graphql_devise 0.12.1 → 0.12.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64f2bd00ac9c5edc119bb83326ffa996ab57a5551474887281857ef10ee7abb9
-  data.tar.gz: a8e1b662d697f4e8f94faf41b3ccbfec9b4ae6eb295ee4ee004c80d0c2b723bb
+  metadata.gz: ce5d1b0155098a6df8da7563448cb688b00cac2bdff8b039ed201b3cfae6f189
+  data.tar.gz: d9c09f2ba1418aa4b1e75f744ae29bc9d8bc767544c8d6f2e705a59f2e444bfd
 SHA512:
-  metadata.gz: c6be77b7524f9a3cbf17b047fc5fbedc5d2cc0158ee343bdb470fe468774d3c3c7b1b0e80f2d529d623e3e74f32bf6d61f1dd220ebc2e66d7863346cedafde25
-  data.tar.gz: c6264ad438bfbec20b53c77bf9997e0a2a6d4ef184488f0a4830e5cad7c7f8f01112e163ec1fb0b5ed86718e488899373706245f22fc6c754280c74daec8a510
+  metadata.gz: 53b3ca8e55ddb9264fe1091e4767ee955f4c5c20664cbacdad850fc460582f5ed3e5633eedcaa7e1b7c7bfcfaf70eee792fd133ba2390c784867521bc9922acd
+  data.tar.gz: 6320f6ec2568659db16b80d03c8dce7275237f36865078fb724578b73e5f5879f90a221b87d7dd062e798016f329264b2ba48d23db67506b05e3746f1b0bc474

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [v0.12.2](https://github.com/graphql-devise/graphql_devise/tree/v0.12.2) (2020-06-17)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.1...v0.12.2)
+
+**Breaking changes:**
+
+- Fix set\_resource\_by\_token no mapping error in no eager load envs [\#107](https://github.com/graphql-devise/graphql_devise/pull/107) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Fixed bugs:**
+
+- Separate endpoint url for mailers even if mounting the gem in your own schema [\#105](https://github.com/graphql-devise/graphql_devise/issues/105)
+- Devise mapping error [\#103](https://github.com/graphql-devise/graphql_devise/issues/103)
+- Use the url where the schema is mounted in emails links [\#106](https://github.com/graphql-devise/graphql_devise/pull/106) ([00dav00](https://github.com/00dav00))
+
 ## [v0.12.1](https://github.com/graphql-devise/graphql_devise/tree/v0.12.1) (2020-06-12)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.12.0...v0.12.1)

data/README.md

@@ -343,8 +343,7 @@ and an error is returned in a REST format as the request never reaches your GQL
 
 #### Authenticate in Your GQL Schema
 For this you will need to add the `GraphqlDevise::SchemaPlugin` to your schema as described
-[here](#mounting-operations-into-your-own-schema) and also set the authenticated resource
-in a `before_action` hook.
+[here](#mounting-operations-into-your-own-schema).
 
 ```ruby
 # app/controllers/my_controller.rb
@@ -352,29 +351,24 @@ in a `before_action` hook.
 class MyController < ApplicationController
   include GraphqlDevise::Concerns::SetUserByToken
 
-  before_action -> { set_resource_by_token(:user) }
-
   def my_action
-    render json: DummySchema.execute(params[:query], context: graphql_context)
+    render json: DummySchema.execute(params[:query], context: graphql_context(:user))
   end
 end
-
-# @resource.to_s.underscore.tr('/', '_').to_sym
 ```
-The `set_resource_by_token` method receives a symbol identifying the resource you are trying
+The `graphql_context` method receives a symbol identifying the resource you are trying
 to authenticate. So if you mounted the `'User'` resource, the symbol is `:user`. You can use
 this snippet to find the symbol for more complex scenarios
-`resource_klass.to_s.underscore.tr('/', '_').to_sym`.
+`resource_klass.to_s.underscore.tr('/', '_').to_sym`. `graphql_context` can also take an
+array of resources if you mounted more than one into your schema. The gem will try to
+authenticate a resource for each element on the array until it finds one.
 
