Use the Ruby 1.8 hash syntax.

Yes we still support Ruby 1.8 😢

Conflicts:
	Gemfile.lock

.travis.yml

@@ -10,3 +10,4 @@ notifications:
     - jose.valim@plataformatec.com.br
     - carlos@plataformatec.com.br
     - rodrigo.flores@plataformatec.com.br
+    - rafael.franca@plataformatec.com.br

CHANGELOG.rdoc

@@ -1,3 +1,31 @@
+== 1.5.4
+
+* bug fix
+  * Require string conversion for all values
+
+== 1.5.3
+
+* bug fix
+  * Ensure delegator converts scope to symbol (by github.com/dmitriy-kiriyenko)
+  * Ensure passing :format => false to devise_for is not permanent
+  * Ensure path checker does not check invalid routes
+
+* warden regression
+  * using warden 1.2.1 with Devise 1.5.3 introduces a regression for some types of functional tests (see github.com/plataformatec/devise/issues/1928).  Can peg warden to 1.2.0 in your Gemfile to fix this.
+== 1.5.2
+
+* enhancements
+  * Add support for rails 3.1 new mass assignment conventions (by github.com/kirs)
+  * Add timeout_in method to Timeoutable, it can be overriden in a model (by github.com/lest)
+
+* bug fix
+  * OmniAuth error message now shows the proper option (:strategy_class instead of :klass)
+
+== 1.5.1
+
+* bug fix
+  * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise.
+
 == 1.5.0
 
 * enhancements

Gemfile

@@ -3,28 +3,25 @@ source "http://rubygems.org"
 gemspec
 
 gem "rails", "~> 3.1.0"
-gem 'omniauth', '~> 1.0.0'
-gem 'omniauth-oauth2', '~> 1.0.0'
-
+gem "omniauth", "~> 1.0.0"
+gem "omniauth-oauth2", "~> 1.0.0"
 gem "rdoc"
 
 group :test do
-  gem 'omniauth-facebook'
-  gem 'omniauth-openid', '~> 1.0.1'
+  gem "omniauth-facebook"
+  gem "omniauth-openid", "~> 1.0.1"
   gem "webrat", "0.7.2", :require => false
-  gem "mocha", :require => false
+  gem "mocha", "~> 0.10.0", :require => false
+
+  platforms :mri_18 do
+    gem "ruby-debug", ">= 0.10.3"
+  end
 end
 
 platforms :jruby do
-  gem 'activerecord-jdbc-adapter'
-  gem 'activerecord-jdbcsqlite3-adapter'
-  gem 'jruby-openssl'
-end
-
-platforms :mri_18 do
-  group :test do
-    gem "ruby-debug", ">= 0.10.3"
-  end
+  gem "activerecord-jdbc-adapter"
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jruby-openssl"
 end
 
 platforms :ruby do

README.rdoc

@@ -72,7 +72,7 @@ We hope that you will consider contributing to Devise. Please read this short ov
 
 https://github.com/plataformatec/devise/wiki/Contributing
 
-You will usually want to write tests for your changes.  To run the test suite, `cd` into Devise's top-level directory and run `bundle install` and `rake`.  For the tests to pass, you will need to have a MongoDB server (version 1.6 or newer) running on your system.
+You will usually want to write tests for your changes.  To run the test suite, `cd` into Devise's top-level directory and run `bundle install` and `rake`.  For the tests to pass, you will need to have a MongoDB server (version 2.0 or newer) running on your system.
 
 == Installation
 
@@ -88,7 +88,7 @@ The generator will install an initializer which describes ALL Devise's configura
 
   rails generate devise MODEL
 
-Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run db:migrate as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file, continue reading this file to understand exactly what the generator produces and how to use it.
+Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run db:migrate as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file, continue reading this file to understand exactly what the generator produces and how to use it. Finally, if your server was already running, then restart it as Rails doesn't automatically load methods from a new gem.
 
 Support for Rails 2.3.x can be found by installing Devise 1.0.x from the v1.0 branch.
 
