Support skipping operations when mounting routes

Author: mcelicalderon

lib/graphql_devise/rails/routes.rb

@@ -1,7 +1,25 @@
 module ActionDispatch::Routing
   class Mapper
     def mount_graphql_devise_for(resource, opts = {})
-      custom_operations = opts[:operations] || {}
+      custom_operations  = opts[:operations] || {}
+      skipped_operations = opts.fetch(:skip, [])
+
+      default_mutations = {
+        login:               GraphqlDevise::Mutations::Login,
+        logout:              GraphqlDevise::Mutations::Logout,
+        sign_up:             GraphqlDevise::Mutations::SignUp,
+        update_password:     GraphqlDevise::Mutations::UpdatePassword,
+        send_reset_password: GraphqlDevise::Mutations::SendPasswordReset
+      }.freeze
+      default_queries = {
+        confirm_account:      GraphqlDevise::Resolvers::ConfirmAccount,
+        check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
+      }
+      supported_operations = default_mutations.keys + default_queries.keys
+
+      unless skipped_operations.all? { |skipped| supported_operations.include?(skipped) }
+        raise GraphqlDevise::Error, 'Trying to skip a non supported operation. Check for typos.'
+      end
 
       path         = opts.fetch(:at, '/graphql_auth')
       mapping_name = resource.underscore.tr('/', '_').to_sym
@@ -16,15 +34,7 @@ def mount_graphql_devise_for(resource, opts = {})
                            "Types::#{resource}Type".safe_constantize ||
                            GraphqlDevise::Types::AuthenticableType
 
-      default_mutations = {
-        login:               GraphqlDevise::Mutations::Login,
-        logout:              GraphqlDevise::Mutations::Logout,
-        sign_up:             GraphqlDevise::Mutations::SignUp,
-        update_password:     GraphqlDevise::Mutations::UpdatePassword,
-        send_reset_password: GraphqlDevise::Mutations::SendPasswordReset
-      }.freeze
-
-      default_mutations.each do |action, mutation|
+      default_mutations.except(*skipped_operations).each do |action, mutation|
         used_mutation = if custom_operations[action].present?
           custom_operations[action]
         else
@@ -39,12 +49,7 @@ def mount_graphql_devise_for(resource, opts = {})
         GraphqlDevise::Types::MutationType.field("#{mapping_name}_#{action}", mutation: used_mutation)
       end
 
-      default_queries = {
-        confirm_account:      GraphqlDevise::Resolvers::ConfirmAccount,
-        check_password_token: GraphqlDevise::Resolvers::CheckPasswordToken
-      }
-
-      default_queries.each do |action, query|
+      default_queries.except(*skipped_operations).each do |action, query|
         used_query = if custom_operations[action].present?
           custom_operations[action]
         else

spec/dummy/config/routes.rb

@@ -7,6 +7,7 @@
   mount_graphql_devise_for(
     'Admin',
     authenticable_type: Types::CustomAdminType,
+    skip:               [:sign_up, :check_password_token],
     at:                 '/api/v1/admin/graphql_auth'
   )
 

spec/requests/mutations/sign_up_spec.rb

@@ -7,69 +7,99 @@
   let(:password) { Faker::Internet.password }
   let(:email)    { Faker::Internet.email }
   let(:redirect) { Faker::Internet.url }
-  let(:query) do
-    <<-GRAPHQL
-      mutation {
-        userSignUp(
-          email:                "#{email}"
-          name:                 "#{name}"
-          password:             "#{password}"
-          passwordConfirmation: "#{password}"
-          confirmSuccessUrl:    "#{redirect}"
-        ) {
-          user {
-            email
-            name
+
+  context 'when using the user model' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          userSignUp(
+            email:                "#{email}"
+            name:                 "#{name}"
+            password:             "#{password}"
+            passwordConfirmation: "#{password}"
+            confirmSuccessUrl:    "#{redirect}"
+          ) {
+            user {
+              email
+              name
+            }
           }
         }
-      }
-    GRAPHQL
-  end
+      GRAPHQL
+    end
 
