Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Database Authenticable Issue With Graphql #5712

Closed
bugloper opened this issue Sep 5, 2024 · 2 comments
Closed

Database Authenticable Issue With Graphql #5712

bugloper opened this issue Sep 5, 2024 · 2 comments

Comments

@bugloper
Copy link

bugloper commented Sep 5, 2024

Pre-check

  • Do not use the issues tracker for help or support, try Stack Overflow.
  • For bugs, do a quick search and make sure the bug has not yet been reported
  • If you found a security bug, do not report it through GitHub. Please send an e-mail to [email protected] instead.
  • Finally, be nice and have fun!

Environment

  • Ruby 3.3.4
  • Rails 7.2.1
  • Devise 4.9.4

Current behavior

File path: lib/devise/strategies/authenticatable.rb
Line number: 93

In case of REST api,

    def params_auth_hash
        params[scope]
    end

returns authentication infos such as email and password from
params = { user: { email: "[email protected]", password: "Password"} }
image

But in case of GraphQL(graphql gem), params is not a normal hash but rather:
image

Easiest work around by @lit-poks is to override in your application.

    module Devise
      module Strategies
        class Authenticatable < Base
          # overriding the default params
          def params
            @params ||= { user: log_in_params }
          end
    
          private
    
          def log_in_params
            # Adjust this accordingly and extract auth has accordingly. Also, important
            # note here is, auth_hash must be symbolized.
            request.params.dig(:variables, :input, :attributes) || params_from_arguments
          end
    
          def params_from_arguments
            arguments.value.arguments.inject({}) do |attributes, argument|
              attributes.merge!(argument.name.underscore.to_sym => argument.value)
            end
          end
    
          def arguments
            GraphQL::Query
              .new(D2dSchema, request.params[:query])
              .document
              .definitions[0]
              .selections[0]
              .arguments[0]
              .value
              .arguments[0]
          end
        end
      end
    end

Since this affects the authenticable module, you might face issues indirectly in cookies, remember_user_token, etc.

Credit: This issue was initially faced by my friend @lit-poks and gave me the above workaround. Thanks man!

Expected behavior

@nashby
Copy link
Collaborator

nashby commented Nov 6, 2024

Hey @bugloper! Thanks for the report but Devise does not support GraphQL out of the box, you might need to use some 3rd party gems to make it work for you, like https://github.com/graphql-devise/graphql_devise

@nashby nashby closed this as completed Nov 6, 2024
@bugloper
Copy link
Author

bugloper commented Nov 6, 2024

Hey @bugloper! Thanks for the report but Devise does not support GraphQL out of the box, you might need to use some 3rd party gems to make it work for you, like https://github.com/graphql-devise/graphql_devise

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants