Release 3.5.9

A bug that if the unlock strategy was set to `:both`, it would return true for all & any inputs

See #4072

CHANGELOG.md

@@ -1,5 +1,38 @@
 ### Unreleased
 
+### 3.5.9 - 2016-05-02
+
+* bug fixes
+  * Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none`
+  and `:undefined` strategies. (by @f3ndot)
+
+### 3.5.8 - 2016-04-25
+
+* bug fixes
+  * Fix the e-mail confirmation instructions send when a user updates the email address from nil
+
+### 3.5.7 - 2016-04-18
+
+* bug fixes
+  * Fix the `extend_remember_period` configuration. When set to `false` it does
+    not update the cookie expiration anymore.(by @ulissesalmeida)
+
+### 3.5.6 - 2016-01-02
+
+* bug fixes
+  * Fix type coercion of the rememberable timestamp stored on cookies.
+
+### 3.5.5 - 2016-22-01
+
+* bug fixes
+  * Bring back remember_expired? implementation
+  * Ensure timeouts are not triggered if remember me is being used
+
+### 3.5.4 - 2016-18-01
+
+* bug fixes
+  * Store creation timestamps on remember cookies
+
 ### 3.5.3 - 2015-12-10
 
 * bug fixes

Gemfile

@@ -6,6 +6,7 @@ gem "rails", "4.2.2"
 gem "omniauth", "~> 1.2.0"
 gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
+gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (3.5.3)
+    devise (3.5.9)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -47,28 +47,29 @@ GEM
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    arel (6.0.0)
-    bcrypt (3.1.10)
-    bson (3.1.2)
+    arel (6.0.3)
+    bcrypt (3.1.11)
+    bson (3.2.6)
     builder (3.2.2)
+    concurrent-ruby (1.0.1)
     connection_pool (2.2.0)
     erubis (2.7.0)
-    faraday (0.9.1)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    globalid (0.3.5)
+    globalid (0.3.6)
       activesupport (>= 4.1.0)
-    hashie (3.4.0)
+    hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.4.1)
-    loofah (2.0.2)
+    jwt (1.5.4)
+    loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
-    mime-types (2.6.1)
-    mini_portile (0.6.2)
-    minitest (5.7.0)
+    mime-types (2.99.1)
+    mini_portile2 (2.0.0)
+    minitest (5.8.4)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongoid (4.0.2)
@@ -76,15 +77,15 @@ GEM
       moped (~> 2.0.0)
       origin (~> 2.1)
       tzinfo (>= 0.3.37)
-    moped (2.0.6)
+    moped (2.0.7)
       bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.1)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
     oauth2 (0.9.4)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
@@ -105,9 +106,9 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     optionable (0.2.0)
-    origin (2.1.1)
+    origin (2.2.0)
     orm_adapter (0.5.0)
-    rack (1.6.2)
+    rack (1.6.4)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
@@ -126,34 +127,36 @@ GEM
       sprockets-rails
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.6)
+    rails-dom-testing (1.0.7)
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.2)
+    rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
     railties (4.2.2)
       actionpack (= 4.2.2)
       activesupport (= 4.2.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.4.2)
-    rdoc (4.2.0)
-    responders (2.1.0)
-      railties (>= 4.2.0, < 5)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.2.0)
+      railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
-    sprockets (3.2.0)
-      rack (~> 1.0)
-    sprockets-rails (2.3.1)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.10)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.4)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    warden (1.2.4)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
@@ -168,6 +171,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
+  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0)
   omniauth (~> 1.2.0)
@@ -180,4 +184,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.10.6
+   1.11.2

