graphql-devise · 00dav00 · Aug 14, 2022 · Aug 7, 2022 · Aug 7, 2022 · Aug 9, 2022
diff --git a/lib/graphql_devise/concerns/additional_controller_methods.rb b/lib/graphql_devise/concerns/additional_controller_methods.rb
@@ -37,7 +37,7 @@ def set_resource_by_token(resource)
 
     def build_redirect_headers(access_token, client, redirect_header_options = {})
       {
-        DeviseTokenAuth.headers_names[:"access-token"] => access_token,
+        DeviseTokenAuth.headers_names[:'access-token'] => access_token,
         DeviseTokenAuth.headers_names[:client] => client,
         :config => params[:config],
         :client_id => client,

diff --git a/lib/graphql_devise/concerns/controller_methods.rb b/lib/graphql_devise/concerns/controller_methods.rb
@@ -66,9 +66,20 @@ def client
       end
     end
 
-    def set_auth_headers(resource)
+    def generate_auth_headers(resource)
       auth_headers = resource.create_new_auth_token
-      response.headers.merge!(auth_headers)
+      controller.resource = resource
+      access_token_name = DeviseTokenAuth.headers_names[:'access-token']
+      client_name = DeviseTokenAuth.headers_names[:'client']
+
+      # NOTE: Depending on the DTA version, the token will be an object or nil
+      if controller.token
+        controller.token.client = auth_headers[client_name]
+        controller.token.token = auth_headers[access_token_name]
+      else
+        controller.client_id = auth_headers[client_name]
+        controller.token = auth_headers[access_token_name]
+      end
 
       auth_headers
     end

diff --git a/lib/graphql_devise/mutations/confirm_registration_with_token.rb b/lib/graphql_devise/mutations/confirm_registration_with_token.rb
@@ -18,7 +18,7 @@ def resolve(confirmation_token:)
 
           response_payload = { authenticatable: resource }
 
-          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+          response_payload[:credentials] = generate_auth_headers(resource) if resource.active_for_authentication?
 
           response_payload
         else

diff --git a/lib/graphql_devise/mutations/login.rb b/lib/graphql_devise/mutations/login.rb
@@ -19,7 +19,7 @@ def resolve(email:, password:)
             raise_user_error(I18n.t('graphql_devise.sessions.bad_credentials'))
           end
 
-          new_headers = set_auth_headers(resource)
+          new_headers = generate_auth_headers(resource)
           controller.sign_in(:user, resource, store: false, bypass: false)
 
           yield resource if block_given?

diff --git a/lib/graphql_devise/mutations/register.rb b/lib/graphql_devise/mutations/register.rb
@@ -38,7 +38,7 @@ def resolve(confirm_url: nil, **attrs)
 
           response_payload = { authenticatable: resource }
 
-          response_payload[:credentials] = set_auth_headers(resource) if resource.active_for_authentication?
+          response_payload[:credentials] = generate_auth_headers(resource) if resource.active_for_authentication?
 
           response_payload
         else

diff --git a/lib/graphql_devise/mutations/update_password_with_token.rb b/lib/graphql_devise/mutations/update_password_with_token.rb
@@ -23,7 +23,7 @@ def resolve(reset_password_token:, **attrs)
           yield resource if block_given?
 
           response_payload               = { authenticatable: resource }
-          response_payload[:credentials] = set_auth_headers(resource) if controller.signed_in?(resource_name)
+          response_payload[:credentials] = generate_auth_headers(resource) if controller.signed_in?(resource_name)
 
           response_payload
         else

diff --git a/spec/dummy/app/controllers/api/v1/graphql_controller.rb b/spec/dummy/app/controllers/api/v1/graphql_controller.rb
@@ -4,6 +4,7 @@ module Api
   module V1
     class GraphqlController < ApplicationController
       include GraphqlDevise::SetUserByToken
+      include ActionController::Cookies
 
       def graphql
         result = DummySchema.execute(params[:query], **execute_params(params))

diff --git a/spec/requests/mutations/login_spec.rb b/spec/requests/mutations/login_spec.rb
@@ -184,4 +184,38 @@
       )
     end
   end
+
+
+  if DeviseTokenAuth.respond_to?(:cookie_enabled)
+    context 'when using cookies for auth' do
+      let!(:user) { create(:user, :confirmed, password: password, email: 'vvega@wallaceinc.com') }
+      let(:email) { user.email }
+      let(:query) do
+        <<-GRAPHQL
+        mutation {
+          userLogin(
+            email: "#{email}",
+            password: "#{password}"
+          ) {
+            authenticatable { email }
+            credentials { accessToken uid tokenType client expiry }
+          }
+        }
+      GRAPHQL
+      end
+
+      around do |example|
+        DeviseTokenAuth.cookie_enabled = true
+        example.run
+        DeviseTokenAuth.cookie_enabled = false
+      end
+
+      before { post_request('/api/v1/graphql') }
+
+      it 'honors DTA configuration of setting auth info in cookies' do
+        cookie = cookies.get_cookie('auth_cookie')
+        expect(JSON.parse(cookie.value).keys).to include(*%w[uid access-token client])
+      end
+    end
+  end
 end