-  context 'when params are correct' do
-    it 'creates a new resource that requires confirmation' do
-      expect { post_request }.to(
-        change(User, :count).by(1)
-        .and(change(ActionMailer::Base.deliveries, :count).by(1))
-      )
+    context 'when params are correct' do
+      it 'creates a new resource that requires confirmation' do
+        expect { post_request }.to(
+          change(User, :count).by(1)
+          .and(change(ActionMailer::Base.deliveries, :count).by(1))
+        )
 
-      user = User.last
+        user = User.last
 
-      expect(user).not_to be_active_for_authentication
-      expect(user.confirmed_at).to be_nil
-      expect(user.valid_password?(password)).to be_truthy
-      expect(json_response[:data][:userSignUp]).to include(
-        user: {
-          email: email,
-          name:  name
-        }
-      )
+        expect(user).not_to be_active_for_authentication
+        expect(user.confirmed_at).to be_nil
+        expect(user).to be_valid_password(password)
+        expect(json_response[:data][:userSignUp]).to include(
+          user: {
+            email: email,
+            name:  name
+          }
+        )
 
-      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
-      link  = email.css('a').first
+        email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+        link  = email.css('a').first
 
-      expect do
-        get link['href']
-        user.reload
-      end.to change { user.active_for_authentication? }.to(true)
+        expect do
+          get link['href']
+          user.reload
+        end.to change { user.active_for_authentication? }.to(true)
+      end
     end
-  end
 
-  context 'when required params are missing' do
-    let(:email) { '' }
+    context 'when required params are missing' do
+      let(:email) { '' }
 
-    it 'does *NOT* create resource a resource nor send an email' do
-      expect { post_request }.to(
-        not_change(User, :count)
-        .and(not_change(ActionMailer::Base.deliveries, :count))
-      )
+      it 'does *NOT* create resource a resource nor send an email' do
+        expect { post_request }.to(
+          not_change(User, :count)
+          .and(not_change(ActionMailer::Base.deliveries, :count))
+        )
 
-      expect(json_response[:data][:userSignUp]).to be_nil
-      expect(json_response[:errors]).to containing_exactly(
-        hash_including(
-          message: "User couldn't be registered",
-          extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
+        expect(json_response[:data][:userSignUp]).to be_nil
+        expect(json_response[:errors]).to containing_exactly(
+          hash_including(
+            message:    "User couldn't be registered",
+            extensions: { code: 'USER_ERROR', detailed_errors: ["Email can't be blank"] }
+          )
         )
+      end
+    end
+  end
+
+  context 'when using the admin model' do
+    let(:query) do
+      <<-GRAPHQL
+        mutation {
+          adminSignUp(
+            email:                "#{email}"
+            password:             "#{password}"
+            passwordConfirmation: "#{password}"
+            confirmSuccessUrl:    "#{redirect}"
+          ) {
+            authenticable {
+              email
+            }
+          }
+        }
+      GRAPHQL
+    end
+
+    before { post_request }
+
+    it 'skips the sign up mutation' do
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: "Field 'adminSignUp' doesn't exist on type 'Mutation'")
       )
     end
   end

spec/requests/queries/check_password_token_spec.rb

@@ -5,76 +5,103 @@
 
   let(:user)         { create(:user, :confirmed) }
   let(:redirect_url) { 'https://google.com' }
-  let(:query) do
-    <<-GRAPHQL
-      query {
-        userCheckPasswordToken(
-          resetPasswordToken: "#{token}",
-          redirectUrl: "#{redirect_url}"
-        ) {
-          email
+
+  context 'when using the user model' do
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          userCheckPasswordToken(
+            resetPasswordToken: "#{token}",
+            redirectUrl: "#{redirect_url}"
+          ) {
+            email
+          }
         }
-      }
-    GRAPHQL
-  end
+      GRAPHQL
+    end
 