-The `graphql_context` method is simply a helper method that returns a hash like this
-```ruby
-{ current_resource: @resource, controller: self }
-```
-These are the two values the gem needs to check if a user is authenticated and to perform
-other auth operations. All `set_resource_by_token` does is set the `@resource` variable if
-the provided authentication headers are valid. If authentication fails, resource will be `nil`
-and this is how `GraphqlDevise::SchemaPlugin` knows if a user is authenticated or not in
-each query.
+Internally in your own mutations and queries a key `current_resource` will be available in
+the context if a resource was successfully authenticated or `nil` otherwise.
+
+Keep in mind that sending multiple values to the `graphql_context` method means that depending
+on who makes the request, the context value `current_resource` might contain instances of the
+different models you might have mounted into the schema.
 
 Please note that by using this mechanism your GQL schema will be in control of what queries are
 restricted to authenticated users and you can only do this at the root level fields of your GQL

data/app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -5,12 +5,14 @@ module GraphqlDevise
     SetUserByToken.module_eval do
       attr_accessor :client_id, :token, :resource
 
-      alias_method :set_resource_by_token, :set_user_by_token
+      def set_resource_by_token(resource)
+        set_user_by_token(resource)
+      end
 
-      def graphql_context
+      def graphql_context(resource_name)
         {
-          current_resource: @resource,
-          controller:       self
+          resource_name: resource_name,
+          controller:    self
         }
       end
 

data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p><%= t('.confirm_link_msg') %></p>
 
-<p><%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %></p>
+<p><%= link_to t('.confirm_account_link'), url_for(controller: message['controller'], action: message['action'], **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %></p>

data/app/views/graphql_devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p><%= t('.request_reset_link_msg') %></p>
 
-<p><%= link_to t('.password_change_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s)) %></p>
+<p><%= link_to t('.password_change_link'), url_for(controller: message['controller'], action: message['action'], **password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s)) %></p>
 
 <p><%= t('.ignore_mail_msg') %></p>
 <p><%= t('.no_changes_msg') %></p>

data/lib/graphql_devise/mutations/resend_confirmation.rb

@@ -19,7 +19,8 @@ module GraphqlDevise
 
           resource.send_confirmation_instructions(
             redirect_url:  redirect_url,
-            template_path: ['graphql_devise/mailer']
+            template_path: ['graphql_devise/mailer'],
+            **controller.params.permit('controller', 'action').to_h.symbolize_keys
           )
 
           { message: I18n.t('graphql_devise.confirmations.send_instructions', email: email) }

data/lib/graphql_devise/mutations/send_password_reset.rb

@@ -16,7 +16,8 @@ module GraphqlDevise
             email:         email,
             provider:      'email',
             redirect_url:  redirect_url,
-            template_path: ['graphql_devise/mailer']
+            template_path: ['graphql_devise/mailer'],
+            **controller.params.permit('controller', 'action').to_h.symbolize_keys
           )
 
           if resource.errors.empty?

data/lib/graphql_devise/mutations/sign_up.rb

@@ -27,7 +27,8 @@ module GraphqlDevise
           unless resource.confirmed?
             resource.send_confirmation_instructions(
               redirect_url:  confirm_success_url,
-              template_path: ['graphql_devise/mailer']
+              template_path: ['graphql_devise/mailer'],
+              **controller.params.permit('controller', 'action').to_h.symbolize_keys
             )
           end
 

data/lib/graphql_devise/schema_plugin.rb

@@ -23,11 +23,12 @@ module GraphqlDevise
 
       field = traced_field(trace_data)
       provided_value = authenticate_option(field, trace_data)
+      context = set_current_resource(context_from_data(trace_data))
 
