Merge pull request #13 from graphql-devise/create-user-confirmation-query

Create user confirmation query

Author: 00dav00

app/graphql/graphql_devise/mutations/sign_up.rb

@@ -16,15 +16,14 @@ def resolve(confirm_success_url: nil, config_name: nil, **attrs)
           if resource.save
             yield resource if block_given?
 
-            if confirmable_enabled?(resource) && !resource.confirmed?
-              # user will require email authentication
+            if requires_confirmation?(resource)
               resource.send_confirmation_instructions(
                 client_config: config_name,
                 redirect_url:  confirm_success_url
               )
             end
 
-            set_auth_headers(resource) if active_for_authentication?(resource)
+            set_auth_headers(resource) if resource.active_for_authentication?
 
             { authenticable: resource }
           else
@@ -45,8 +44,8 @@ def confirmable_enabled?(resource)
         resource.respond_to?(:confirmed_at)
       end
 
-      def active_for_authentication?(resource)
-        resource.active_for_authentication?
+      def requires_confirmation?(resource)
+        resource.active_for_authentication? || !resource.confirmed?
       end
 
       def provider

app/graphql/graphql_devise/resolvers/base.rb

@@ -0,0 +1,53 @@
+require 'devise_token_auth/version'
+
+module GraphqlDevise
+  module Resolvers
+    class Base < GraphQL::Schema::Resolver
+      private
+
+      def raise_user_error(message)
+        raise GraphqlDevise::UserError, message
+      end
+
+      def raise_user_error_list(message, errors:)
+        raise GraphqlDevise::DetailedUserError.new(message, errors: errors)
+      end
+
+      def request
+        controller.request
+      end
+
+      def response
+        controller.response
+      end
+
+      def controller
+        context[:controller]
+      end
+
+      def resource_class
+        context[:resource_class]
+      end
+
+      def confirmable_enabled?
+        resource_class.devise_modules.include?(:confirmable)
+      end
+
+      def recoverable_enabled?
+        resource_class.devise_modules.include?(:recoverable)
+      end
+
+      def current_resource
+        context[:current_resource]
+      end
+
+      def client
+        if Gem::Version.new(DeviseTokenAuth::VERSION) <= Gem::Version.new('1.1.0')
+          controller.client_id
+        else
+          controller.token.client if controller.token.present?
+        end
+      end
+    end
+  end
+end

app/graphql/graphql_devise/resolvers/confirm_account.rb

@@ -0,0 +1,58 @@
+module GraphqlDevise
+  module Resolvers
+    class ConfirmAccount < Base
+      argument :confirmation_token, String, required: true
+      argument :redirect_url,       String, required: true
+
+      def resolve(confirmation_token:, redirect_url:)
+        resource = resource_class.confirm_by_token(confirmation_token)
+
+        if resource.errors.empty?
+          yield resource if block_given?
+
+          redirect_header_options = { account_confirmation_success: true }
+
+          redirect_to_link = if controller.signed_in?(resource_name)
+            signed_in_resource.build_auth_url(
+              redirect_url,
+              redirect_headers(
+                token_and_client(controller.signed_in_resource.create_token),
+                redirect_header_options
+              )
+            )
+          else
+            DeviseTokenAuth::Url.generate(redirect_url, redirect_header_options)
+          end
+
+          controller.redirect_to(redirect_to_link)
+          { authenticable: resource }
+        else
+          raise_user_error(I18n.t('graphql_devise.confirmations.invalid_token'))
+        end
+      end
+
+      private
+
+      def resource_name
+        resource_class.to_s.underscore.tr('/', '_')
+      end
+
+      def redirect_headers(token_info, options)
+        controller.send(
+          :build_redirect_headers,
+          token_info.fetch(:token),
+          token_info.fetch(:client_id),
+          options
+        )
+      end
+
+      def client_and_token(token)
+        if Gem::Version.new(DeviseTokenAuth::VERSION) <= Gem::Version.new('1.1.0')
+          { client_id: token.first, token: token.last }
+        else
+          { client_id: token.client, token: token.token }
+        end
+      end
+    end
+  end
+end

app/helpers/graphql_devise/mailer_helper.rb

@@ -1,15 +1,15 @@
 module GraphqlDevise
   module MailerHelper
-    def confirmation_query(token:, config:, redirect_url:)
+    def confirmation_query(resource_name)
+      name = "#{resource_name.camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
-        confirmAccount($token:ID!,$clientConfig:String,redirect:String!){
-          userConfirmAccount(token:$token,clientConfig:$clientConfig,redirect:$redirect
-            ){
-            success,errors
+        query($token:String!,$redirect:String!){
+          #{name}(confirmationToken:$token,redirectUrl:$redirect){
+            email
           }
-        }&variables={token:"#{token}",clientConfig:"#{config}",redirect:"#{redirect_url}"}
+        }
       GRAPHQL
-      ERB::Util.url_encode(raw.gsub("\n", '').gsub(' ', ''))
+      raw.delete("\n").delete(' ')
     end
   end
 end

