graphql-devise / graphql_devise Goto Github PK
View Code? Open in Web Editor NEWGraphQL interface on top devise_token_auth
License: MIT License
GraphQL interface on top devise_token_auth
License: MIT License
When using the own schema mount option, our session cookie overflows. This happened immediately after I removed the routes.rb mount option. This is due to the value being saved in the session for 'warden.user.user.key' to be the entire object rather than some string or integer.
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '2.6.6'
gem 'rails', '~> 6.0.3', '>= 6.0.3.1'
gem 'activeadmin', '~> 2.7.0'
gem 'activeadmin_quill_editor', '~> 0.2.0'
gem 'arctic_admin', '~> 3.2.0'
gem 'bootsnap', '>= 1.4.2', require: false
gem 'graphiql-rails', '~> 1.7.0'
gem 'graphql', '~> 1.10.13'
gem 'graphql_devise', '~> 0.12.3'
gem 'html2text', '~> 0.3.1'
gem 'money-rails', '~>1.13.3'
gem 'pg', '>= 0.18', '< 2.0'
gem 'puma', '~> 4.1'
gem 'pundit', '~> 2.1.0'
gem 'rack-cors', '~> 1.1.1'
gem 'state_machines-activerecord', '~> 0.6.0'
group :development, :test do
gem 'byebug', platforms: %i[mri mingw x64_mingw]
gem 'factory_bot_rails', '~> 5.2.0'
gem 'faker', '~> 2.12'
gem 'pry', '~> 0.13.1'
gem 'rspec-rails', '~> 4.0.1'
end
group :development do
gem 'listen', '~> 3.2'
gem 'rubocop', '~> 0.83.0', require: false
gem 'rubocop-rails', '~> 2.5.2', require: false
gem 'rubocop-rspec', '~> 1.39.0', require: false
gem 'spring'
gem 'spring-watcher-listen', '~> 2.0.0'
end
graphql_context(:user)
to authenticate the user.It should just return something like this when accessing the session object, instead of putting the entire activerecord object.
{"session_id"=>"a7e8a69beb3f5b1bf4aa2edec48cd46a", "warden.user.user.key"=>[[104], "$2a$04$mH7drnwTc.3gqJt4YMmXb."]}
It returned the entire object instead of just an id and some key.
Tried using the dummy app found in the gem. Here are the steps I did to reproduce the problem:
mount_graphql_devise_for 'User', at: '/api/v1/graphql_auth', operations: {
login: Mutations::Login,
sign_up: Mutations::SignUp
}, additional_mutations: {
register_confirmed_user: Mutations::RegisterConfirmedUser
}, additional_queries: {
public_user: Resolvers::PublicUser
}
This would essentially make the User resource to be solely mounted in the graphql schema only.
2. Add :logout in the User resource loader in the dummy schema file. This will be used for the demo.
3. Change the post request for the logout spec to use the 'graphql' schema instead of the default 'graphql_auth' one.
4. Put a binding.pry
first line in the resolve function for the logout mutation and check for controller.session.to_h
I'm not using the confirmable
plugin as you can see here:
user.rb:
class User < ApplicationRecord
devise :database_authenticatable,
:registerable,
:recoverable,
:rememberable,
:validatable
include GraphqlDevise::Concerns::Model
end
You can also see my schema.rb file to see that I'm not supporting it:
create_table "users", force: :cascade do |t|
t.string "provider", default: "email", null: false
t.string "uid", default: "", null: false
t.string "name"
t.string "nickname"
t.string "image"
t.string "email", default: "", null: false
t.string "encrypted_password", default: "", null: false
t.string "reset_password_token"
t.datetime "reset_password_sent_at"
t.boolean "allow_password_change", default: false
t.datetime "remember_created_at"
t.json "tokens"
t.datetime "created_at", precision: 6, null: false
t.datetime "updated_at", precision: 6, null: false
t.index ["email"], name: "index_users_on_email", unique: true
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
t.index ["uid", "provider"], name: "index_users_on_uid_and_provider", unique: true
end
I go to run the following mutation:
mutation {
userSignUp(email:"[email protected]", password:"123456", passwordConfirmation:"123456") {
authenticable {
id
email
name
}
}
}
The record gets created but then I get the following server error:
NoMethodError (undefined method `generate_confirmation_token!' for #<User:0x0000000004c589c0>):
activemodel (6.0.0) lib/active_model/attribute_methods.rb:431:in `method_missing'
devise_token_auth (1.1.2) app/models/devise_token_auth/concerns/user.rb:54:in `send_confirmation_instructions'
graphql_devise (0.4.0) app/graphql/graphql_devise/mutations/sign_up.rb:20:in `resolve'
graphql (1.9.14) lib/graphql/schema/resolver.rb:90:in `public_send'
graphql (1.9.14) lib/graphql/schema/resolver.rb:90:in `block (3 levels) in resolve_with_support'
.... (I can give you the full stack if you need it)
puma (3.12.1) lib/puma/thread_pool.rb:135:in `block in spawn_thread'
Looks like the error is caused by calling resource.send_confirmation_instructions
but that's dependent upon the method requires_confirmation?
to be true and I don't think it should be in this case.
wrongly submitted.