       if !provided_value.nil?
-        raise_on_missing_resource(context(trace_data), field) if provided_value
+        raise_on_missing_resource(context, field) if provided_value
       elsif @authenticate_default
-        raise_on_missing_resource(context(trace_data), field)
+        raise_on_missing_resource(context, field)
       end
 
       yield
@@ -35,11 +36,29 @@ module GraphqlDevise
 
     private
 
+    def set_current_resource(context)
+      controller                 = context[:controller]
+      resource_names             = Array(context[:resource_name])
+      context[:current_resource] = resource_names.find do |resource_name|
+        unless Devise.mappings.key?(resource_name)
+          raise(
+            GraphqlDevise::Error,
+            "Invalid resource_name `#{resource_name}` provided to `graphql_context`. Possible values are: #{Devise.mappings.keys}."
+          )
+        end
+
+        found = controller.set_resource_by_token(resource_name)
+        break found if found
+      end
+
+      context
+    end
+
     def raise_on_missing_resource(context, field)
       @unauthenticated_proc.call(field.name) if context[:current_resource].blank?
     end
 
-    def context(trace_data)
+    def context_from_data(trace_data)
       query = if trace_data[:context]
         trace_data[:context].query
       else

data/lib/graphql_devise/version.rb

@@ -1,3 +1,3 @@
 module GraphqlDevise
-  VERSION = '0.12.1'.freeze
+  VERSION = '0.12.2'.freeze
 end

data/spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -3,18 +3,47 @@ module Api
     class GraphqlController < ApplicationController
       include GraphqlDevise::Concerns::SetUserByToken
 
-      before_action -> { set_resource_by_token(:user) }
-
       def graphql
-        render json: DummySchema.execute(params[:query], context: graphql_context)
+        result = DummySchema.execute(params[:query], execute_params(params))
+
+        render json: result unless performed?
       end
 
       def interpreter
-        render json: InterpreterSchema.execute(params[:query], context: graphql_context)
+        render json: InterpreterSchema.execute(params[:query], execute_params(params))
+      end
+
+      def failing_resource_name
+        render json: DummySchema.execute(params[:query], context: graphql_context([:user, :fail]))
       end
 
       private
 
+      def execute_params(item)
+        {
+          operation_name: item[:operationName],
+          variables:      ensure_hash(item[:variables]),
+          context:        graphql_context(:user)
+        }
+      end
+
+      def ensure_hash(ambiguous_param)
+        case ambiguous_param
+        when String
+          if ambiguous_param.present?
+            ensure_hash(JSON.parse(ambiguous_param))
+          else
+            {}
+          end
+        when Hash, ActionController::Parameters
+          ambiguous_param
+        when nil
+          {}
+        else
+          raise ArgumentError, "Unexpected parameter: #{ambiguous_param}"
+        end
+      end
+
       def verify_authenticity_token
       end
     end

data/spec/dummy/app/graphql/dummy_schema.rb

@@ -3,7 +3,16 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('User', only: [:login, :confirm_account]),
+      GraphqlDevise::ResourceLoader.new(
+        'User',
+        only: [
+          :login,
+          :confirm_account,
+          :send_password_reset,
+          :resend_confirmation,
+          :check_password_token
+        ]
+      ),
       GraphqlDevise::ResourceLoader.new('Guest', only: [:logout])
     ]
   )

data/spec/dummy/config/routes.rb

@@ -27,6 +27,8 @@ Rails.application.routes.draw do
     at:   '/api/v1/user_customer/graphql_auth'
   )
 
