-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mount auth operations in main GQL schema #96
Conversation
a7de750
to
d178626
Compare
d178626
to
d8ea28d
Compare
38f3685
to
510ac1e
Compare
510ac1e
to
2e63cda
Compare
393db52
to
6898d21
Compare
@@ -35,7 +35,7 @@ def resolve(confirm_success_url: nil, **attrs) | |||
|
|||
{ authenticatable: resource } | |||
else | |||
clean_up_passwords(resource) | |||
resource.clean_up_passwords if resource.respond_to?(:clean_up_passwords) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since rails is a dependency, did you considered try
?
lib/graphql_devise/schema_plugin.rb
Outdated
field = traced_field(trace_data) | ||
provided_value = authenticate_option(field, trace_data) | ||
|
||
if (!provided_value.nil? && provided_value) || @authenticate_default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about
provided_value.presence
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
provided_value
might be false
so I cannot use presence
. But now I see this won't skip authentication if the provided value in the field is false
and the default is true
. I'll fix it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯
README.md
Outdated
option is provided, the route will be `/graphql_auth`. This has no effect on your own application schema. | ||
More on this in the next section. | ||
### Important | ||
Remember this gem mounts a completely separate GraphQL schema on a separate controller in the route |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about Remember that by default....
before_action -> { set_resource_by_token(:user) } | ||
|
||
def my_action | ||
render json: DummySchema.execute(params[:query], context: graphql_context) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is graphql_context
supposed to be set by the main project?
In that case I think it may be useful to add a comment or something like
graphql_context = the_gql_context_created_by_your_application
render json: DummySchema.execute(params[:query], context: graphql_context)
In that way it is clear that graphql_context
is not provided by the egm and shouldn't be copypasta
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no, this is a method in our concern
README.md
Outdated
provided by the `at` option in the `mount_graphql_devise_for` method in the `config/routes.rb` file by default. If no `at` | ||
option is provided, the route will be `/graphql_auth`. | ||
|
||
**Starting with `v0.12.0`** you can opt-in to a new behavior where you actually load this gem's |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**Starting with `v0.12.0`** you can opt-in to a new behavior where you actually load this gem's | |
**Starting with `v0.12.0`** you can opt-in to load this auth queries and mutations into into your own application's schema. |
1. `query`: This param is mandatory unless you skip all queries via the resource loader | ||
options. This should be the same `QueryType` you provide to the `query` method | ||
in your schema. | ||
1. `mutation`: This param mandatory unless you skip all mutations via the resource loader |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. `mutation`: This param mandatory unless you skip all mutations via the resource loader | |
1. `mutation`: This param is mandatory unless you skip all mutations via the resource loader |
SetUserByToken.module_eval do | ||
attr_accessor :client_id, :token, :resource | ||
|
||
alias_method :set_resource_by_token, :set_user_by_token |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💯
3a12f80
to
687ebaf
Compare
GQL specification is not very clear on how/where exactly authentication should be handled (here). After some reading and discussing with @00dav00 we have decided to implement this while still keeping a way to mount the schema in a separate route. This will allow to require/not_require authentication per field on the schema and having a default.
Users::Admin
would generate the wrong query name on the mailer helper.