graphql_devise 0.16.0 → 0.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12c52068c8c538bc35dc67deb2d697101e1fa001419ccdbff23183e854f5f404
-  data.tar.gz: 65afe18384fb742e8dbc300d19b227815ebe166997147031bbabd63742738205
+  metadata.gz: 2a20dcb1834cc319028e86a024014875122d1b6351fed8dcd27c3a82acff8969
+  data.tar.gz: 92d6109d57ef77cced08a1a6a0a946441be37ddd14b9d27c672b6203ad260a76
 SHA512:
-  metadata.gz: fcf10385aeb27e02f283fa5b5d140f51352508d4a9973dd374edfe78b67a64cfa9b4183e39a8065af5a9697569fac4ed9c21aa007df26fd271b6739c2f9cd5a9
-  data.tar.gz: d3f45d87972e29a325375c1868fced4ef377effcfba6be182c7d8c0b34bdfd6032db66097f0304416ff5966b532fea994d135be0ee48a070c2369668acc3beb2
+  metadata.gz: f1f28dd471b8e533d1f918101790c6f95734c54050b7e80e00e2832e77a9ab51f72b5f51c1805f94aa8983c39900d8c94e7b3ad41134b9801c39ac3fde403a66
+  data.tar.gz: ac53e7a59a66bad7e34eae6587f6d31b47ecee4cf26b2fe5280bb2e10e2b3e343f3b1efc8f034aeaf17d4a9e5b73c2e77032ec3fd1d3d2f2efc7e39ce28e186a

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## [v0.17.0](https://github.com/graphql-devise/graphql_devise/tree/v0.17.0) (2021-06-09)
+
+[Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.16.0...v0.17.0)
+
+**Implemented enhancements:**
+
+- Another click in confirm account results in error [\#184](https://github.com/graphql-devise/graphql_devise/issues/184)
+- Add resendConfirmationWithToken mutation [\#186](https://github.com/graphql-devise/graphql_devise/pull/186) ([mcelicalderon](https://github.com/mcelicalderon))
+- Add register mutation and alternate confirmation flow [\#185](https://github.com/graphql-devise/graphql_devise/pull/185) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Deprecated:**
+
+- Deprecate mutations and queries that required a redirect [\#187](https://github.com/graphql-devise/graphql_devise/pull/187) ([mcelicalderon](https://github.com/mcelicalderon))
+
+**Merged pull requests:**
+
+- Document new registration and confirmation flow [\#188](https://github.com/graphql-devise/graphql_devise/pull/188) ([mcelicalderon](https://github.com/mcelicalderon))
+
 ## [v0.16.0](https://github.com/graphql-devise/graphql_devise/tree/v0.16.0) (2021-05-20)
 
 [Full Changelog](https://github.com/graphql-devise/graphql_devise/compare/v0.15.0...v0.16.0)

data/README.md

@@ -24,6 +24,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
       * [Available Operations](#available-operations)
       * [Configuring Model](#configuring-model)
       * [Email Reconfirmation](#email-reconfirmation)
+         * [Deprecated flow - Do Not Use](#deprecated-flow---do-not-use)
       * [Customizing Email Templates](#customizing-email-templates)
       * [I18n](#i18n)
       * [Authenticating Controller Actions](#authenticating-controller-actions)
@@ -47,7 +48,7 @@ GraphQL interface on top of the [Devise Token Auth](https://github.com/lynndylan
    * [Contributing](#contributing)
    * [License](#license)
 
-<!-- Added by: mcelicalderon, at: Wed May 19 21:25:22 -05 2021 -->
+<!-- Added by: mcelicalderon, at: Tue Jun  8 22:47:12 -05 2021 -->
 
 <!--te-->
 
@@ -158,7 +159,7 @@ Rails.application.routes.draw do
     operations: {
       login: Mutations::Login
     },
-    skip: [:sign_up],
+    skip: [:register],
     additional_mutations: {
       # generates mutation { adminUserSignUp }
       admin_user_sign_up: Mutations::AdminUserSignUp
@@ -190,7 +191,7 @@ class DummySchema < GraphQL::Schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_account])
+      GraphqlDevise::ResourceLoader.new(User, only: [:login, :confirm_registration_with_token])
     ]
   )
 
