From 0613e160e5acd2782b344a76db1ec95b4bbbcc63 Mon Sep 17 00:00:00 2001 From: Mario Celi Date: Thu, 17 Oct 2019 22:01:32 -0500 Subject: [PATCH] Refactor signUp mutation, fix confirmable disabled --- .../graphql_devise/mutations/sign_up.rb | 56 +++++++++---------- config/locales/en.yml | 3 + .../concerns/controller_methods.rb | 4 ++ spec/dummy/app/models/guest.rb | 3 +- spec/dummy/config/routes.rb | 2 +- spec/requests/mutations/sign_up_spec.rb | 8 +-- 6 files changed, 37 insertions(+), 39 deletions(-) diff --git a/app/graphql/graphql_devise/mutations/sign_up.rb b/app/graphql/graphql_devise/mutations/sign_up.rb index 394fa0b9..a95e329b 100644 --- a/app/graphql/graphql_devise/mutations/sign_up.rb +++ b/app/graphql/graphql_devise/mutations/sign_up.rb @@ -5,49 +5,45 @@ class SignUp < Base argument :password, String, required: true argument :password_confirmation, String, required: true argument :confirm_success_url, String, required: false - argument :config_name, String, required: false - def resolve(confirm_success_url: nil, config_name: nil, **attrs) + def resolve(confirm_success_url: nil, **attrs) resource = resource_class.new(provider: provider, **attrs) + raise_user_error(I18n.t('graphql_devise.resource_build_failed')) if resource.blank? - if resource.present? - resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!) + redirect_url = confirm_success_url || DeviseTokenAuth.default_confirm_success_url + if confirmable_enabled? && redirect_url.blank? + raise_user_error(I18n.t('graphql_devise.registrations.missing_confirm_redirect_url')) + end - if resource.save - yield resource if block_given? + if blacklisted_redirect_url?(redirect_url) + raise_user_error(I18n.t('graphql_devise.registrations.redirect_url_not_allowed', redirect_url: redirect_url)) + end - if requires_confirmation?(resource) - resource.send_confirmation_instructions( - client_config: config_name, - redirect_url: confirm_success_url, - template_path: ['graphql_devise/mailer'] - ) - end + resource.skip_confirmation_notification! if resource.respond_to?(:skip_confirmation_notification!) - set_auth_headers(resource) if resource.active_for_authentication? + if resource.save + yield resource if block_given? - { authenticable: resource } - else - clean_up_passwords(resource) - raise_user_error_list( - I18n.t('graphql_devise.registration_failed'), - errors: resource.errors.full_messages + unless resource.confirmed? + resource.send_confirmation_instructions( + redirect_url: confirm_success_url, + template_path: ['graphql_devise/mailer'] ) end - else - raise_user_error(I18n.t('graphql_devise.resource_build_failed')) - end - end - protected + set_auth_headers(resource) if resource.active_for_authentication? - def confirmable_enabled?(resource) - resource.respond_to?(:confirmed_at) + { authenticable: resource } + else + clean_up_passwords(resource) + raise_user_error_list( + I18n.t('graphql_devise.registration_failed'), + errors: resource.errors.full_messages + ) + end end - def requires_confirmation?(resource) - resource.active_for_authentication? || !resource.confirmed? - end + private def provider :email diff --git a/config/locales/en.yml b/config/locales/en.yml index f9d7f8c2..d2155c4d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -5,6 +5,9 @@ en: not_authenticated: "User is not logged in." user_not_found: "User was not found or was not logged in." invalid_resource: "Errors present in the resource." + registrations: + missing_confirm_redirect_url: "Missing 'confirm_success_url' parameter. Required when confirmable module is enabled." + redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed." passwords: update_password_error: "Unable to update user password" missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'." diff --git a/lib/graphql_devise/concerns/controller_methods.rb b/lib/graphql_devise/concerns/controller_methods.rb index 5610cf49..daae8134 100644 --- a/lib/graphql_devise/concerns/controller_methods.rb +++ b/lib/graphql_devise/concerns/controller_methods.rb @@ -47,6 +47,10 @@ def confirmable_enabled? resource_class.devise_modules.include?(:confirmable) end + def blacklisted_redirect_url?(redirect_url) + DeviseTokenAuth.redirect_whitelist && !DeviseTokenAuth::Url.whitelisted?(redirect_url) + end + def current_resource @current_resource ||= controller.send(:set_user_by_token, resource_name) end diff --git a/spec/dummy/app/models/guest.rb b/spec/dummy/app/models/guest.rb index 97842ff0..6c701f1d 100644 --- a/spec/dummy/app/models/guest.rb +++ b/spec/dummy/app/models/guest.rb @@ -2,8 +2,7 @@ class Guest < ApplicationRecord devise :database_authenticatable, :registerable, :recoverable, - :validatable, - :confirmable + :validatable include GraphqlDevise::Concerns::Model end diff --git a/spec/dummy/config/routes.rb b/spec/dummy/config/routes.rb index 77946377..a6d29ea5 100644 --- a/spec/dummy/config/routes.rb +++ b/spec/dummy/config/routes.rb @@ -13,7 +13,7 @@ mount_graphql_devise_for( 'Guest', - only: [:login, :logout], + only: [:login, :logout, :sign_up], at: '/api/v1/guest/graphql_auth' ) diff --git a/spec/requests/mutations/sign_up_spec.rb b/spec/requests/mutations/sign_up_spec.rb index 56bf15a6..d16c321c 100644 --- a/spec/requests/mutations/sign_up_spec.rb +++ b/spec/requests/mutations/sign_up_spec.rb @@ -122,12 +122,8 @@ GRAPHQL end - before { post_request } - - it 'skips the sign up mutation' do - expect(json_response[:errors]).to contain_exactly( - hash_including(message: "Field 'guestSignUp' doesn't exist on type 'Mutation'") - ) + it 'works without the confirmable module' do + expect { post_request }.to change(Guest, :count).from(0).to(1) end end end