Hello,
I'd like to change the format of the confirmation URL link in the mail template. My current URL format is:
http://www.mydomain.com/graphql/auth?query=query($token:String!,$redirectUrl:String!){userConfirmAccount(confirmationToken:$token,redirectUrl:$redirectUrl){email}}&variables[redir$tokenectUrl]=<redirectUrl>&variables[token]=<token>
and I wish to replace it by
https://mydomain.com/auth/token=<token>&action=ConfirmEmail
.
In the "confirmation_instructions.html.erb", I noticed this line which is actually generating the link to confirm the email:
<%= link_to t('.confirm_account_link'), url_for(controller: 'graphql_devise/graphql', action: :auth, **confirmation_query(resource_name: @resource.class.to_s, redirect_url: message['redirect-url'], token: @token)) %>
How do I have to change this line to get the URL format I want ?
Thank you !
During the setup procedure of this gem, I happen to encounter loads of path redirects.
However, the userLogin response didn't even have a token provided.
So, It would be helpful if there's a little demo app for react-native.
I see the concern is include DeviseTokenAuth::Concerns::Model
both in the docs and the dummy app.
But the generated one is include DeviseTokenAuth::Concerns::User
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable
include DeviseTokenAuth::Concerns::User
end
So, which one should be used?
I am getting this response from graphiql-rails after sending userSignUp mutation.
"status": 500,
"error": "Internal Server Error",
"exception": "#<ActionView::Template::Error: Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true>",
I have /auth
and the typical /graphql
endpoints.
I use apollo with react-native.
The problem is that when I use the /auth
the endpoint to login and it's successful,
however, when I try to use the /graphql
endpoint to fetch data, the app just got refreshed and logged out with the /auth
endpoint.
const jclient = new ApolloClient({
link: 'http://localhost:3000/graphql',
cache: new InMemoryCache(),
});
const {loading, error, data} = useQuery(GET_DOGS, {
client: jclient,
});
So, I wonder if it's right to use two endpoints for graphql.
Thanks.
After a fresh install of rails app using the below command
Rails new test_app -T -d postgresql --skip-sprockets --skip-turbolinks --skip-actionmailer
the gem 'graphql_devise'
installs
Using devise 4.7.1
Using devise_token_auth 1.1.3
Using graphql 1.10.2
Using graphql_devise 0.9.1
when the install command is given an error is raised about the user.
rails generate graphql_devise:install User api/auth
Ubuntu 18.04
ruby 2.6.5
rails 6.0.2
Should have installed graphql folder inside app. Should have placed devise initializers into config/initializers.
Above error thrown and nothing is installed
/home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:282:in
'const_get': uninitialized constant User (NameError) from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:282:in
block in constantize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:ineach' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:in
inject'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/inflector/methods.rb:280:inconstantize' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies/zeitwerk_integration.rb:19:in
constantize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:320:inget' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:83:in
to'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:78:inmodules' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:95:in
routes'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:162:indefault_used_route' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/mapping.rb:72:in
initialize'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:350:innew' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise.rb:350:in
add_mapping'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:243:inblock in devise_for' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:242:in
each'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/devise-4.7.1/lib/devise/rails/routes.rb:242:indevise_for' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/graphql_devise-0.9.1/lib/graphql_devise/rails/routes.rb:36:in
mount_graphql_devise_for'
from /home/devops/Documents/rylabs/rylabs-eqapp/config/routes.rb:2:inblock in <main>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:429:in
instance_exec'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:429:ineval_block' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/actionpack-6.0.2.1/lib/action_dispatch/routing/route_set.rb:411:in
draw'
from /home/devops/Documents/rylabs/rylabs-eqapp/config/routes.rb:1:in<main>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:in
load'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:54:inload' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:in
block in load_paths'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:ineach' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:41:in
load_paths'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:20:inreload!' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:30:in
block in updater'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/file_update_checker.rb:83:inexecute' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/routes_reloader.rb:10:in
execute'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application/finisher.rb:184:inblock in <module:Finisher>' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:32:in
instance_exec'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:32:inrun' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:61:in
block in run_initializers'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:228:inblock in tsort_each' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:350:in
block (2 levels) in each_strongly_connected_component'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:431:ineach_strongly_connected_component_from' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:349:in
block in each_strongly_connected_component'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:ineach' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:in
call'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:347:ineach_strongly_connected_component' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:226:in
tsort_each'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/2.6.0/tsort.rb:205:intsort_each' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/initializable.rb:60:in
run_initializers'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/railties-6.0.2.1/lib/rails/application.rb:363:ininitialize!' from /home/devops/Documents/rylabs/rylabs-eqapp/config/environment.rb:5:in
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:inrequire' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in
block in require_with_bootsnap_lfi'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:inregister' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:21:in
require_with_bootsnap_lfi'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/bootsnap-1.4.5/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:30:inrequire' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/zeitwerk-2.2.2/lib/zeitwerk/kernel.rb:23:in
require'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:325:inblock in require' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:291:in
load_dependency'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/activesupport-6.0.2.1/lib/active_support/dependencies.rb:325:inrequire' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:106:in
preload'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:157:inserve' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:145:in
block in run'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:139:inloop' from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application.rb:139:in
run'
from /home/devops/.rvm/gems/ruby-2.6.5@rylabs-eqapp/gems/spring-2.1.0/lib/spring/application/boot.rb:19:in<top (required)>' from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in
require'
from /home/devops/.rvm/rubies/ruby-2.6.5/lib/ruby/site_ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:inrequire' from -e:1:in
'
Trying to run bundle
with this gem in the Gemfile
. Get the following error:
$> bundle
Fetching gem metadata from https://rubygems.org/............
