lib/graphql_devise/types/credential_type.rb
349
352
  - lib/graphql_devise/types/mutation_type.rb
350
353
  - lib/graphql_devise/types/query_type.rb
351
- - lib/graphql_devise/user_error.rb
352
354
  - lib/graphql_devise/version.rb
353
355
  - spec/dummy/README.md
354
356
  - spec/dummy/Rakefile
@@ -405,7 +407,6 @@ files:
405
407
  - spec/dummy/config/routes.rb
406
408
  - spec/dummy/config/secrets.yml
407
409
  - spec/dummy/config/spring.rb
408
- - spec/dummy/db/development.sqlite3
409
410
  - spec/dummy/db/migrate/20190815114303_create_users.rb
410
411
  - spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
411
412
  - spec/dummy/db/migrate/20190916012505_create_admins.rb
@@ -413,9 +414,6 @@ files:
413
414
  - spec/dummy/db/migrate/20200321121807_create_users_customers.rb
414
415
  - spec/dummy/db/schema.rb
415
416
  - spec/dummy/db/seeds.rb
416
- - spec/dummy/db/test.sqlite3
417
- - spec/dummy/log/development.log
418
- - spec/dummy/log/test.log
419
417
  - spec/dummy/public/robots.txt
420
418
  - spec/factories/admins.rb
421
419
  - spec/factories/guests.rb
@@ -489,116 +487,112 @@ signing_key:
489
487
  specification_version: 4
490
488
  summary: GraphQL queries and mutations on top of devise_token_auth
491
489
  test_files:
492
- - spec/spec_helper.rb
493
- - spec/dummy/app/mailers/application_mailer.rb
494
- - spec/dummy/app/models/guest.rb
495
- - spec/dummy/app/models/admin.rb
496
- - spec/dummy/app/models/users/customer.rb
497
- - spec/dummy/app/models/users.rb
498
- - spec/dummy/app/models/application_record.rb
499
- - spec/dummy/app/models/user.rb
490
+ - spec/dummy/README.md
491
+ - spec/dummy/Rakefile
492
+ - spec/dummy/app/assets/config/manifest.js
493
+ - spec/dummy/app/controllers/api/v1/graphql_controller.rb
494
+ - spec/dummy/app/controllers/application_controller.rb
495
+ - spec/dummy/app/graphql/dummy_schema.rb
500
496
  - spec/dummy/app/graphql/interpreter_schema.rb
501
- - spec/dummy/app/graphql/types/custom_admin_type.rb
502
- - spec/dummy/app/graphql/types/mutation_type.rb
503
- - spec/dummy/app/graphql/types/query_type.rb
504
- - spec/dummy/app/graphql/types/base_object.rb
505
- - spec/dummy/app/graphql/types/user_type.rb
506
- - spec/dummy/app/graphql/mutations/register_confirmed_user.rb
507
497
  - spec/dummy/app/graphql/mutations/login.rb
498
+ - spec/dummy/app/graphql/mutations/register_confirmed_user.rb
508
499
  - spec/dummy/app/graphql/mutations/sign_up.rb
509
500
  - spec/dummy/app/graphql/resolvers/public_user.rb
510
501
  - spec/dummy/app/graphql/resolvers/user_show.rb
511
- - spec/dummy/app/graphql/dummy_schema.rb
502
+ - spec/dummy/app/graphql/types/base_object.rb
503
+ - spec/dummy/app/graphql/types/custom_admin_type.rb
504
+ - spec/dummy/app/graphql/types/mutation_type.rb
505
+ - spec/dummy/app/graphql/types/query_type.rb
506
+ - spec/dummy/app/graphql/types/user_type.rb
512
507
  - spec/dummy/app/jobs/application_job.rb
513
- - spec/dummy/app/controllers/application_controller.rb
514
- - spec/dummy/app/controllers/api/v1/graphql_controller.rb
508
+ - spec/dummy/app/mailers/application_mailer.rb
509
+ - spec/dummy/app/models/admin.rb
510
+ - spec/dummy/app/models/application_record.rb
511
+ - spec/dummy/app/models/guest.rb
512
+ - spec/dummy/app/models/user.rb
513
+ - spec/dummy/app/models/users.rb
514
+ - spec/dummy/app/models/users/customer.rb
515
515
  - spec/dummy/app/views/layouts/mailer.html.erb
516
516
  - spec/dummy/app/views/layouts/mailer.text.erb
517
- - spec/dummy/app/assets/config/manifest.js
518
- - spec/dummy/bin/update
519
- - spec/dummy/bin/rake
520