gemfiles/Gemfile.rails-3.2-stable.lock

@@ -1,14 +1,14 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: b344986bc3d94ca7821fc5e0eef1874882ac6cbb
+  revision: f85bbed4cdc1bdfd1e0dbd97bce9db81e44cbd11
   branch: 3-2-stable
   specs:
-    actionmailer (3.2.21)
-      actionpack (= 3.2.21)
+    actionmailer (3.2.22.2)
+      actionpack (= 3.2.22.2)
       mail (~> 2.5.4)
-    actionpack (3.2.21)
-      activemodel (= 3.2.21)
-      activesupport (= 3.2.21)
+    actionpack (3.2.22.2)
+      activemodel (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.4)
@@ -16,31 +16,31 @@ GIT
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
       sprockets (~> 2.2.1)
-    activemodel (3.2.21)
-      activesupport (= 3.2.21)
+    activemodel (3.2.22.2)
+      activesupport (= 3.2.22.2)
       builder (~> 3.0.0)
-    activerecord (3.2.21)
-      activemodel (= 3.2.21)
-      activesupport (= 3.2.21)
+    activerecord (3.2.22.2)
+      activemodel (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.21)
-      activemodel (= 3.2.21)
-      activesupport (= 3.2.21)
-    activesupport (3.2.21)
+    activeresource (3.2.22.2)
+      activemodel (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
+    activesupport (3.2.22.2)
       i18n (~> 0.6, >= 0.6.4)
       multi_json (~> 1.0)
-    rails (3.2.21)
-      actionmailer (= 3.2.21)
-      actionpack (= 3.2.21)
-      activerecord (= 3.2.21)
-      activeresource (= 3.2.21)
-      activesupport (= 3.2.21)
+    rails (3.2.22.2)
+      actionmailer (= 3.2.22.2)
+      actionpack (= 3.2.22.2)
+      activerecord (= 3.2.22.2)
+      activeresource (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
       bundler (~> 1.0)
-      railties (= 3.2.21)
-    railties (3.2.21)
-      actionpack (= 3.2.21)
-      activesupport (= 3.2.21)
+      railties (= 3.2.22.2)
+    railties (3.2.22.2)
+      actionpack (= 3.2.22.2)
+      activesupport (= 3.2.22.2)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
@@ -49,7 +49,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (3.5.3)
+    devise (3.5.8)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -61,36 +61,36 @@ GEM
   remote: https://rubygems.org/
   specs:
     arel (3.0.3)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     builder (3.0.4)
     erubis (2.7.0)
-    faraday (0.9.1)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.0)
+    hashie (3.4.3)
     hike (1.2.3)
     i18n (0.7.0)
     journey (1.0.4)
-    json (1.8.2)
-    jwt (1.4.1)
+    json (1.8.3)
+    jwt (1.5.4)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.4)
     mime-types (1.25.1)
-    mini_portile (0.6.2)
+    mini_portile2 (2.0.0)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
-    mongoid (3.1.6)
+    mongoid (3.1.7)
       activemodel (~> 3.2)
       moped (~> 1.4)
       origin (~> 1.0)
       tzinfo (~> 0.3.29)
-    moped (1.5.2)
-    multi_json (1.11.0)
+    moped (1.5.3)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
     oauth2 (0.9.4)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
@@ -113,8 +113,8 @@ GEM
     origin (1.1.0)
     orm_adapter (0.5.0)
     polyglot (0.3.5)
-    rack (1.4.5)
-    rack-cache (1.2)
+    rack (1.4.7)
+    rack-cache (1.6.1)
       rack (>= 0.4)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
@@ -123,7 +123,7 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (10.4.2)
+    rake (11.1.2)
     rdoc (3.12.2)
       json (~> 1.4)
     responders (1.1.2)
@@ -134,15 +134,15 @@ GEM
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.10)
+    sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
     tilt (1.4.1)
     treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.43)
-    warden (1.2.4)
+    tzinfo (0.3.49)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
@@ -169,4 +169,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.10.6
+   1.11.2

gemfiles/Gemfile.rails-4.0-stable

@@ -6,6 +6,7 @@ gem "rails", github: 'rails/rails', branch: '4-0-stable'
 gem "omniauth", "~> 1.2.0"
 gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
+gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

gemfiles/Gemfile.rails-4.0-stable.lock

@@ -1,6 +1,6 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: 7ec9c9635bf4d57009135ed11e89d8bf32306d73
+  revision: 9be9597e510d185ca7964d0a05b4ea2a7f2d50d1
   branch: 4-0-stable
   specs:
     actionmailer (4.0.13)
@@ -43,7 +43,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (3.5.3)
+    devise (3.5.8)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -54,24 +54,25 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activerecord-deprecated_finders (1.0.3)
+    activerecord-deprecated_finders (1.0.4)
     arel (4.0.2)
-    bcrypt (3.1.10)
-    bson (2.3.0)
+    bcrypt (3.1.11)
+    bson (3.2.6)
     builder (3.1.4)
-    connection_pool (2.1.3)
+    concurrent-ruby (1.0.1)
+    connection_pool (2.2.0)
     erubis (2.7.0)
-    faraday (0.9.1)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.0)
-    hike (1.2.3)
+    hashie (3.4.3)
     i18n (0.7.0)
-    jwt (1.4.1)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    json (1.8.3)
+    jwt (1.5.4)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
-    mime-types (2.4.3)
-    mini_portile (0.6.2)
+    mime-types (2.99.1)
+    mini_portile2 (2.0.0)
     minitest (4.7.5)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
@@ -80,15 +81,15 @@ GEM
       moped (~> 2.0.0)
       origin (~> 2.1)
       tzinfo (>= 0.3.37)
-    moped (2.0.4)
-      bson (~> 2.2)
+    moped (2.0.7)
+      bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.0)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
     oauth2 (0.9.4)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
@@ -109,34 +110,32 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     optionable (0.2.0)
-    origin (2.1.1)
+    origin (2.2.0)
     orm_adapter (0.5.0)
-    rack (1.5.2)
+    rack (1.5.5)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (10.4.2)
-    rdoc (4.2.0)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
     responders (1.1.2)
       railties (>= 3.2, < 4.2)
     ruby-openid (2.7.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (2.3.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.10)
+    sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (1.4.1)
-    tzinfo (0.3.43)
-    warden (1.2.4)
+    tzinfo (0.3.49)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
@@ -151,6 +150,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
+  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
   omniauth (~> 1.2.0)
@@ -163,4 +163,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.10.6
+   1.11.2

