Send password reset email

Appraisals

@@ -1,47 +1,53 @@
 appraise 'rails4.2-graphql1.8' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'bundler', '~> 1.17'
   gem 'rails', github: 'rails/rails', branch: '4-2-stable'
   gem 'graphql', '~> 1.8.0'
 end
 
 appraise 'rails5.0-graphql1.8' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-0-stable'
   gem 'graphql', '~> 1.8.0'
   gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.0'
 end
 
 appraise 'rails5.0-graphql1.9' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-0-stable'
   gem 'graphql', '~> 1.9.0'
 end
 
 appraise 'rails5.1-graphql1.8' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-1-stable'
   gem 'graphql', '~> 1.8.0'
   gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.3'
 end
 
 appraise 'rails5.1-graphql1.9' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-1-stable'
   gem 'graphql', '~> 1.9.0'
 end
 
 appraise 'rails5.2-graphql1.8' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.8.0'
   gem 'devise_token_auth', '0.1.43'
   gem 'devise', '>= 4.4.2'
 end
 
 appraise 'rails5.2-graphql1.9' do
+  gem 'sqlite3', '~> 1.3.6'
   gem 'rails', github: 'rails/rails', branch: '5-2-stable'
   gem 'graphql', '~> 1.9.0'
 end
 
 appraise 'rails_edge-graphql_edge' do
-  gem 'sqlite3', '~> 1.4'
   gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
   gem 'devise', '>= 4.7'
   gem 'rails', github: 'rails/rails', branch: 'master'

app/graphql/graphql_devise/mutations/send_password_reset.rb

@@ -0,0 +1,29 @@
+module GraphqlDevise
+  module Mutations
+    class SendPasswordReset < Base
+      argument :email,        String, required: true, prepare: ->(email, _) { email.downcase }
+      argument :redirect_url, String, required: true
+
+      def resolve(email:, redirect_url:)
+        resource = controller.find_resource(:uid, email)
+
+        if resource
+          yield resource if block_given?
+          resource.send_reset_password_instructions(
+            email:        email,
+            provider:     'email',
+            redirect_url: redirect_url
+          )
+
+          if resource.errors.empty?
+            { authenticable: resource }
+          else
+            raise_user_error_list(I18n.t('graphql_devise.invalid_resource'), errors: resource.errors.full_messages)
+          end
+        else
+          raise_user_error(I18n.t('graphql_devise.user_not_found'))
+        end
+      end
+    end
+  end
+end

app/helpers/graphql_devise/mailer_helper.rb

@@ -1,15 +1,35 @@
 module GraphqlDevise
   module MailerHelper
-    def confirmation_query(resource_name)
+    def confirmation_query(resource_name:, token:, redirect_url:)
       name = "#{resource_name.camelize(:lower)}ConfirmAccount"
       raw = <<-GRAPHQL
-        query($token:String!,$redirect:String!){
-          #{name}(confirmationToken:$token,redirectUrl:$redirect){
+        query($token:String!,$redirectUrl:String!){
+          #{name}(confirmationToken:$token,redirectUrl:$redirectUrl){
             email
           }
         }
       GRAPHQL
-      raw.delete("\n").delete(' ')
+
+      {
+        query:     raw.delete("\n").delete(' ').html_safe,
+        variables: { token: token, redirectUrl: redirect_url }
+      }
+    end
+
+    def password_reset_query(token:, redirect_url:, resource_name:)
+      name = "#{resource_name.camelize(:lower)}CheckPasswordToken"
+      raw = <<-GRAPHQL
+        mutation($token:String!,$redirectUrl:String!){
+          #{name}(resetPasswordToken:$token,redirectUrl:$redirectUrl){
+            authenticable{ email }
+          }
+        }
+      GRAPHQL
+
+      {
+        query:     raw.delete("\n").delete(' ').html_safe,
+        variables: { token: token, redirectUrl: redirect_url }
+      }
     end
   end
 end

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p><%= t '.confirm_link_msg' %> </p>
 
-<p><%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, query: confirmation_query(@resource.class.to_s).html_safe, variables: {token: @token, redirect: message['redirect-url']}) %></p>
+<p><%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,8 @@
+<p><%= t(:hello).capitalize %> <%= @resource.email %>!</p>
+
+<p><%= t '.request_reset_link_msg' %></p>
+
+<p><%= link_to t('.password_change_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **password_reset_query(token: @token, redirect_url: message['redirect-url'], resource_name: @resource.class.to_s)) %></p>
+
+<p><%= t '.ignore_mail_msg' %></p>
+<p><%= t '.no_changes_msg' %></p>

config/locales/en.yml

@@ -4,6 +4,7 @@ en:
     resource_build_failed: "Resource couldn't be built, execution stopped."
     not_authenticated: "User is not logged in."
     user_not_found: "User was not found or was not logged in."
+    invalid_resource: "Errors present in the resource."
     passwords:
       update_password_error: "Unable to update user password"
       missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."

