Merge branch 'master' into create-sign-up-mutation

00dav00 · web-flow · commit f1635266af6d · 2019-09-03T22:32:06.000-05:00
diff --git a/Appraisals b/Appraisals
@@ -7,7 +7,7 @@ end
 appraise 'rails5.0-graphql1.8' do
   gem 'rails', github: 'rails/rails', branch: '5-0-stable'
   gem 'graphql', '~> 1.8.0'
-  gem 'devise_token_auth', '0.1.37'
+  gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.0'
 end
 
@@ -19,7 +19,7 @@ end
 appraise 'rails5.1-graphql1.8' do
   gem 'rails', github: 'rails/rails', branch: '5-1-stable'
   gem 'graphql', '~> 1.8.0'
-  gem 'devise_token_auth', '0.1.42'
+  gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.3'
 end
 
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # GraphqlDevise
-[![Build Status](https://travis-ci.org/graphql-device/graphql_devise.svg?branch=master)](https://travis-ci.org/graphql-device/graphql_devise)
+[![Build Status](https://travis-ci.org/graphql-devise/graphql_devise.svg?branch=master)](https://travis-ci.org/graphql-devise/graphql_devise)
 
 ## Installation
 
@@ -27,7 +27,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/graphql-device/graphql_devise.
+Bug reports and pull requests are welcome on GitHub at https://github.com/graphql-devise/graphql_devise.
 
 ## License
 
diff --git a/app/graphql/graphql_devise/mutations/base.rb b/app/graphql/graphql_devise/mutations/base.rb
@@ -5,16 +5,20 @@ module Mutations
     class Base < GraphQL::Schema::Mutation
       private
 
+      def raise_user_error(message)
+        raise GraphqlDevise::UserError, message
+      end
+
+      def raise_user_error_list(message, errors:)
+        raise GraphqlDevise::DetailedUserError.new(message, errors: errors)
+      end
+
       def remove_resource
         controller.resource = nil
         controller.client_id = nil
         controller.token = nil
       end
 
-      def single_error_object(error)
-        { success: false, errors: [error] }
-      end
-
       def request
         controller.request
       end
@@ -31,6 +35,10 @@ def resource_class
         context[:resource_class]
       end
 
+      def recoverable_enabled?
+        resource_class.devise_modules.include?(:recoverable)
+      end
+
       def current_resource
         context[:current_resource]
       end
diff --git a/app/graphql/graphql_devise/mutations/login.rb b/app/graphql/graphql_devise/mutations/login.rb
@@ -4,31 +4,28 @@ class Login < Base
       argument :email,    String, required: true
       argument :password, String, required: true
 
-      field :success, Boolean,  null: false
-      field :errors,  [String], null: false
-
       def resolve(email:, password:)
         resource = resource_class.find_by(email: email)
 
         if resource && active_for_authentication?(resource)
           if invalid_for_authentication?(resource, password)
-            return single_error_object(I18n.t('graphql_devise.sessions.bad_credentials'))
+            raise_user_error(I18n.t('graphql_devise.sessions.bad_credentials'))
           end
 
           set_auth_headers(resource)
           controller.sign_in(:user, resource, store: false, bypass: false)
 
           yield resource if block_given?
 
-          { success: true, authenticable: resource, errors: [] }
+          { authenticable: resource}
         elsif resource && !active_for_authentication?(resource)
           if locked?(resource)
-            single_error_object(I18n.t('graphql_devise.mailer.unlock_instructions.account_lock_msg'))
+            raise_user_error(I18n.t('graphql_devise.mailer.unlock_instructions.account_lock_msg'))
           else
-            single_error_object(I18n.t('devise_token_auth.sessions.not_confirmed', email: resource.email))
+            raise_user_error(I18n.t('devise_token_auth.sessions.not_confirmed', email: resource.email))
           end
         else
-          single_error_object(I18n.t('graphql_devise.sessions.bad_credentials'))
+          raise_user_error(I18n.t('graphql_devise.sessions.bad_credentials'))
         end
       end
 
diff --git a/app/graphql/graphql_devise/mutations/logout.rb b/app/graphql/graphql_devise/mutations/logout.rb
@@ -1,9 +1,6 @@
 module GraphqlDevise
   module Mutations
     class Logout < Base
-      field :success, Boolean,  null: false
-      field :errors,  [String], null: false
-
       def resolve
         if current_resource && client && current_resource.tokens[client]
           current_resource.tokens.delete(client)
@@ -13,9 +10,9 @@ def resolve
 
           yield current_resource if block_given?
 