gemfiles/Gemfile.rails-4.1-stable

@@ -6,6 +6,7 @@ gem "rails", github: 'rails/rails', branch: '4-1-stable'
 gem "omniauth", "~> 1.2.0"
 gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
+gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,54 +1,54 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: bf32ec7b8611e6b4c7e9398f7d297a1f0221e9b9
+  revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
   branch: 4-1-stable
   specs:
-    actionmailer (4.1.10)
-      actionpack (= 4.1.10)
-      actionview (= 4.1.10)
+    actionmailer (4.1.15)
+      actionpack (= 4.1.15)
+      actionview (= 4.1.15)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.10)
-      actionview (= 4.1.10)
-      activesupport (= 4.1.10)
+    actionpack (4.1.15)
+      actionview (= 4.1.15)
+      activesupport (= 4.1.15)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    actionview (4.1.10)
-      activesupport (= 4.1.10)
+    actionview (4.1.15)
+      activesupport (= 4.1.15)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.10)
-      activesupport (= 4.1.10)
+    activemodel (4.1.15)
+      activesupport (= 4.1.15)
       builder (~> 3.1)
-    activerecord (4.1.10)
-      activemodel (= 4.1.10)
-      activesupport (= 4.1.10)
+    activerecord (4.1.15)
+      activemodel (= 4.1.15)
+      activesupport (= 4.1.15)
       arel (~> 5.0.0)
-    activesupport (4.1.10)
+    activesupport (4.1.15)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
-    rails (4.1.10)
-      actionmailer (= 4.1.10)
-      actionpack (= 4.1.10)
-      actionview (= 4.1.10)
-      activemodel (= 4.1.10)
-      activerecord (= 4.1.10)
-      activesupport (= 4.1.10)
+    rails (4.1.15)
+      actionmailer (= 4.1.15)
+      actionpack (= 4.1.15)
+      actionview (= 4.1.15)
+      activemodel (= 4.1.15)
+      activerecord (= 4.1.15)
+      activesupport (= 4.1.15)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.10)
+      railties (= 4.1.15)
       sprockets-rails (~> 2.0)
-    railties (4.1.10)
-      actionpack (= 4.1.10)
-      activesupport (= 4.1.10)
+    railties (4.1.15)
+      actionpack (= 4.1.15)
+      activesupport (= 4.1.15)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 PATH
   remote: ..
   specs:
-    devise (3.5.3)
+    devise (3.5.8)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -60,24 +60,24 @@ GEM
   remote: https://rubygems.org/
   specs:
     arel (5.0.1.20140414130214)
-    bcrypt (3.1.10)
-    bson (2.3.0)
+    bcrypt (3.1.11)
+    bson (3.2.6)
     builder (3.2.2)
-    connection_pool (2.1.3)
+    concurrent-ruby (1.0.1)
+    connection_pool (2.2.0)
     erubis (2.7.0)
-    faraday (0.9.1)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    hashie (3.4.0)
-    hike (1.2.3)
+    hashie (3.4.3)
     i18n (0.7.0)
-    json (1.8.2)
-    jwt (1.4.1)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    json (1.8.3)
+    jwt (1.5.4)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
-    mime-types (2.4.3)
-    mini_portile (0.6.2)
-    minitest (5.5.1)
+    mime-types (2.99.1)
+    mini_portile2 (2.0.0)
+    minitest (5.8.4)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongoid (4.0.2)
@@ -85,15 +85,15 @@ GEM
       moped (~> 2.0.0)
       origin (~> 2.1)
       tzinfo (>= 0.3.37)
-    moped (2.0.4)
-      bson (~> 2.2)
+    moped (2.0.7)
+      bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.0)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
     oauth2 (0.9.4)
       faraday (>= 0.8, < 0.10)
       jwt (~> 1.0)
@@ -114,35 +114,33 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     optionable (0.2.0)
-    origin (2.1.1)
+    origin (2.2.0)
     orm_adapter (0.5.0)
-    rack (1.5.2)
+    rack (1.5.5)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (10.4.2)
-    rdoc (4.2.0)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
     responders (1.1.2)
       railties (>= 3.2, < 4.2)
     ruby-openid (2.7.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (2.3.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.10)
+    sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (1.4.1)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    warden (1.2.4)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
@@ -157,6 +155,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
+  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
   omniauth (~> 1.2.0)
@@ -169,4 +168,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.10.6
+   1.11.2

gemfiles/Gemfile.rails-4.2-stable

@@ -6,6 +6,7 @@ gem "rails", github: 'rails/rails', branch: '4-2-stable'
 gem "omniauth", "~> 1.2.2"
 gem "omniauth-oauth2", "~> 1.2.0"
 gem "rdoc"
+gem "mime-types", "~> 2.99"
 
 group :test do
   gem "omniauth-facebook"

