graphql-devise / graphql_devise Goto Github PK

Describe the bug

When using the own schema mount option, our session cookie overflows. This happened immediately after I removed the routes.rb mount option. This is due to the value being saved in the session for 'warden.user.user.key' to be the entire object rather than some string or integer.

Environment

source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }

ruby '2.6.6'

gem 'rails', '~> 6.0.3', '>= 6.0.3.1'

gem 'activeadmin', '~> 2.7.0'
gem 'activeadmin_quill_editor', '~> 0.2.0'
gem 'arctic_admin', '~> 3.2.0'
gem 'bootsnap', '>= 1.4.2', require: false
gem 'graphiql-rails', '~> 1.7.0'
gem 'graphql', '~> 1.10.13'
gem 'graphql_devise', '~> 0.12.3'
gem 'html2text', '~> 0.3.1'
gem 'money-rails', '~>1.13.3'
gem 'pg', '>= 0.18', '< 2.0'
gem 'puma', '~> 4.1'
gem 'pundit', '~> 2.1.0'
gem 'rack-cors', '~> 1.1.1'
gem 'state_machines-activerecord', '~> 0.6.0'

group :development, :test do
  gem 'byebug', platforms: %i[mri mingw x64_mingw]
  gem 'factory_bot_rails', '~> 5.2.0'
  gem 'faker', '~> 2.12'
  gem 'pry', '~> 0.13.1'
  gem 'rspec-rails', '~> 4.0.1'
end

group :development do
  gem 'listen', '~> 3.2'
  gem 'rubocop', '~> 0.83.0', require: false
  gem 'rubocop-rails', '~> 2.5.2', require: false
  gem 'rubocop-rspec', '~> 1.39.0', require: false
  gem 'spring'
  gem 'spring-watcher-listen', '~> 2.0.0'
end

Steps to reproduce

1. Use the schema mount option for this gem. Don't mix both. Putting the routes mount option back, fixes the issue.
2. Make sure to do the graphql_context(:user) to authenticate the user.
3. Try any authenticated query/mutation and it should raise a cookieoverflow error.

Expected behavior

It should just return something like this when accessing the session object, instead of putting the entire activerecord object.

{"session_id"=>"a7e8a69beb3f5b1bf4aa2edec48cd46a", "warden.user.user.key"=>[[104], "$2a$04$mH7drnwTc.3gqJt4YMmXb."]}

Actual behavior

It returned the entire object instead of just an id and some key.

Reproducible demo

Tried using the dummy app found in the gem. Here are the steps I did to reproduce the problem:

1. Comment these lines from the routes file:

mount_graphql_devise_for 'User', at: '/api/v1/graphql_auth', operations: {
    login:   Mutations::Login,
    sign_up: Mutations::SignUp
  }, additional_mutations: {
    register_confirmed_user: Mutations::RegisterConfirmedUser
  }, additional_queries: {
    public_user: Resolvers::PublicUser
  }

This would essentially make the User resource to be solely mounted in the graphql schema only.
2. Add :logout in the User resource loader in the dummy schema file. This will be used for the demo.
3. Change the post request for the logout spec to use the 'graphql' schema instead of the default 'graphql_auth' one.
4. Put a binding.pry first line in the resolve function for the logout mutation and check for controller.session.to_h

I'm not using the confirmable plugin as you can see here:

user.rb:

class User < ApplicationRecord
  devise :database_authenticatable,
         :registerable,
         :recoverable,
         :rememberable,
         :validatable

  include GraphqlDevise::Concerns::Model
end

You can also see my schema.rb file to see that I'm not supporting it:

create_table "users", force: :cascade do |t|
    t.string "provider", default: "email", null: false
    t.string "uid", default: "", null: false
    t.string "name"
    t.string "nickname"
    t.string "image"
    t.string "email", default: "", null: false
    t.string "encrypted_password", default: "", null: false
    t.string "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.boolean "allow_password_change", default: false
    t.datetime "remember_created_at"
    t.json "tokens"
    t.datetime "created_at", precision: 6, null: false
    t.datetime "updated_at", precision: 6, null: false
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
    t.index ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true
  end

I go to run the following mutation:

mutation {
  userSignUp(email:"[email protected]", password:"123456", passwordConfirmation:"123456") {
    authenticable {
      id
      email
      name
    }
  }
}

The record gets created but then I get the following server error:

NoMethodError (undefined method `generate_confirmation_token!' for #<User:0x0000000004c589c0>):
  
activemodel (6.0.0) lib/active_model/attribute_methods.rb:431:in `method_missing'
devise_token_auth (1.1.2) app/models/devise_token_auth/concerns/user.rb:54:in `send_confirmation_instructions'
graphql_devise (0.4.0) app/graphql/graphql_devise/mutations/sign_up.rb:20:in `resolve'
graphql (1.9.14) lib/graphql/schema/resolver.rb:90:in `public_send'
graphql (1.9.14) lib/graphql/schema/resolver.rb:90:in `block (3 levels) in resolve_with_support'
.... (I can give you the full stack if you need it)
puma (3.12.1) lib/puma/thread_pool.rb:135:in `block in spawn_thread'

Looks like the error is caused by calling resource.send_confirmation_instructions but that's dependent upon the method requires_confirmation? to be true and I don't think it should be in this case.

wrongly submitted.

