graphql_devise 0.12.0 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -1
- data/config/locales/en.yml +1 -0
- data/graphql_devise.gemspec +3 -1
- data/lib/graphql_devise.rb +8 -6
- data/lib/graphql_devise/default_operations/mutations.rb +6 -6
- data/lib/graphql_devise/default_operations/resolvers.rb +2 -2
- data/lib/graphql_devise/errors/authentication_error.rb +7 -0
- data/lib/graphql_devise/{detailed_user_error.rb → errors/detailed_user_error.rb} +1 -1
- data/lib/graphql_devise/errors/error_codes.rb +6 -0
- data/lib/graphql_devise/errors/execution_error.rb +4 -0
- data/lib/graphql_devise/{user_error.rb → errors/user_error.rb} +1 -1
- data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb +6 -2
- data/lib/graphql_devise/mount_method/operation_preparers/gql_name_setter.rb +1 -1
- data/lib/graphql_devise/mount_method/operation_preparers/mutation_field_setter.rb +3 -2
- data/lib/graphql_devise/mount_method/operation_preparers/resolver_type_setter.rb +1 -1
- data/lib/graphql_devise/mount_method/operation_preparers/resource_name_setter.rb +1 -1
- data/lib/graphql_devise/mutations/resend_confirmation.rb +1 -4
- data/lib/graphql_devise/mutations/send_password_reset.rb +3 -1
- data/lib/graphql_devise/schema_plugin.rb +1 -1
- data/lib/graphql_devise/version.rb +1 -1
- data/spec/requests/mutations/resend_confirmation_spec.rb +2 -14
- data/spec/requests/mutations/send_password_reset_spec.rb +8 -3
- data/spec/requests/user_controller_spec.rb +5 -5
- data/spec/services/mount_method/operation_preparer_spec.rb +6 -1
- data/spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb +14 -7
- data/spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb +18 -4
- metadata +78 -84
- data/lib/graphql_devise/error_codes.rb +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64f2bd00ac9c5edc119bb83326ffa996ab57a5551474887281857ef10ee7abb9
|
4
|
+
data.tar.gz: a8e1b662d697f4e8f94faf41b3ccbfec9b4ae6eb295ee4ee004c80d0c2b723bb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c6be77b7524f9a3cbf17b047fc5fbedc5d2cc0158ee343bdb470fe468774d3c3c7b1b0e80f2d529d623e3e74f32bf6d61f1dd220ebc2e66d7863346cedafde25
|
7
|
+
data.tar.gz: c6264ad438bfbec20b53c77bf9997e0a2a6d4ef184488f0a4830e5cad7c7f8f01112e163ec1fb0b5ed86718e488899373706245f22fc6c754280c74daec8a510
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,15 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
-
## [v0.12.
|
3
|
+
## [v0.12.1](https://github.com/graphql-devise/graphql_devise/tree/v0.12.1) (2020-06-12)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.0...v0.12.1)
|
6
|
+
|
7
|
+
**Security fixes:**
|
8
|
+
|
9
|
+
- Insecure send password reset mutation? [\#98](https://github.com/graphql-devise/graphql_devise/issues/98)
|
10
|
+
- Avoid returning user information on password reset mutation [\#100](https://github.com/graphql-devise/graphql_devise/pull/100) ([00dav00](https://github.com/00dav00))
|
11
|
+
|
12
|
+
## [v0.12.0](https://github.com/graphql-devise/graphql_devise/tree/v0.12.0) (2020-06-12)
|
4
13
|
|
5
14
|
[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.11.4...v0.12.0)
|
6
15
|
|
data/config/locales/en.yml
CHANGED
@@ -14,6 +14,7 @@ en:
|
|
14
14
|
password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
|
15
15
|
reset_token_not_found: "No user found for the specified reset token."
|
16
16
|
reset_token_expired: "Reset password token is no longer valid."
|
17
|
+
send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
|
17
18
|
sessions:
|
18
19
|
bad_credentials: "Invalid login credentials. Please try again."