-          { success: true, errors: [], authenticable: current_resource }
+          { authenticable: current_resource }
         else
-          { success: false, errors: [I18n.t('graphql_devise.user_not_found')] }
+          raise_user_error(I18n.t('graphql_devise.user_not_found'))
         end
       end
     end
diff --git a/app/graphql/graphql_devise/mutations/update_password.rb b/app/graphql/graphql_devise/mutations/update_password.rb
@@ -0,0 +1,44 @@
+module GraphqlDevise
+  module Mutations
+    class UpdatePassword < Base
+      argument :password,              String, required: true
+      argument :password_confirmation, String, required: true
+      argument :current_password,      String, required: false
+
+      def resolve(current_password: nil, **attrs)
+        if current_resource.blank?
+          raise_user_error(I18n.t('graphql_devise.not_authenticated'))
+        elsif current_resource.provider != 'email'
+          raise_user_error(
+            I18n.t('graphql_devise.passwords.password_not_required', provider: current_resource.provider.humanize)
+          )
+        end
+
+        if update_resource_password(current_password, attrs)
+          current_resource.allow_password_change = false if recoverable_enabled?
+          current_resource.save!
+
+          yield current_resource if block_given?
+
+          { authenticable: current_resource }
+        else
+          raise_user_error_list(
+            I18n.t('graphql_devise.passwords.update_password_error'),
+            errors: current_resource.errors.full_messages
+          )
+        end
+      end
+
+      private
+
+      def update_resource_password(current_password, attrs)
+        allow_password_change = recoverable_enabled? && current_resource.allow_password_change == true
+        if DeviseTokenAuth.check_current_password_before_update == false || allow_password_change
+          current_resource.public_send(:update, attrs)
+        else
+          current_resource.public_send(:update_with_password, attrs.merge(current_password: current_password))
+        end
+      end
+    end
+  end
+end
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -1,6 +1,11 @@
 en:
   graphql_devise:
+    not_authenticated: "User is not logged in."
     user_not_found: "User was not found or was not logged in."
+    passwords:
+      update_password_error: "Unable to update user password"
+      missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
+      password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
     sessions:
       bad_credentials: "Invalid login credentials. Please try again."
       not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
diff --git a/gemfiles/rails5.0_graphql1.8.gemfile b/gemfiles/rails5.0_graphql1.8.gemfile
@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gem "rails", github: "rails/rails", branch: "5-0-stable"
 gem "graphql", "~> 1.8.0"
-gem "devise_token_auth", "0.1.37"
+gem "devise_token_auth", "0.1.43"
 gem "devise", ">= 4.0"
 
 gemspec path: "../"
diff --git a/gemfiles/rails5.1_graphql1.8.gemfile b/gemfiles/rails5.1_graphql1.8.gemfile
@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gem "rails", github: "rails/rails", branch: "5-1-stable"
 gem "graphql", "~> 1.8.0"
-gem "devise_token_auth", "0.1.42"
+gem "devise_token_auth", "0.1.43"
 gem "devise", ">= 4.3"
 
 gemspec path: "../"
diff --git a/graphql_devise.gemspec b/graphql_devise.gemspec
@@ -10,11 +10,11 @@ Gem::Specification.new do |spec|
 
   spec.summary       = 'GraphQL queries and mutations on top of devise_token_auth'
   spec.description   = 'GraphQL queries and mutations on top of devise_token_auth'
-  spec.homepage      = 'https://github.com/graphql-device/graphql_devise'
+  spec.homepage      = 'https://github.com/graphql-devise/graphql_devise'
   spec.license       = 'MIT'
 
   spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://github.com/graphql-device/graphql_devise'
+  spec.metadata['source_code_uri'] = 'https://github.com/graphql-devise/graphql_devise'
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_dependency 'devise_token_auth', '>= 0.1.37'
+  spec.add_dependency 'devise_token_auth', '>= 0.1.43'
   spec.add_dependency 'graphql', '>= 1.8'
   spec.add_dependency 'rails', '>= 4.2'
 
diff --git a/lib/graphql_devise.rb b/lib/graphql_devise.rb
@@ -3,6 +3,9 @@
 require 'graphql_devise/engine'
 require 'graphql'
 require 'graphql_devise/version'
+require 'graphql_devise/error_codes'
+require 'graphql_devise/user_error'
+require 'graphql_devise/detailed_user_error'
 
 module GraphqlDevise
   class Error < StandardError; end
diff --git a/lib/graphql_devise/detailed_user_error.rb b/lib/graphql_devise/detailed_user_error.rb
@@ -0,0 +1,14 @@
+module GraphqlDevise
+  class DetailedUserError < GraphQL::ExecutionError
+    def initialize(message, errors:)
+      @message = message
+      @errors  = errors
+
+      super(message)
+    end
+
+    def to_h
+      super.merge(extensions: { code: ERROR_CODES.fetch(:user_error), detailed_errors: @errors })
+    end
+  end
+end
diff --git a/lib/graphql_devise/error_codes.rb b/lib/graphql_devise/error_codes.rb
@@ -0,0 +1,5 @@
+module GraphqlDevise
+  ERROR_CODES = {
+    user_error: 'USER_ERROR'
+  }.freeze
+end
diff --git a/lib/graphql_devise/rails/routes.rb b/lib/graphql_devise/rails/routes.rb
@@ -20,6 +20,7 @@ def mount_graphql_devise_for(resource, opts = {})
         login:  GraphqlDevise::Mutations::Login,
         logout: GraphqlDevise::Mutations::Logout,
         signUp: GraphqlDevise::Mutations::SignUp
+        update_password: GraphqlDevise::Mutations::UpdatePassword
       }.freeze
 