Hello,
I'd like to change the format of the confirmation URL link in the mail template. My current URL format is:
http://www.mydomain.com/graphql/auth?query=query($token:String!,$redirectUrl:String!){userConfirmAccount(confirmationToken:$token,redirectUrl:$redirectUrl){email}}&variables[redir$tokenectUrl]=<redirectUrl>&variables[token]=<token>
and I wish to replace it by
https://mydomain.com/auth/token=<token>&action=ConfirmEmail.
In the "confirmation_instructions.html.erb", I noticed this line which is actually generating the link to confirm the email:
<%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %>
How do I have to change this line to get the URL format I want ?

Thank you !

Question

During the setup procedure of this gem, I happen to encounter loads of path redirects.
However, the userLogin response didn't even have a token provided.
So, It would be helpful if there's a little demo app for react-native.

Question

I see the concern is include DeviseTokenAuth::Concerns::Model
both in the docs and the dummy app.

But the generated one is include DeviseTokenAuth::Concerns::User

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :confirmable
  include DeviseTokenAuth::Concerns::User
end

So, which one should be used?

Question

I am getting this response from graphiql-rails after sending userSignUp mutation.

  "status": 500,
  "error": "Internal Server Error",
  "exception": "#<ActionView::Template::Error: Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true>",

Question

I have /auth and the typical /graphql endpoints.
I use apollo with react-native.

The problem is that when I use the /auth the endpoint to login and it's successful,
however, when I try to use the /graphql endpoint to fetch data, the app just got refreshed and logged out with the /auth endpoint.

const jclient = new ApolloClient({
  link: 'http://localhost:3000/graphql',
  cache: new InMemoryCache(),
});

const {loading, error, data} = useQuery(GET_DOGS, {
  client: jclient,
});

So, I wonder if it's right to use two endpoints for graphql.

Thanks.

Describe the bug

After a fresh install of rails app using the below command

Rails new test_app -T -d postgresql --skip-sprockets --skip-turbolinks --skip-actionmailer

the gem 'graphql_devise'

installs
Using devise 4.7.1
Using devise_token_auth 1.1.3
Using graphql 1.10.2
Using graphql_devise 0.9.1

when the install command is given an error is raised about the user.

rails generate graphql_devise:install User api/auth

Environment

Ubuntu 18.04
ruby 2.6.5
rails 6.0.2

Expected behavior

Should have installed graphql folder inside app. Should have placed devise initializers into config/initializers.

Actual behavior

Above error thrown and nothing is installed

Stacktrace

/home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:282:in const_get': uninitialized constant User (NameError) from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:282:in block in constantize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:in each' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:in inject'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:in constantize' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies/zeitwerk_integration.rb:19:in constantize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:320:in get' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:83:in to'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:78:in modules' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:95:in routes'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:162:in default_used_route' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:72:in initialize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:350:in new' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:350:in add_mapping'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:243:in block in devise_for' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:242:in each'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:242:in devise_for' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/graphql_devise-0.9.1/lib/graphql_devise/rails/routes.rb:36:in mount_graphql_devise_for'
from /home/devops/Documents/rylabs/rylabs-eqapp/config/routes.rb:2:in block in <main>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:429:in instance_exec'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:429:in eval_block' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:411:in draw'
from /home/devops/Documents/rylabs/rylabs-eqapp/config/routes.rb:1:in <main>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:in load'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:in load' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:in block in load_paths'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:in each' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:in load_paths'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:20:in reload!' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:30:in block in updater'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/file_update_checker.rb:83:in execute' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:10:in execute'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/finisher.rb:184:in block in <module:Finisher>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:32:in instance_exec'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:32:in run' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:61:in block in run_initializers'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:228:in block in tsort_each' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:350:in block (2 levels) in each_strongly_connected_component'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:431:in each_strongly_connected_component_from' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:349:in block in each_strongly_connected_component'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:in each' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:in call'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:in each_strongly_connected_component' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:226:in tsort_each'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:205:in tsort_each' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:60:in run_initializers'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application.rb:363:in initialize!' from /home/devops/Documents/rylabs/rylabs-eqapp/config/environment.rb:5:in

'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in require' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in block in require_with_bootsnap_lfi'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:in register' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in require_with_bootsnap_lfi'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:in require' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/zeitwerk-2.2.2/lib/zeitwerk/kernel.rb:23:in require'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:325:in block in require' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:291:in load_dependency'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:325:in require' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:106:in preload'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:157:in serve' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:145:in block in run'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:139:in loop' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:139:in run'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application/boot.rb:19:in <top (required)>' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in require'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in require' from -e:1:in '

Reproducible demo

https://github.com/scope2229/test_rails

Trying to run bundle with this gem in the Gemfile. Get the following error:

$> bundle
Fetching gem metadata from https://rubygems.org/............
Fetching gem metadata from https://rubygems.org/.
Could not find gem 'graphql_devise' in any of the gem sources listed in your Gemfile.