- - spec/dummy/bin/setup
521
517
  - spec/dummy/bin/bundle
522
518
  - spec/dummy/bin/rails
523
- - spec/dummy/config/secrets.yml
524
- - spec/dummy/config/routes.rb
525
- - spec/dummy/config/environments/production.rb
526
- - spec/dummy/config/environments/development.rb
527
- - spec/dummy/config/environments/test.rb
528
- - spec/dummy/config/spring.rb
529
- - spec/dummy/config/master.key
530
- - spec/dummy/config/environment.rb
519
+ - spec/dummy/bin/rake
520
+ - spec/dummy/bin/setup
521
+ - spec/dummy/bin/update
522
+ - spec/dummy/config.ru
531
523
  - spec/dummy/config/application.rb
532
- - spec/dummy/config/puma.rb
533
524
  - spec/dummy/config/credentials.yml.enc
534
525
  - spec/dummy/config/database.yml
526
+ - spec/dummy/config/environment.rb
527
+ - spec/dummy/config/environments/development.rb
528
+ - spec/dummy/config/environments/production.rb
529
+ - spec/dummy/config/environments/test.rb
535
530
  - spec/dummy/config/initializers/application_controller_renderer.rb
536
531
  - spec/dummy/config/initializers/backtrace_silencers.rb
532
+ - spec/dummy/config/initializers/cors.rb
533
+ - spec/dummy/config/initializers/devise.rb
537
534
  - spec/dummy/config/initializers/devise_token_auth.rb
538
- - spec/dummy/config/initializers/mime_types.rb
539
535
  - spec/dummy/config/initializers/filter_parameter_logging.rb
540
- - spec/dummy/config/initializers/wrap_parameters.rb
541
536
  - spec/dummy/config/initializers/i18n.rb
542
- - spec/dummy/config/initializers/devise.rb
543
537
  - spec/dummy/config/initializers/inflections.rb
544
- - spec/dummy/config/initializers/cors.rb
545
- - spec/dummy/config.ru
546
- - spec/dummy/README.md
547
- - spec/dummy/Rakefile
548
- - spec/dummy/public/robots.txt
549
- - spec/dummy/db/schema.rb
550
- - spec/dummy/db/seeds.rb
551
- - spec/dummy/db/test.sqlite3
538
+ - spec/dummy/config/initializers/mime_types.rb
539
+ - spec/dummy/config/initializers/wrap_parameters.rb
540
+ - spec/dummy/config/master.key
541
+ - spec/dummy/config/puma.rb
542
+ - spec/dummy/config/routes.rb
543
+ - spec/dummy/config/secrets.yml
544
+ - spec/dummy/config/spring.rb
545
+ - spec/dummy/db/migrate/20190815114303_create_users.rb
546
+ - spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
552
547
  - spec/dummy/db/migrate/20190916012505_create_admins.rb
553
548
  - spec/dummy/db/migrate/20191013213045_create_guests.rb
554
549
  - spec/dummy/db/migrate/20200321121807_create_users_customers.rb
555
- - spec/dummy/db/migrate/20190815114303_create_users.rb
556
- - spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
557
- - spec/dummy/db/development.sqlite3
558
- - spec/dummy/log/test.log
559
- - spec/dummy/log/development.log
550
+ - spec/dummy/db/schema.rb
551
+ - spec/dummy/db/seeds.rb
552
+ - spec/dummy/public/robots.txt
553
+ - spec/factories/admins.rb
554
+ - spec/factories/guests.rb
555
+ - spec/factories/users.rb
556
+ - spec/factories/users_customers.rb
557
+ - spec/generators/graphql_devise/install_generator_spec.rb
560
558
  - spec/graphql_devise_spec.rb
561
559
  - spec/models/user_spec.rb
560
+ - spec/rails_helper.rb
562
561
  - spec/requests/graphql_controller_spec.rb
563
- - spec/requests/user_controller_spec.rb
562
+ - spec/requests/mutations/additional_mutations_spec.rb
563
+ - spec/requests/mutations/additional_queries_spec.rb
564
564
  - spec/requests/mutations/login_spec.rb
565
565
  - spec/requests/mutations/logout_spec.rb
566
+ - spec/requests/mutations/resend_confirmation_spec.rb
566
567
  - spec/requests/mutations/send_password_reset_spec.rb
567
- - spec/requests/mutations/update_password_spec.rb