gemfiles/Gemfile.rails-4.2-stable.lock

@@ -1,64 +1,64 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: f12ff8ddab7b199707ec36d72bd72f206f142c8b
+  revision: 2a1b655bb7db42ed0dbadab5bb129a8515e86a40
   branch: 4-2-stable
   specs:
-    actionmailer (4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
+    actionmailer (4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.1)
-      actionview (= 4.2.1)
-      activesupport (= 4.2.1)
+    actionpack (4.2.6)
+      actionview (= 4.2.6)
+      activesupport (= 4.2.6)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.1)
-      activesupport (= 4.2.1)
+    actionview (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.1)
-      activesupport (= 4.2.1)
+    activejob (4.2.6)
+      activesupport (= 4.2.6)
       globalid (>= 0.3.0)
-    activemodel (4.2.1)
-      activesupport (= 4.2.1)
+    activemodel (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
-    activerecord (4.2.1)
-      activemodel (= 4.2.1)
-      activesupport (= 4.2.1)
+    activerecord (4.2.6)
+      activemodel (= 4.2.6)
+      activesupport (= 4.2.6)
       arel (~> 6.0)
-    activesupport (4.2.1)
+    activesupport (4.2.6)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    rails (4.2.1)
-      actionmailer (= 4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
-      activemodel (= 4.2.1)
-      activerecord (= 4.2.1)
-      activesupport (= 4.2.1)
+    rails (4.2.6)
+      actionmailer (= 4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
+      activemodel (= 4.2.6)
+      activerecord (= 4.2.6)
+      activesupport (= 4.2.6)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.1)
+      railties (= 4.2.6)
       sprockets-rails
-    railties (4.2.1)
-      actionpack (= 4.2.1)
-      activesupport (= 4.2.1)
+    railties (4.2.6)
+      actionpack (= 4.2.6)
+      activesupport (= 4.2.6)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 PATH
   remote: ..
   specs:
-    devise (3.5.3)
+    devise (3.5.8)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -69,29 +69,29 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    arel (6.0.0)
-    bcrypt (3.1.10)
-    bson (2.3.0)
+    arel (6.0.3)
+    bcrypt (3.1.11)
+    bson (3.2.6)
     builder (3.2.2)
-    connection_pool (2.1.3)
+    concurrent-ruby (1.0.1)
+    connection_pool (2.2.0)
     erubis (2.7.0)
-    faraday (0.9.1)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    globalid (0.3.3)
+    globalid (0.3.6)
       activesupport (>= 4.1.0)
-    hashie (3.4.0)
-    hike (1.2.3)
+    hashie (3.4.3)
     i18n (0.7.0)
-    json (1.8.2)
-    jwt (1.4.1)
-    loofah (2.0.1)
+    json (1.8.3)
+    jwt (1.5.1)
+    loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
-    mime-types (2.4.3)
-    mini_portile (0.6.2)
-    minitest (5.5.1)
+    mime-types (2.99.1)
+    mini_portile2 (2.0.0)
+    minitest (5.8.4)
     mocha (1.1.0)
       metaclass (~> 0.0.1)
     mongoid (4.0.2)
@@ -99,25 +99,25 @@ GEM
       moped (~> 2.0.0)
       origin (~> 2.1)
       tzinfo (>= 0.3.37)
-    moped (2.0.4)
-      bson (~> 2.2)
+    moped (2.0.7)
+      bson (~> 3.0)
       connection_pool (~> 2.0)
       optionable (~> 0.2.0)
-    multi_json (1.11.0)
+    multi_json (1.11.3)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    nokogiri (1.6.6.2)
-      mini_portile (~> 0.6.0)
-    oauth2 (1.0.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
+      rack (>= 1.2, < 3)
     omniauth (1.2.2)
       hashie (>= 1.2, < 4)
       rack (~> 1.0)
-    omniauth-facebook (2.0.1)
+    omniauth-facebook (3.0.0)
       omniauth-oauth2 (~> 1.2)
     omniauth-oauth2 (1.2.0)
       faraday (>= 0.8, < 0.10)
@@ -128,9 +128,9 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     optionable (0.2.0)
-    origin (2.1.1)
+    origin (2.2.0)
     orm_adapter (0.5.0)
-    rack (1.6.0)
+    rack (1.6.4)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
@@ -138,33 +138,31 @@ GEM
       rack (>= 1.0)
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.6)
+    rails-dom-testing (1.0.7)
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.2)
+    rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    rake (10.4.2)
-    rdoc (4.2.0)
-    responders (2.1.0)
-      railties (>= 4.2.0, < 5)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.1.2)
+      railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
-    sprockets (2.12.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.10)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.4)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
-    tilt (1.4.1)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    warden (1.2.4)
+    warden (1.2.6)
       rack (>= 1.0)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
@@ -179,6 +177,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
+  mime-types (~> 2.99)
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
   omniauth (~> 1.2.2)
@@ -191,4 +190,4 @@ DEPENDENCIES
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.10.6
+   1.11.2

lib/devise/controllers/rememberable.rb

@@ -9,11 +9,18 @@ module Devise
         Rails.configuration.session_options.slice(:path, :domain, :secure)
       end
 
+      def remember_me_is_active?(resource)
+        return false unless resource.respond_to?(:remember_me)
+        scope = Devise::Mapping.find_scope!(resource)
+        _, token, generated_at = cookies.signed[remember_key(resource, scope)]
+        resource.remember_me?(token, generated_at)
+      end
+
       # Remembers the given resource by setting up a cookie
       def remember_me(resource)
         return if env["devise.skip_storage"]
         scope = Devise::Mapping.find_scope!(resource)
-        resource.remember_me!(resource.extend_remember_period)
+        resource.remember_me!
         cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
       end
 

lib/devise/hooks/timeoutable.rb

@@ -19,9 +19,10 @@ Warden::Manager.after_set_user do |record, warden, options|
 
     proxy = Devise::Hooks::Proxy.new(warden)
 
-    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
+    if record.timedout?(last_request_at) &&
+        !env['devise.skip_timeout'] &&
+        !proxy.remember_me_is_active?(record)
       Devise.sign_out_all_scopes ? proxy.sign_out : proxy.sign_out(scope)
-
       throw :warden, scope: scope, message: :timeout
     end
 

lib/devise/models/confirmable.rb

@@ -170,6 +170,7 @@ module Devise
         # in models to map to a nice sign up e-mail.
         def send_on_create_confirmation_instructions
           send_confirmation_instructions
+          skip_reconfirmation!
         end
 
