rubocop-mable 0.1.3 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 402b8f356986fdfa523dcecccf1b2fb74f4a9c6ce34c191db74d1b839f00058b
-  data.tar.gz: 1e671dd68702a88b13eb3b0fe39954a710f5422e3c13d3c331424f2ab5fa9b17
+  metadata.gz: 4b59a5fc99bec56362c41b540f37058dabfc1e16b3ac9bb6db72c64f5f16495f
+  data.tar.gz: 60135942aab111fa27f46225f839edbcca834e97e37737cc303774496c1febfc
 SHA512:
-  metadata.gz: c261761ae3726394462842ff37774f47984567e66c3152e7a86a6d960b15c15251a660c5f53e949bb2b4669e76aa1344b4d3eaea82c410d9cc19bbd83a088a19
-  data.tar.gz: 6d07e483bc9da12e4d7875d12673cbf05401ffaaadb76db3cb42d226d467e7f19bf04bd39d77a19e2a206b8733649dedbbd9e77804691db12c6660ad7ec9ed50
+  metadata.gz: 97a1ae86f7a089288e6444b50ac1eccfb5e04457c4155b5bab6f34c0a8388ff36528e9f0dba95130c574525af2eca8d0cf8a72ab09c7b249d7054b05985a2ce4
+  data.tar.gz: f527513322bef9827c28b64100e3eae9c413ec559b77b049579cc4683923b54a4ed2756159cdb289d2370c49957bc144d78efc06c9964f6acc628c28035ca581

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rubocop-mable (0.1.3)
+    rubocop-mable (0.1.5)
       rubocop
 
 GEM
@@ -56,6 +56,7 @@ GEM
 
 PLATFORMS
   arm64-darwin-21
+  ruby
 
 DEPENDENCIES
   pry

data/README.md

@@ -5,20 +5,38 @@ Mable's custom Rubocop cops
 ## Cops
 
 ```
-Mable/NoSafetyAssured:
-  Description: 'An extra check to ensure that the safety_assured is required'
+
+Mable/NoWardenInGraphQL:
+  Description: "No Warden in graphQL use helper method instead see - Mable/NoPostInGraphQL"
   Enabled: true
-  VersionAdded: '0.1.3'
+  SafeAutoCorrect: false
+  VersionAdded: "0.1.5"
+
+Mable/NoPostInGraphQL:
+Description: "Use graphQL helper method instead of use rails/rack request stack"
+Enabled: true
+VersionAdded: "0.1.4"
+ReplacePostWith: "make_graphql_request"
+SafeAutoCorrect: false
+AllowedGraphQLPaths:
+  - "/graphql"
+  - " graphql_path"
+
+Mable/NoSafetyAssured:
+Description: 'An extra check to ensure that the safety_assured is required'
+Enabled: true
+VersionAdded: '0.1.3'
 
 Mable/GraphQLHelperSpecs:
-  Description: 'Avoid hardcoding GraphQl path use helper instead.'
-  Enabled: true
-  VersionAdded: '0.1.2'
+Description: 'Avoid hardcoding GraphQl path use helper instead.'
+Enabled: true
+VersionAdded: '0.1.2'
 
 Mable/HardcodedDatabaseFactoryBotId:
-  Enabled: true
-  Description: 'Avoid hardcoding factory bot database IDs, instead, dynamically test for the ID'
-  VersionAdded: '0.1.1'
+Enabled: true
+Description: 'Avoid hardcoding factory bot database IDs, instead, dynamically test for the ID'
+VersionAdded: '0.1.1'
+
 ```
 
 ## Installation

data/config/default.yml

@@ -1,14 +1,30 @@
 Mable/GraphQLHelperSpecs:
-  Description: 'Avoid hardcoding GraphQl path use helper instead.'
+  Description: "Avoid hardcoding GraphQl path use helper instead."
   Enabled: true
-  VersionAdded: '0.1.2'
+  VersionAdded: "0.1.2"
 
 Mable/HardcodedDatabaseFactoryBotId:
   Enabled: true
-  Description: 'Avoid hardcoding factory bot database IDs, instead, dynamically test for the ID'
-  VersionAdded: '0.1.1'
+  Description: "Avoid hardcoding factory bot database IDs, instead, dynamically test for the ID"
+  VersionAdded: "0.1.1"
 