|
19
20
|
not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
|
data/graphql_devise.gemspec
CHANGED
@@ -21,7 +21,9 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.bindir = 'exe'
|
22
22
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
23
23
|
spec.require_paths = ['lib']
|
24
|
-
spec.test_files = Dir
|
24
|
+
spec.test_files = Dir.chdir(File.expand_path(__dir__)) do
|
25
|
+
`git ls-files -z`.split("\x0").select { |f| f.match(%r{^spec/}) }
|
26
|
+
end
|
25
27
|
|
26
28
|
spec.required_ruby_version = '>= 2.2.0'
|
27
29
|
|
data/lib/graphql_devise.rb
CHANGED
@@ -36,6 +36,14 @@ module GraphqlDevise
|
|
36
36
|
end
|
37
37
|
end
|
38
38
|
|
39
|
+
require 'graphql_devise/engine'
|
40
|
+
require 'graphql_devise/version'
|
41
|
+
require 'graphql_devise/errors/error_codes'
|
42
|
+
require 'graphql_devise/errors/execution_error'
|
43
|
+
require 'graphql_devise/errors/user_error'
|
44
|
+
require 'graphql_devise/errors/authentication_error'
|
45
|
+
require 'graphql_devise/errors/detailed_user_error'
|
46
|
+
|
39
47
|
require 'graphql_devise/concerns/controller_methods'
|
40
48
|
require 'graphql_devise/schema'
|
41
49
|
require 'graphql_devise/types/authenticatable_type'
|
@@ -46,12 +54,6 @@ require 'graphql_devise/default_operations/mutations'
|
|
46
54
|
require 'graphql_devise/default_operations/resolvers'
|
47
55
|
require 'graphql_devise/resolvers/dummy'
|
48
56
|
|
49
|
-
require 'graphql_devise/engine'
|
50
|
-
require 'graphql_devise/version'
|
51
|
-
require 'graphql_devise/error_codes'
|
52
|
-
require 'graphql_devise/user_error'
|
53
|
-
require 'graphql_devise/detailed_user_error'
|
54
|
-
|
55
57
|
require 'graphql_devise/mount_method/option_sanitizer'
|
56
58
|
require 'graphql_devise/mount_method/options_validator'
|
57
59
|
require 'graphql_devise/mount_method/operation_preparer'
|
@@ -9,12 +9,12 @@ require 'graphql_devise/mutations/update_password'
|
|
9
9
|
module GraphqlDevise
|
10
10
|
module DefaultOperations
|
11
11
|
MUTATIONS = {
|
12
|
-
login: GraphqlDevise::Mutations::Login,
|
13
|
-
logout: GraphqlDevise::Mutations::Logout,
|
14
|
-
sign_up: GraphqlDevise::Mutations::SignUp,
|
15
|
-
update_password: GraphqlDevise::Mutations::UpdatePassword,
|
16
|
-
send_password_reset: GraphqlDevise::Mutations::SendPasswordReset,
|
17
|
-
resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
|
12
|
+
login: { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
|
13
|
+
logout: { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
|
14
|
+
sign_up: { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
|
15
|
+
update_password: { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
|
16
|
+
send_password_reset: { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
|
17
|
+
resend_confirmation: { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
|
18
18
|
}.freeze
|
19
19
|
end
|
20
20
|
end
|
@@ -5,8 +5,8 @@ require 'graphql_devise/resolvers/confirm_account'
|
|
5
5
|
module GraphqlDevise
|
6
6
|
module DefaultOperations
|
7
7
|
QUERIES = {
|
8
|
-
confirm_account: GraphqlDevise::Resolvers::ConfirmAccount,
|
9
|
-
check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
|
8
|
+
confirm_account: { klass: GraphqlDevise::Resolvers::ConfirmAccount },
|
9
|
+
check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
|
10
10
|
}.freeze
|
11
11
|
end
|
12
12
|
end
|
@@ -10,14 +10,18 @@ module GraphqlDevise
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def call
|
13
|
-
@selected_operations.except(*@custom_keys).each_with_object({}) do |(action,
|
13
|
+
@selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
|
14
14
|
mapped_action = "#{@mapping_name}_#{action}"
|
15
|
+
operation = operation_info[:klass]
|
16
|
+
options = operation_info.except(:klass)
|
15
17
|
|
16
18
|
result[mapped_action.to_sym] = [
|
17
19
|
OperationPreparers::GqlNameSetter.new(mapped_action),
|
18
20
|
@preparer,
|
19
21
|
OperationPreparers::ResourceNameSetter.new(@mapping_name)
|
20
|
-
].reduce(child_class(operation))
|
22
|
+
].reduce(child_class(operation)) do |prepared_operation, preparer|
|
23
|
+
preparer.call(prepared_operation, **options)
|
24
|
+
end
|
21
25
|
end
|
22
26
|
end
|
23
27
|
|
@@ -6,9 +6,10 @@ module GraphqlDevise
|
|
6
6
|
@authenticatable_type = authenticatable_type
|
7
7
|
end
|
8
8
|
|
9
|
-
def call(mutation)
|
10
|
-
mutation
|
9
|
+
def call(mutation, authenticatable: true)
|
10
|
+
return mutation unless authenticatable
|
11
11
|
|
12
|
+
mutation.field(:authenticatable, @authenticatable_type, null: false)
|
12
13
|
mutation
|
13
14
|
end
|
14
15
|
end
|
@@ -22,10 +22,7 @@ module GraphqlDevise
|
|
22
22
|
template_path: ['graphql_devise/mailer']
|
23
23
|
)
|
24
24
|
|
25
|
-
{
|
26
|
-
authenticatable: resource,
|
27
|
-
message: I18n.t('graphql_devise.confirmations.send_instructions', email: email)
|
28
|
-
}
|
25
|
+
{ message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }
|
29
26
|
else
|
30
27
|
raise_user_error(I18n.t('graphql_devise.confirmations.user_not_found', email: email))
|
31
28
|
end
|
@@ -4,6 +4,8 @@ module GraphqlDevise
|
|
4
4
|
argument :email, String, required: true
|
5
5
|
argument :redirect_url, String, required: true
|
6
6
|
|
7
|
+
field :message, String, null: false
|
8
|
+
|
7
9
|
def resolve(email:, redirect_url:)
|
8
10
|
resource = find_resource(:email, get_case_insensitive_field(:email, email))
|
9
11
|
|
@@ -18,7 +20,7 @@ module GraphqlDevise
|
|
18
20
|
)
|
19
21
|
|
20
22
|
if resource.errors.empty?