Tried installing it like so also:

$> gem install graphql_devise
ERROR:  Could not find a valid gem 'graphql_devise' (>= 0) in any repository

I know I can reference it directly on github but maybe change the documentation to reflect this until its published on rubygems.

What is the problem the enhancement will solve?

If I understand correctly, we want to mimic a lot of Devise's core functionality. When I took on the Resend Confirmation enhancement, I had noticed we were using i18n references in the app/views/mailer/confirmation_instructions.html.erb file. I added them to the gem's locale file but it looks like Devise doesn't do this. Consider the following two files:

https://github.com/plataformatec/devise/blob/715192a7709a4c02127afb067e66230061b82cf2/app/views/devise/mailer/confirmation_instructions.html.erb
https://github.com/plataformatec/devise/blob/715192a7709a4c02127afb067e66230061b82cf2/lib/generators/templates/markerb/confirmation_instructions.markerb

Describe the solution you have in mind

I would like a consensus on how we should solve this. Should we follow the direction that Devise went with or should we use i18n in our mailers? I feel like this could be an improvement if we did this but at the same time, people usually create their own specialized mailer views if they're making a professional application. Although, that doesn't mean they won't need i18n presets. WDYT?

gems:

ruby '2.7.0'

# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 6.0.2', '>= 6.0.2.2'

gem "devise", "~> 4.7"
gem "graphql_devise", "~> 0.10.1"

gem "graphql", "~> 1.10"

following the gem's install instructions:

i do bundle add graphql_devise

then i run

rails g graphql_devise:install

output is :

could not find generator 'graphql_devise:install'. Maybe you meant "graphql:install"?
Run `rails generate --help` for more options.

when i run rails g --help i also do not see

Couldn't find anything here to indicate what could be the issue, other than update >0.9 which is not the problem here.

cheers.

What is the problem the enhancement will solve?

Some gql clients expect the auth info (token, client id and expiration date) to be part of the return type instead of taking them from the response headers

Describe the solution you have in mind

Add a field to the login mutation that includes auth info, it can be something like:

field auth_info, Types::AuthInfo, null: true

And the auth info type can look like this:

class Types::AuthInfo < GraphQL::Schema::Object
      field :access_token, String, null: false
      field :token_type, String, null: false
      field :client, String, null: false
      field :expiry, Date, null: true
      field :uid, String, null: false
end

Here is my routes.rb:

Rails.application.routes.draw do
  post "/graphql", to: "graphql#execute" 
  mount_graphql_devise_for 'User'
 
  #Do not place any routes below this one
  if Rails.env.production?
    get '*other', to: 'static#index'
  end
end

Here is my rake routes output:

prompt> rake routes | grep graphql
     graphql POST   /graphql(.:format)       graphql#execute
graphql_auth POST   /graphql_auth(.:format)  graphql_devise/graphql#auth
             GET    /graphql_auth(.:format)  graphql_devise/graphql#auth

Now we I go to http://localhost:3000/graphql I get the following server error:

Started POST "/graphql" for 127.0.0.1 at 2019-10-14 17:25:41 -0700

AbstractController::ActionNotFound (The action 'execute' could not be found for GraphqlController):
  
actionpack (6.0.0) lib/abstract_controller/base.rb:131:in `process'
(stack track continues)...

Any idea what I could be doing wrong? Meanwhile, I'm going to play with the dummy app and see if it works for me.

DTA's default configuration to change headers on each request might be too much as the most common scenario is to save tokens that will last longer than a single request. We can't change DTA (or maybe propose they change the default with a PR). But at least for this gem I propose the generator sets change_headers_on_each_request = false by default. WDYT, @00dav00 ?

Context

#73 shows this can happen. For me it's also more easy to assume tokens shouldn't expire on each request by default.

Question

change_headers_on_each_request: This configurations defaults to false. This will allow you to store the credentials for as long as the token life_span permits. And you can send the same credentials in each request. Setting this to true means that tokens will change on each request you make, and the new values will be returned in the headers. So your client needs to handle this.

I see in the docs that we can change the token upon each request. Any idea of how to handle this in the client?

Question

Is it possible to mount the new auth mutations/queries into my main /graphql route? Or is there a reason why there's a separate endpoint specifically for auth?

Both Devise and Devise Token auth enable a mechanism to support case insensitive sign_up and login via configuration on Devise's initializer. We should honor that configuration and we currently don't.