 Mable/NoSafetyAssured:
-  Description: 'An extra check to ensure that the safety_assured is required'
+  Description: "An extra check to ensure that the safety_assured is required"
   Enabled: true
-  VersionAdded: '0.1.3'
+  VersionAdded: "0.1.3"
+
+Mable/NoPostInGraphQL:
+  Description: "Use graphQL helper method instead of use rails/rack request stack"
+  Enabled: true
+  VersionAdded: "0.1.4"
+  ReplacePostWith: "make_graphql_request"
+  SafeAutoCorrect: false
+  AllowedGraphQLPaths:
+    - "/graphql"
+    - "graphql_path"
+
+Mable/NoWardenInGraphQL:
+  Description: "No Warden in graphQL use helper method instead see - Mable/NoPostInGraphQL"
+  Enabled: true
+  SafeAutoCorrect: false
+  VersionAdded: "0.1.5"

data/lib/rubocop/cop/mable/no_post_in_graph_ql.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Mable
+      # Enforces using a direct helper method over `post` for executing GraphQL queries,
+      # incorporating user authentication context when applicable.
+      #
+      # @safety
+      #   The cop is unsafe as user might not exist or not be called user.
+      #
+      # @example
+      #
+      #   # bad
+      #   post graphql_path, params: { query: my_query, variables: my_variables }, as: :json
+      #
+      #   # good
+      #   execute_graphql(query: my_query, variables: my_variables, user: current_user)
+      #
+      class NoPostInGraphQL < Base
+        extend AutoCorrector
+
+        MSG = "Use 'ReplacePostWith' default: `make_graphql_request` directly instead of `post` for GraphQL requests, incorporating user context."
+
+        RESTRICT_ON_SEND = %i[post].freeze
+
+        def_node_matcher :post_graphql?, <<~PATTERN
+          (send nil? :post
+            ({str | send nil?} $_)        # Optional first argument (string path)
+            (hash
+              (pair
+                (sym :params)
+                (hash
+                  (pair (sym :query) _)
+                  (pair (sym :variables) _)? # Optional :variables pair
+                )
+              )
+            )
+          )
+        PATTERN
+
+        def_node_search :rspec_block?, <<~PATTERN
+          (block (send (const nil? :RSpec) {:describe :context :it} ...) ...)
+        PATTERN
+
+        def on_send(node)
+          post_graphql?(node) do |path|
+            handle_post_graphql(node) if graphql_path_allowed?(path)
+          end
+        end
+
+        private
+
+        def graphql_path_allowed?(path)
+          allowed_paths = cop_config['AllowedGraphQLPaths'] || []
+          allowed_paths.include?(path.to_s)
+        end
+
+        def handle_post_graphql(node)
+          return unless within_rspec_block?(node)
+
+          # Check if the method is `post` and it includes `params:`
+          params_pair = node.arguments.find do |arg|
+            arg.hash_type? && arg.pairs.any? { |pair| pair.key.sym_type? && pair.key.value == :params }
+          end
+
+          return unless params_pair
+
+          # Access pairs directly from params_pair
+          params_hash = params_pair.pairs.find { |pair| pair.key.value == :params }.value
+
+          return unless params_hash.hash_type?
+
+          query_pair = params_hash.pairs.find { |p| p.key.value == :query }
+          variables_pair = params_hash.pairs.find { |p| p.key.value == :variables }
+
+          query = query_pair&.value&.source
+          variables = variables_pair&.value&.source
+
+          replacement = cop_config['ReplacePostWith']
+          execute_call = "#{replacement}(query: #{query}"
+          execute_call += ', user: user'
+          execute_call += ", variables: #{variables}" if variables
+          execute_call += ')'
+
+          add_offense(node) do |corrector|
+            corrector.replace(node.loc.expression, execute_call)
+          end
+        end
+
+        def within_rspec_block?(node)
+          node.each_ancestor.any? { |ancestor| rspec_block?(ancestor) }
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/mable/no_warden_in_graph_ql.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Mable
+      # This cop checks for the usage of Warden::Test::Helpers and related
+      # methods within GraphQL specs. It disallows the use of Warden.test_mode!,
+      # login_as, and user.reload.
+      #
+      # @safety
+      #   Unsafe as requires graphql helper method to replace
+      #
+      # @example
+      #   # bad
+      #   Warden.test_mode!
+      #   login_as(user)
+      #   user.reload
+      #   include Warden::Test::Helpers
+      #
+      #   # good
+      #   # Use graphql helper method
+      class NoWardenInGraphQL < Base
+        include RangeHelp
+        extend AutoCorrector
+
+        MSG = 'Do not use `%<method>s` in GraphQL specs. Use graphql helper method instead.'
+
+        RESTRICT_ON_SEND = %i[test_mode! login_as reload].freeze
+        RESTRICT_ON_INCLUDE = %i[Warden::Test::Helpers].freeze
+
+        def_node_search :rspec_describe_graphql?, <<~PATTERN
+          (block
+            (send (const nil? :RSpec) :describe
+              (const { (const nil? {:Graphql :Queries :Mutations}) } _)
+              ...)
+            ...)
+        PATTERN
+
+        def_node_matcher :user_reload?, <<~PATTERN
+          (send
+            (send _ :user) :reload)
+        PATTERN
+
+        def on_send(node)
+          return unless in_graphql?(node) && bad_method?(node)
+
+          method_name = node.method_name
+          add_offense(node, message: format(MSG, method: method_name)) do |corrector|
+            correct_offense(corrector, node)
+          end
+        end
+
+        def on_const(node)
+          return unless in_graphql?(node) && bad_include?(node)
+
+          add_offense(node, message: format(MSG, method: 'include Warden::Test::Helpers')) do |corrector|
+            correct_offense(corrector, node)
+          end
+        end
+
+        private
+
+        def in_graphql?(node)
+          node.each_ancestor(:block).any? do |ancestor|
+            rspec_describe_graphql?(ancestor)
+          end
+        end
+
+        def bad_method?(node)
+          if node.method_name == :reload
+            user_reload?(node)
+          else
+            RESTRICT_ON_SEND.include?(node.method_name)
+          end
+        end
+
+        def bad_include?(node)
+          RESTRICT_ON_INCLUDE.include?(node.const_name.to_sym)
+        end
+
+        def correct_offense(corrector, node)
+          if node.send_type? && bad_method?(node)
+            corrector.remove(range_with_comments_and_lines(node))
+          elsif node.const_type? && node.const_name == 'Warden::Test::Helpers'
+            corrector.remove(range_with_comments_and_lines(node.parent))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/mable_cops.rb