Fetching gem metadata from https://rubygems.org/.
Could not find gem 'graphql_devise' in any of the gem sources listed in your Gemfile.
Tried installing it like so also:
$> gem install graphql_devise
ERROR: Could not find a valid gem 'graphql_devise' (>= 0) in any repository
I know I can reference it directly on github but maybe change the documentation to reflect this until its published on rubygems.
If I understand correctly, we want to mimic a lot of Devise's core functionality. When I took on the Resend Confirmation enhancement, I had noticed we were using i18n
references in the app/views/mailer/confirmation_instructions.html.erb
file. I added them to the gem's locale file but it looks like Devise doesn't do this. Consider the following two files:
https://github.com/plataformatec/devise/blob/715192a7709a4c02127afb067e66230061b82cf2/app/views/devise/mailer/confirmation_instructions.html.erb
https://github.com/plataformatec/devise/blob/715192a7709a4c02127afb067e66230061b82cf2/lib/generators/templates/markerb/confirmation_instructions.markerb
I would like a consensus on how we should solve this. Should we follow the direction that Devise went with or should we use i18n in our mailers? I feel like this could be an improvement if we did this but at the same time, people usually create their own specialized mailer views if they're making a professional application. Although, that doesn't mean they won't need i18n presets. WDYT?
gems:
ruby '2.7.0'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '~> 6.0.2', '>= 6.0.2.2'
gem "devise", "~> 4.7"
gem "graphql_devise", "~> 0.10.1"
gem "graphql", "~> 1.10"
following the gem's install instructions:
i do bundle add graphql_devise
then i run
rails g graphql_devise:install
output is :
could not find generator 'graphql_devise:install'. Maybe you meant "graphql:install"?
Run `rails generate --help` for more options.
when i run rails g --help
i also do not see
Couldn't find anything here to indicate what could be the issue, other than update >0.9 which is not the problem here.
cheers.
Some gql clients expect the auth info (token, client id and expiration date) to be part of the return type instead of taking them from the response headers
Add a field to the login mutation that includes auth info, it can be something like:
field auth_info, Types::AuthInfo, null: true
And the auth info type can look like this:
class Types::AuthInfo < GraphQL::Schema::Object
field :access_token, String, null: false
field :token_type, String, null: false
field :client, String, null: false
field :expiry, Date, null: true
field :uid, String, null: false
end
Here is my routes.rb
:
Rails.application.routes.draw do
post "/graphql", to: "graphql#execute"
mount_graphql_devise_for 'User'
#Do not place any routes below this one
if Rails.env.production?
get '*other', to: 'static#index'
end
end
Here is my rake routes output:
prompt> rake routes | grep graphql
graphql POST /graphql(.:format) graphql#execute
graphql_auth POST /graphql_auth(.:format) graphql_devise/graphql#auth
GET /graphql_auth(.:format) graphql_devise/graphql#auth
Now we I go to http://localhost:3000/graphql
I get the following server error:
Started POST "/graphql" for 127.0.0.1 at 2019-10-14 17:25:41 -0700
AbstractController::ActionNotFound (The action 'execute' could not be found for GraphqlController):
actionpack (6.0.0) lib/abstract_controller/base.rb:131:in `process'
(stack track continues)...
Any idea what I could be doing wrong? Meanwhile, I'm going to play with the dummy app and see if it works for me.
DTA's default configuration to change headers on each request might be too much as the most common scenario is to save tokens that will last longer than a single request. We can't change DTA (or maybe propose they change the default with a PR). But at least for this gem I propose the generator sets change_headers_on_each_request = false
by default. WDYT, @00dav00 ?
#73 shows this can happen. For me it's also more easy to assume tokens shouldn't expire on each request by default.
change_headers_on_each_request: This configurations defaults to false. This will allow you to store the credentials for as long as the token life_span permits. And you can send the same credentials in each request. Setting this to true means that tokens will change on each request you make, and the new values will be returned in the headers. So your client needs to handle this.
I see in the docs that we can change the token upon each request. Any idea of how to handle this in the client?
Is it possible to mount the new auth mutations/queries into my main /graphql route? Or is there a reason why there's a separate endpoint specifically for auth?