Question

hey team. I'm hoping I'm just having a brain fart, but I am working through this email reset.

mutation {
  userSendPasswordReset(email: "[email protected]", redirectUrl: "http://localhost:5000/auth") {
    message
  }
}

{
errors: [
{
message: "No query string was present"
}
]
}

http://localhost:5000/auth?query=query%28%24token%3AString%21%2C%24redirectUrl%3AString%21%29%7BuserCheckPasswordToken%28resetPasswordToken%3A%24token%2CredirectUrl%3A%24redirectUrl%29%7Bemail%7D%7D&variables%5BredirectUrl%5D=http%3A%2F%2Flocalhost%3A5000%2Fauth&variables%5Btoken%5D=ETsb5W8xDqQQk8CjAiqs

decoded

http://localhost:5000/auth?query=query($token:String!,$redirectUrl:String!){userCheckPasswordToken(resetPasswordToken:$token,redirectUrl:$redirectUrl){email}}&variables[redirectUrl]=http://localhost:5000/auth&variables[token]=ETsb5W8xDqQQk8CjAiqs

It looks like a query string is in fact present in the uri however.

Am I just missing something?

Hello,

I have updated the gem to the 0.9.1 and since I can't start my application on production server.
I have the following errors: https://pastebin.com/7U9Y2V6e
Do you have any idea of what could be blocking ?
Thank you !

Question

I have to use the graphiql interface and for the time being, I have to switch between the /auth and /graphql route for graphiql.

So, I would like to ask if they both can be integrated as one single path or something.

Thanks.

Question

I need to get user info when the user log in, but I dont want to call GraphQL server again.
So, I see on https://github.com/graphql-devise/graphql_devise/blob/master/spec/requests/mutations/login_spec.rb#L20 that the userLogin mutation can return user info, but when I try:
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -d '{ "query": "mutation { userLogin( email: \"[email protected]\", password: \"123456\") { user { id email }, credentials { uid accessToken client expiry } } }" }'
I receive following message:
{"errors":[{"message":"Field 'user' doesn't exist on type 'UserLoginPayload'"

What is the right way to get that info? Another call to server?

Thank you.

Hello !
I have setup graphql_devise on my server. Everything is working but I wish I could add fields when the user sign up. For example, I wish to add a field named "username" when I'm adding a new user with the mutation "userSignUp".
How can I do that ?
Thank you.

Describe the bug

So I have Devise.reconfirmable set to true and have the user.unconfirmed_email attribute. I've tried updating an email of a confirmed user and it doesn't set the unconfirmed_email attribute. I thought that this might be a compatibility issue with some gem, but I tried this on a fresh rails app with only graphql_devise installed and the issue still persists.

I thought that maybe I'm just doing this wrong and tried it on a fresh rails app, but this time with the devise gem only. Tried it again here, and it worked.

Is this a known issue?

I'm using Rails 6.0.3 and Ruby 2.6.6

Steps to reproduce

1. Create a user
2. Confirm the user
3. Update the user's email
4. The user.unconfirmed_email should be nil

Expected behavior

The user.unconfirmed_email should have the new email

Actual behavior

The user.unconfirmed_email returned nil

What is the problem the enhancement will solve?

I saw that in this gem's codebase that the controller checks for performed? since confirmAccount and checkPasswordToken calls redirect_to to the given redirectUrl or the default redirect url. Since by default, the graphql-ruby gem does not have this performed? check in the default graphql controller, this might look like a bug for graphql_devise and developers wouldn't know where that double rendering issue is being invoked unless they check graphql_devise's codebase.

Describe the solution you have in mind

I think it's worth noting in the documentation, around in this area, that when you mount this gem into your own graphql schema, that they should check for performed? inside their graphql controller before rendering the result since there are operations in the gem that uses controller.redirects_to

Describe the bug

Im not sure if there is some config item I am missing, but this seems like a localized issue.

Trying to use the gem results in

ActionController::InvalidAuthenticityToken at /auth
===================================================