@@ -2,4 +2,6 @@
 
 require_relative 'mable/graph_ql_helper_specs'
 require_relative 'mable/hardcoded_database_factory_bot_id'
+require_relative 'mable/no_post_in_graph_ql'
 require_relative 'mable/no_safety_assured'
+require_relative 'mable/no_warden_in_graph_ql'

data/lib/rubocop/mable/version.rb

@@ -2,6 +2,6 @@
 
 module RuboCop
   module Mable
-    VERSION = '0.1.3'
+    VERSION = '0.1.5'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubocop-mable
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.5
 platform: ruby
 authors:
 - Mable Engineers
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-10-26 00:00:00.000000000 Z
+date: 2024-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
@@ -59,7 +59,9 @@ files:
 - lib/rubocop-mable.rb
 - lib/rubocop/cop/mable/graph_ql_helper_specs.rb
 - lib/rubocop/cop/mable/hardcoded_database_factory_bot_id.rb
+- lib/rubocop/cop/mable/no_post_in_graph_ql.rb
 - lib/rubocop/cop/mable/no_safety_assured.rb
+- lib/rubocop/cop/mable/no_warden_in_graph_ql.rb
 - lib/rubocop/cop/mable_cops.rb
 - lib/rubocop/mable.rb
 - lib/rubocop/mable/inject.rb
@@ -73,7 +75,7 @@ metadata:
   homepage_uri: https://github.com/rubocop-mable
   source_code_uri: https://github.com/bettercaring/rubocop-mable
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -89,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Mable's custom rubocop cops
 test_files: []