Database Authenticable Issue With Graphql

bugloper commented 2 months ago

Pre-check

Do not use the issues tracker for help or support, try Stack Overflow.
For bugs, do a quick search and make sure the bug has not yet been reported
If you found a security bug, do not report it through GitHub. Please send an e-mail to heartcombo@googlegroups.com instead.
Finally, be nice and have fun!

Environment

Ruby 3.3.4
Rails 7.2.1
Devise 4.9.4

Current behavior

File path: lib/devise/strategies/authenticatable.rb Line number: 93

In case of REST api,

    def params_auth_hash
        params[scope]
    end

returns authentication infos such as email and password from params = { user: { email: "nima@gmail.com", password: "Password"} }

But in case of GraphQL(graphql gem), params is not a normal hash but rather:

Easiest work around by @lit-poks is to override in your application.

    module Devise
      module Strategies
        class Authenticatable < Base
          # overriding the default params
          def params
            @params ||= { user: log_in_params }
          end

          private

          def log_in_params
            # Adjust this accordingly and extract auth has accordingly. Also, important
            # note here is, auth_hash must be symbolized.
            request.params.dig(:variables, :input, :attributes) || params_from_arguments
          end

          def params_from_arguments
            arguments.value.arguments.inject({}) do |attributes, argument|
              attributes.merge!(argument.name.underscore.to_sym => argument.value)
            end
          end

          def arguments
            GraphQL::Query
              .new(D2dSchema, request.params[:query])
              .document
              .definitions[0]
              .selections[0]
              .arguments[0]
              .value
              .arguments[0]
          end
        end
      end
    end

Since this affects the authenticable module, you might face issues indirectly in cookies, remember_user_token, etc.

Credit: This issue was initially faced by my friend @lit-poks and gave me the above workaround. Thanks man!

Expected behavior

nashby commented 2 weeks ago

Hey @bugloper! Thanks for the report but Devise does not support GraphQL out of the box, you might need to use some 3rd party gems to make it work for you, like https://github.com/graphql-devise/graphql_devise

bugloper commented 2 weeks ago

Hey @bugloper! Thanks for the report but Devise does not support GraphQL out of the box, you might need to use some 3rd party gems to make it work for you, like https://github.com/graphql-devise/graphql_devise

Thanks.

heartcombo / devise