> ActionController::InvalidAuthenticityToken

actionpack (6.0.3.1) lib/action_controller/metal/request_forgery_protection.rb, line 215
----------------------------------------------------------------------------------------

``` ruby
  210           def initialize(controller)
  211             @controller = controller
  212           end
  213   
  214           def handle_unverified_request
> 215             raise ActionController::InvalidAuthenticityToken
  216           end
  217         end
  218       end
  219   
  220       private

my application controller

# frozen_string_literal: true

class ApplicationController < ActionController::Base
  # skip_before_action :verify_authenticity_token
  protect_from_forgery with: :exception, prepend: true
end

Steps to reproduce

I installed this from scratch. I also have my own graphql API mounted at /graphql.
The auth one is the only one throwing the error unless I remove CSRF protection

It would be great if you added a custom issue template so that if someone has a question or would like to discuss the project, we could do that in a centralized place. Create react app has a "Question" template which you can see here: https://github.com/facebook/create-react-app/issues/new/choose

I have 2 models (Admin and Customer) inheritance from User Model

• Mounting operations Into DummySchema
• Sending multiple values to the graphql_context and it worked for 2 models

How to authenticate field base on User Type? (Customer or Admin)

Hi all,

We are currently trying out this gem for a new project after some weeks of inquiries on GraphQL.

The migration part is not perfectly clear for us, we found some migration files in lib directory but thought it would be generated by the gem. Are we doing something wrong or are we supposed to add the mutations/resolvers manually ?

In case we have to do it manually does anyone has an example repo with this implemented for the User generated by the gem on which we could work ?

Thanks a lot in advance,

Regards,

Benoit

Describe the bug

I used mount_graphql_devise_for 'User::Customer' with struct models/user/customer. The error with message: :uninitialized constant UserCustomer

I tested with mount_devise_token_auth_for 'User::Customer' and it worked with devise_token_auth.

ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux]
rails (6.0.2.1)

I have a react app and I use graphql_devise on a rails backend to authenticate.
Authentication works fine except that the token seem to last about a minute.
Is it the expected behaviour?

Here's how I use graphql_devise:

I use an apollo client for authentication and another apollo client for fetching the resources. Fetching resources requires authentication.

First I authenticate by using the userLogin mutation. This allows me to get credentials that I
put in localStorage.

mutation USER_LOGIN($email: String!, $password: String!) {
  userLogin(email: $email, password: $password) {
    credentials {
      accessToken
      uid
      tokenType
      client
      expiry
    }
  }
}

The client that fetches the resources digs into localStorage for each request, takes the credentials, and adds them to the headers of the request.

import {ApolloClient} from 'apollo-client';
import {createHttpLink} from 'apollo-link-http';
import {setContext} from 'apollo-link-context';
import {InMemoryCache} from 'apollo-cache-inmemory';

const httpLink = createHttpLink({
  uri: 'http://localhost:3344/graphql',
});

const authLink = setContext((_, {headers}) => {
  // get the authentication token from local storage if it exists
  const accessToken = localStorage.getItem('accessToken');
  const uid = localStorage.getItem('uid');
  const tokenType = localStorage.getItem('tokenType');
  const client = localStorage.getItem('client');
  const expiry = localStorage.getItem('expiry');

  // return the headers to the context so httpLink can read them
  return {
    headers: {
      ...headers,
      access_token: accessToken,
      uid: uid,
      token_type: tokenType,
      client: client,
      expiry: expiry
    }
  }
});

export const client = new ApolloClient({
  link: authLink.concat(httpLink),
  cache: new InMemoryCache()
});

Everything works fine except that after about a minute all my requests end in a 401 error. I need the authenticate again. Am I using graphql_devise wrong ?

Also, something worth mentioning is that I removed devise's trackable module. It required some columns to be on the users table and those columns weren't present in the generated migration file.

app/model/user.rb

# frozen_string_literal: true

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :trackable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable
  include DeviseTokenAuth::Concerns::User
end

I reimplement the trackable module to see if that was the issue. It seems it wasn't. I get the same behavior.

I copied those lines from the migration files of another project.

t.integer  :sign_in_count, default: 0, null: false
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string   :current_sign_in_ip
t.string   :last_sign_in_ip

Another thing is that for now the client app and the server app run on 2 different ports of localhost. I use the rack_cors to authorize cors in my development environment. But I don't really think that's the issue. Otherwise I probably wouldn't be able to authenticate in the first place.

config/environments/development.rb

  config.middleware.insert_before 0, Rack::Cors do
    allow do
      origins '*'
      resource '*', headers: :any, methods: [:get, :post, :options]
    end
  end

Describe the bug

Hi,
I've been trying to install graphql_devise in a rails API app.
After initializing the gem to be mounted in the schema,
the before_action in graphql_controller set_resource_by_token(:user) fails with:

NoMethodError (undefined method `to' for nil:NilClass)

I suspect a failure in mounting devise or I misunderstood something.

Environment

Gemfile:
https://github.com/pelarejo/gql_devise_error_demo/blob/master/Gemfile

Gemfile.lock:
https://github.com/pelarejo/gql_devise_error_demo/blob/master/Gemfile.lock

Steps to reproduce

I have installed the gem as describe in the demo project's README.
Start the rails server and fetch the schema or launch the userLogin mutation.

More details below.

Expected behavior

I exepected to be able to login straight away.

Digging a little, this error comes from Devise.mappings being empty during devise_token_auth#resource_class after the controller execute set_resource_by_token(:user)

I expected the GraphqlDevise::ResourceLoader in the schema added through the generator to programatically mount the devise module. Isn't that why it's for ?