         # Callback to overwrite if confirmation is required or not.
@@ -260,7 +261,7 @@ module Devise
         end
 
         def reconfirmation_required?
-          self.class.reconfirmable && @reconfirmation_required && self.email.present?
+          self.class.reconfirmable && @reconfirmation_required && (self.email.present? || self.unconfirmed_email.present?)
         end
 
         def send_confirmation_notification?

lib/devise/models/lockable.rb

@@ -155,6 +155,9 @@ module Devise
         end
 
       module ClassMethods
+        # List of strategies that are enabled/supported if :both is used.
+        BOTH_STRATEGIES = [:time, :email]
+
         # Attempt to find a user by its unlock keys. If a record is found, send new
         # unlock instructions to it. If not user is found, returns a new user
         # with an email not found error.
@@ -181,7 +184,8 @@ module Devise
 
         # Is the unlock enabled for the given unlock strategy?
         def unlock_strategy_enabled?(strategy)
-          [:both, strategy].include?(self.unlock_strategy)
+          self.unlock_strategy == strategy ||
+            (self.unlock_strategy == :both && BOTH_STRATEGIES.include?(strategy))
         end
 
         # Is the lock enabled for the given lock strategy?

lib/devise/models/recoverable.rb

@@ -83,7 +83,7 @@ module Devise
       #   reset_password_period_valid?   # will always return false
       #
       def reset_password_period_valid?
-        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago
+        reset_password_sent_at && reset_password_sent_at.utc >= self.class.reset_password_within.ago.utc
       end
 
       protected

lib/devise/models/rememberable.rb

@@ -39,17 +39,17 @@ module Devise
     module Rememberable
       extend ActiveSupport::Concern
 
-      attr_accessor :remember_me, :extend_remember_period
+      attr_accessor :remember_me
 
       def self.required_fields(klass)
         [:remember_created_at]
       end
 
-      # Generate a new remember token and save the record without validations
-      # if remember expired (token is no longer valid) or extend_remember_period is true
-      def remember_me!(extend_period=false)
-        self.remember_token = self.class.remember_token if generate_remember_token?
-        self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
+      # TODO: We were used to receive a extend period argument but we no longer do.
+      # Remove this for Devise 4.0.
+      def remember_me!(*)
+        self.remember_token = self.class.remember_token if respond_to?(:remember_token)
+        self.remember_created_at ||= Time.now.utc
         save(validate: false) if self.changed?
       end
 
@@ -57,19 +57,22 @@ module Devise
       # it exists), and save the record without validations.
       def forget_me!
         return unless persisted?
-        self.remember_token = nil if respond_to?(:remember_token=)
+        self.remember_token = nil if respond_to?(:remember_token)
         self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
         save(validate: false)
       end
 
       # Remember token should be expired if expiration time not overpass now.
       def remember_expired?
-        remember_created_at.nil? || (remember_expires_at <= Time.now.utc)
+        remember_created_at.nil?
       end
 
-      # Remember token expires at created time + remember_for configuration
       def remember_expires_at
-        remember_created_at + self.class.remember_for
+        self.class.remember_for.from_now
+      end
+
+      def extend_remember_period
+        self.class.extend_remember_period
       end
 
       def rememberable_value
@@ -102,29 +105,47 @@ module Devise
       def after_remembered
       end
 
-    protected
+      def remember_me?(token, generated_at)
+        # TODO: Normalize the JSON type coercion along with the Timeoutable hook
+        # in a single place https://github.com/plataformatec/devise/blob/ffe9d6d406e79108cf32a2c6a1d0b3828849c40b/lib/devise/hooks/timeoutable.rb#L14-L18
+        if generated_at.is_a?(String)
+          generated_at = time_from_json(generated_at)
+        end
 
-      def generate_remember_token? #:nodoc:
-        respond_to?(:remember_token) && remember_expired?
+        # The token is only valid if:
+        # 1. we have a date
+        # 2. the current time does not pass the expiry period
+        # 3. the record has a remember_created_at date
+        # 4. the token date is bigger than the remember_created_at
+        # 5. the token matches
+        generated_at.is_a?(Time) &&
+         (self.class.remember_for.ago < generated_at) &&
+         (generated_at > (remember_created_at || Time.now).utc) &&
+         Devise.secure_compare(rememberable_value, token)
       end
 
-      # Generate a timestamp if extend_remember_period is true, if no remember_token
-      # exists, or if an existing remember token has expired.
-      def generate_remember_timestamp?(extend_period) #:nodoc:
-        extend_period || remember_expired?
+      private
+
+      def time_from_json(value)
+        if value =~ /\A\d+\.\d+\Z/
+          Time.at(value.to_f)
+        else
+          Time.parse(value) rescue nil
+        end
       end
 
       module ClassMethods
         # Create the cookie key using the record id and remember_token
         def serialize_into_cookie(record)
-          [record.to_key, record.rememberable_value]
+          [record.to_key, record.rememberable_value, Time.now.utc.to_f.to_s]
         end
 
         # Recreate the user based on the stored cookie
-        def serialize_from_cookie(id, remember_token)
+        def serialize_from_cookie(*args)
+          id, token, generated_at = *args
+
           record = to_adapter.get(id)
-          record if record && !record.remember_expired? &&
-                    Devise.secure_compare(record.rememberable_value, remember_token)
+          record if record && record.remember_me?(token, generated_at)
         end
 