@@ -298,13 +299,17 @@ The following is a list of the symbols you can provide to the `operations`, `ski
 ```ruby
 :login
 :logout
-:sign_up
-:confirm_account
-:send_password_reset
-:check_password_token
-:update_password
-:send_password_reset_with_token
+:sign_up (deprecated)
+:register
+:update_password (deprecated)
 :update_password_with_token
+:send_password_reset (deprecated)
+:send_password_reset_with_token
+:resend_confirmation (deprecated)
+:resend_confirmation_with_token
+:confirm_registration_with_token
+:confirm_account (deprecated)
+:check_password_token (deprecated)
 ```
 
 ### Configuring Model
@@ -332,6 +337,9 @@ The install generator can do this for you if you specify the `user_class` option
 See [Installation](#installation) for details.
 
 ### Email Reconfirmation
+We want reconfirmable in this gem to work separately
+from DTA's or Devise (too much complexity in the model based on callbacks).
+
 Email reconfirmation is supported just like in Devise and DTA, but we want reconfirmable
 in this gem to work on model basis instead of having a global configuration like in Devise.
 **For this reason Devise's global `reconfirmable` setting is ignored.**
@@ -340,10 +348,29 @@ For a resource to be considered reconfirmable it has to meet 2 conditions:
 1. Include the `:confirmable` module.
 1. Has an `unconfirmed_email` column in the resource's table.
 
-In order to trigger the reconfirmation email in a reconfirmable resource, you simply needi
+In order to trigger the reconfirmation email in a reconfirmable resource, you simply need
 to call a different update method on your resource,`update_with_email`.
 When the resource is not reconfirmable or the email is not updated, this method behaves exactly
 the same as ActiveRecord's `update`.
+
+`update_with_email` requires one additional attribute when email will change or an error
+will be raised:
+
+1. `confirmation_url`: The full url of your client application. The confirmation email will contain this url plus
+a confirmation token. You need to call `confirmRegistrationWithToken` with the given token on
+your client application.
+
+So, it's up to you where you require confirmation of changing emails.
+Here's a demonstration on the method usage:
+```ruby
+user.update_with_email(
+  name:             'New Name',
+  email:            'new@domain.com',
+  confirmation_url: 'https://google.com'
+)
+```
+
+#### Deprecated flow - Do Not Use
 `update_with_email` requires two additional attributes when email will change or an error
 will be raised:
 
