如何通过GraphQL mutation在Rails中销毁当前用户会话。

huangapple go评论63阅读模式
英文:

How to destroy the current user session from rails through graphql mutation

问题

我正在尝试通过一个GraphQL变更来清除用户会话,该变更接受user_id作为参数,并销毁用户会话并发送一条消息,该消息将由前端用于注销。

argument :user_id, ID, required: true
field :message, String, null: true

def resolve(user_id:)
  user = User.find_by(id: user_id)
  raise GraphQL::ExecutionError, 'User not found.' unless user.present?
  destroy_user_session(user_id)
  user.save!
  { message: 'User session cleared'}
end

private

def destroy_user_session(user_id)
  binding.pry
  session = context[:session]
  session.clear
  raise GraphQL::ExecutionError, 'Failed to clear session.' unless session.empty?
end

但问题是,这里用户会话未能正确销毁。我在localhost:3000/api/graphql上测试它,首先调用变更,然后调用一些其他查询,这些查询在用户登录后可访问,不幸的是,两者都被调用了,而不是抛出“需要授权”的错误。我尝试了来自不同网站的几个步骤,但仍然卡在这里。

英文:

I am trying to clear user sessions through a graphql mutation which takes user_id as an argument and destroys the user session and sends a message, which will further be used by frontend to sign out.

  argument :user_id, ID, required: true
  field :message, String, null: true

  def resolve(user_id:)
    user = User.find_by(id: user_id)
    raise GraphQL::ExecutionError, 'User not found.' unless user.present?
    destroy_user_session(user_id)
    user.save!
    { message: 'User session cleared'}
  end
  
  private

  def destroy_user_session(user_id)
    binding.pry
    session = context[:session]
    session.clear
    raise GraphQL::ExecutionError, 'Failed to clear session.' unless session.empty?
  end
end

But the problem is, the user session is not getting destroyed properly here. I am testing it using localhost:3000/api/graphql where I call the mutation first and then calls some other query that are accessible once the user is logged in and unfortunately both are being called instead of throwing error like authorization is requried. I tried several steps from different sites but still got stuck here.

答案1

得分: 2

由于你的graphql_controller继承自application_controller,如果你正在使用devise,你应该可以访问sign_out方法,因此如果你尝试调用context[:controller].sign_out,它应该可以工作。

def destroy_user_session(user_id)
  context[:controller].sign_out
  session = context[:session]
  session.clear
  raise GraphQL::ExecutionError, 'Failed to clear session.' unless session.empty?
end
英文:

Since your graphql_controller is inheriting from application_controller you should have access to sign_out method if you are using devise so if you try calling context[:controller].sign_out it should work

  def destroy_user_session(user_id)
    context[:controller].sign_out
    session = context[:session]
    session.clear
    raise GraphQL::ExecutionError, 'Failed to clear session.' unless session.empty?
  end

答案2

得分: 2

以下是翻译好的部分:

def destroy_user_session
  context[:controller].sign_out
end

以上代码足够。无需进一步编写。(对Nirajan的回答的后续回答)

英文:
def destroy_user_session
  context[:controller].sign_out
end

Above code would suffice. You need not to write any further. (Follow up answer for Nirajan's answer)

huangapple
  • 本文由 发表于 2023年7月13日 18:06:45
  • 转载请务必保留本文链接:https://go.coder-hub.com/76678203.html
  • graphql
  • logout
  • ruby-on-rails
  • session-cookies