Actual behavior

The graphql_controller set_resource_by_token call fails with:
NoMethodError (undefined method `to' for nil:NilClass)

Here is the graphql stacktrace:
https://gist.github.com/pelarejo/4a3f9d58898ead574bf1552ae4ba331a

Reproducible demo

Clone this repo:
https://github.com/pelarejo/gql_devise_error_demo

Start the server:

$ bundle
$ rails db:migrate
$ rails server

Launch the query:

curl --request POST \
  --url http://localhost:3000/graphql \
  --header 'content-type: application/json' \
  --data '{"query":"mutation userLogin($email: String!, $password: String!) {\n  userLogin(email: $email, password: $password) {\n    credentials {\n      client\n      accessToken\n      expiry\n      tokenType\n      uid\n    }\n  }\n}","variables":{"email":"[email protected]","password":"password123"},"operationName":"userLogin"}'

Question

I'm looking at setting up some OTA for a subset of users, but I'm not sure how I can expand the GraphQL Devise schema to support this. We are current;y running side by side /graphql and /auth endpoints.

Basically looking for a way to pass an email address/phone number to the auth endpoint that would trigger the MFA to fire, and the other endpoint that would accept the 5 digit code.

What is the problem the enhancement will solve?

People might not be aware how closely related this gem is to DTA and Devise. Adding a better explanation will allow people to better configure this gem on their projects

Describe the solution you have in mind

Readme should have an entire section about configuration where we do give some direct examples, but mostly point in a clear way to DTA and Devise's configuration docs.

We should also give more explicit credit to these 2 gems in the readme file.

Additional context

#73 Is a clear example that docs are not clear enough if you are not very familiar with DTA.

Question

Not sure what IDE you guys are using. I've been using VSCode because its great for JS dev.
Anyway, VSCode alerted me of some warnings in our .rubocop.yml file:

.rubocop.yml:1: `require` is concealed by line 2
.rubocop.yml:46: `Style/MethodCalledOnDoEndBlock` is concealed by line 58
.rubocop.yml: Lint/EndAlignment has the wrong namespace - should be Layout
Warning: unrecognized cop RSpec/MultipleExpectations found in .rubocop.yml
Warning: unrecognized cop RSpec/ExampleLength found in .rubocop.yml
Warning: unrecognized cop RSpec/RepeatedDescription found in .rubocop.yml
Warning: unrecognized cop RSpec/MessageSpies found in .rubocop.yml
Warning: unrecognized cop RSpec/NestedGroups found in .rubocop.yml
Warning: unrecognized cop RSpec/ContextWording found in .rubocop.yml

Should I ignore this or do I need to install an extra extension or do some extra configuration?

Hello, I'm requesting this enhancement in case my SMTP server is down or my user not receiving the mail to verify his/her email for some reasons.
What I suggest is to resend a confirmation instruction mail when a user try to log in with an unconfirmed account.
Thanks !

Describe the bug

I have been trying out this gem for the last couple of days and so far it's been awesome, so thanks for the great work!

Trying out the userConfirmAccount flow, I get:

Completed 500 Internal Server Error in 5027ms (ActiveRecord: 0.0ms | Allocations: 54116)

RuntimeError (Unexpected parent_type: ):
  
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:525:in `block in get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1953:in `with_definition_error_check'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:518:in `get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:97:in `on_field'
.....

I kept digging and found that this happened with the Dummy query too. Not sure if it might be environment related?

Environment

Gemfile
Gemfile.lock

(paste the link(s) to the Gemfile and Gemfile.lock files.)

Steps to reproduce

1. Include gem and mount the routes
2. Create a user
3. Try to confirm the user via the link in the email (or the query)

Expected behavior

Redirect to the redirectUrl.

Actual behavior

500 error:

RuntimeError (Unexpected parent_type: ):
  
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:525:in `block in get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1953:in `with_definition_error_check'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:518:in `get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:97:in `on_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:102:in `block in on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:123:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/definition_dependencies.rb:47:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/subscription_root_exists.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/mutation_root_exists.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variable_usages_are_allowed.rb:13:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variables_are_used_and_defined.rb:44:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variable_names_are_unique.rb:20:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fields_have_appropriate_selections.rb:18:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fields_will_merge.rb:24:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/operation_names_are_valid.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/unique_directives_per_location.rb:27:in `block (2 levels) in <module:UniqueDirectivesPerLocation>'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:68:in `block in on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:92:in `push_root_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:68:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:76:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:102:in `block in on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:123:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/definition_dependencies.rb:38:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variables_are_used_and_defined.rb:79:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragment_spreads_are_possible.rb:26:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragments_are_used.rb:6:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragments_are_finite.rb:6:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragment_names_are_unique.rb:17:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/operation_names_are_valid.rb:16:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/no_definitions_are_present.rb:34:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:68:in `visit'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/validator.rb:42:in `block in validate'