@@ -368,9 +395,6 @@ user.update_with_email(
 )
 ```
 
- We want reconfirmable in this gem to work separately
- from DTA's or Devise (too much complexity in the model based on callbacks).
-
 ### Customizing Email Templates
 The approach of this gem is a bit different from DeviseTokenAuth. We have placed our templates in `app/views/graphql_devise/mailer`,
 so if you want to change them, place yours on the same dir structure on your Rails project. You can customize these two templates:
@@ -547,20 +571,22 @@ If you are using the schema plugin, you can require authentication before doing
 
 Operation | Description | Example
 :--- | :--- | :------------------:
-login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload
-logout | | userLogout: UserLogoutPayload
-signUp | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload
-sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload
-updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload
-resendConfirmation | The `UserResendConfirmationPayload` will return the `authenticatable` resource that was sent the confirmation instructions but also has a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload
-sendResetPassword | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendReserPasswordPayload
-updatePassword | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload
+login | This mutation has a second field by default. `credentials` can be fetched directly on the mutation return type.<br>Credentials are still returned in the headers of the response. | userLogin(email: String!, password: String!): UserLoginPayload |
+logout | requires authentication headers. Deletes current session if successful. | userLogout: UserLogoutPayload |
+signUp **(Deprecated)** | The parameter `confirmSuccessUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userSignUp(email: String!, password: String!, passwordConfirmation: String!, confirmSuccessUrl: String): UserSignUpPayload |
+register | The parameter `confirmUrl` is optional unless you are using the `confirmable` plugin from Devise in your `resource`'s model. If you have `confirmable` set up, you will have to provide it unless you have `config.default_confirm_success_url` set in `config/initializers/devise_token_auth.rb`. | userRegister(email: String!, password: String!, passwordConfirmation: String!, confirmUrl: String): UserRegisterPayload |
+sendPasswordResetWithToken | Sends an email to the provided address with a link to reset the password of the resource. First step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(email: String!, redirectUrl: String!): UserSendPasswordResetWithTokenPayload |
+updatePasswordWithToken | Uses a `resetPasswordToken` to update the password of a resource. Second and last step of the most recently implemented password reset flow. | userSendPasswordResetWithToken(resetPasswordToken: String!, password: String!, passwordConfirmation: String!): UserUpdatePasswordWithTokenPayload |
+resendConfirmation **(Deprecated)** | The `UserResendConfirmationPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them | userResendConfirmation(email: String!, redirectUrl: String!): UserResendConfirmationPayload |
+resendConfirmationWithToken | The `UserResendConfirmationWithTokenPayload` will return a `message: String!` that can be used to notify a user what to do after the instructions were sent to them. Email will contain a link to the provided `confirmUrl` and a `confirmationToken` query param. | userResendConfirmationWithToken(email: String!, confirmUrl: String!): UserResendConfirmationWithTokenPayload |
+sendResetPassword **(Deprecated)** | Sends an email to the provided address with a link to reset the password of the resource. **This mutation is part of the first and soon to be deprecated password reset flow.** | userSendResetPassword(email: String!, redirectUrl: String!): UserSendResetPasswordPayload |
+updatePassword **(Deprecated)** | The parameter `currentPassword` is optional if you have `config.check_current_password_before_update` set to false (disabled by default) on your generated `config/initializers/devise_token_aut.rb` or if the `resource` model supports the `recoverable` Devise plugin and the `resource`'s `allow_password_change` attribute is set to true (this is done in the `userCheckPasswordToken` query when you click on the sent email's link). **This mutation is part of the first and soon to be deprecated password reset flow.** | userUpdatePassword(password: String!, passwordConfirmation: String!, currentPassword: String): UserUpdatePasswordPayload |
 
 #### Queries
 Operation | Description | Example
 :--- | :--- | :------------------:
-confirmAccount | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
-checkPasswordToken | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
+confirmAccount **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userConfirmAccount(confirmationToken: String!, redirectUrl: String!): User
+checkPasswordToken **(Deprecated)** | Performs a redirect using the `redirectUrl` param | userCheckPasswordToken(resetPasswordToken: String!, redirectUrl: String): User
 
 The reason for having 2 queries is that these 2 are going to be accessed when clicking on
 the confirmation and reset password email urls. There is no limitation for making mutation

data/app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,10 @@
 
 <p><%= t('.confirm_link_msg') %></p>
 
-<p><%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %></p>
+<p>
+  <% if message['schema_url'].present? %>
+    <%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
+  <% else %>
+    <%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
+  <% end %>