Both Devise and Devise Token auth enable a mechanism to support case insensitive sign_up and login via configuration on Devise's initializer. We should honor that configuration and we currently don't.
hey team. I'm hoping I'm just having a brain fart, but I am working through this email reset.
mutation {
userSendPasswordReset(email: "[email protected]", redirectUrl: "http://localhost:5000/auth") {
message
}
}
{
errors: [
{
message: "No query string was present"
}
]
}
http://localhost:5000/auth?query=query%28%24token%3AString%21%2C%24redirectUrl%3AString%21%29%7BuserCheckPasswordToken%28resetPasswordToken%3A%24token%2CredirectUrl%3A%24redirectUrl%29%7Bemail%7D%7D&variables%5BredirectUrl%5D=http%3A%2F%2Flocalhost%3A5000%2Fauth&variables%5Btoken%5D=ETsb5W8xDqQQk8CjAiqs
decoded
http://localhost:5000/auth?query=query($token:String!,$redirectUrl:String!){userCheckPasswordToken(resetPasswordToken:$token,redirectUrl:$redirectUrl){email}}&variables[redirectUrl]=http://localhost:5000/auth&variables[token]=ETsb5W8xDqQQk8CjAiqs
It looks like a query string is in fact present in the uri however.
Am I just missing something?
Hello,
I have updated the gem to the 0.9.1 and since I can't start my application on production server.
I have the following errors: https://pastebin.com/7U9Y2V6e
Do you have any idea of what could be blocking ?
Thank you !
I need to get user info when the user log in, but I dont want to call GraphQL server again.
So, I see on https://github.com/graphql-devise/graphql_devise/blob/master/spec/requests/mutations/login_spec.rb#L20 that the userLogin mutation can return user info, but when I try:
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -d '{ "query": "mutation { userLogin( email: \"[email protected]\", password: \"123456\") { user { id email }, credentials { uid accessToken client expiry } } }" }'
I receive following message:
{"errors":[{"message":"Field 'user' doesn't exist on type 'UserLoginPayload'"
What is the right way to get that info? Another call to server?
Thank you.
Hello !
I have setup graphql_devise on my server. Everything is working but I wish I could add fields when the user sign up. For example, I wish to add a field named "username" when I'm adding a new user with the mutation "userSignUp".
How can I do that ?
Thank you.
So I have Devise.reconfirmable
set to true and have the user.unconfirmed_email
attribute. I've tried updating an email of a confirmed user and it doesn't set the unconfirmed_email
attribute. I thought that this might be a compatibility issue with some gem, but I tried this on a fresh rails app with only graphql_devise
installed and the issue still persists.
I thought that maybe I'm just doing this wrong and tried it on a fresh rails app, but this time with the devise
gem only. Tried it again here, and it worked.
Is this a known issue?
I'm using Rails 6.0.3 and Ruby 2.6.6
The user.unconfirmed_email should have the new email
The user.unconfirmed_email returned nil
I saw that in this gem's codebase that the controller checks for performed?
since confirmAccount
and checkPasswordToken
calls redirect_to
to the given redirectUrl or the default redirect url. Since by default, the graphql-ruby
gem does not have this performed?
check in the default graphql controller, this might look like a bug for graphql_devise
and developers wouldn't know where that double rendering issue is being invoked unless they check graphql_devise
's codebase.
I think it's worth noting in the documentation, around in this area, that when you mount this gem into your own graphql schema, that they should check for performed?
inside their graphql controller before rendering the result since there are operations in the gem that uses controller.redirects_to
Im not sure if there is some config item I am missing, but this seems like a localized issue.
Trying to use the gem results in
ActionController::InvalidAuthenticityToken at /auth
===================================================
> ActionController::InvalidAuthenticityToken
actionpack (6.0.3.1) lib/action_controller/metal/request_forgery_protection.rb, line 215
----------------------------------------------------------------------------------------
``` ruby
210 def initialize(controller)
211 @controller = controller
212 end
213
214 def handle_unverified_request
> 215 raise ActionController::InvalidAuthenticityToken
216 end
217 end
218 end
219
220 private
my application controller
# frozen_string_literal: true
class ApplicationController < ActionController::Base
# skip_before_action :verify_authenticity_token
protect_from_forgery with: :exception, prepend: true
end
I installed this from scratch. I also have my own graphql API mounted at /graphql.
The auth one is the only one throwing the error unless I remove CSRF protection
It would be great if you added a custom issue template so that if someone has a question or would like to discuss the project, we could do that in a centralized place. Create react app has a "Question" template which you can see here: https://github.com/facebook/create-react-app/issues/new/choose
I have 2 models (Admin and Customer) inheritance from User Model
How to authenticate field base on User Type? (Customer or Admin)
Hi all,
We are currently trying out this gem for a new project after some weeks of inquiries on GraphQL.
The migration part is not perfectly clear for us, we found some migration files in lib directory but thought it would be generated by the gem. Are we doing something wrong or are we supposed to add the mutations/resolvers manually ?
In case we have to do it manually does anyone has an example repo with this implemented for the User generated by the gem on which we could work ?
Thanks a lot in advance,
Regards,
Benoit
I used mount_graphql_devise_for 'User::Customer' with struct models/user/customer. The error with message: :uninitialized constant UserCustomer
I tested with mount_devise_token_auth_for 'User::Customer' and it worked with devise_token_auth.
ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux]
rails (6.0.2.1)
I have a react app and I use graphql_devise
on a rails backend to authenticate.
Authentication works fine except that the token seem to last about a minute.
Is it the expected behaviour?
Here's how I use graphql_devise
:
I use an apollo client for authentication and another apollo client for fetching the resources. Fetching resources requires authentication.
First I authenticate by using the userLogin
mutation. This allows me to get credentials that I
put in localStorage
.
mutation USER_LOGIN($email: String!, $password: String!) {
userLogin(email: $email, password: $password) {
credentials {
accessToken
uid
tokenType
client
expiry
}
}
}
The client that fetches the resources digs into localStorage
for each request, takes the credentials, and adds them to the headers of the request.
import {ApolloClient} from 'apollo-client';
import {createHttpLink} from 'apollo-link-http';
import {setContext} from 'apollo-link-context';
import {InMemoryCache} from 'apollo-cache-inmemory';
const httpLink = createHttpLink({
uri: 'http://localhost:3344/graphql',
});
const authLink = setContext((_, {headers}) => {
// get the authentication token from local storage if it exists
const accessToken = localStorage.getItem('accessToken');
const uid = localStorage.getItem('uid');
const tokenType = localStorage.getItem('tokenType');
const client = localStorage.getItem('client');
const expiry = localStorage.getItem('expiry');
// return the headers to the context so httpLink can read them
return {
headers: {
...headers,
access_token: accessToken,
uid: uid,
token_type: tokenType,
client: client,
expiry: expiry
}
}
});
export const client = new ApolloClient({
link: authLink.concat(httpLink),
cache: new InMemoryCache()
});
Everything works fine except that after about a minute all my requests end in a 401 error. I need the authenticate again. Am I using graphql_devise
wrong ?
Also, something worth mentioning is that I removed devise
's trackable
module. It required some columns to be on the users
table and those columns weren't present in the generated migration file.
app/model/user.rb
# frozen_string_literal: true
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :trackable, :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
include DeviseTokenAuth::Concerns::User
end
I reimplement the trackable module to see if that was the issue. It seems it wasn't. I get the same behavior.
I copied those lines from the migration files of another project.
t.integer :sign_in_count, default: 0, null: false
t.datetime :current_sign_in_at
t.datetime :last_sign_in_at
t.string :current_sign_in_ip
t.string :last_sign_in_ip
Another thing is that for now the client app and the server app run on 2 different ports of localhost. I use the rack_cors
to authorize cors in my development environment. But I don't really think that's the issue. Otherwise I probably wouldn't be able to authenticate in the first place.
config/environments/development.rb
config.middleware.insert_before 0, Rack::Cors do
allow do
origins '*'
resource '*', headers: :any, methods: [:get, :post, :options]
end
end
Hi,
I've been trying to install graphql_devise
in a rails API app.
After initializing the gem to be mounted in the schema,
the before_action in graphql_controller set_resource_by_token(:user)
fails with:
NoMethodError (undefined method `to' for nil:NilClass)
I suspect a failure in mounting devise or I misunderstood something.
Gemfile:
https://github.com/pelarejo/gql_devise_error_demo/blob/master/Gemfile
Gemfile.lock:
https://github.com/pelarejo/gql_devise_error_demo/blob/master/Gemfile.lock
I have installed the gem as describe in the demo project's README.
Start the rails server and fetch the schema or launch the userLogin
mutation.
More details below.
I exepected to be able to login straight away.
Digging a little, this error comes from Devise.mappings
being empty during devise_token_auth#resource_class
after the controller execute set_resource_by_token(:user)
I expected the GraphqlDevise::ResourceLoader
in the schema added through the generator to programatically mount the devise module. Isn't that why it's for ?
The graphql_controller set_resource_by_token
call fails with:
NoMethodError (undefined method `to' for nil:NilClass)
Here is the graphql stacktrace:
https://gist.github.com/pelarejo/4a3f9d58898ead574bf1552ae4ba331a
Clone this repo:
https://github.com/pelarejo/gql_devise_error_demo
Start the server:
$ bundle
$ rails db:migrate
$ rails server
Launch the query:
curl --request POST \
--url http://localhost:3000/graphql \
--header 'content-type: application/json' \
--data '{"query":"mutation userLogin($email: String!, $password: String!) {\n userLogin(email: $email, password: $password) {\n credentials {\n client\n accessToken\n expiry\n tokenType\n uid\n }\n }\n}","variables":{"email":"[email protected]","password":"password123"},"operationName":"userLogin"}'
I'm looking at setting up some OTA for a subset of users, but I'm not sure how I can expand the GraphQL Devise schema to support this. We are current;y running side by side /graphql and /auth endpoints.
Basically looking for a way to pass an email address/phone number to the auth endpoint that would trigger the MFA to fire, and the other endpoint that would accept the 5 digit code.
People might not be aware how closely related this gem is to DTA and Devise. Adding a better explanation will allow people to better configure this gem on their projects
Readme should have an entire section about configuration where we do give some direct examples, but mostly point in a clear way to DTA and Devise's configuration docs.
