Merge pull request #176 from graphql-devise/deprecate-schema-level-authentication

mcelicalderon · web-flow · commit 7c8f71651a95 · 2021-05-08T11:34:38.000-05:00
Deprecate authenticating resources inside the GQL schema
diff --git a/app/controllers/graphql_devise/concerns/additional_controller_methods.rb b/app/controllers/graphql_devise/concerns/additional_controller_methods.rb
@@ -41,6 +41,17 @@ def set_resource_by_token(resource)
       end
 
       def graphql_context(resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          `graphql_context` is deprecated and will be removed in a future version of this gem.
+           Use `gql_devise_context(models)` instead.
+
+           EXAMPLE
+           include GraphqlDevise::Concerns::SetUserByToken
+
+           DummySchema.execute(params[:query], context: gql_devise_context(User))
+           DummySchema.execute(params[:query], context: gql_devise_context([User, Admin]))
+        DEPRECATION
+
         {
           resource_name: resource_name,
           controller:    self
diff --git a/lib/generators/graphql_devise/install_generator.rb b/lib/generators/graphql_devise/install_generator.rb
@@ -83,7 +83,7 @@ def mount_in_schema
     query:            Types::QueryType,
     mutation:         Types::MutationType,
     resource_loaders: [
-      GraphqlDevise::ResourceLoader.new('#{user_class}'),
+      GraphqlDevise::ResourceLoader.new(#{user_class})
     ]
   )
 RUBY
diff --git a/lib/graphql_devise.rb b/lib/graphql_devise.rb
@@ -33,7 +33,7 @@ def self.add_mapping(mapping_name, resource)
 
     Devise.add_mapping(
       mapping_name.to_s.pluralize.to_sym,
-      module: :devise, class_name: resource
+      module: :devise, class_name: resource.to_s
     )
   end
 
diff --git a/lib/graphql_devise/resource_loader.rb b/lib/graphql_devise/resource_loader.rb
@@ -13,7 +13,21 @@ def call(query, mutation)
       # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
       clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!
 
-      model = @resource.is_a?(String) ? @resource.constantize : @resource
+      model = if @resource.is_a?(String)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing a String as the model you want to mount is deprecated and will be removed in a future version of
+          this gem. Please use the actual model constant instead.
+
+          EXAMPLE
+
+          GraphqlDevise::ResourceLoader.new(User) # instead of GraphqlDevise::ResourceLoader.new('User')
+
+          mount_graphql_devise_for User # instead of mount_graphql_devise_for 'User'
+        DEPRECATION
+        @resource.constantize
+      else
+        @resource
+      end
 
       # Necesary when mounting a resource via route file as Devise forces the reloading of routes
       return clean_options if GraphqlDevise.resource_mounted?(model) && @routing
diff --git a/lib/graphql_devise/schema_plugin.rb b/lib/graphql_devise/schema_plugin.rb
@@ -30,6 +30,20 @@ def trace(event, trace_data)
       auth_required = authenticate_option(field, trace_data)
       context       = context_from_data(trace_data)
 
+      if context.key?(:resource_name)
+        ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Providing `resource_name` as part of the GQL context, or doing so by using the `graphql_context(resource_name)`
+          method on your controller is deprecated and will be removed in a future version of this gem.
+          Please use `gql_devise_context` in you controller instead.
+
+          EXAMPLE
+          include GraphqlDevise::Concerns::SetUserByToken
+
+          DummySchema.execute(params[:query], context: gql_devise_context(User))
+          DummySchema.execute(params[:query], context: gql_devise_context([User, Admin]))
+        DEPRECATION
+      end
+
       if auth_required && !(public_introspection && introspection_field?(field))
         context = set_current_resource(context)
         raise_on_missing_resource(context, field)
diff --git a/spec/generators/graphql_devise/install_generator_spec.rb b/spec/generators/graphql_devise/install_generator_spec.rb
@@ -33,7 +33,7 @@
 
       assert_file 'app/controllers/application_controller.rb', /^\s{2}include GraphqlDevise::Concerns::SetUserByToken/
 
-      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new('Admin')")}/
+      assert_file 'app/graphql/gqld_dummy_schema.rb', /\s+#{Regexp.escape("GraphqlDevise::ResourceLoader.new(Admin)")}/
     end
   end
 

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ def mount_in_schema`
`83`	`83`	`query: Types::QueryType,`
`84`	`84`	`mutation: Types::MutationType,`
`85`	`85`	`resource_loaders: [`
`86`		`- GraphqlDevise::ResourceLoader.new('#{user_class}'),`
	`86`	`+ GraphqlDevise::ResourceLoader.new(#{user_class})`
`87`	`87`	`]`
`88`	`88`	`)`
`89`	`89`	`RUBY`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ def self.add_mapping(mapping_name, resource)`
`33`	`33`
`34`	`34`	`Devise.add_mapping(`
`35`	`35`	`mapping_name.to_s.pluralize.to_sym,`
`36`		`- module: :devise, class_name: resource`
	`36`	`+ module: :devise, class_name: resource.to_s`
`37`	`37`	`)`
`38`	`38`	`end`
`39`	`39`