From 52fa30ff1b5a7821da2f08dd4c77316a27d81267 Mon Sep 17 00:00:00 2001 From: Matthew Sullivan Date: Wed, 30 Dec 2020 18:39:18 -0500 Subject: [PATCH] Update token usage strategy --- app/controllers/graphql_controller.rb | 8 ++++---- app/graph/user/mutations/update_user.rb | 2 +- app/graph/user/types/input/fetch_user.rb | 1 - app/graph/user/types/input/update_user.rb | 1 - test/graph/mutations/update_user_test.rb | 21 ++++++++------------- test/graph/queries/fetch_user_test.rb | 12 +++++------- 6 files changed, 18 insertions(+), 27 deletions(-) diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index ddce362..6b507ef 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -5,8 +5,7 @@ def execute variables = prepare_variables(params[:variables]) query = params[:query] operation_name = params[:operationName] - token = variables&.dig(:input, :arguments, :token) - context = { current_user: current_user(token) } + context = { current_user: current_user } result = RubyJwtPostgresAuthSchema.execute( query, variables: variables, @@ -22,8 +21,9 @@ def execute private - def current_user(token) - return unless token + def current_user + token = request.headers['Authorization']&.split(' ')&.last + return if token.blank? JwtHelper.logged_in_user(token) end diff --git a/app/graph/user/mutations/update_user.rb b/app/graph/user/mutations/update_user.rb index 98c527d..ac20129 100644 --- a/app/graph/user/mutations/update_user.rb +++ b/app/graph/user/mutations/update_user.rb @@ -10,7 +10,7 @@ def resolve(arguments:) current_user = context[:current_user] raise StandardError unless current_user - current_user.update!(arguments.to_hash.except!(:token)) + current_user.update!(arguments.to_hash) { user: current_user } rescue ActiveRecord::RecordInvalid => e GraphQL::ExecutionError.new("Invalid input: #{e.record.errors.full_messages.join(', ')}") diff --git a/app/graph/user/types/input/fetch_user.rb b/app/graph/user/types/input/fetch_user.rb index 756c025..e98e20e 100644 --- a/app/graph/user/types/input/fetch_user.rb +++ b/app/graph/user/types/input/fetch_user.rb @@ -5,6 +5,5 @@ class FetchUser < Base::Types::BaseInputObject description 'Input for fetching a user' argument :id, String, required: true - argument :token, String, required: true end end diff --git a/app/graph/user/types/input/update_user.rb b/app/graph/user/types/input/update_user.rb index 4a45bba..f402a8b 100644 --- a/app/graph/user/types/input/update_user.rb +++ b/app/graph/user/types/input/update_user.rb @@ -8,6 +8,5 @@ class UpdateUser < Base::Types::BaseInputObject argument :first_name, String, required: false argument :last_name, String, required: false argument :password, String, required: false - argument :token, String, required: true end end diff --git a/test/graph/mutations/update_user_test.rb b/test/graph/mutations/update_user_test.rb index e273f66..a7264c2 100644 --- a/test/graph/mutations/update_user_test.rb +++ b/test/graph/mutations/update_user_test.rb @@ -20,7 +20,7 @@ def perform(args = {}) } } GRAPHQL - post '/graph', params: { query: query, variables: args } + post '/graph', params: { query: query, variables: args }, headers: { 'HTTP_AUTHORIZATION' => "Bearer: #{@token}" } JSON.parse(@response.body) end @@ -28,11 +28,11 @@ def perform(args = {}) parameters = { input: { arguments: { - email: 'janedoe@localhost.com', - token: '' + email: 'janedoe@localhost.com' } } } + @token = '' result = perform(parameters) assert_equal('Must be logged in to access requested resource', result['errors'][0]['message']) @@ -45,8 +45,7 @@ def perform(args = {}) firstName: 'Jonathan', lastName: 'D.', email: 'jonathandoe@localhost.com', - password: '!a1B2c3D4e5F6g!', - token: @token + password: '!a1B2c3D4e5F6g!' } } } @@ -62,8 +61,7 @@ def perform(args = {}) parameters = { input: { arguments: { - firstName: '', - token: @token + firstName: '' } } } @@ -76,8 +74,7 @@ def perform(args = {}) parameters = { input: { arguments: { - lastName: '', - token: @token + lastName: '' } } } @@ -90,8 +87,7 @@ def perform(args = {}) parameters = { input: { arguments: { - email: '', - token: @token + email: '' } } } @@ -104,8 +100,7 @@ def perform(args = {}) parameters = { input: { arguments: { - email: 'janedoe@localhost.com', - token: @token + email: 'janedoe@localhost.com' } } } diff --git a/test/graph/queries/fetch_user_test.rb b/test/graph/queries/fetch_user_test.rb index a379712..4154724 100644 --- a/test/graph/queries/fetch_user_test.rb +++ b/test/graph/queries/fetch_user_test.rb @@ -20,7 +20,7 @@ def perform(args = {}) } } GRAPHQL - post '/graph', params: { query: query, variables: args } + post '/graph', params: { query: query, variables: args }, headers: { 'HTTP_AUTHORIZATION' => "Bearer: #{@token}" } JSON.parse(@response.body) end @@ -30,8 +30,7 @@ def perform(args = {}) parameters = { input: { arguments: { - id: encoded_id, - token: @token + id: encoded_id } } } @@ -47,11 +46,11 @@ def perform(args = {}) parameters = { input: { arguments: { - id: 'A1b2C3d4', - token: '' + id: 'A1b2C3d4' } } } + @token = '' result = perform(parameters) assert_equal('Must be logged in to access requested resource', result['errors'][0]['message']) @@ -61,8 +60,7 @@ def perform(args = {}) parameters = { input: { arguments: { - id: '124', - token: @token + id: 'A1b2C3d4' } } }