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p><%= t '.confirm_link_msg' %> </p>
 
-<p><%= link_to t('.confirm_account_link'), api_v1_graphql_auth_url, query: confirmation_query(token: @token, config: message['client-config'].to_s, redirect_url: message['redirect-url']).html_safe %></p>
+<p><%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, query: confirmation_query(@resource.class.to_s).html_safe, variables: {token: @token, redirect: message['redirect-url']}) %></p>

config/locales/en.yml

@@ -13,6 +13,8 @@ en:
     sessions:
       bad_credentials: "Invalid login credentials. Please try again."
       not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
+    confirmations:
+      invalid_token: "Invalid confirmation token. Please try again"
     mailer:
       unlock_instructions:
         account_lock_msg: "Your account has been locked due to an excessive number of unsuccessful sign in attempts."

lib/graphql_devise/rails/routes.rb

@@ -2,6 +2,7 @@ module ActionDispatch::Routing
   class Mapper
     def mount_graphql_devise_for(resource, opts = {})
       mutation_options = opts[:mutations] || {}
+      query_options    = opts[:queries] || {}
 
       path         = opts.fetch(:at, '/')
       mapping_name = resource.underscore.tr('/', '_')
@@ -38,6 +39,24 @@ def mount_graphql_devise_for(resource, opts = {})
         GraphqlDevise::Types::MutationType.field("#{mapping_name}_#{action}", mutation: used_mutation)
       end
 
+      default_queries = {
+        confirm_account: GraphqlDevise::Resolvers::ConfirmAccount
+      }
+
+      default_queries.each do |action, query|
+        used_query = if query_options[action].present?
+          query_options[action]
+        else
+          new_query = Class.new(query)
+          new_query.graphql_name("#{resource}#{action.to_s.camelize(:upper)}")
+          new_query.type(authenticable_type, null: true)
+
+          new_query
+        end
+
+        GraphqlDevise::Types::QueryType.field("#{mapping_name}_#{action}", resolver: used_query)
+      end
+
       Devise.mailer.send(:add_template_helper, GraphqlDevise::MailerHelper)
 
       devise_scope mapping_name.to_sym do

spec/requests/mutations/sign_up_spec.rb

@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-RSpec.describe '' do
+RSpec.describe 'Sign Up process' do
   include_context 'with graphql query request'
 
   let(:name)     { Faker::Name.name }
@@ -34,6 +34,7 @@
       )
 
       user = User.last
+
       expect(user).not_to be_active_for_authentication
       expect(user.confirmed_at).to be_nil
       expect(user.valid_password?(password)).to be_truthy
@@ -44,9 +45,13 @@
         }
       )
 
-      email = ActionMailer::Base.deliveries.last
-      query = ERB::Util.url_encode("confirmAccount($token:ID!,$clientConfig:String,redirect:String!){userConfirmAccount(token:$token,clientConfig:$clientConfig,redirect:$redirect){success,errors}}&variables={token:\"#{user.confirmation_token}\",clientConfig:\"default\",redirect:\"#{redirect}\"}").html_safe
-      expect(email.body.encoded).to match(/query="#{query}"/)
+      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+      link  = email.css('a').first
+
+      expect do
+        get link['href']
+        user.reload
+      end.to change { user.active_for_authentication? }.to(true)
     end
   end
 

spec/requests/queries/confirm_account_spec.rb

@@ -0,0 +1,56 @@
+require 'rails_helper'
+
+RSpec.describe 'Account confirmation' do
+  include_context 'with graphql query request'
+
+  let(:user)     { create(:user, confirmed_at: nil) }
+  let(:redirect) { Faker::Internet.url }
+  let(:query) do
+    <<-GRAPHQL
+      {
+        userConfirmAccount(
+          confirmationToken: "#{token}"
+          redirectUrl:       "#{redirect}"
+        ) {
+          email
+          name
+        }
+      }
+    GRAPHQL
+  end
+
+  context 'when confirmation token is correct' do
+    let(:token) { user.confirmation_token }
+
+    before { user.send_confirmation_instructions }
+
+    it 'confirms the resource and redirects to the sent url' do
+      expect do
+        get_request
+        user.reload
+      end.to(change(user, :confirmed_at).from(nil))
+
+      expect(response).to redirect_to "#{redirect}?account_confirmation_success=true"
+      expect(user).to be_active_for_authentication
+    end
+  end
+
+  context 'when reset password token is not found' do
+    let(:token) { "#{user.confirmation_token}-invalid" }
+
+    it 'does *NOT* confirm the user nor does the redirection' do
+      expect do
+        get_request
+        user.reload
+      end.not_to(change(user, :confirmed_at).from(nil))
+
+      expect(response).not_to be_redirect
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message: 'Invalid confirmation token. Please try again',
+          extensions: { code: 'USER_ERROR' }
+        )
+      )
+    end
+  end
+end