+</p>

data/lib/graphql_devise/default_operations/mutations.rb

@@ -4,23 +4,29 @@ require 'graphql_devise/mutations/base'
 require 'graphql_devise/mutations/login'
 require 'graphql_devise/mutations/logout'
 require 'graphql_devise/mutations/resend_confirmation'
+require 'graphql_devise/mutations/resend_confirmation_with_token'
 require 'graphql_devise/mutations/send_password_reset'
 require 'graphql_devise/mutations/send_password_reset_with_token'
 require 'graphql_devise/mutations/sign_up'
+require 'graphql_devise/mutations/register'
 require 'graphql_devise/mutations/update_password'
 require 'graphql_devise/mutations/update_password_with_token'
+require 'graphql_devise/mutations/confirm_registration_with_token'
 
 module GraphqlDevise
   module DefaultOperations
     MUTATIONS = {
-      login:                          { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
-      logout:                         { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
-      sign_up:                        { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true },
-      update_password:                { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true },
-      update_password_with_token:     { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
-      send_password_reset:            { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false },
-      send_password_reset_with_token: { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
-      resend_confirmation:            { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false }
+      login:                           { klass: GraphqlDevise::Mutations::Login, authenticatable: true },
+      logout:                          { klass: GraphqlDevise::Mutations::Logout, authenticatable: true },
+      sign_up:                         { klass: GraphqlDevise::Mutations::SignUp, authenticatable: true, deprecation_reason: 'use register instead' },
+      register:                        { klass: GraphqlDevise::Mutations::Register, authenticatable: true },
+      update_password:                 { klass: GraphqlDevise::Mutations::UpdatePassword, authenticatable: true, deprecation_reason: 'use update_password_with_token instead' },
+      update_password_with_token:      { klass: GraphqlDevise::Mutations::UpdatePasswordWithToken, authenticatable: true },
+      send_password_reset:             { klass: GraphqlDevise::Mutations::SendPasswordReset, authenticatable: false, deprecation_reason: 'use send_password_reset_with_token instead' },
+      send_password_reset_with_token:  { klass: GraphqlDevise::Mutations::SendPasswordResetWithToken, authenticatable: false },
+      resend_confirmation:             { klass: GraphqlDevise::Mutations::ResendConfirmation, authenticatable: false, deprecation_reason: 'use resend_confirmation_with_token instead' },
+      resend_confirmation_with_token:  { klass: GraphqlDevise::Mutations::ResendConfirmationWithToken, authenticatable: false },
+      confirm_registration_with_token: { klass: GraphqlDevise::Mutations::ConfirmRegistrationWithToken, authenticatable: true }
     }.freeze
   end
 end

data/lib/graphql_devise/default_operations/resolvers.rb

@@ -7,8 +7,8 @@ require 'graphql_devise/resolvers/confirm_account'
 module GraphqlDevise
   module DefaultOperations
     QUERIES = {
-      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount },
-      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken }
+      confirm_account:      { klass: GraphqlDevise::Resolvers::ConfirmAccount, deprecation_reason: 'use the new confirmation flow as it does not require this query anymore' },
+      check_password_token: { klass: GraphqlDevise::Resolvers::CheckPasswordToken, deprecation_reason: 'use the new password reset flow as it does not require this query anymore' }
     }.freeze
   end
 end

data/lib/graphql_devise/model/with_email_updater.rb

@@ -4,12 +4,14 @@ module GraphqlDevise
   module Model
     class WithEmailUpdater
       def initialize(resource, attributes)
-        @attributes = attributes
+        @attributes = attributes.with_indifferent_access
         @resource   = resource
       end
 
       def call
-        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url)
+        check_deprecated_attributes
+
+        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url, :confirmation_url)
         return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
 
         @resource.assign_attributes(resource_attributes)
@@ -27,16 +29,31 @@ module GraphqlDevise
         else
           raise(
             GraphqlDevise::Error,
-            'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
+            'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
           )
         end
       end
 
       private
 
+      def check_deprecated_attributes
+        if [@attributes[:schema_url], @attributes[:confirmation_success_url]].any?(&:present?)
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+            Providing `schema_url` and `confirmation_success_url` to `update_with_email` is deprecated and will be
+            removed in a future version of this gem.
+
+            Now you must only provide `confirmation_url` and the email will contain the new format of the confirmation
+            url that needs to be used with the new `confirmRegistrationWithToken` on the client application.
+          DEPRECATION
+        end
+      end
+
       def required_reconfirm_attributes?
-        @attributes[:schema_url].present? &&
-          (@attributes[:confirmation_success_url].present? || DeviseTokenAuth.default_confirm_success_url.present?)
+        if @attributes[:schema_url].present?
