Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to log out sessions #7

Merged
merged 1 commit into from
Dec 14, 2023
Merged

Allow to log out sessions #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .rubocop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ AllCops:
GraphQL/ExtractInputType:
Enabled: false

Lint/AmbiguousBlockAssociation:
AllowedMethods: [change]


Metrics/AbcSize:
Enabled: false

Expand Down
2 changes: 2 additions & 0 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,5 @@ gem 'seed-fu', '~> 2.3'
gem 'sidekiq', '~> 7.1'

gem 'lograge', '~> 0.14.0'

gem 'declarative_policy', '~> 1.1'
2 changes: 2 additions & 0 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ GEM
irb (>= 1.5.0)
reline (>= 0.3.1)
debug_inspector (1.1.0)
declarative_policy (1.1.0)
diff-lcs (1.5.0)
docile (1.4.0)
drb (2.2.0)
Expand Down Expand Up @@ -319,6 +320,7 @@ DEPENDENCIES
bootsnap
database_cleaner-active_record (~> 2.1)
debug
declarative_policy (~> 1.1)
factory_bot_rails (~> 6.2)
graphql (~> 2.1)
lograge (~> 0.14.0)
Expand Down
6 changes: 5 additions & 1 deletion app/controllers/graphql_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,11 @@ def mutations_allowed?
false
end

%i[none invalid session].each do |t|
def invalid?
(authorization.nil? && !none?) || type == :invalid
end

%i[none session].each do |t|
define_method :"#{t}?" do
type == t
end
Expand Down
4 changes: 4 additions & 0 deletions app/graphql/mutations/base_mutation.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,9 @@ def self.require_one_of(arguments, context)
field :errors, [GraphQL::Types::String],
null: false,
description: 'Errors encountered during execution of the mutation.'

def current_user
context[:current_user]
end
end
end
22 changes: 22 additions & 0 deletions app/graphql/mutations/users/logout.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# frozen_string_literal: true

module Mutations
module Users
class Logout < BaseMutation
description 'Logout an existing user session'

field :user_session, Types::UserSessionType, null: true, description: 'The logged out user session'

argument :user_session_id, Types::GlobalIdType[::UserSession], required: true,
description: 'ID of the session to logout'

def resolve(user_session_id:)
user_session = SagittariusSchema.object_from_id(user_session_id)

return { user_session: nil, errors: ['Invalid user session'] } if user_session.nil?

UserLogoutService.new(current_user, user_session).execute.to_mutation_response(success_key: :user_session)
end
end
end
end
1 change: 1 addition & 0 deletions app/graphql/types/mutation_type.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ class MutationType < Types::BaseObject
include Sagittarius::Graphql::MountMutation

mount_mutation Mutations::Users::Login
mount_mutation Mutations::Users::Logout
mount_mutation Mutations::Users::Register

field :echo, GraphQL::Types::String, null: false,
Expand Down
2 changes: 2 additions & 0 deletions app/graphql/types/user_session_type.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ module Types
class UserSessionType < Types::BaseObject
description 'Represents a user session'

field :active, GraphQL::Types::Boolean, null: false,
description: 'Whether or not the session is active and can be used'
field :id, Types::GlobalIdType[::UserSession], null: false, description: 'GlobalID of the user'
field :token, String, null: true, description: 'Token belonging to the session, only present on creation'
field :user, Types::UserType, null: false, description: 'User that belongs to the session'
Expand Down
21 changes: 21 additions & 0 deletions app/models/ability.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# frozen_string_literal: true

module Ability
module_function

def allowed?(user, ability, subject = :global)
policy = policy_for(user, subject)

policy.allowed?(ability)
end

def policy_for(user, subject = :global)
Cache.policies ||= {}

DeclarativePolicy.policy_for(user, subject, cache: Cache.policies)
end

class Cache < ActiveSupport::CurrentAttributes
attribute :policies
end
end
4 changes: 4 additions & 0 deletions app/policies/base_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# frozen_string_literal: true

class BasePolicy < DeclarativePolicy::Base
end
7 changes: 7 additions & 0 deletions app/policies/user_session_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# frozen_string_literal: true

class UserSessionPolicy < BasePolicy
condition(:session_owner) { @subject.user_id == @user&.id }

rule { session_owner }.enable :logout_session
end
2 changes: 1 addition & 1 deletion app/services/service_response.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def to_mutation_response(success_key: :object)
if payload.is_a?(ActiveModel::Errors)
{ success_key => nil, errors: payload.full_messages }
else
{ success_key => nil, errors: payload }
{ success_key => nil, errors: Array.wrap(payload) }
end
end
end
26 changes: 26 additions & 0 deletions app/services/user_logout_service.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# frozen_string_literal: true

class UserLogoutService
include Sagittarius::Loggable

def initialize(current_user, user_session)
@current_user = current_user
@user_session = user_session
end

def execute
unless Ability.allowed?(@current_user, :logout_session, @user_session)
return ServiceResponse.error(payload: "You can't log out this session")
end