|
21
|
-
{
|
23
|
+
{ message: I18n.t('graphql_devise.passwords.send_instructions') }
|
22
24
|
else
|
23
25
|
raise_user_error_list(I18n.t('graphql_devise.invalid_resource'), errors: resource.errors.full_messages)
|
24
26
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module GraphqlDevise
|
2
2
|
class SchemaPlugin
|
3
|
-
DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::
|
3
|
+
DEFAULT_NOT_AUTHENTICATED = ->(field) { raise GraphqlDevise::AuthenticationError, "#{field} field requires authentication" }
|
4
4
|
|
5
5
|
def initialize(query: nil, mutation: nil, authenticate_default: true, resource_loaders: [], unauthenticated_proc: DEFAULT_NOT_AUTHENTICATED)
|
6
6
|
@query = query
|
@@ -15,10 +15,6 @@ RSpec.describe 'Resend confirmation' do
|
|
15
15
|
redirectUrl:"#{redirect}"
|
16
16
|
) {
|
17
17
|
message
|
18
|
-
authenticatable {
|
19
|
-
id
|
20
|
-
email
|
21
|
-
}
|
22
18
|
}
|
23
19
|
}
|
24
20
|
GRAPHQL
|
@@ -28,11 +24,7 @@ RSpec.describe 'Resend confirmation' do
|
|
28
24
|
it 'sends an email to the user with confirmation url and returns a success message' do
|
29
25
|
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
|
30
26
|
expect(json_response[:data][:userResendConfirmation]).to include(
|
31
|
-
message:
|
32
|
-
authenticatable: {
|
33
|
-
id: id,
|
34
|
-
email: email
|
35
|
-
}
|
27
|
+
message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
|
36
28
|
)
|
37
29
|
|
38
30
|
email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
|
@@ -56,11 +48,7 @@ RSpec.describe 'Resend confirmation' do
|
|
56
48
|
it 'honors devise configuration for case insensitive fields' do
|
57
49
|
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
|
58
50
|
expect(json_response[:data][:userResendConfirmation]).to include(
|
59
|
-
message:
|
60
|
-
authenticatable: {
|
61
|
-
id: id,
|
62
|
-
email: user.email
|
63
|
-
}
|
51
|
+
message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
|
64
52
|
)
|
65
53
|
end
|
66
54
|
end
|
@@ -13,9 +13,7 @@ RSpec.describe 'Send Password Reset Requests' do
|
|
13
13
|
email: "#{email}",
|
14
14
|
redirectUrl: "#{redirect_url}"
|
15
15
|
) {
|
16
|
-
|
17
|
-
email
|
18
|
-
}
|
16
|
+
message
|
19
17
|
}
|
20
18
|
}
|
21
19
|
GRAPHQL
|
@@ -25,6 +23,10 @@ RSpec.describe 'Send Password Reset Requests' do
|
|
25
23
|
it 'sends password reset email' do
|
26
24
|
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
|
27
25
|
|
26
|
+
expect(json_response[:data][:userSendPasswordReset]).to include(
|
27
|
+
message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
|
28
|
+
)
|
29
|
+
|
28
30
|
email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
|
29
31
|
link = email.css('a').first
|
30
32
|
|
@@ -41,6 +43,9 @@ RSpec.describe 'Send Password Reset Requests' do
|
|
41
43
|
|
42
44
|
it 'honors devise configuration for case insensitive fields' do
|
43
45
|
expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
|
46
|
+
expect(json_response[:data][:userSendPasswordReset]).to include(
|
47
|
+
message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
|
48
|
+
)
|
44
49
|
end
|
45
50
|
end
|
46
51
|
|
@@ -54,7 +54,7 @@ RSpec.describe "Integrations with the user's controller" do
|
|
54
54
|
context 'when user is not authenticated' do
|
55
55
|
it 'returns a must sign in error' do
|
56
56
|
expect(json_response[:errors]).to contain_exactly(
|
57
|
-
hash_including(message: 'privateField field requires authentication', extensions: { code: '
|
57
|
+
hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
|
58
58
|
)
|
59
59
|
end
|
60
60
|
end
|
@@ -74,7 +74,7 @@ RSpec.describe "Integrations with the user's controller" do
|
|
74
74
|
context 'when user is not authenticated' do
|
75
75
|
it 'returns a must sign in error' do
|
76
76
|
expect(json_response[:errors]).to contain_exactly(
|
77
|
-
hash_including(message: 'privateField field requires authentication', extensions: { code: '
|
77
|
+
hash_including(message: 'privateField field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
|
78
78
|
)
|
79
79
|
end
|
80
80
|
end
|
@@ -104,7 +104,7 @@ RSpec.describe "Integrations with the user's controller" do
|
|
104
104
|
context 'when user is not authenticated' do
|
105
105
|
it 'returns a must sign in error' do
|
106
106
|
expect(json_response[:errors]).to contain_exactly(
|
107
|
-
hash_including(message: 'dummyMutation field requires authentication', extensions: { code: '
|
107
|
+
hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
|
108
108
|
)
|
109
109
|
end
|
110
110
|
end
|
@@ -124,7 +124,7 @@ RSpec.describe "Integrations with the user's controller" do
|
|
124
124
|
context 'when user is not authenticated' do
|
125
125
|
it 'returns a must sign in error' do
|
126
126
|
expect(json_response[:errors]).to contain_exactly(
|
127
|
-
hash_including(message: 'dummyMutation field requires authentication', extensions: { code: '
|
127
|
+
hash_including(message: 'dummyMutation field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
|
128
128
|
)
|
129
129
|
end
|
130
130
|
end
|
@@ -162,7 +162,7 @@ RSpec.describe "Integrations with the user's controller" do
|
|
162
162
|
context 'when user is not authenticated' do
|
163
163
|
it 'returns a must sign in error' do
|
164
164
|
expect(json_response[:errors]).to contain_exactly(
|
165
|
-
hash_including(message: 'user field requires authentication', extensions: { code: '
|
165
|
+
hash_including(message: 'user field requires authentication', extensions: { code: 'AUTHENTICATION_ERROR' })
|
166
166
|
)
|
167
167
|
end
|
168
168
|
end
|
@@ -14,10 +14,15 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparer do
|
|
14
14
|
|
15
15
|
let(:logout_class) { Class.new(GraphQL::Schema::Resolver) }
|
16
16
|
let(:mapping) { :user }
|
17
|
-
let(:selected) { { login: double(:login_default), logout: logout_class } }
|
18
17
|
let(:preparer) { double(:preparer, call: logout_class) }
|
19
18
|
let(:custom) { { login: double(:custom_login, graphql_name: nil) } }
|
20
19
|
let(:additional) { { user_additional: double(:user_additional) } }
|
20
|
+
let(:selected) do
|
21
|
+
{
|
22
|
+
login: { klass: double(:login_default) },
|
23
|
+
logout:{ klass: logout_class }
|
24
|
+
}
|
25
|
+
end
|
21
26
|
|
22
27
|
it 'is expected to return all provided operation keys' do
|
23
28
|
expect(prepared_operations.keys).to contain_exactly(
|
@@ -11,18 +11,25 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
|
|
11
11
|
let(:logout_operation) { double(:sign_up_operation, graphql_name: nil) }
|
12
12
|
let(:mapping_name) { :user }
|
13
13
|
let(:preparer) { double(:preparer) }
|
14
|
-
let(:operations) { { login: login_operation, logout: logout_operation, sign_up: sign_up_operation, confirm: confirm_operation } }
|
15
14
|
let(:custom_keys) { [:login, :logout] }
|
15
|
+
let(:operations) do
|
16
|
+
{
|
17
|
+
confirm: { klass: confirm_operation, authenticatable: false },
|
18
|
+
sign_up: { klass: sign_up_operation, authenticatable: true },
|
19
|
+
login: { klass: login_operation, authenticatable: true },
