Allow update_with_email to use new reconfirmation flow

Author: mcelicalderon

app/views/graphql_devise/mailer/confirmation_instructions.html.erb

@@ -6,6 +6,6 @@
   <% if message['schema_url'].present? %>
     <%= link_to t('.confirm_account_link'), "#{message['schema_url']}?#{confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token).to_query}" %>
   <% else %>
-    <%= link_to t('.confirm_account_link'), "#{message['redirect-url'].to_s}?#{{ confirmationToken: @token }.to_query}" %>
+    <%= link_to t('.confirm_account_link'), "#{CGI.escape(message['redirect-url'].to_s)}?#{{ confirmationToken: @token }.to_query}" %>
   <% end %>
 </p>

lib/graphql_devise/model/with_email_updater.rb

@@ -9,7 +9,7 @@ def initialize(resource, attributes)
       end
 
       def call
-        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url)
+        resource_attributes = @attributes.except(:schema_url, :confirmation_success_url, :confirmation_url)
         return @resource.update(resource_attributes) unless requires_reconfirmation?(resource_attributes)
 
         @resource.assign_attributes(resource_attributes)
@@ -27,16 +27,27 @@ def call
         else
           raise(
             GraphqlDevise::Error,
-            'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
+            'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
           )
         end
       end
 
       private
 
       def required_reconfirm_attributes?
-        @attributes[:schema_url].present? &&
-          (@attributes[:confirmation_success_url].present? || DeviseTokenAuth.default_confirm_success_url.present?)
+        if @attributes[:schema_url].present?
+          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+            Providing `schema_url` and `confirmation_success_url` to `update_with_email` is deprecated and will be
+            removed in a future version of this gem.
+
+            Now you must only provide `confirmation_url` and the email will contain the new format of the confirmation
+            url that needs to be used with the new `confirmAccountWithToken` on the client application.
+          DEPRECATION
+
+          [@attributes[:confirmation_success_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        else
+          [@attributes[:confirmation_url], DeviseTokenAuth.default_confirm_success_url].any?(&:present?)
+        end
       end
 
       def requires_reconfirmation?(resource_attributes)
@@ -60,13 +71,22 @@ def email_in_database
         end
       end
 
+      def confirmation_method_params
+        if @attributes[:schema_url].present?
+          {
+            redirect_url: @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
+            schema_url:   @attributes[:schema_url]
+          }
+        else
+          { redirect_url:  @attributes[:confirmation_url] || DeviseTokenAuth.default_confirm_success_url, }
+        end
+      end
+
       def send_confirmation_instructions(saved)
         return unless saved
 
         @resource.send_confirmation_instructions(
-          redirect_url:  @attributes[:confirmation_success_url] || DeviseTokenAuth.default_confirm_success_url,
-          template_path: ['graphql_devise/mailer'],
-          schema_url:    @attributes[:schema_url]
+          confirmation_method_params.merge(template_path: ['graphql_devise/mailer'])
         )
       end
     end

spec/graphql_devise/model/with_email_updater_spec.rb

@@ -4,6 +4,57 @@
 
 RSpec.describe GraphqlDevise::Model::WithEmailUpdater do
   describe '#call' do
+    shared_examples 'all required arguments are provided' do |base_attributes|
+      let(:attributes) { base_attributes.merge(email: 'new@gmail.com', name: 'Updated Name') }
+
+      it 'postpones email update' do
+        expect do
+          updater
+          resource.reload
+        end.to not_change(resource, :email).from(resource.email).and(
+          not_change(resource, :uid).from(resource.uid)
+        ).and(
+          change(resource, :unconfirmed_email).from(nil).to('new@gmail.com')
+        ).and(
+          change(resource, :name).from(resource.name).to('Updated Name')
+        )
+      end
+
+      it 'sends out a confirmation email to the unconfirmed_email' do
+        expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+        email = ActionMailer::Base.deliveries.first
+        expect(email.to).to contain_exactly('new@gmail.com')
+      end
+
+      context 'when email value is the same on the DB' do
+        let(:attributes) { base_attributes.merge(email: resource.email, name: 'changed') }
+
+        it 'updates attributes and does not send confirmation email' do
+          expect do
+            updater
+            resource.reload
+          end.to change(resource, :name).from(resource.name).to('changed').and(
+            not_change(resource, :email).from(resource.email)
+          ).and(
+            not_change(ActionMailer::Base.deliveries, :count).from(0)
+          )
+        end
+      end
+
+      context 'when provided params are invalid' do
+        let(:attributes) { base_attributes.merge(email: 'newgmail.com', name: '') }
+
+        it 'returns false and adds errors to the model' do
+          expect(updater).to be_falsey
+          expect(resource.errors.full_messages).to contain_exactly(
+            'Email is not an email',
+            "Name can't be blank"
+          )
+        end
+      end
+    end
+
     subject(:updater) { described_class.new(resource, attributes).call }
 
     context 'when the model does not have an unconfirmed_email column' do
@@ -38,90 +89,64 @@
       end
 
       context 'when attributes contain email' do
-        context 'when schema_url is missing' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name' } }
-
-          it 'raises an error' do
-            expect { updater }.to raise_error(
-              GraphqlDevise::Error,
-              'Method `update_with_email` requires attributes `confirmation_success_url` and `schema_url` for email reconfirmation to work'
-            )
-          end
+        context 'when confirmation_success_url is used' do
+          it_behaves_like 'all required arguments are provided', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com'
 