+          [@attributes[:confirmation_success_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        else
+          [@attributes[:confirmation_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        end
       end
 
       def requires_reconfirmation?(resource_attributes)
@@ -60,13 +77,22 @@ module GraphqlDevise
         end
       end
 
+      def confirmation_method_params
+        if @attributes[:schema_url].present?
+          {
+            redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
+            schema_url:   @attributes[:schema_url]
+          }
+        else
+          { redirect_url: @attributes[:confirmation_url] || DeviseTokenAuth.default_confirm_success_url }
+        end
+      end
+
       def send_confirmation_instructions(saved)
         return unless saved
 
         @resource.send_confirmation_instructions(
-          redirect_url:  @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
-          template_path: ['graphql_devise/mailer'],
-          schema_url:    @attributes[:schema_url]
+          confirmation_method_params.merge(template_path: ['graphql_devise/mailer'])
         )
       end
     end

data/lib/graphql_devise/mount_method/operation_preparers/default_operation_preparer.rb

@@ -17,7 +17,7 @@ module GraphqlDevise
           @selected_operations.except(*@custom_keys).each_with_object({}) do |(action, operation_info), result|
             mapped_action = "#{mapping_name}_#{action}"
             operation     = operation_info[:klass]
-            options       = operation_info.except(:klass)
+            options       = operation_info.except(:klass, :deprecation_reason)
 
             result[mapped_action.to_sym] = [
               OperationPreparers::GqlNameSetter.new(mapped_action),

data/lib/graphql_devise/mount_method/operation_sanitizer.rb

@@ -18,13 +18,25 @@ module GraphqlDevise
       end
 
       def call
-        if @only.present?
+        operations = if @only.present?
           @default.slice(*@only)
         elsif @skipped.present?
           @default.except(*@skipped)
         else
           @default
         end
+
+        operations.each do |operation, values|
+          next if values[:deprecation_reason].blank?
+
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+              `#{operation}` is deprecated and will be removed in a future version of this gem.
+              #{values[:deprecation_reason]}
+
+              You can supress this message by skipping `#{operation}` on your ResourceLoader or the
+              mount_graphql_devise_for method on your routes file.
+          DEPRECATION
+        end
       end
     end
   end

data/lib/graphql_devise/mutations/confirm_registration_with_token.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class ConfirmRegistrationWithToken < Base
+      argument :confirmation_token, String, required: true
+
+      field :credentials,
+            GraphqlDevise::Types::CredentialType,
+            null:        true,
+            description: 'Authentication credentials. Null unless user is signed in after confirmation.'
+
+      def resolve(confirmation_token:)
+        resource = resource_class.confirm_by_token(confirmation_token)
+
+        if resource.errors.empty?
+          yield resource if block_given?
+
+          response_payload = { authenticatable: resource }
+
+          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+
+          response_payload
+        else
+          raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
+        end
+      end
+    end
+  end
+end

data/lib/graphql_devise/mutations/register.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module GraphqlDevise
+  module Mutations
+    class Register < Base
+      argument :email,                 String, required: true
+      argument :password,              String, required: true
+      argument :password_confirmation, String, required: true
+      argument :confirm_url,           String, required: false
+
+      field :credentials,
+            GraphqlDevise::Types::CredentialType,
+            null:        true,
+            description: 'Authentication credentials. Null if after signUp resource is not active for authentication (e.g. Email confirmation required).'
+
+      def resolve(confirm_url: nil, **attrs)
+        resource = build_resource(attrs.merge(provider: provider))
+        raise_user_error(I18n.t('graphql_devise.resource_build_failed')) if resource.blank?
+
+        redirect_url = confirm_url || DeviseTokenAuth.default_confirm_success_url
+        if confirmable_enabled? && redirect_url.blank?
+          raise_user_error(I18n.t('graphql_devise.registrations.missing_confirm_redirect_url'))
+        end
+
+        check_redirect_url_whitelist!(redirect_url)
+
+        resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!)
+
+        if resource.save
+          yield resource if block_given?
+
+          unless resource.confirmed?
+            resource.send_confirmation_instructions(
+              redirect_url:  redirect_url,
+              template_path: ['graphql_devise/mailer']
+            )
+          end
+
+          response_payload = { authenticatable: resource }
+
+          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+
+          response_payload
+        else
+          resource.try(:clean_up_passwords)
+          raise_user_error_list(
+            I18n.t('graphql_devise.registration_failed'),
+            errors: resource.errors.full_messages
+          )
+        end
+      end
+
+      private
+
+      def build_resource(attrs)
+        resource_class.new(attrs)
+      end
+    end
+  end
+end