|
20
|
+
logout: { klass: logout_operation, authenticatable: true }
|
21
|
+
}
|
22
|
+
end
|
16
23
|
|
17
24
|
before do
|
18
25
|
allow(default_preparer).to receive(:child_class).with(confirm_operation).and_return(confirm_operation)
|
19
26
|
allow(default_preparer).to receive(:child_class).with(sign_up_operation).and_return(sign_up_operation)
|
20
27
|
allow(default_preparer).to receive(:child_class).with(login_operation).and_return(login_operation)
|
21
28
|
allow(default_preparer).to receive(:child_class).with(logout_operation).and_return(logout_operation)
|
22
|
-
allow(preparer).to receive(:call).with(confirm_operation).and_return(confirm_operation)
|
23
|
-
allow(preparer).to receive(:call).with(sign_up_operation).and_return(sign_up_operation)
|
24
|
-
allow(preparer).to receive(:call).with(login_operation).and_return(login_operation)
|
25
|
-
allow(preparer).to receive(:call).with(logout_operation).and_return(logout_operation)
|
29
|
+
allow(preparer).to receive(:call).with(confirm_operation, authenticatable: false).and_return(confirm_operation)
|
30
|
+
allow(preparer).to receive(:call).with(sign_up_operation, authenticatable: true).and_return(sign_up_operation)
|
31
|
+
allow(preparer).to receive(:call).with(login_operation, authenticatable: true).and_return(login_operation)
|
32
|
+
allow(preparer).to receive(:call).with(logout_operation, authenticatable: true).and_return(logout_operation)
|
26
33
|
end
|
27
34
|
|
28
35
|
it 'returns only those operations with no custom operation provided' do
|
@@ -32,8 +39,8 @@ RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::DefaultOperationP
|
|
32
39
|
it 'prepares default operations' do
|
33
40
|
expect(confirm_operation).to receive(:graphql_name).with('UserConfirm')
|
34
41
|
expect(sign_up_operation).to receive(:graphql_name).with('UserSignUp')
|
35
|
-
expect(preparer).to receive(:call).with(confirm_operation)
|
36
|
-
expect(preparer).to receive(:call).with(sign_up_operation)
|
42
|
+
expect(preparer).to receive(:call).with(confirm_operation, authenticatable: false)
|
43
|
+
expect(preparer).to receive(:call).with(sign_up_operation, authenticatable: true)
|
37
44
|
|
38
45
|
prepared
|
39
46
|
|
@@ -2,15 +2,29 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
RSpec.describe GraphqlDevise::MountMethod::OperationPreparers::MutationFieldSetter do
|
4
4
|
describe '#call' do
|
5
|
-
subject(:prepared_operation) { described_class.new(field_type).call(operation) }
|
5
|
+
subject(:prepared_operation) { described_class.new(field_type).call(operation, authenticatable: authenticatable) }
|
6
6
|
|
7
7
|
let(:operation) { double(:operation) }
|
8
8
|
let(:field_type) { double(:type) }
|
9
9
|
|
10
|
-
|
11
|
-
|
10
|
+
context 'when resource is authtenticable' do
|
11
|
+
let(:authenticatable) { true }
|
12
12
|
|
13
|
-
|
13
|
+
it 'sets a field for the mutation' do
|
14
|
+
expect(operation).to receive(:field).with(:authenticatable, field_type, null: false)
|
15
|
+
|
16
|
+
prepared_operation
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
context 'when resource is *NOT* authtenticable' do
|
21
|
+
let(:authenticatable) { false }
|
22
|
+
|
23
|
+
it 'does *NOT* set a field for the mutation' do
|
24
|
+
expect(operation).not_to receive(:field)
|
25
|
+
|
26
|
+
prepared_operation
|
27
|
+
end
|
14
28
|
end
|
15
29
|
end
|
16
30
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: graphql_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.12.