gemfiles/rails4.2_graphql1.8.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "bundler", "~> 1.17"
 gem "rails", github: "rails/rails", branch: "4-2-stable"
 gem "graphql", "~> 1.8.0"

gemfiles/rails5.0_graphql1.8.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-0-stable"
 gem "graphql", "~> 1.8.0"
 gem "devise_token_auth", "0.1.43"

gemfiles/rails5.0_graphql1.9.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-0-stable"
 gem "graphql", "~> 1.9.0"
 

gemfiles/rails5.1_graphql1.8.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-1-stable"
 gem "graphql", "~> 1.8.0"
 gem "devise_token_auth", "0.1.43"

gemfiles/rails5.1_graphql1.9.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-1-stable"
 gem "graphql", "~> 1.9.0"
 

gemfiles/rails5.2_graphql1.8.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-2-stable"
 gem "graphql", "~> 1.8.0"
 gem "devise_token_auth", "0.1.43"

gemfiles/rails5.2_graphql1.9.gemfile

@@ -2,6 +2,7 @@
 
 source "https://rubygems.org"
 
+gem "sqlite3", "~> 1.3.6"
 gem "rails", github: "rails/rails", branch: "5-2-stable"
 gem "graphql", "~> 1.9.0"
 

gemfiles/rails_edge_graphql_edge.gemfile

@@ -2,7 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "sqlite3", "~> 1.4"
 gem "devise_token_auth", github: "lynndylanhurley/devise_token_auth", branch: "master"
 gem "devise", ">= 4.7"
 gem "rails", github: "rails/rails", branch: "master"

graphql_devise.gemspec

@@ -39,5 +39,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '0.68.1'
   spec.add_development_dependency 'rubocop-performance'
   spec.add_development_dependency 'rubocop-rspec'
-  spec.add_development_dependency 'sqlite3', '~> 1.3.6'
+  spec.add_development_dependency 'sqlite3', '~> 1.3'
 end

lib/graphql_devise/rails/routes.rb

@@ -22,6 +22,7 @@ def mount_graphql_devise_for(resource, opts = {})
         logout:               GraphqlDevise::Mutations::Logout,
         sign_up:              GraphqlDevise::Mutations::SignUp,
         update_password:      GraphqlDevise::Mutations::UpdatePassword,
+        send_reset_password:  GraphqlDevise::Mutations::SendPasswordReset,
         check_password_token: GraphqlDevise::Mutations::CheckPasswordToken
       }.freeze
 
@@ -57,7 +58,7 @@ def mount_graphql_devise_for(resource, opts = {})
         GraphqlDevise::Types::QueryType.field("#{mapping_name}_#{action}", resolver: used_query)
       end
 
-      Devise.mailer.send(:add_template_helper, GraphqlDevise::MailerHelper)
+      Devise.mailer.helper(GraphqlDevise::MailerHelper)
 
       devise_scope mapping_name.to_sym do
         post "#{path}/graphql_auth", to: 'graphql_devise/graphql#auth'

spec/dummy/config/locales/en.yml

@@ -30,4 +30,4 @@
 # available at http://guides.rubyonrails.org/i18n.html.
 
 en:
-  hello: "Hello world"
+  hello_world: "Hello world"

spec/dummy/db/schema.rb

@@ -2,11 +2,11 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `rails
+# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 

spec/requests/mutations/send_password_reset_spec.rb

@@ -0,0 +1,50 @@
+require 'rails_helper'
+
+RSpec.describe 'Send Password Reset Requests' do
+  include_context 'with graphql query request'
+
+  let(:user)         { create(:user, :confirmed) }
+  let(:email)        { user.email }
+  let(:redirect_url) { Faker::Internet.url }
+  let(:query) do
+    <<-GRAPHQL
+      mutation {
+        userSendResetPassword(
+          email:       "#{email}",
+          redirectUrl: "#{redirect_url}"
+        ) {
+          authenticable {
+            email
+          }
+        }
+      }
+    GRAPHQL
+  end
+
+  context 'when params are correct' do
+    it 'sends password reset  email' do
+      expect { post_request }.to change(ActionMailer::Base.deliveries, :count).by(1)
+
+      email = Nokogiri::HTML(ActionMailer::Base.deliveries.last.body.encoded)
+      link  = email.css('a').first
+
+      # TODO: Move to feature spec
+      expect do
+        get link['href']
+        user.reload
+      end.to change { user.allow_password_change }.from(false).to(true)
+    end
+  end
+
+  context 'when user email is not found' do
+    let(:email) { 'nothere@gmail.com' }
+
+    before { post_request }
+
+    it 'returns an error' do
+      expect(json_response[:errors]).to contain_exactly(
+        hash_including(message: 'User was not found or was not logged in.', extensions: { code: 'USER_ERROR' })
+      )
+    end
+  end
+end