         # Generate a token checking if one does not already exist in the database.

lib/devise/models/timeoutable.rb

@@ -26,7 +26,6 @@ module Devise
 
       # Checks whether the user session has expired based on configured time.
       def timedout?(last_access)
-        return false if remember_exists_and_not_expired?
         !timeout_in.nil? && last_access && last_access <= timeout_in.ago
       end
 
@@ -36,11 +35,6 @@ module Devise
 
       private
 
-      def remember_exists_and_not_expired?
-        return false unless respond_to?(:remember_created_at) && respond_to?(:remember_expired?)
-        remember_created_at && !remember_expired?
-      end
-
       module ClassMethods
         Devise::Models.config(self, :timeout_in)
       end

lib/devise/strategies/rememberable.rb

@@ -25,8 +25,7 @@ module Devise
         end
 
         if validate(resource)
-          remember_me(resource)
-          extend_remember_me_period(resource)
+          remember_me(resource) if extend_remember_me?(resource)
           resource.after_remembered
           success!(resource)
         end
@@ -43,10 +42,8 @@ module Devise
 
     private
 
-      def extend_remember_me_period(resource)
-        if resource.respond_to?(:extend_remember_period=)
-          resource.extend_remember_period = mapping.to.extend_remember_period
-        end
+      def extend_remember_me?(resource)
+        resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
       end
 
       def remember_me?

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.5.3".freeze
+  VERSION = "3.5.9".freeze
 end

test/integration/rememberable_test.rb

@@ -1,10 +1,15 @@
 require 'test_helper'
 
 class RememberMeTest < ActionDispatch::IntegrationTest
+  if (Rails::VERSION::MAJOR < 4) || (Rails::VERSION::MAJOR >= 4 && Rails::VERSION::MINOR < 1)
+    require 'time_helpers'
+    include ActiveSupport::Testing::TimeHelpers
+  end
+
   def create_user_and_remember(add_to_token='')
     user = create_user
     user.remember_me!
-    raw_cookie = User.serialize_into_cookie(user).tap { |a| a.last << add_to_token }
+    raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }
     cookies['remember_user_token'] = generate_signed_cookie(raw_cookie)
     user
   end
@@ -92,7 +97,6 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
     assert warden.user(:user) == user
-    assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
   end
 
   test 'remember the user before sign up and redirect them to their home' do
@@ -118,6 +122,40 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     end
   end
 
+  test 'extends remember period when extend remember period config is true' do
+    swap Devise, extend_remember_period: true, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      refute_equal old_remember_token, current_remember_token
+    end
+  end
+
+  test 'does not extend remember period when extend period config is false' do
+    swap Devise, extend_remember_period: false, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      assert_equal old_remember_token, current_remember_token
+    end
+  end
+
   test 'do not remember other scopes' do
     create_user_and_remember
     get root_path
@@ -135,7 +173,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
 
   test 'do not remember with expired token' do
     create_user_and_remember
-    swap Devise, remember_for: 0 do
+    swap Devise, remember_for: 0.days do
       get users_path
       assert_not warden.authenticated?(:user)
       assert_redirected_to new_user_session_path

test/integration/timeoutable_test.rb

@@ -175,7 +175,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
     assert warden.authenticated?(:user)
   end
 
-  test 'does not crashes when the last_request_at is a String' do
+  test 'does not crash when the last_request_at is a String' do
     user = sign_in_as_user
 
     get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)

test/models/confirmable_test.rb

@@ -114,7 +114,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
     assert_email_not_sent do
       user.save!
-      assert !user.confirmed?
+      assert_not user.confirmed?
     end
   end
 
@@ -401,6 +401,14 @@ class ReconfirmableTest < ActiveSupport::TestCase
     assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded
   end
 
+  test 'should send confirmation instructions by email after changing email from nil' do
+    admin = create_admin(email: nil)
+    assert_email_sent "new_test@example.com" do
+      assert admin.update_attributes(email: 'new_test@example.com')
+    end
+    assert_match "new_test@example.com", ActionMailer::Base.deliveries.last.body.encoded
+  end
+
   test 'should not send confirmation by email after changing password' do
     admin = create_admin
     assert admin.confirm
@@ -486,4 +494,18 @@ class ReconfirmableTest < ActiveSupport::TestCase
       :unconfirmed_email
     ]
   end
+
+  test 'should not require reconfirmation after creating a record' do
+    admin = create_admin
+    assert !admin.pending_reconfirmation?
+  end
+
+  test 'should not require reconfirmation after creating a record with #save called in callback' do
+    class Admin::WithSaveInCallback < Admin
+      after_create :save
+    end
+
+    admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
+    assert !admin.pending_reconfirmation?
+  end
 end