-  context 'when reset password token is valid' do
-    let(:token) { user.send(:set_reset_password_token) }
+    context 'when reset password token is valid' do
+      let(:token) { user.send(:set_reset_password_token) }
 
-    context 'when redirect_url is not provided' do
-      let(:redirect_url) { nil }
+      context 'when redirect_url is not provided' do
+        let(:redirect_url) { nil }
 
-      it 'returns authenticable and credentials in the headers' do
-        get_request
+        it 'returns authenticable and credentials in the headers' do
+          get_request
 
-        expect(response).to include_auth_headers
-        expect(json_response[:data][:userCheckPasswordToken]).to match(
-          email: user.email
-        )
+          expect(response).to include_auth_headers
+          expect(json_response[:data][:userCheckPasswordToken]).to match(
+            email: user.email
+          )
+        end
       end
-    end
 
-    context 'when redirect url is provided' do
-      it 'redirects to redirect url' do
-        expect do
-          get_request
+      context 'when redirect url is provided' do
+        it 'redirects to redirect url' do
+          expect do
+            get_request
 
-          user.reload
-        end.to change { user.tokens.keys.count }.from(0).to(1).and(
-          change(user, :allow_password_change).from(false).to(true)
-        )
+            user.reload
+          end.to change { user.tokens.keys.count }.from(0).to(1).and(
+            change(user, :allow_password_change).from(false).to(true)
+          )
 
-        expect(response).to      redirect_to %r{\Ahttps://google.com}
-        expect(response.body).to include("client=#{user.reload.tokens.keys.first}")
-        expect(response.body).to include('access-token=')
-        expect(response.body).to include('uid=')
-        expect(response.body).to include('expiry=')
+          expect(response).to      redirect_to %r{\Ahttps://google.com}
+          expect(response.body).to include("client=#{user.reload.tokens.keys.first}")
+          expect(response.body).to include('access-token=')
+          expect(response.body).to include('uid=')
+          expect(response.body).to include('expiry=')
+        end
       end
-    end
 
-    context 'when token has expired' do
-      it 'returns an expired token error' do
-        travel_to 10.hours.ago do
-          token
+      context 'when token has expired' do
+        it 'returns an expired token error' do
+          travel_to 10.hours.ago do
+            token
+          end
+
+          get_request
+
+          expect(json_response[:errors]).to contain_exactly(
+            hash_including(message: 'Reset password token is no longer valid.', extensions: { code: 'USER_ERROR' })
+          )
         end
+      end
+    end
+
+    context 'when reset password token is not found' do
+      let(:token) { user.send(:set_reset_password_token) + 'invalid' }
 
+      it 'redirects to redirect url' do
         get_request
 
         expect(json_response[:errors]).to contain_exactly(
-          hash_including(message: 'Reset password token is no longer valid.', extensions: { code: 'USER_ERROR' })
+          hash_including(message: 'No user found for the specified reset token.', extensions: { code: 'USER_ERROR' })
         )
       end
     end
   end
 
-  context 'when reset password token is not found' do
-    let(:token) { user.send(:set_reset_password_token) + 'invalid' }
+  context 'when using the admin model' do
+    let(:token) { 'not_important' }
+    let(:query) do
+      <<-GRAPHQL
+        query {
+          adminCheckPasswordToken(
+            resetPasswordToken: "#{token}",
+            redirectUrl: "#{redirect_url}"
+          ) {
+            email
+          }
+        }
+      GRAPHQL
+    end
 
-    it 'redirects to redirect url' do
-      get_request
+    before { post_request }
 
+    it 'skips the sign up mutation' do
       expect(json_response[:errors]).to contain_exactly(
-        hash_including(message: 'No user found for the specified reset token.', extensions: { code: 'USER_ERROR' })
+        hash_including(message: "Field 'adminCheckPasswordToken' doesn't exist on type 'Query'")
       )
     end
   end