568
- - spec/requests/mutations/additional_mutations_spec.rb
569
- - spec/requests/mutations/additional_queries_spec.rb
570
568
  - spec/requests/mutations/sign_up_spec.rb
571
- - spec/requests/mutations/resend_confirmation_spec.rb
572
- - spec/requests/queries/confirm_account_spec.rb
569
+ - spec/requests/mutations/update_password_spec.rb
573
570
  - spec/requests/queries/check_password_token_spec.rb
574
- - spec/support/factory_bot.rb
575
- - spec/support/contexts/graphql_request.rb
576
- - spec/support/requests/auth_helpers.rb
577
- - spec/support/requests/json_helpers.rb
578
- - spec/support/matchers/not_change_matcher.rb
579
- - spec/support/matchers/auth_headers_matcher.rb
580
- - spec/factories/admins.rb
581
- - spec/factories/users.rb
582
- - spec/factories/guests.rb
583
- - spec/factories/users_customers.rb
584
- - spec/generators/graphql_devise/install_generator_spec.rb
585
- - spec/rails_helper.rb
586
- - spec/services/schema_plugin_spec.rb
587
- - spec/services/mount_method/option_sanitizers/class_checker_spec.rb
588
- - spec/services/mount_method/option_sanitizers/array_checker_spec.rb
589
- - spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
590
- - spec/services/mount_method/option_sanitizers/string_checker_spec.rb
591
- - spec/services/mount_method/option_sanitizer_spec.rb
592
- - spec/services/mount_method/options_validator_spec.rb
571
+ - spec/requests/queries/confirm_account_spec.rb
572
+ - spec/requests/user_controller_spec.rb
593
573
  - spec/services/mount_method/operation_preparer_spec.rb
594
- - spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
574
+ - spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb
595
575
  - spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb
576
+ - spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
577
+ - spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
596
578
  - spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb
597
579
  - spec/services/mount_method/operation_preparers/resource_name_setter_spec.rb
598
- - spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
599
- - spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb
600
- - spec/services/mount_method/option_validators/supported_operations_validator_spec.rb
580
+ - spec/services/mount_method/operation_sanitizer_spec.rb
581
+ - spec/services/mount_method/option_sanitizer_spec.rb
582
+ - spec/services/mount_method/option_sanitizers/array_checker_spec.rb
583
+ - spec/services/mount_method/option_sanitizers/class_checker_spec.rb
584
+ - spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
585
+ - spec/services/mount_method/option_sanitizers/string_checker_spec.rb
601
586
  - spec/services/mount_method/option_validators/provided_operations_validator_spec.rb
602
587
  - spec/services/mount_method/option_validators/skip_only_validator_spec.rb
603
- - spec/services/mount_method/operation_sanitizer_spec.rb
588
+ - spec/services/mount_method/option_validators/supported_operations_validator_spec.rb
589
+ - spec/services/mount_method/options_validator_spec.rb
604
590
  - spec/services/resource_loader_spec.rb
591
+ - spec/services/schema_plugin_spec.rb
592
+ - spec/spec_helper.rb
593
+ - spec/support/contexts/graphql_request.rb
594
+ - spec/support/factory_bot.rb
595
+ - spec/support/matchers/auth_headers_matcher.rb
596
+ - spec/support/matchers/not_change_matcher.rb
597
+ - spec/support/requests/auth_helpers.rb
598
+ - spec/support/requests/json_helpers.rb
@@ -1,5 +0,0 @@
1
- module GraphqlDevise
2
- ERROR_CODES = {
3
- user_error: 'USER_ERROR'
4
- }.freeze
5
- end