-          context 'when email will not change' do
-            let(:attributes) { { email: resource.email, name: 'changed' } }
-
-            it 'updates name and does not raise an error' do
-              expect do
-                updater
-                resource.reload
-              end.to change(resource, :name).from(resource.name).to('changed').and(
-                not_change(resource, :email).from(resource.email)
-              ).and(
-                not_change(ActionMailer::Base.deliveries, :count).from(0)
-              )
-            end
-          end
-        end
+          context 'when confirmation_success_url is missing and no default is set' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
 
-        context 'when only confirmation_success_url is missing' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
+            before { allow(DeviseTokenAuth).to receive(:default_confirm_success_url).and_return(nil) }
 
-          it 'uses DTA default_confirm_success_url on the email' do
-            expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+            it 'raises an error' do
+              expect { updater }.to raise_error(
+                GraphqlDevise::Error,
+                'Method `update_with_email` requires attribute `confirmation_url` for email reconfirmation to work'
+              )
+            end
 
-            email = ActionMailer::Base.deliveries.first
-            expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+            context 'when email will not change' do
+              let(:attributes) { { email: resource.email, name: 'changed', confirmation_success_url: 'https://google.com' } }
+
+              it 'updates name and does not raise an error' do
+                expect do
+                  updater
+                  resource.reload
+                end.to change(resource, :name).from(resource.name).to('changed').and(
+                  not_change(resource, :email).from(resource.email)
+                ).and(
+                  not_change(ActionMailer::Base.deliveries, :count).from(0)
+                )
+              end
+            end
           end
         end
 
-        context 'when both required urls are provided' do
-          let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
-
-          it 'postpones email update' do
-            expect do
-              updater
-              resource.reload
-            end.to not_change(resource, :email).from(resource.email).and(
-              not_change(resource, :uid).from(resource.uid)
-            ).and(
-              change(resource, :unconfirmed_email).from(nil).to('new@gmail.com')
-            ).and(
-              change(resource, :name).from(resource.name).to('Updated Name')
-            )
-          end
+        context 'when confirm_url is used' do
+          it_behaves_like 'all required arguments are provided', confirmation_url: 'https://google.com'
+        end
 
-          it 'sends out a confirmation email to the unconfirmed_email' do
-            expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+        context 'when no confirmation url is provided is provided' do
+          context 'when schema_url is provided' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name', schema_url: 'http://localhost/test' } }
 
-            email = ActionMailer::Base.deliveries.first
-            expect(email.to).to contain_exactly('new@gmail.com')
-          end
+            it 'uses DTA default_confirm_success_url on the email with redirect flow' do
+              expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
 
-          context 'when email value is the same on the DB' do
-            let(:attributes) { { email: resource.email, name: 'changed', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
-
-            it 'updates attributes and does not send confirmation email' do
-              expect do
-                updater
-                resource.reload
-              end.to change(resource, :name).from(resource.name).to('changed').and(
-                not_change(resource, :email).from(resource.email)
-              ).and(
-                not_change(ActionMailer::Base.deliveries, :count).from(0)
-              )
+              email = ActionMailer::Base.deliveries.first
+              expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+              expect(email.body.decoded).to include(CGI.escape('ConfirmAccount('))
             end
           end
 
-          context 'when provided params are invalid' do
-            let(:attributes) { { email: 'newgmail.com', name: '', schema_url: 'http://localhost/test', confirmation_success_url: 'https://google.com' } }
+          context 'when schema_url is not provided' do
+            let(:attributes) { { email: 'new@gmail.com', name: 'Updated Name' } }
 
-            it 'returns false and adds errors to the model' do
-              expect(updater).to be_falsey
-              expect(resource.errors.full_messages).to contain_exactly(
-                'Email is not an email',
-                "Name can't be blank"
-              )
+            it 'uses DTA default_confirm_success_url on the email and new confirmation flow' do
+              expect { updater }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+              email = ActionMailer::Base.deliveries.first
+              expect(email.body.decoded).to include(CGI.escape('https://google.com'))
+              expect(email.body.decoded).to include('?confirmationToken=')
             end
           end
         end