We should also give more explicit credit to these 2 gems in the readme file.
#73 Is a clear example that docs are not clear enough if you are not very familiar with DTA.
Not sure what IDE you guys are using. I've been using VSCode because its great for JS dev.
Anyway, VSCode alerted me of some warnings in our .rubocop.yml
file:
.rubocop.yml:1: `require` is concealed by line 2
.rubocop.yml:46: `Style/MethodCalledOnDoEndBlock` is concealed by line 58
.rubocop.yml: Lint/EndAlignment has the wrong namespace - should be Layout
Warning: unrecognized cop RSpec/MultipleExpectations found in .rubocop.yml
Warning: unrecognized cop RSpec/ExampleLength found in .rubocop.yml
Warning: unrecognized cop RSpec/RepeatedDescription found in .rubocop.yml
Warning: unrecognized cop RSpec/MessageSpies found in .rubocop.yml
Warning: unrecognized cop RSpec/NestedGroups found in .rubocop.yml
Warning: unrecognized cop RSpec/ContextWording found in .rubocop.yml
Should I ignore this or do I need to install an extra extension or do some extra configuration?
Hello, I'm requesting this enhancement in case my SMTP server is down or my user not receiving the mail to verify his/her email for some reasons.
What I suggest is to resend a confirmation instruction mail when a user try to log in with an unconfirmed account.
Thanks !
I have been trying out this gem for the last couple of days and so far it's been awesome, so thanks for the great work!
Trying out the userConfirmAccount
flow, I get:
Completed 500 Internal Server Error in 5027ms (ActiveRecord: 0.0ms | Allocations: 54116)
RuntimeError (Unexpected parent_type: ):
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:525:in `block in get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1953:in `with_definition_error_check'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:518:in `get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:97:in `on_field'
.....
I kept digging and found that this happened with the Dummy query too. Not sure if it might be environment related?
(paste the link(s) to the Gemfile and Gemfile.lock files.)
Redirect to the redirectUrl
.
500 error:
RuntimeError (Unexpected parent_type: ):
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:525:in `block in get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1953:in `with_definition_error_check'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:518:in `get_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:97:in `on_field'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:102:in `block in on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:123:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/definition_dependencies.rb:47:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/subscription_root_exists.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/mutation_root_exists.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variable_usages_are_allowed.rb:13:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variables_are_used_and_defined.rb:44:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variable_names_are_unique.rb:20:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fields_have_appropriate_selections.rb:18:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fields_will_merge.rb:24:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/operation_names_are_valid.rb:12:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/unique_directives_per_location.rb:27:in `block (2 levels) in <module:UniqueDirectivesPerLocation>'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:68:in `block in on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:92:in `push_root_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/internal_representation/rewrite.rb:68:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/base_visitor.rb:76:in `on_operation_definition'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:102:in `block in on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:101:in `on_abstract_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:123:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/definition_dependencies.rb:38:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/variables_are_used_and_defined.rb:79:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragment_spreads_are_possible.rb:26:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragments_are_used.rb:6:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragments_are_finite.rb:6:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/fragment_names_are_unique.rb:17:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/operation_names_are_valid.rb:16:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/rules/no_definitions_are_present.rb:34:in `on_document'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:79:in `visit_node'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:174:in `on_node_with_modifications'
/home/mateo/Proyects/graphql-ruby/lib/graphql/language/visitor.rb:68:in `visit'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/validator.rb:42:in `block in validate'
/home/mateo/Proyects/graphql-ruby/lib/graphql/tracing.rb:67:in `trace'
/home/mateo/Proyects/graphql-ruby/lib/graphql/static_validation/validator.rb:25:in `validate'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query/validation_pipeline.rb:75:in `ensure_has_validated'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query/validation_pipeline.rb:47:in `internal_representation'
/home/mateo/.rbenv/versions/2.6.2/lib/ruby/2.6.0/forwardable.rb:230:in `internal_representation'
/home/mateo/Proyects/graphql-ruby/lib/graphql/query.rb:236:in `irep_selection'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema/member/instrumentation.rb:22:in `before_query'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:58:in `public_send'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:58:in `block in call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:57:in `each'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:57:in `call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:44:in `each_query_call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:27:in `block in apply_instrumenters'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:72:in `call_hooks'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/instrumentation.rb:26:in `apply_instrumenters'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:175:in `instrument_and_analyze'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:61:in `block in run_queries'
/home/mateo/Proyects/graphql-ruby/lib/graphql/tracing.rb:67:in `trace'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:59:in `run_queries'