|
4
|
+
version: 0.12.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mario Celi
|
@@ -308,9 +308,12 @@ files:
|
|
308
308
|
- lib/graphql_devise/concerns/controller_methods.rb
|
309
309
|
- lib/graphql_devise/default_operations/mutations.rb
|
310
310
|
- lib/graphql_devise/default_operations/resolvers.rb
|
311
|
-
- lib/graphql_devise/detailed_user_error.rb
|
312
311
|
- lib/graphql_devise/engine.rb
|
313
|
-
- lib/graphql_devise/
|
312
|
+
- lib/graphql_devise/errors/authentication_error.rb
|
313
|
+
- lib/graphql_devise/errors/detailed_user_error.rb
|
314
|
+
- lib/graphql_devise/errors/error_codes.rb
|
315
|
+
- lib/graphql_devise/errors/execution_error.rb
|
316
|
+
- lib/graphql_devise/errors/user_error.rb
|
314
317
|
- lib/graphql_devise/mount_method/operation_preparer.rb
|
315
318
|
- lib/graphql_devise/mount_method/operation_preparers/custom_operation_preparer.rb
|
316
319
|
- lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb
|
@@ -348,7 +351,6 @@ files:
|
|
348
351
|
- lib/graphql_devise/types/credential_type.rb
|
349
352
|
- lib/graphql_devise/types/mutation_type.rb
|
350
353
|
- lib/graphql_devise/types/query_type.rb
|
351
|
-
- lib/graphql_devise/user_error.rb
|
352
354
|
- lib/graphql_devise/version.rb
|
353
355
|
- spec/dummy/README.md
|
354
356
|
- spec/dummy/Rakefile
|
@@ -405,7 +407,6 @@ files:
|
|
405
407
|
- spec/dummy/config/routes.rb
|
406
408
|
- spec/dummy/config/secrets.yml
|
407
409
|
- spec/dummy/config/spring.rb
|
408
|
-
- spec/dummy/db/development.sqlite3
|
409
410
|
- spec/dummy/db/migrate/20190815114303_create_users.rb
|
410
411
|
- spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
|
411
412
|
- spec/dummy/db/migrate/20190916012505_create_admins.rb
|
@@ -413,9 +414,6 @@ files:
|
|
413
414
|
- spec/dummy/db/migrate/20200321121807_create_users_customers.rb
|
414
415
|
- spec/dummy/db/schema.rb
|
415
416
|
- spec/dummy/db/seeds.rb
|
416
|
-
- spec/dummy/db/test.sqlite3
|
417
|
-
- spec/dummy/log/development.log
|
418
|
-
- spec/dummy/log/test.log
|
419
417
|
- spec/dummy/public/robots.txt
|
420
418
|
- spec/factories/admins.rb
|
421
419
|
- spec/factories/guests.rb
|
@@ -489,116 +487,112 @@ signing_key:
|
|
489
487
|
specification_version: 4
|
490
488
|
summary: GraphQL queries and mutations on top of devise_token_auth
|
491
489
|
test_files:
|
492
|
-
- spec/
|
493
|
-
- spec/dummy/
|
494
|
-
- spec/dummy/app/
|
495
|
-
- spec/dummy/app/
|
496
|
-
- spec/dummy/app/
|
497
|
-
- spec/dummy/app/
|
498
|
-
- spec/dummy/app/models/application_record.rb
|
499
|
-
- spec/dummy/app/models/user.rb
|
490
|
+
- spec/dummy/README.md
|
491
|
+
- spec/dummy/Rakefile
|
492
|
+
- spec/dummy/app/assets/config/manifest.js
|
493
|
+
- spec/dummy/app/controllers/api/v1/graphql_controller.rb
|
494
|
+
- spec/dummy/app/controllers/application_controller.rb
|
495
|
+
- spec/dummy/app/graphql/dummy_schema.rb
|
500
496
|
- spec/dummy/app/graphql/interpreter_schema.rb
|
501
|
-
- spec/dummy/app/graphql/types/custom_admin_type.rb
|
502
|
-
- spec/dummy/app/graphql/types/mutation_type.rb
|
503
|
-
- spec/dummy/app/graphql/types/query_type.rb
|
504
|
-
- spec/dummy/app/graphql/types/base_object.rb
|
505
|
-
- spec/dummy/app/graphql/types/user_type.rb
|
506
|
-
- spec/dummy/app/graphql/mutations/register_confirmed_user.rb
|
507
497
|
- spec/dummy/app/graphql/mutations/login.rb
|
498
|
+
- spec/dummy/app/graphql/mutations/register_confirmed_user.rb
|
508
499
|
- spec/dummy/app/graphql/mutations/sign_up.rb
|
509
500
|
- spec/dummy/app/graphql/resolvers/public_user.rb
|
510
501
|
- spec/dummy/app/graphql/resolvers/user_show.rb
|
511
|
-
- spec/dummy/app/graphql/
|
502
|
+
- spec/dummy/app/graphql/types/base_object.rb
|
503
|
+
- spec/dummy/app/graphql/types/custom_admin_type.rb
|
504
|
+
- spec/dummy/app/graphql/types/mutation_type.rb
|
505
|
+
- spec/dummy/app/graphql/types/query_type.rb
|
506
|
+
- spec/dummy/app/graphql/types/user_type.rb