@@ -359,6 +359,7 @@ https://github.com/plataformatec/devise/contributors
 
 * José Valim (https://github.com/josevalim)
 * Carlos Antônio da Silva (https://github.com/carlosantoniodasilva)
+* Rodrigo Flores (https://github.com/rodrigoflores)
 
 == License
 

app/controllers/devise/sessions_controller.rb

@@ -21,13 +21,14 @@ class Devise::SessionsController < ApplicationController
   # DELETE /resource/sign_out
   def destroy
     signed_in = signed_in?(resource_name)
+    redirect_path = after_sign_out_path_for(resource_name)
     Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
     set_flash_message :notice, :signed_out if signed_in
 
-    # We actually need to hardcode this, as Rails default responder doesn't
+    # We actually need to hardcode this as Rails default responder doesn't
     # support returning empty response on GET request
     respond_to do |format|
-      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
+      format.any(*navigational_formats) { redirect_to redirect_path }
       format.all do
         method = "to_#{request_format}"
         text = {}.respond_to?(method) ? {}.send(method) : ""

lib/devise/controllers/helpers.rb

@@ -207,7 +207,7 @@ module Devise
       # scope. Notice that differently from +after_sign_in_path_for+ this method
       # receives a symbol with the scope, and not the resource.
       #
-      # By default is the root_path.
+      # By default it is the root_path.
       def after_sign_out_path_for(resource_or_scope)
         root_path
       end
@@ -236,8 +236,9 @@ module Devise
       # after_sign_out_path_for.
       def sign_out_and_redirect(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
+        redirect_path = after_sign_out_path_for(scope)
         Devise.sign_out_all_scopes ? sign_out : sign_out(scope)
-        redirect_to after_sign_out_path_for(scope)
+        redirect_to redirect_path
       end
 
       # Overwrite Rails' handle unverified request to sign out all scopes,

lib/devise/delegator.rb

@@ -8,9 +8,9 @@ module Devise
     def failure_app(env)
       app = env["warden.options"] &&
         (scope = env["warden.options"][:scope]) &&
-        Devise.mappings[scope].failure_app
+        Devise.mappings[scope.to_sym].failure_app
 
       app || Devise::FailureApp
     end
   end
-end
+end

lib/devise/mapping.rb

@@ -23,8 +23,7 @@ module Devise
   #
   class Mapping #:nodoc:
     attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
-                :constraints, :defaults, :failure_app
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
 
     alias :name :singular
 
@@ -64,8 +63,6 @@ module Devise
       default_failure_app(options)
       default_controllers(options)
       default_path_names(options)
-      default_constraints(options)
-      default_defaults(options)
       default_used_route(options)
       default_used_helpers(options)
     end

lib/devise/models/authenticatable.rb

@@ -106,17 +106,20 @@ module Devise
         # namedscope to filter records while authenticating.
         # Example:
         #
-        #   def self.find_for_authentication(conditions={})
-        #     conditions[:active] = true
-        #     super
+        #   def self.find_for_authentication(tainted_conditions)
+        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
         #   end
         #
-        def find_for_authentication(conditions)
-          find_first_by_auth_conditions(conditions)
+        # Finally, notice that Devise also queries for users in other scenarios
+        # besides authentication, for example when retrieving an user to send
+        # an e-mail for password reset. In such cases, find_for_authentication
+        # is not called.
+        def find_for_authentication(tainted_conditions)
+          find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(conditions)
-          to_adapter.find_first devise_param_filter.filter(conditions)
+        def find_first_by_auth_conditions(tainted_conditions, opts={})
+          to_adapter.find_first(devise_param_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find an initialize a record setting an error if it can't be found.
@@ -162,4 +165,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/models/database_authenticatable.rb

@@ -51,7 +51,7 @@ module Devise
       # Update record attributes when :current_password matches, otherwise returns
       # error on :current_password. It also automatically rejects :password and
       # :password_confirmation if they are blank.
-      def update_with_password(params={})
+      def update_with_password(params, *options)
         current_password = params.delete(:current_password)
 
         if params[:password].blank?
@@ -60,7 +60,7 @@ module Devise
         end
 
         result = if valid_password?(current_password)
-          update_attributes(params)
+          update_attributes(params, *options)
         else
           self.attributes = params
           self.valid?
@@ -84,15 +84,15 @@ module Devise
       #     super(params)
       #   end
       #
-      def update_without_password(params={})
+      def update_without_password(params, *options)
         params.delete(:password)
         params.delete(:password_confirmation)
 
-        result = update_attributes(params)
+        result = update_attributes(params, *options)
         clean_up_passwords
         result
       end
-      
+
       def after_database_authentication
       end
 