/home/mateo/Proyects/graphql-ruby/lib/graphql/tracing.rb:67:in `trace'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/validator.rb:25:in `validate'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query/validation_pipeline.rb:75:in `ensure_has_validated'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query/validation_pipeline.rb:47:in `internal_representation'
/home/mateo/.rbenv/versions/2.6.2/lib/ruby/2.6.0/forwardable.rb:230:in `internal_representation'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query.rb:236:in `irep_selection'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema/member/instrumentation.rb:22:in `before_query'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:58:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:58:in `block in call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:57:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:57:in `call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:44:in `each_query_call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:27:in `block in apply_instrumenters'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:72:in `call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:26:in `apply_instrumenters'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:175:in `instrument_and_analyze'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:61:in `block in run_queries'
/home/mateo/Proyects/graphql-ruby/lib/graphql/tracing.rb:67:in `trace'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:59:in `run_queries'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:49:in `run_all'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1633:in `multiplex'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1604:in `execute'
/home/mateo/Proyects/graphql_devise/app/controllers/graphql_devise/graphql_controller.rb:13:in `auth'
actionpack (6.0.2.2) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (6.0.2.2) lib/abstract_controller/base.rb:196:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (6.0.2.2) lib/abstract_controller/callbacks.rb:42:in `block in process_action'
activesupport (6.0.2.2) lib/active_support/callbacks.rb:135:in `run_callbacks'
actionpack (6.0.2.2) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/instrumentation.rb:33:in `block in process_action'
activesupport (6.0.2.2) lib/active_support/notifications.rb:180:in `block in instrument'
activesupport (6.0.2.2) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
activesupport (6.0.2.2) lib/active_support/notifications.rb:180:in `instrument'
actionpack (6.0.2.2) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
activerecord (6.0.2.2) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
actionpack (6.0.2.2) lib/abstract_controller/base.rb:136:in `process'
actionpack (6.0.2.2) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (6.0.2.2) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:51:in `dispatch'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:33:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
actionpack (6.0.2.2) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:49:in `block in serve'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:837:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/rack/agent_hooks.rb:30:in `traced_call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/rack/browser_monitoring.rb:33:in `traced_call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
warden (1.2.8) lib/warden/manager.rb:36:in `block in call'
warden (1.2.8) lib/warden/manager.rb:34:in `catch'
warden (1.2.8) lib/warden/manager.rb:34:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/etag.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/conditional_get.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/head.rb:12:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activerecord (6.0.2.2) lib/active_record/migration.rb:567:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.2.2) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.2.2) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rollbar (2.25.0) lib/rollbar/middleware/rails/rollbar.rb:25:in `block in call'
rollbar (2.25.0) lib/rollbar.rb:145:in `scoped'
rollbar (2.25.0) lib/rollbar/middleware/rails/rollbar.rb:22:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
rollbar (2.25.0) lib/rollbar/middleware/rails/show_exceptions.rb:22:in `call_with_rollbar'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (6.0.2.2) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.2.2) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.2.2) lib/rails/rack/logger.rb:26:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/request_id.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/runtime.rb:22:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activesupport (6.0.2.2) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/static.rb:126:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/sendfile.rb:110:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack-cors (1.1.1) lib/rack/cors.rb:100:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (6.0.2.2) lib/rails/engine.rb:526:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
puma (4.3.3) lib/puma/configuration.rb:228:in `call'
puma (4.3.3) lib/puma/server.rb:682:in `handle_request'
puma (4.3.3) lib/puma/server.rb:472:in `process_client'
puma (4.3.3) lib/puma/server.rb:328:in `block in run'
puma (4.3.3) lib/puma/thread_pool.rb:134:in `block in spawn_thread'

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)

Describe the bug

When using GraphqlDevise::Concerns::SetUserByToken we get a included called twice error from activesupport. Using DTA's DeviseTokenAuth::Concerns::SetUserByToken fixes the problem. Good thing that the generators use that one, so it shouldn't be a problem for now, but we should still look into that

Hello,
I already posted here but I'm working on a second project and I'd like to implement this gem in it.
I'm having troubles to run this gem generator. I have installed the gem and bundled (the gem appear in the output) but every time I try to run the generator I'm having this error message:
Could not find generator 'graphql_devise:install'

I'm pretty sure it's a dumb mistake from me but I can't figure out what it is.. Any ideas ?
If you want to check the code it's available here: https://github.com/Gakamine/PriviChat-Server
Thank you.

Describe the bug

Mailers include a link to be clicked and the base url for these is always fixed to the gem's graphql controller. This won't work when you mount the auth schema in your very own GQL schema.

