Merge pull request #9 from graphql-devise/update-password-mutation

Update password mutation

Author: mcelicalderon

Appraisals

@@ -7,7 +7,7 @@ end
 appraise 'rails5.0-graphql1.8' do
   gem 'rails', github: 'rails/rails', branch: '5-0-stable'
   gem 'graphql', '~> 1.8.0'
-  gem 'devise_token_auth', '0.1.37'
+  gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.0'
 end
 
@@ -19,7 +19,7 @@ end
 appraise 'rails5.1-graphql1.8' do
   gem 'rails', github: 'rails/rails', branch: '5-1-stable'
   gem 'graphql', '~> 1.8.0'
-  gem 'devise_token_auth', '0.1.42'
+  gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.3'
 end
 

app/graphql/graphql_devise/mutations/base.rb

@@ -9,6 +9,10 @@ def raise_user_error(message)
         raise GraphqlDevise::UserError, message
       end
 
+      def raise_user_error_list(message, errors:)
+        raise GraphqlDevise::DetailedUserError.new(message, errors: errors)
+      end
+
       def remove_resource
         controller.resource = nil
         controller.client_id = nil
@@ -31,6 +35,10 @@ def resource_class
         context[:resource_class]
       end
 
+      def recoverable_enabled?
+        resource_class.devise_modules.include?(:recoverable)
+      end
+
       def current_resource
         context[:current_resource]
       end

app/graphql/graphql_devise/mutations/login.rb

@@ -17,7 +17,7 @@ def resolve(email:, password:)
 
           yield resource if block_given?
 
-          { success: true, authenticable: resource, errors: [] }
+          { authenticable: resource}
         elsif resource && !active_for_authentication?(resource)
           if locked?(resource)
             raise_user_error(I18n.t('graphql_devise.mailer.unlock_instructions.account_lock_msg'))

app/graphql/graphql_devise/mutations/update_password.rb

@@ -0,0 +1,44 @@
+module GraphqlDevise
+  module Mutations
+    class UpdatePassword < Base
+      argument :password,              String, required: true
+      argument :password_confirmation, String, required: true
+      argument :current_password,      String, required: false
+
+      def resolve(current_password: nil, **attrs)
+        if current_resource.blank?
+          raise_user_error(I18n.t('graphql_devise.not_authenticated'))
+        elsif current_resource.provider != 'email'
+          raise_user_error(
+            I18n.t('graphql_devise.passwords.password_not_required', provider: current_resource.provider.humanize)
+          )
+        end
+
+        if update_resource_password(current_password, attrs)
+          current_resource.allow_password_change = false if recoverable_enabled?
+          current_resource.save!
+
+          yield current_resource if block_given?
+
+          { authenticable: current_resource }
+        else
+          raise_user_error_list(
+            I18n.t('graphql_devise.passwords.update_password_error'),
+            errors: current_resource.errors.full_messages
+          )
+        end
+      end
+
+      private
+
+      def update_resource_password(current_password, attrs)
+        allow_password_change = recoverable_enabled? && current_resource.allow_password_change == true
+        if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
+          current_resource.public_send(:update, attrs)
+        else
+          current_resource.public_send(:update_with_password, attrs.merge(current_password: current_password))
+        end
+      end
+    end
+  end
+end

config/locales/en.yml

@@ -1,6 +1,11 @@
 en:
   graphql_devise:
+    not_authenticated: "User is not logged in."
     user_not_found: "User was not found or was not logged in."
+    passwords:
+      update_password_error: "Unable to update user password"
+      missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
+      password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
     sessions:
       bad_credentials: "Invalid login credentials. Please try again."
       not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"

gemfiles/rails5.0_graphql1.8.gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gem "rails", github: "rails/rails", branch: "5-0-stable"
 gem "graphql", "~> 1.8.0"
-gem "devise_token_auth", "0.1.37"
+gem "devise_token_auth", "0.1.43"
 gem "devise", ">= 4.0"
 
 gemspec path: "../"

gemfiles/rails5.1_graphql1.8.gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gem "rails", github: "rails/rails", branch: "5-1-stable"
 gem "graphql", "~> 1.8.0"
-gem "devise_token_auth", "0.1.42"
+gem "devise_token_auth", "0.1.43"
 gem "devise", ">= 4.3"
 
 gemspec path: "../"

graphql_devise.gemspec

@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_dependency 'devise_token_auth', '>= 0.1.37'
+  spec.add_dependency 'devise_token_auth', '>= 0.1.43'
   spec.add_dependency 'graphql', '>= 1.8'
   spec.add_dependency 'rails', '>= 4.2'
 

lib/graphql_devise.rb

@@ -3,9 +3,10 @@
 require 'devise_token_auth'
 require 'graphql'
 require 'graphql_devise/version'
+require 'graphql_devise/error_codes'
+require 'graphql_devise/user_error'
+require 'graphql_devise/detailed_user_error'
 
 module GraphqlDevise
   class Error < StandardError; end
 end
-
-require 'graphql_devise/user_error'

lib/graphql_devise/detailed_user_error.rb

@@ -0,0 +1,14 @@
+module GraphqlDevise
+  class DetailedUserError < GraphQL::ExecutionError
+    def initialize(message, errors:)
+      @message = message
+      @errors  = errors
+
+      super(message)
+    end
+
+    def to_h
+      super.merge(extensions: { code: ERROR_CODES.fetch(:user_error), detailed_errors: @errors })
+    end
+  end
+end