|
512
507
|
- spec/dummy/app/jobs/application_job.rb
|
513
|
-
- spec/dummy/app/
|
514
|
-
- spec/dummy/app/
|
508
|
+
- spec/dummy/app/mailers/application_mailer.rb
|
509
|
+
- spec/dummy/app/models/admin.rb
|
510
|
+
- spec/dummy/app/models/application_record.rb
|
511
|
+
- spec/dummy/app/models/guest.rb
|
512
|
+
- spec/dummy/app/models/user.rb
|
513
|
+
- spec/dummy/app/models/users.rb
|
514
|
+
- spec/dummy/app/models/users/customer.rb
|
515
515
|
- spec/dummy/app/views/layouts/mailer.html.erb
|
516
516
|
- spec/dummy/app/views/layouts/mailer.text.erb
|
517
|
-
- spec/dummy/app/assets/config/manifest.js
|
518
|
-
- spec/dummy/bin/update
|
519
|
-
- spec/dummy/bin/rake
|
520
|
-
- spec/dummy/bin/setup
|
521
517
|
- spec/dummy/bin/bundle
|
522
518
|
- spec/dummy/bin/rails
|
523
|
-
- spec/dummy/
|
524
|
-
- spec/dummy/
|
525
|
-
- spec/dummy/
|
526
|
-
- spec/dummy/config
|
527
|
-
- spec/dummy/config/environments/test.rb
|
528
|
-
- spec/dummy/config/spring.rb
|
529
|
-
- spec/dummy/config/master.key
|
530
|
-
- spec/dummy/config/environment.rb
|
519
|
+
- spec/dummy/bin/rake
|
520
|
+
- spec/dummy/bin/setup
|
521
|
+
- spec/dummy/bin/update
|
522
|
+
- spec/dummy/config.ru
|
531
523
|
- spec/dummy/config/application.rb
|
532
|
-
- spec/dummy/config/puma.rb
|
533
524
|
- spec/dummy/config/credentials.yml.enc
|
534
525
|
- spec/dummy/config/database.yml
|
526
|
+
- spec/dummy/config/environment.rb
|
527
|
+
- spec/dummy/config/environments/development.rb
|
528
|
+
- spec/dummy/config/environments/production.rb
|
529
|
+
- spec/dummy/config/environments/test.rb
|
535
530
|
- spec/dummy/config/initializers/application_controller_renderer.rb
|
536
531
|
- spec/dummy/config/initializers/backtrace_silencers.rb
|
532
|
+
- spec/dummy/config/initializers/cors.rb
|
533
|
+
- spec/dummy/config/initializers/devise.rb
|
537
534
|
- spec/dummy/config/initializers/devise_token_auth.rb
|
538
|
-
- spec/dummy/config/initializers/mime_types.rb
|
539
535
|
- spec/dummy/config/initializers/filter_parameter_logging.rb
|
540
|
-
- spec/dummy/config/initializers/wrap_parameters.rb
|
541
536
|
- spec/dummy/config/initializers/i18n.rb
|
542
|
-
- spec/dummy/config/initializers/devise.rb
|
543
537
|
- spec/dummy/config/initializers/inflections.rb
|
544
|
-
- spec/dummy/config/initializers/
|
545
|
-
- spec/dummy/config.
|
546
|
-
- spec/dummy/
|
547
|
-
- spec/dummy/
|
548
|
-
- spec/dummy/
|
549
|
-
- spec/dummy/
|
550
|
-
- spec/dummy/
|
551
|
-
- spec/dummy/db/
|
538
|
+
- spec/dummy/config/initializers/mime_types.rb
|
539
|
+
- spec/dummy/config/initializers/wrap_parameters.rb
|
540
|
+
- spec/dummy/config/master.key
|
541
|
+
- spec/dummy/config/puma.rb
|
542
|
+
- spec/dummy/config/routes.rb
|
543
|
+
- spec/dummy/config/secrets.yml
|
544
|
+
- spec/dummy/config/spring.rb
|
545
|
+
- spec/dummy/db/migrate/20190815114303_create_users.rb
|
546
|
+
- spec/dummy/db/migrate/20190824215150_add_auth_available_to_users.rb
|
552
547
|
- spec/dummy/db/migrate/20190916012505_create_admins.rb
|
553
548
|
- spec/dummy/db/migrate/20191013213045_create_guests.rb
|
554
549
|
- spec/dummy/db/migrate/20200321121807_create_users_customers.rb
|
555
|
-
- spec/dummy/db/
|
556
|
-
- spec/dummy/db/
|
557
|
-
- spec/dummy/
|
558
|
-
- spec/
|
559
|
-
- spec/
|
550
|
+
- spec/dummy/db/schema.rb
|
551
|
+
- spec/dummy/db/seeds.rb
|
552
|
+
- spec/dummy/public/robots.txt
|
553
|
+
- spec/factories/admins.rb
|
554
|
+
- spec/factories/guests.rb
|
555
|
+
- spec/factories/users.rb
|
556
|
+
- spec/factories/users_customers.rb
|
557
|
+
- spec/generators/graphql_devise/install_generator_spec.rb
|
560
558
|
- spec/graphql_devise_spec.rb
|
561
559
|
- spec/models/user_spec.rb
|
560
|
+
- spec/rails_helper.rb
|
562
561
|
- spec/requests/graphql_controller_spec.rb
|
563
|
-
- spec/requests/
|
562
|
+
- spec/requests/mutations/additional_mutations_spec.rb
|
563
|
+