+  get '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
+  post '/api/v1/failing', to: 'api/v1/graphql#failing_resource_name'
 end

data/spec/requests/mutations/resend_confirmation_spec.rb

@@ -21,25 +21,52 @@ RSpec.describe 'Resend confirmation' do
   end
 
   context 'when params are correct' do
-    it 'sends an email to the user with confirmation url and returns a success message' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
-      expect(json_response[:data][:userResendConfirmation]).to include(
-        message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
-      )
+    context 'when using the gem schema' do
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
+
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
+
+        expect(link['href']).to include('/api/v1/graphql_auth?')
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
+
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
+    end
+
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends an email to the user with confirmation url and returns a success message' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        expect(json_response[:data][:userResendConfirmation]).to include(
+          message: 'You will receive an email with instructions for how to confirm your email address in a few minutes.'
+        )
 
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
-      confirm_link_msg_text = email.css('p')[1].inner_html
-      confirm_account_link_text = link.inner_html
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        confirm_link_msg_text = email.css('p')[1].inner_html
+        confirm_account_link_text = link.inner_html
 
-      expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
-      expect(confirm_account_link_text).to eq('Confirm my account')
+        expect(link['href']).to include("#{custom_path}?")
+        expect(confirm_link_msg_text).to eq('You can confirm your account email through the link below:')
+        expect(confirm_account_link_text).to eq('Confirm my account')
 
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :confirmed_at).from(NilClass).to(ActiveSupport::TimeWithZone)
+      end
     end
 
     context 'when email address uses different casing' do

data/spec/requests/mutations/send_password_reset_spec.rb

@@ -20,21 +20,44 @@ RSpec.describe 'Send Password Reset Requests' do
   end
 
   context 'when params are correct' do
-    it 'sends password reset  email' do
-      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+    context 'when using the gem schema' do
+      it 'sends password reset  email' do
+        expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
 
-      expect(json_response[:data][:userSendPasswordReset]).to include(
-        message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
-      )
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
+
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include('/api/v1/graphql_auth?')
+
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
+    end
+
+    context 'when using a custom schema' do
+      let(:custom_path) { '/api/v1/graphql' }
+
+      it 'sends password reset  email' do
+        expect { post_request(custom_path) }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        expect(json_response[:data][:userSendPasswordReset]).to include(
+          message: 'You will receive an email with instructions on how to reset your password in a few minutes.'
+        )
 
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
+        expect(link['href']).to include("#{custom_path}?")
 
-      # TODO: Move to feature spec
-      expect do
-        get link['href']
-        user.reload
-      end.to change(user, :allow_password_change).from(false).to(true)
+        expect do
+          get link['href']
+          user.reload
+        end.to change(user, :allow_password_change).from(false).to(true)
+      end
     end
   end
 

data/spec/requests/queries/confirm_account_spec.rb

@@ -22,7 +22,13 @@ RSpec.describe 'Account confirmation' do
   context 'when confirmation token is correct' do
     let(:token) { user.confirmation_token }
 
-    before { user.send_confirmation_instructions(template_path: ['graphql_devise/mailer']) }
+    before do
+      user.send_confirmation_instructions(
+        template_path: ['graphql_devise/mailer'],
+        controller:    'graphql_devise/graphql',
+        action:        'auth'
+      )
+    end
 
     it 'confirms the resource and redirects to the sent url' do
       expect do

data/spec/requests/user_controller_spec.rb

@@ -29,6 +29,15 @@ RSpec.describe "Integrations with the user's controller" do
         expect(json_response[:data][:publicField]).to eq('Field does not require authentication')
       end
     end
+
+    context 'when using the failing route' do
+      it 'raises an invalid resource_name error' do
+        expect { post_request('/api/v1/failing') }.to raise_error(
+          GraphqlDevise::Error,
+          'Invalid resource_name `fail` provided to `graphql_context`. Possible values are: [:user, :admin, :guest, :users_customer].'
+        )
+      end
+    end
   end
 
   describe 'privateField' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graphql_devise
 version: !ruby/object:Gem::Version
-  version: 0.12.1
+  version: 0.12.2
 platform: ruby
 authors:
 - Mario Celi
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-06-12 00:00:00.000000000 Z
+date: 2020-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_token_auth