devise
devise copied to clipboard
heartcombo
Database Authenticable Issue With Graphql
Pre-check
- Do not use the issues tracker for help or support, try Stack Overflow.
- For bugs, do a quick search and make sure the bug has not yet been reported
- If you found a security bug, do not report it through GitHub. Please send an e-mail to [email protected] instead.
- Finally, be nice and have fun!
Environment
- Ruby 3.3.4
- Rails 7.2.1
- Devise 4.9.4
Current behavior
File path: lib/devise/strategies/authenticatable.rb
Line number: 93
In case of REST api,
def params_auth_hash
params[scope]
end
returns authentication infos such as email and password from
params = { user: { email: "[email protected]", password: "Password"} }
But in case of GraphQL(graphql gem), params is not a normal hash but rather:
Easiest work around by @lit-poks is to override in your application.
module Devise
module Strategies
class Authenticatable < Base
# overriding the default params
def params
@params ||= { user: log_in_params }
end
private
def log_in_params
# Adjust this accordingly and extract auth has accordingly. Also, important
# note here is, auth_hash must be symbolized.
request.params.dig(:variables, :input, :attributes) || params_from_arguments
end
def params_from_arguments
arguments.value.arguments.inject({}) do |attributes, argument|
attributes.merge!(argument.name.underscore.to_sym => argument.value)
end
end
def arguments
GraphQL::Query
.new(D2dSchema, request.params[:query])
.document
.definitions[0]
.selections[0]
.arguments[0]
.value
.arguments[0]
end
end
end
end
Since this affects the authenticable module, you might face issues indirectly in cookies, remember_user_token, etc.
Credit: This issue was initially faced by my friend @lit-poks and gave me the above workaround. Thanks man!