- spec/requests/mutations/additional_queries_spec.rb
|
564
564
|
- spec/requests/mutations/login_spec.rb
|
565
565
|
- spec/requests/mutations/logout_spec.rb
|
566
|
+
- spec/requests/mutations/resend_confirmation_spec.rb
|
566
567
|
- spec/requests/mutations/send_password_reset_spec.rb
|
567
|
-
- spec/requests/mutations/update_password_spec.rb
|
568
|
-
- spec/requests/mutations/additional_mutations_spec.rb
|
569
|
-
- spec/requests/mutations/additional_queries_spec.rb
|
570
568
|
- spec/requests/mutations/sign_up_spec.rb
|
571
|
-
- spec/requests/mutations/
|
572
|
-
- spec/requests/queries/confirm_account_spec.rb
|
569
|
+
- spec/requests/mutations/update_password_spec.rb
|
573
570
|
- spec/requests/queries/check_password_token_spec.rb
|
574
|
-
- spec/
|
575
|
-
- spec/
|
576
|
-
- spec/support/requests/auth_helpers.rb
|
577
|
-
- spec/support/requests/json_helpers.rb
|
578
|
-
- spec/support/matchers/not_change_matcher.rb
|
579
|
-
- spec/support/matchers/auth_headers_matcher.rb
|
580
|
-
- spec/factories/admins.rb
|
581
|
-
- spec/factories/users.rb
|
582
|
-
- spec/factories/guests.rb
|
583
|
-
- spec/factories/users_customers.rb
|
584
|
-
- spec/generators/graphql_devise/install_generator_spec.rb
|
585
|
-
- spec/rails_helper.rb
|
586
|
-
- spec/services/schema_plugin_spec.rb
|
587
|
-
- spec/services/mount_method/option_sanitizers/class_checker_spec.rb
|
588
|
-
- spec/services/mount_method/option_sanitizers/array_checker_spec.rb
|
589
|
-
- spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
|
590
|
-
- spec/services/mount_method/option_sanitizers/string_checker_spec.rb
|
591
|
-
- spec/services/mount_method/option_sanitizer_spec.rb
|
592
|
-
- spec/services/mount_method/options_validator_spec.rb
|
571
|
+
- spec/requests/queries/confirm_account_spec.rb
|
572
|
+
- spec/requests/user_controller_spec.rb
|
593
573
|
- spec/services/mount_method/operation_preparer_spec.rb
|
594
|
-
- spec/services/mount_method/operation_preparers/
|
574
|
+
- spec/services/mount_method/operation_preparers/custom_operation_preparer_spec.rb
|
595
575
|
- spec/services/mount_method/operation_preparers/default_operation_preparer_spec.rb
|
576
|
+
- spec/services/mount_method/operation_preparers/gql_name_setter_spec.rb
|
577
|
+
- spec/services/mount_method/operation_preparers/mutation_field_setter_spec.rb
|
596
578
|
- spec/services/mount_method/operation_preparers/resolver_type_setter_spec.rb
|
597
579
|
- spec/services/mount_method/operation_preparers/resource_name_setter_spec.rb
|
598
|
-
- spec/services/mount_method/
|
599
|
-
- spec/services/mount_method/
|
600
|
-
- spec/services/mount_method/
|
580
|
+
- spec/services/mount_method/operation_sanitizer_spec.rb
|
581
|
+
- spec/services/mount_method/option_sanitizer_spec.rb
|
582
|
+
- spec/services/mount_method/option_sanitizers/array_checker_spec.rb
|
583
|
+
- spec/services/mount_method/option_sanitizers/class_checker_spec.rb
|
584
|
+
- spec/services/mount_method/option_sanitizers/hash_checker_spec.rb
|
585
|
+
- spec/services/mount_method/option_sanitizers/string_checker_spec.rb
|
601
586
|
- spec/services/mount_method/option_validators/provided_operations_validator_spec.rb
|
602
587
|
- spec/services/mount_method/option_validators/skip_only_validator_spec.rb
|
603
|
-
- spec/services/mount_method/
|
588
|
+
- spec/services/mount_method/option_validators/supported_operations_validator_spec.rb
|
589
|
+
- spec/services/mount_method/options_validator_spec.rb
|
604
590
|
- spec/services/resource_loader_spec.rb
|
591
|
+
- spec/services/schema_plugin_spec.rb
|
592
|
+
- spec/spec_helper.rb
|
593
|
+
- spec/support/contexts/graphql_request.rb
|
594
|
+
- spec/support/factory_bot.rb
|
595
|
+
- spec/support/matchers/auth_headers_matcher.rb
|
596
|
+
- spec/support/matchers/not_change_matcher.rb
|
597
|
+
- spec/support/requests/auth_helpers.rb
|
598
|
+
- spec/support/requests/json_helpers.rb
|