       default_mutations.each do |action, mutation|
diff --git a/lib/graphql_devise/user_error.rb b/lib/graphql_devise/user_error.rb
@@ -0,0 +1,7 @@
+module GraphqlDevise
+  class UserError < GraphQL::ExecutionError
+    def to_h
+      super.merge(extensions: { code: ERROR_CODES.fetch(:user_error) })
+    end
+  end
+end
diff --git a/spec/dummy/config/initializers/devise_token_auth.rb b/spec/dummy/config/initializers/devise_token_auth.rb
@@ -5,7 +5,7 @@
   # client is responsible for keeping track of the changing tokens. Change
   # this to false to prevent the Authorization header from changing after
   # each request.
-  # config.change_headers_on_each_request = true
+  config.change_headers_on_each_request = false
 
   # By default, users will need to re-authenticate after 2 weeks. This setting
   # determines how long tokens will remain valid after they are issued.
@@ -35,7 +35,7 @@
   # Uncomment to enforce current_password param to be checked before all
   # attribute updates. Set it to :password if you want it to be checked only if
   # password is updated.
-  # config.check_current_password_before_update = :attributes
+  config.check_current_password_before_update = :password
 
   # By default we will use callbacks for single omniauth.
   # It depends on fields like email, provider and uid.
diff --git a/spec/requests/mutations/login_spec.rb b/spec/requests/mutations/login_spec.rb
@@ -13,25 +13,22 @@
           password: "#{password}"
         ) {
           user { email name signInCount }
-          success
-          errors
         }
       }
     GRAPHQL
   end
 
-  before { post '/api/v1/graphql_auth', *graphql_params }
+  before { post_request }
 
   context 'when user is able to login' do
     context 'when credentials are valid' do
       it 'return credentials in headers and user information' do
         expect(response).to include_auth_headers
         expect(user.reload.tokens.keys).to include(response.headers['client'])
         expect(json_response[:data][:userLogin]).to match(
-          success: true,
-          errors:  [],
-          user:    { email: user.email, name: user.name, signInCount: 1 }
+          user: { email: user.email, name: user.name, signInCount: 1 }
         )
+        expect(json_response[:errors]).to be_nil
       end
     end
 
@@ -40,10 +37,9 @@
 
       it 'returns bad credentials error' do
         expect(response).not_to include_auth_headers
-        expect(json_response[:data][:userLogin]).to match(
-          success: false,
-          errors:  ['Invalid login credentials. Please try again.'],
-          user:    nil
+        expect(json_response[:data][:userLogin]).to be_nil
+        expect(json_response[:errors]).to contain_exactly(
+          hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
         )
       end
     end
@@ -54,13 +50,13 @@
 
     it 'returns a must confirm account message' do
       expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userLogin]).to match(
-        success: false,
-        errors:  [
-          "A confirmation email was sent to your account at '#{user.email}'. You must follow the instructions in the " \
-          "email before your account can be activated"
-        ],
-        user:    nil
+      expect(json_response[:data][:userLogin]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message:    "A confirmation email was sent to your account at '#{user.email}'. You must follow the " \
+                      "instructions in the email before your account can be activated",
+          extensions: { code: 'USER_ERROR' }
+        )
       )
     end
   end
@@ -70,10 +66,12 @@
 
     it 'returns a must confirm account message' do
       expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userLogin]).to match(
-        success: false,
-        errors:  ['Your account has been locked due to an excessive number of unsuccessful sign in attempts.'],
-        user:    nil
+      expect(json_response[:data][:userLogin]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(
+          message:    'Your account has been locked due to an excessive number of unsuccessful sign in attempts.',
+          extensions: { code: 'USER_ERROR' }
+        )
       )
     end
   end
@@ -83,10 +81,9 @@
 
     it 'returns a must confirm account message' do
       expect(response).not_to include_auth_headers
-      expect(json_response[:data][:userLogin]).to match(
-        success: false,
-        errors:  ['Invalid login credentials. Please try again.'],
-        user:    nil
+      expect(json_response[:data][:userLogin]).to be_nil
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
       )
     end
   end
diff --git a/spec/requests/mutations/logout_spec.rb b/spec/requests/mutations/logout_spec.rb
diff --git a/spec/requests/mutations/update_password_spec.rb b/spec/requests/mutations/update_password_spec.rb
diff --git a/spec/support/contexts/graphql_request.rb b/spec/support/contexts/graphql_request.rb