@user_session.active = false

if @user_session.save
logger.info(message: 'Logged out session', session_id: @user_session.id, user_id: @user_session.user_id)
ServiceResponse.success(message: 'Logged out session', payload: @user_session)
else
logger.warn(message: 'Failed to log out session', session_id: @user_session.id, user_id: @user_session.user_id)
ServiceResponse.error(payload: 'Failed to log out session')
end
end
end
1 change: 1 addition & 0 deletions spec/graphql/types/user_session_type_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
id
user
token
active
]
end

Expand Down
31 changes: 31 additions & 0 deletions spec/policies/user_session_policy_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# frozen_string_literal: true

require 'rails_helper'

RSpec.describe UserSessionPolicy do
subject { described_class.new(current_user, user_session) }

let(:current_user) { nil }
let(:user_session) { nil }

context 'when user is owner of the session' do
let(:current_user) { create(:user) }
let(:user_session) { create(:user_session, user: current_user) }

it { is_expected.to be_allowed(:logout_session) }
end

context 'when user is not owner of the session' do
let(:current_user) { create(:user) }
let(:user_session) { create(:user_session) }

it { is_expected.not_to be_allowed(:logout_session) }
end

context 'when user is nil' do
let(:current_user) { nil }
let(:user_session) { create(:user_session) }

it { is_expected.not_to be_allowed(:logout_session) }
end
end
74 changes: 74 additions & 0 deletions spec/requests/graphql/mutation/users/logout_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# frozen_string_literal: true

require 'rails_helper'

RSpec.describe 'usersLogout Mutation' do
include GraphqlHelpers

let(:mutation) do
<<~QUERY
mutation($input: UsersLogoutInput!) {
usersLogout(input: $input) {
errors
userSession {
id
active
}
}
}
QUERY
end

let(:user_session_id) { nil }
let(:current_user) { nil }
let(:variables) { { input: { userSessionId: user_session_id } } }

before { post_graphql mutation, variables: variables, current_user: current_user }

context 'when input is valid' do
let(:user_session) { create(:user_session) }
let(:user_session_id) { user_session.to_global_id.to_s }

context 'when logging out a session of the same user' do
let(:current_user) { user_session.user }

it 'logs out the session', :aggregate_failures do
expect(graphql_data_at(:users_logout, :user_session, :id)).to eq(user_session_id)
expect(graphql_data_at(:users_logout, :user_session, :active)).to be(false)
end
end

context 'when logging out a session of another user' do
let(:current_user) { create(:user) }

it 'does not log out the session', :aggregate_failures do
expect(graphql_data_at(:users_logout, :errors)).to include("You can't log out this session")
expect(graphql_data_at(:users_logout, :user_session)).to be_nil
end
end
end

context 'when input is invalid' do
let(:current_user) { create(:user) }

context 'when session id is invalid' do
let(:user_session_id) { 'some random string' }

it 'raises validation error' do
expect(graphql_errors).to include(
a_hash_including(
'message' => a_string_including("Could not coerce value \"#{user_session_id}\" to UserSessionID")
)
)
end
end

context 'when session id is does not exist' do
let(:user_session_id) { 'gid://Sagittarius/UserSession/0' }

it 'raises validation error' do
expect(graphql_data_at(:users_logout, :errors)).to include('Invalid user session')
end
end
end
end
40 changes: 40 additions & 0 deletions spec/services/user_logout_service_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# frozen_string_literal: true

require 'rails_helper'

RSpec.describe UserLogoutService do
subject(:service_response) { described_class.new(current_user, user_session).execute }

context 'when current_user can log out user_session' do
let(:current_user) { create(:user) }
let(:user_session) { create(:user_session, user: current_user) }

it { is_expected.to be_success }

it 'changes the session to inactive' do
expect { service_response }.to change { user_session.reload.active }.from(true).to(false)
end
end

context 'when current_user can not log out user_session' do
let(:current_user) { create(:user) }
let(:user_session) { create(:user_session) }

it { is_expected.not_to be_success }

it 'does not change the session to inactive' do
expect { service_response }.not_to change { user_session.reload.active }
end
end

context 'when current_user is nil' do
let(:current_user) { nil }
let(:user_session) { create(:user_session) }

it { is_expected.not_to be_success }

it 'does not change the session to inactive' do
expect { service_response }.not_to change { user_session.reload.active }
end
end
end
2 changes: 1 addition & 1 deletion spec/support/helpers/graphql_helpers.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def graphql_dig_at(data, *path)
keys = path.map { |segment| segment.is_a?(Integer) ? segment : GraphqlHelpers.graphql_field_name(segment) }

keys.reduce(data) do |acc, cur|
if acc.is_a?(Array) && key.is_a?(Integer)
if acc.is_a?(Array) && cur.is_a?(Integer)
acc[cur]
elsif acc.is_a?(Array)
acc.compact.pluck(cur)
Expand Down