test/models/lockable_test.rb

@@ -325,4 +325,26 @@ class LockableTest < ActiveSupport::TestCase
     user.lock_access!
     assert_equal :locked, user.unauthenticated_message
   end
+
+  test 'unlock_strategy_enabled? should return true for both, email, and time strategies if :both is used' do
+    swap Devise, unlock_strategy: :both do
+      user = create_user
+      assert_equal true, user.unlock_strategy_enabled?(:both)
+      assert_equal true, user.unlock_strategy_enabled?(:time)
+      assert_equal true, user.unlock_strategy_enabled?(:email)
+      assert_equal false, user.unlock_strategy_enabled?(:none)
+      assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy)
+    end
+  end
+
+  test 'unlock_strategy_enabled? should return true only for the configured strategy' do
+    swap Devise, unlock_strategy: :email do
+      user = create_user
+      assert_equal false, user.unlock_strategy_enabled?(:both)
+      assert_equal false, user.unlock_strategy_enabled?(:time)
+      assert_equal true, user.unlock_strategy_enabled?(:email)
+      assert_equal false, user.unlock_strategy_enabled?(:none)
+      assert_equal false, user.unlock_strategy_enabled?(:an_undefined_strategy)
+    end
+  end
 end

test/models/rememberable_test.rb

@@ -13,6 +13,7 @@ class RememberableTest < ActiveSupport::TestCase
     user = create_user
     user.expects(:valid?).never
     user.remember_me!
+    assert user.remember_created_at
   end
 
   test 'forget_me should not clear remember token if using salt' do
@@ -33,13 +34,57 @@ class RememberableTest < ActiveSupport::TestCase
   test 'serialize into cookie' do
     user = create_user
     user.remember_me!
-    assert_equal [user.to_key, user.authenticatable_salt], User.serialize_into_cookie(user)
+    id, token, date = User.serialize_into_cookie(user)
+    assert_equal id, user.to_key
+    assert_equal token, user.authenticatable_salt
+    assert date.is_a?(String)
   end
 
   test 'serialize from cookie' do
     user = create_user
     user.remember_me!
-    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc)
+  end
+
+  test 'serialize from cookie should accept a String with the datetime seconds and microseconds' do
+    user = create_user
+    user.remember_me!
+    assert_equal user, User.serialize_from_cookie(user.to_key, user.authenticatable_salt, Time.now.utc.to_f.to_json)
+  end
+
+  test 'serialize from cookie should return nil with invalid datetime' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, "2013")
+  end
+
+  test 'serialize from cookie should return nil if no resource is found' do
+    assert_nil resource_class.serialize_from_cookie([0], "123", Time.now.utc)
+  end
+
+  test 'serialize from cookie should return nil if no timestamp' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt)
+  end
+
+  test 'serialize from cookie should return nil if timestamp is earlier than token creation' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 1.day.ago)
+  end
+
+  test 'serialize from cookie should return nil if timestamp is older than remember_for' do
+    user = create_user
+    user.remember_created_at = 1.month.ago
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, user.authenticatable_salt, 3.weeks.ago)
+  end
+
+  test 'serialize from cookie me return nil if is a valid resource with invalid token' do
+    user = create_user
+    user.remember_me!
+    assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
   end
 
   test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
@@ -93,28 +138,7 @@ class RememberableTest < ActiveSupport::TestCase
     resource.forget_me!
   end
 
-  test 'remember is expired if not created at timestamp is set' do
-    assert create_resource.remember_expired?
-  end
-
-  test 'serialize should return nil if no resource is found' do
-    assert_nil resource_class.serialize_from_cookie([0], "123")
-  end
-
-  test 'remember me return nil if is a valid resource with invalid token' do
-    resource = create_resource
-    assert_nil resource_class.serialize_from_cookie([resource.id], "123")
-  end
-
-  test 'remember for should fallback to devise remember for default configuration' do
-    swap Devise, remember_for: 1.day do
-      resource = create_resource
-      resource.remember_me!
-      assert_not resource.remember_expired?
-    end
-  end
-
-  test 'remember expires at should sum date of creation with remember for configuration' do
+  test 'remember expires at uses remember for configuration' do
     swap Devise, remember_for: 3.days do
       resource = create_resource
       resource.remember_me!
@@ -125,77 +149,6 @@ class RememberableTest < ActiveSupport::TestCase
     end
   end
 
-  test 'remember should be expired if remember_for is zero' do
-    swap Devise, remember_for: 0.days do
-      Devise.remember_for = 0.days
-      resource = create_resource
-      resource.remember_me!
-      assert resource.remember_expired?
-    end
-  end
-
-  test 'remember should be expired if it was created before limit time' do
-    swap Devise, remember_for: 1.day do
-      resource = create_resource
-      resource.remember_me!
-      resource.remember_created_at = 2.days.ago
-      resource.save
-      assert resource.remember_expired?
-    end
-  end
-
-  test 'remember should not be expired if it was created within the limit time' do
-    swap Devise, remember_for: 30.days do
-      resource = create_resource
-      resource.remember_me!
-      resource.remember_created_at = (30.days.ago + 2.minutes)
-      resource.save
-      assert_not resource.remember_expired?
-    end
-  end
-
-  test 'if extend_remember_period is false, remember_me! should generate a new timestamp if expired' do
-    swap Devise, remember_for: 5.minutes do
-      resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
-
-      resource.remember_me!(false)
-      assert_not_equal old.to_i, resource.remember_created_at.to_i
-    end
-  end
-
-  test 'if extend_remember_period is false, remember_me! should not generate a new timestamp' do
-    swap Devise, remember_for: 1.year do
-      resource = create_resource
-      resource.remember_me!(false)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago.utc
-      resource.save
-
-      resource.remember_me!(false)
-      assert_equal old.to_i, resource.remember_created_at.to_i
-    end
-  end
-
-  test 'if extend_remember_period is true, remember_me! should always generate a new timestamp' do
-    swap Devise, remember_for: 1.year do
-      resource = create_resource
-      resource.remember_me!(true)
-      assert resource.remember_created_at
-
-      resource.remember_created_at = old = 10.minutes.ago
-      resource.save
-
-      resource.remember_me!(true)
-      assert_not_equal old, resource.remember_created_at
-    end
-  end
-
   test 'should have the required_fields array' do
     assert_same_content Devise::Models::Rememberable.required_fields(User), [
       :remember_created_at