/home/mateo/Proyects/graphql-ruby/lib/graphql/execution/multiplex.rb:49:in `run_all'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1633:in `multiplex'
/home/mateo/Proyects/graphql-ruby/lib/graphql/schema.rb:1604:in `execute'
/home/mateo/Proyects/graphql_devise/app/controllers/graphql_devise/graphql_controller.rb:13:in `auth'
actionpack (6.0.2.2) lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
actionpack (6.0.2.2) lib/abstract_controller/base.rb:196:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (6.0.2.2) lib/abstract_controller/callbacks.rb:42:in `block in process_action'
activesupport (6.0.2.2) lib/active_support/callbacks.rb:135:in `run_callbacks'
actionpack (6.0.2.2) lib/abstract_controller/callbacks.rb:41:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/rescue.rb:22:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/instrumentation.rb:33:in `block in process_action'
activesupport (6.0.2.2) lib/active_support/notifications.rb:180:in `block in instrument'
activesupport (6.0.2.2) lib/active_support/notifications/instrumenter.rb:24:in `instrument'
activesupport (6.0.2.2) lib/active_support/notifications.rb:180:in `instrument'
actionpack (6.0.2.2) lib/action_controller/metal/instrumentation.rb:32:in `process_action'
actionpack (6.0.2.2) lib/action_controller/metal/params_wrapper.rb:245:in `process_action'
activerecord (6.0.2.2) lib/active_record/railties/controller_runtime.rb:27:in `process_action'
actionpack (6.0.2.2) lib/abstract_controller/base.rb:136:in `process'
actionpack (6.0.2.2) lib/action_controller/metal.rb:191:in `dispatch'
actionpack (6.0.2.2) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:51:in `dispatch'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:33:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/routing/mapper.rb:18:in `block in <class:Constraints>'
actionpack (6.0.2.2) lib/action_dispatch/routing/mapper.rb:48:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:49:in `block in serve'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:32:in `each'
actionpack (6.0.2.2) lib/action_dispatch/journey/router.rb:32:in `serve'
actionpack (6.0.2.2) lib/action_dispatch/routing/route_set.rb:837:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/rack/agent_hooks.rb:30:in `traced_call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/rack/browser_monitoring.rb:33:in `traced_call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
warden (1.2.8) lib/warden/manager.rb:36:in `block in call'
warden (1.2.8) lib/warden/manager.rb:34:in `catch'
warden (1.2.8) lib/warden/manager.rb:34:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/etag.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/conditional_get.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/head.rb:12:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activerecord (6.0.2.2) lib/active_record/migration.rb:567:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.2.2) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.2.2) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/actionable_exceptions.rb:17:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rollbar (2.25.0) lib/rollbar/middleware/rails/rollbar.rb:25:in `block in call'
rollbar (2.25.0) lib/rollbar.rb:145:in `scoped'
rollbar (2.25.0) lib/rollbar/middleware/rails/rollbar.rb:22:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
rollbar (2.25.0) lib/rollbar/middleware/rails/show_exceptions.rb:22:in `call_with_rollbar'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (6.0.2.2) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.2.2) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.2.2) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.2.2) lib/rails/rack/logger.rb:26:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/request_id.rb:27:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/runtime.rb:22:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
activesupport (6.0.2.2) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/executor.rb:14:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/static.rb:126:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack (2.2.2) lib/rack/sendfile.rb:110:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
actionpack (6.0.2.2) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
rack-cors (1.1.1) lib/rack/cors.rb:100:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
railties (6.0.2.2) lib/rails/engine.rb:526:in `call'
newrelic_rpm (6.10.0.364) lib/new_relic/agent/instrumentation/middleware_tracing.rb:99:in `call'
puma (4.3.3) lib/puma/configuration.rb:228:in `call'
puma (4.3.3) lib/puma/server.rb:682:in `handle_request'
puma (4.3.3) lib/puma/server.rb:472:in `process_client'
puma (4.3.3) lib/puma/server.rb:328:in `block in run'
puma (4.3.3) lib/puma/thread_pool.rb:134:in `block in spawn_thread'
(Paste the link to an example project and exact instructions to reproduce the issue.)
When using GraphqlDevise::Concerns::SetUserByToken
we get a included called twice
error from activesupport. Using DTA's DeviseTokenAuth::Concerns::SetUserByToken
fixes the problem. Good thing that the generators use that one, so it shouldn't be a problem for now, but we should still look into that
Hello,
I already posted here but I'm working on a second project and I'd like to implement this gem in it.
I'm having troubles to run this gem generator. I have installed the gem and bundled (the gem appear in the output) but every time I try to run the generator I'm having this error message:
Could not find generator 'graphql_devise:install'
I'm pretty sure it's a dumb mistake from me but I can't figure out what it is.. Any ideas ?
If you want to check the code it's available here: https://github.com/Gakamine/PriviChat-Server
Thank you.
Mailers include a link to be clicked and the base url for these is always fixed to the gem's graphql controller. This won't work when you mount the auth schema in your very own GQL schema.
We need to find a way to capture the currentUrl on the signUp, sendPasswordReset and resendConfirmation mutations.
If anyone is facing an issue with this, until fixed I would recommend also mounting this gem in your routes file. This way the path will be available when you click on the links. You can pass the only option as you only need the query operations available.
mount_graphql_devise_for('User', only: [: check_password_token, : send_password_reset])
The route will be mounted at /graphql_auth
but the mailer will pick this up and generate the right url.
Hi folks.
Mutation userLogout seems to doesn't have arguments. How I call this from cURL, for example?