We need to find a way to capture the currentUrl on the signUp, sendPasswordReset and resendConfirmation mutations.

If anyone is facing an issue with this, until fixed I would recommend also mounting this gem in your routes file. This way the path will be available when you click on the links. You can pass the only option as you only need the query operations available.

mount_graphql_devise_for('User', only: [: check_password_token, : send_password_reset])

The route will be mounted at /graphql_auth but the mailer will pick this up and generate the right url.

Question

Hi folks.

Mutation userLogout seems to doesn't have arguments. How I call this from cURL, for example?

I have tried first
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout(input: {variables: {}}) { authenticatable { email } } }" }'

and tried later
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout(input: {}) { authenticatable { email } } }" }'

and this too
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout { authenticatable { email } } }" }'

But the return is always the same: {"errors":[{"message":"No query string was present"}]}

Thank You.

Hi,
I have a question,
after SignUp, the database created new tokens, can Mutations signUp get credentials?
so we can save credentials and skip login action after Customer SignUp.

We need to fix the currently allowed failures for the edge version of the Gemfile

Hi there, first of all thank you for this amazing gem.

I was looking at the SendPasswordReset mutation (https://github.com/graphql-devise/graphql_devise/blob/master/lib/graphql_devise/mutations/send_password_reset.rb), and I can see that it returns an "authenticatable" instance.

Is this a security issue? Can somebody just request something like this and get private information about the user? (Asumming he knows the e-mail)

mutation {
userSendPasswordReset(email: "[email protected]", redirectUrl: "http://someurl.com") {
authenticatable {
email
id
firstName
lastName
...otherPrivateInfo
}
}
}

Let me know if I'm getting it right, so I can perform a pull request in order to fix this issue.
Thank you.

I'm starting to build out a react app and I'm coming across what seems like a potentially big road block. Having two ApolloClient components. Do you guys just nest them in your index.{tsx,jsx,js} file like so:

<ApolloProvider client={client}>
    <App/>
</ApolloProvider>

and then when you want to use authentication end point (inside App component):

<ApolloProvider client={authClient}>
  <Login />
</ApolloProvider>

what if you need to use both in the same component? I've been looking into this and there is apparently a solution called <ApolloMulipleClientsProvider> but all it does it what I think I should be doing in my above example. I know we have a dummy app in the spec directory for server side testing but as I'm working on a simple example with a React front end, it looks like there could be issues and that seems to be the whole point, right?

I'm looking for a way to pull the reset password token into my own trigger. Im having a hard time being able to use find_resource in an Active Record Model.

something like this.

def send_complete_signup_email
    # redirect_url = "#{Rails.application.credentials.front_end_host}/case-management/reset-password"
    # auth_schema_url = "#{Rails.application.credentials.backend_end_host}/auth"

    resource = find_resource(:email, get_case_insensitive_field(:email, user.email))

    resource.send_reset_password_instructions(
        email: user.email,
        provider: 'email',
        redirect_url: redirect_url,
        template_path: ['case_manager_mailer'],
        schema_url: auth_schema_url
    )
  end

Question

Since activeadmin relies on ApplicationController the same with this gem, they're going to conflict given that activeadmin uses the standard devise while this gem relies on DTA. Is there a way where we can specify the controller that this gem uses?

Not sure how it happened, but the mutation documentation I added got removed/reverted and all that's left is from my last PR for the ResendConfirmation enhancement. That documentation update had some grammar errors that are back also. I checked to see if my PR reflected these changes but it doesn't. However, it looks like my PR broke this and I think this was my fault somehow. I shouldn't have rebased my feature branch when you guys updated master. I'll know not to do that again.

Also the the github custom issue templates were removed. I can resubmit my documentation changes as a new PR and I can add the github custom issue templates as a separate PR unless @00dav00 wants to do that.

per @mcelicalderon 's request, I'm taking a stab at a ResendConfirmation mutation. I noticed in the routes.rb file an inconsistency that I think should be fixed before this gem gets popular.

Consider the following code from routes.rb:

default_mutations = {
  login:               GraphqlDevise::Mutations::Login,
  logout:              GraphqlDevise::Mutations::Logout,
  sign_up:             GraphqlDevise::Mutations::SignUp,
  update_password:     GraphqlDevise::Mutations::UpdatePassword,
  send_reset_password: GraphqlDevise::Mutations::SendPasswordReset,
  resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
}.freeze

I believe that the mutation class should be renamed from SendPasswordReset to SendResetPassword. The other option is to change the key from send_reset_password: to send_password_reset: but I think that would be a breaking change (which is why I said we should fix this immediately) but also I like verb send or in my case resend to be in the front as a convention and renaming the mutation class I think would prevent a breaking fix.

Let me know what you guys think. Also, if I have any other questions like this, should I post them here as issues? I think adding a custom question issue template would be useful. (see my other issue that I posted last week.)

Question

Should we have a documentation/code naming standard for authenticable/authenticatable?

authenticatable has 14 results with only one in the documentation.
authenticable has 38 results with five in the documentation.

I did some googling and these mean the same thing with authenticable referencing authenticatable as being an alternate form of it (meaning authenticatable is the more standard form of this word). See:
https://en.wiktionary.org/wiki/authenticable

What's more is that Devise itself addresses this issue and the decision was to conform to authenticatable:

heartcombo/devise#4157

If we were to move to authenticatable this would be a breaking change so it would probably be good to do it as soon as possible before this library gets really popular.