Alternate reset password flow, only 2 steps, no redirect#146
Merged
mcelicalderon merged 3 commits intomasterfrom Jan 19, 2021
Merged
Alternate reset password flow, only 2 steps, no redirect#146mcelicalderon merged 3 commits intomasterfrom
mcelicalderon merged 3 commits intomasterfrom
Conversation
00dav00
reviewed
Jan 17, 2021
| field :credentials, | ||
| GraphqlDevise::Types::CredentialType, | ||
| null: true, | ||
| description: 'Authentication credentials. Resource must be signed_in in order for credentials to be returned.' |
Contributor
There was a problem hiding this comment.
What about Authentication credentials. Resource must be signed_in for credentials to be returned. ?
Member
Author
There was a problem hiding this comment.
yes, makes more sense
| raise_user_error(I18n.t('graphql_devise.passwords.reset_token_expired')) unless resource.reset_password_period_valid? | ||
|
|
||
| if resource.update(attrs) | ||
| yield resource if block_given? |
Contributor
There was a problem hiding this comment.
What kind of black can be passed here? Is there any examples of this?
Member
Author
There was a problem hiding this comment.
Any block you want, all mutations do the same. Check the specs in this PR for an example.
00dav00
approved these changes
Jan 19, 2021
| expect do | ||
| post_request | ||
| admin.reload | ||
| end.to change(admin, :encrypted_password) |
Contributor
There was a problem hiding this comment.
WDYT about checking the password is valid instead of encrypted_password being changed?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements a different reset password flow. Now a mutation will send an email with a link to the provided url (front end) on the mutation containing a reset password token. It's the client responsibility to get this token and then call another mutation that takes the new password and the token. This mutation changes the password and returns credentials if the resource is signed in. The new mutations are:
sendPasswordResetWithToken: Takes email and redirectUrl. Sends an email with a reset link that simply uses that redirectUrl and adds a reset password token as query params. On you frontend application you will use that token to call the second mutation.updatePasswordWithToken: Takes the resetPasswordToken, password and passwordConfirmation. Simply allows you to update the password of a user by sending the token. You can do this if you want to return authentication credentials after the password is changed, it won't return those by default.Resolves #133