test/time_helpers.rb

@@ -0,0 +1,137 @@
+# A copy of Rails time helpers. With this file we can support the `travel_to`
+# helper for Rails versions prior 4.1.
+# File origin: https://github.com/rails/rails/blob/52ce6ece8c8f74064bb64e0a0b1ddd83092718e1/activesupport/lib/active_support/testing/time_helpers.rb
+module ActiveSupport
+  module Testing
+    class SimpleStubs # :nodoc:
+      Stub = Struct.new(:object, :method_name, :original_method)
+
+      def initialize
+        @stubs = {}
+      end
+
+      def stub_object(object, method_name, return_value)
+        key = [object.object_id, method_name]
+
+        if stub = @stubs[key]
+          unstub_object(stub)
+        end
+
+        new_name = "__simple_stub__#{method_name}"
+
+        @stubs[key] = Stub.new(object, method_name, new_name)
+
+        object.singleton_class.send :alias_method, new_name, method_name
+        object.define_singleton_method(method_name) { return_value }
+      end
+
+      def unstub_all!
+        @stubs.each_value do |stub|
+          unstub_object(stub)
+        end
+        @stubs = {}
+      end
+
+      private
+
+        def unstub_object(stub)
+          singleton_class = stub.object.singleton_class
+          singleton_class.send :undef_method, stub.method_name
+          singleton_class.send :alias_method, stub.method_name, stub.original_method
+          singleton_class.send :undef_method, stub.original_method
+        end
+    end
+
+    # Contains helpers that help you test passage of time.
+    module TimeHelpers
+      # Changes current time to the time in the future or in the past by a given time difference by
+      # stubbing +Time.now+, +Date.today+, and +DateTime.now+.
+      #
+      #   Time.current     # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel 1.day
+      #   Time.current     # => Sun, 10 Nov 2013 15:34:49 EST -05:00
+      #   Date.current     # => Sun, 10 Nov 2013
+      #   DateTime.current # => Sun, 10 Nov 2013 15:34:49 -0500
+      #
+      # This method also accepts a block, which will return the current time back to its original
+      # state at the end of the block:
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel 1.day do
+      #     User.create.created_at # => Sun, 10 Nov 2013 15:34:49 EST -05:00
+      #   end
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel(duration, &block)
+        travel_to Time.now + duration, &block
+      end
+
+      # Changes current time to the given time by stubbing +Time.now+,
+      # +Date.today+, and +DateTime.now+ to return the time or date passed into this method.
+      #
+      #   Time.current     # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44)
+      #   Time.current     # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   Date.current     # => Wed, 24 Nov 2004
+      #   DateTime.current # => Wed, 24 Nov 2004 01:04:44 -0500
+      #
+      # Dates are taken as their timestamp at the beginning of the day in the
+      # application time zone. <tt>Time.current</tt> returns said timestamp,
+      # and <tt>Time.now</tt> its equivalent in the system time zone. Similarly,
+      # <tt>Date.current</tt> returns a date equal to the argument, and
+      # <tt>Date.today</tt> the date according to <tt>Time.now</tt>, which may
+      # be different. (Note that you rarely want to deal with <tt>Time.now</tt>,
+      # or <tt>Date.today</tt>, in order to honor the application time zone
+      # please always use <tt>Time.current</tt> and <tt>Date.current</tt>.)
+      #
+      # Note that the usec for the time passed will be set to 0 to prevent rounding
+      # errors with external services, like MySQL (which will round instead of floor,
+      # leading to off-by-one-second errors).
+      #
+      # This method also accepts a block, which will return the current time back to its original
+      # state at the end of the block:
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44) do
+      #     Time.current # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   end
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel_to(date_or_time)
+        if date_or_time.is_a?(Date) && !date_or_time.is_a?(DateTime)
+          now = date_or_time.midnight.to_time
+        else
+          now = date_or_time.to_time.change(usec: 0)
+        end
+
+        simple_stubs.stub_object(Time, :now, now)
+        simple_stubs.stub_object(Date, :today, now.to_date)
+        simple_stubs.stub_object(DateTime, :now, now.to_datetime)
+
+        if block_given?
+          begin
+            yield
+          ensure
+            travel_back
+          end
+        end
+      end
+
+      # Returns the current time back to its original state, by removing the stubs added by
+      # `travel` and `travel_to`.
+      #
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      #   travel_to Time.new(2004, 11, 24, 01, 04, 44)
+      #   Time.current # => Wed, 24 Nov 2004 01:04:44 EST -05:00
+      #   travel_back
+      #   Time.current # => Sat, 09 Nov 2013 15:34:49 EST -05:00
+      def travel_back
+        simple_stubs.unstub_all!
+      end
+
+      private
+
+        def simple_stubs
+          @simple_stubs ||= SimpleStubs.new
+        end
+    end
+  end
+end