Allow controller level authentication

Author: mcelicalderon

app/controllers/graphql_devise/concerns/set_user_by_token.rb

@@ -7,6 +7,39 @@ module Concerns
     SetUserByToken.module_eval do
       attr_accessor :client_id, :token, :resource
 
+      class_methods do
+        def set_resource_by_model(models, **kwargs)
+          Array(models).each do |model|
+            GraphqlDevise.add_mapping(GraphqlDevise.to_mapping_name(model.to_s), model.to_s)
+          end
+          GraphqlDevise.reconfigure_warden!
+
+          before_action(**kwargs) do
+            authenticate_model(models)
+          end
+        end
+      end
+
+      def authenticate_model(models)
+        Array(models).each do |model|
+          set_resource_by_token(model)
+          return @resource
+        end
+
+        nil
+      end
+
+      def resource_class(resource = nil)
+        return super unless resource.is_a?(Class)
+
+        if (Object.const_defined?('ActiveRecord::Base') && resource < ActiveRecord::Base) ||
+           (Object.const_defined?('Mongoid::Document') && resource < Mongoid::Document)
+          return resource
+        end
+
+        super
+      end
+
       def full_url_without_params
         request.base_url + request.path
       end
@@ -16,10 +49,13 @@ def set_resource_by_token(resource)
       end
 
       def graphql_context(resource_name)
-        {
+        context = {
           resource_name: resource_name,
           controller:    self
         }
+        context[:current_resource] = @resource if @resource.present?
+
+        context
       end
 
       def build_redirect_headers(access_token, client, redirect_header_options = {})

app/helpers/graphql_devise/mailer_helper.rb

@@ -3,7 +3,7 @@
 module GraphqlDevise
   module MailerHelper
     def confirmation_query(resource_name:, token:, redirect_url:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}ConfirmAccount"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
@@ -19,7 +19,7 @@ def confirmation_query(resource_name:, token:, redirect_url:)
     end
 
     def password_reset_query(token:, redirect_url:, resource_name:)
-      name = "#{resource_name.underscore.tr('/', '_').camelize(:lower)}CheckPasswordToken"
+      name = "#{GraphqlDevise.to_mapping_name(resource_name).camelize(:lower)}CheckPasswordToken"
       raw = <<-GRAPHQL
         query($token:String!,$redirectUrl:String!){
           #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){

lib/graphql_devise.rb

@@ -29,13 +29,22 @@ def self.mount_resource(mapping_name)
   end
 
   def self.add_mapping(mapping_name, resource)
-    return if Devise.mappings.key?(mapping_name)
+    return if Devise.mappings.key?(mapping_name.to_sym)
 
     Devise.add_mapping(
       mapping_name.to_s.pluralize.to_sym,
       module: :devise, class_name: resource
     )
   end
+
+  def self.reconfigure_warden!
+    Devise.class_variable_set(:@@warden_configured, nil)
+    Devise.configure_warden!
+  end
+
+  def self.to_mapping_name(resource)
+    resource.to_s.underscore.tr('/', '_')
+  end
 end
 
 require 'graphql_devise/engine'

lib/graphql_devise/resource_loader.rb

@@ -10,7 +10,7 @@ def initialize(resource, options = {}, routing = false)
     end
 
     def call(query, mutation)
-      mapping_name = @resource.to_s.underscore.tr('/', '_').to_sym
+      mapping_name = GraphqlDevise.to_mapping_name(@resource).to_sym
 
       # clean_options responds to all keys defined in GraphqlDevise::MountMethod::SUPPORTED_OPTIONS
       clean_options = GraphqlDevise::MountMethod::OptionSanitizer.new(@options).call!

lib/graphql_devise/schema_plugin.rb

@@ -16,7 +16,7 @@ def initialize(query: nil, mutation: nil, authenticate_default: true, public_int
 
       # Must happen on initialize so operations are loaded before the types are added to the schema on GQL < 1.10
       load_fields
-      reconfigure_warden!
+      GraphqlDevise.reconfigure_warden!
     end
 
     def use(schema_definition)
@@ -102,11 +102,6 @@ def authenticate_option(field, trace_data)
       auth_required.nil? ? @authenticate_default : auth_required
     end
 
-    def reconfigure_warden!
-      Devise.class_variable_set(:@@warden_configured, nil)
-      Devise.configure_warden!
-    end
-
     def load_fields
       @resource_loaders.each do |resource_loader|
         raise Error, 'Invalid resource loader instance' unless resource_loader.instance_of?(GraphqlDevise::ResourceLoader)

spec/dummy/app/controllers/api/v1/graphql_controller.rb

@@ -5,6 +5,8 @@ module V1
     class GraphqlController < ApplicationController
       include GraphqlDevise::Concerns::SetUserByToken
 
+      set_resource_by_model SchemaUser, only: [:controller_auth]
+
       def graphql
         result = DummySchema.execute(params[:query], **execute_params(params))
 
@@ -19,6 +21,12 @@ def failing_resource_name
         render json: DummySchema.execute(params[:query], context: graphql_context([:user, :fail]))
       end
 
+      def controller_auth
+        result = DummySchema.execute(params[:query], **execute_params(params))
+
+        render json: result unless performed?
+      end
+
       private
 
       def execute_params(item)

spec/dummy/config/routes.rb

@@ -37,4 +37,5 @@
   post '/api/v1/graphql', to: 'api/v1/graphql#graphql'
   post '/api/v1/interpreter', to: 'api/v1/graphql#interpreter'
   post '/api/v1/failing', to: 'api/v1/graphql#failing_resource_name'
+  post '/api/v1/controller_auth', to: 'api/v1/graphql#controller_auth'
 end

spec/graphql/user_queries_spec.rb

@@ -78,7 +78,9 @@
     let(:query) do
       <<-GRAPHQL
         query {
-          user(id: #{user.id}) {
+          user(
+            id: #{user.id}
+          ) {
             id
             email
           }

spec/requests/user_controller_spec.rb

@@ -42,6 +42,17 @@
       GRAPHQL
     end
 
+    context 'when authenticating before using the GQL schema' do
+      let(:headers) { create(:schema_user).create_new_auth_token }
+
+      before { post_request('/api/v1/controller_auth') }
+
+      it 'allows authentication at the controller level' do
+        pp json_response
+        expect(json_response[:data][:privateField]).to eq('Field will always require authentication')
+      end
+    end
+
     context 'when using a regular schema' do
       before { post_request('/api/v1/graphql') }