I have tried first
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout(input: {variables: {}}) { authenticatable { email } } }" }'
and tried later
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout(input: {}) { authenticatable { email } } }" }'
and this too
curl http://localhost:3001/graphql -H 'Content-Type: application/json' -H 'accept: application/json' -H 'access-token: Lu80OieoLgdWY7RjaW0Oxg' -H 'client: GjCBl8F5QA2e8phBWS4v1Q' -H 'uid: [email protected]' -d '{"query": "mutation { userLogout { authenticatable { email } } }" }'
But the return is always the same: {"errors":[{"message":"No query string was present"}]}
Thank You.
We need to fix the currently allowed failures for the edge version of the Gemfile
Hi there, first of all thank you for this amazing gem.
I was looking at the SendPasswordReset mutation (https://github.com/graphql-devise/graphql_devise/blob/master/lib/graphql_devise/mutations/send_password_reset.rb), and I can see that it returns an "authenticatable" instance.
Is this a security issue? Can somebody just request something like this and get private information about the user? (Asumming he knows the e-mail)
mutation {
userSendPasswordReset(email: "[email protected]", redirectUrl: "http://someurl.com") {
authenticatable {
email
id
firstName
lastName
...otherPrivateInfo
}
}
}
Let me know if I'm getting it right, so I can perform a pull request in order to fix this issue.
Thank you.
I'm starting to build out a react app and I'm coming across what seems like a potentially big road block. Having two ApolloClient
components. Do you guys just nest them in your index.{tsx,jsx,js}
file like so:
<ApolloProvider client={client}>
<App/>
</ApolloProvider>
and then when you want to use authentication end point (inside App
component):
<ApolloProvider client={authClient}>
<Login />
</ApolloProvider>
what if you need to use both in the same component? I've been looking into this and there is apparently a solution called <ApolloMulipleClientsProvider>
but all it does it what I think I should be doing in my above example. I know we have a dummy app in the spec directory for server side testing but as I'm working on a simple example with a React front end, it looks like there could be issues and that seems to be the whole point, right?
I'm looking for a way to pull the reset password token into my own trigger. Im having a hard time being able to use find_resource in an Active Record Model.
something like this.
def send_complete_signup_email
# redirect_url = "#{Rails.application.credentials.front_end_host}/case-management/reset-password"
# auth_schema_url = "#{Rails.application.credentials.backend_end_host}/auth"
resource = find_resource(:email, get_case_insensitive_field(:email, user.email))
resource.send_reset_password_instructions(
email: user.email,
provider: 'email',
redirect_url: redirect_url,
template_path: ['case_manager_mailer'],
schema_url: auth_schema_url
)
end
Since activeadmin relies on ApplicationController
the same with this gem, they're going to conflict given that activeadmin uses the standard devise while this gem relies on DTA. Is there a way where we can specify the controller that this gem uses?
Not sure how it happened, but the mutation documentation I added got removed/reverted and all that's left is from my last PR for the ResendConfirmation
enhancement. That documentation update had some grammar errors that are back also. I checked to see if my PR reflected these changes but it doesn't. However, it looks like my PR broke this and I think this was my fault somehow. I shouldn't have rebased my feature branch when you guys updated master. I'll know not to do that again.
Also the the github custom issue templates were removed. I can resubmit my documentation changes as a new PR and I can add the github custom issue templates as a separate PR unless @00dav00 wants to do that.
per @mcelicalderon 's request, I'm taking a stab at a ResendConfirmation
mutation. I noticed in the routes.rb
file an inconsistency that I think should be fixed before this gem gets popular.
Consider the following code from routes.rb
:
default_mutations = {
login: GraphqlDevise::Mutations::Login,
logout: GraphqlDevise::Mutations::Logout,
sign_up: GraphqlDevise::Mutations::SignUp,
update_password: GraphqlDevise::Mutations::UpdatePassword,
send_reset_password: GraphqlDevise::Mutations::SendPasswordReset,
resend_confirmation: GraphqlDevise::Mutations::ResendConfirmation
}.freeze
I believe that the mutation class should be renamed from SendPasswordReset
to SendResetPassword
. The other option is to change the key from send_reset_password:
to send_password_reset:
but I think that would be a breaking change (which is why I said we should fix this immediately) but also I like verb send
or in my case resend
to be in the front as a convention and renaming the mutation class I think would prevent a breaking fix.
Let me know what you guys think. Also, if I have any other questions like this, should I post them here as issues? I think adding a custom question issue template would be useful. (see my other issue that I posted last week.)
Should we have a documentation/code naming standard for authenticable/authenticatable?
authenticatable has 14 results with only one in the documentation.
authenticable has 38 results with five in the documentation.
I did some googling and these mean the same thing with authenticable referencing authenticatable as being an alternate form of it (meaning authenticatable is the more standard form of this word). See:
https://en.wiktionary.org/wiki/authenticable
What's more is that Devise itself addresses this issue and the decision was to conform to authenticatable:
If we were to move to authenticatable this would be a breaking change so it would probably be good to do it as soon as possible before this library gets really popular.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.