@@ -107,7 +107,7 @@ module Devise
       def downcase_keys
         (self.class.case_insensitive_keys || []).each { |k| self[k].try(:downcase!) }
       end
-      
+
       def strip_whitespace
         (self.class.strip_whitespace_keys || []).each { |k| self[k].try(:strip!) }
       end

lib/devise/models/timeoutable.rb

@@ -23,18 +23,22 @@ module Devise
       # Checks whether the user session has expired based on configured time.
       def timedout?(last_access)
         return false if remember_exists_and_not_expired?
-        
-        last_access && last_access <= self.class.timeout_in.ago
+
+        !timeout_in.nil? && last_access && last_access <= timeout_in.ago
       end
-      
+
+      def timeout_in
+        self.class.timeout_in
+      end
+
       private
-      
+
       def remember_exists_and_not_expired?
         return false unless respond_to?(:remember_expired?)
-        
+
         remember_created_at && !remember_expired?
       end
-      
+
       module ClassMethods
         Devise::Models.config(self, :timeout_in)
       end

lib/devise/omniauth.rb

@@ -1,6 +1,6 @@
 begin
   require "omniauth"
-  require 'omniauth/version'
+  require "omniauth/version"
 rescue LoadError => e
   warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
   raise

lib/devise/omniauth/config.rb

@@ -1,23 +1,28 @@
 module Devise
   module OmniAuth
+    class StrategyNotFound < NameError
+      def initialize(strategy)
+        @strategy = strategy
+        super("Could not find a strategy with name `#{strategy}'. " \
+          "Please ensure it is required or explicitly set it using the :strategy_class option.")
+      end
+    end
+
     class Config
       attr_accessor :strategy
-      attr_reader :args, :options, :provider
+      attr_reader :args, :options, :provider, :strategy_name
 
       def initialize(provider, args)
-        @provider = provider
-        @args     = args
-        @strategy = nil
-        @options = @args.last.is_a?(Hash) ? @args.last : {}
-      end
-
-      # open_id strategy can have configurable name
-      def strategy_name
-        options[:name] || @provider
+        @provider       = provider
+        @args           = args
+        @options        = @args.last.is_a?(Hash) ? @args.last : {}
+        @strategy       = nil
+        @strategy_name  = options[:name] || @provider
+        @strategy_class = options.delete(:strategy_class)
       end
 
       def strategy_class
-        find_strategy || require_strategy
+        @strategy_class ||= find_strategy || autoload_strategy
       end
 
       def find_strategy
@@ -27,20 +32,14 @@ module Devise
         end
       end
 
-      def require_strategy
-        if [:facebook, :github, :twitter].include?(provider.to_sym)
-          require "omniauth/strategies/#{provider}"
-        elsif options[:require]
-          require options[:require]
-        else
-          require "omniauth-#{provider}"
-        end
-        find_strategy || autoload_strategy
-      end
-
       def autoload_strategy
-        ::OmniAuth::Strategies.const_get(::OmniAuth::Utils.camelize(provider.to_s))
+        name = ::OmniAuth::Utils.camelize(provider.to_s)
+        if ::OmniAuth::Strategies.const_defined?(name)
+          ::OmniAuth::Strategies.const_get(name)
+        else
+          raise StrategyNotFound, name
+        end
       end
     end
   end
-end     
+end

lib/devise/param_filter.rb

@@ -33,9 +33,8 @@ module Devise
 
     private
 
-    # Determine which values should be transformed to string or passed as-is to the query builder underneath
     def param_requires_string_conversion?(value)
-      true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
+      true
     end
   end
 end

lib/devise/path_checker.rb

@@ -12,7 +12,8 @@ module Devise
     end
 
     def signing_out?
-      @current_path == send("destroy_#{@scope}_session_path")
+      route = "destroy_#{@scope}_session_path"
+      respond_to?(route) && @current_path == send(route)
     end
   end
 end

lib/devise/rails/routes.rb

@@ -185,7 +185,7 @@ module ActionDispatch::Routing
       options[:path_names]    = (@scope[:path_names] || {}).merge(options[:path_names] || {})
       options[:constraints]   = (@scope[:constraints] || {}).merge(options[:constraints] || {})
       options[:defaults]      = (@scope[:defaults] || {}).merge(options[:defaults] || {})
-      @scope[:options]        = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
+      options[:options]       = (@scope[:options] || {}).merge({:format => false}) if options[:format] == false
 
       resources.map!(&:to_sym)
 
@@ -208,7 +208,7 @@ module ActionDispatch::Routing
 
         devise_scope mapping.name do
           yield if block_given?
-          with_devise_exclusive_scope mapping.fullpath, mapping.name, mapping.constraints, mapping.defaults do
+          with_devise_exclusive_scope mapping.fullpath, mapping.name, options do
             routes.each { |mod| send("devise_#{mod}", mapping, mapping.controllers) }
           end
         end
@@ -368,12 +368,15 @@ module ActionDispatch::Routing
         @scope[:path] = path
       end
 
-      def with_devise_exclusive_scope(new_path, new_as, new_constraints, new_defaults) #:nodoc:
-        old_as, old_path, old_module, old_constraints, old_defaults = @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults]
-        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults] = new_as, new_path, nil, new_constraints, new_defaults
+      def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc:
+        old_as, old_path, old_module, old_constraints, old_defaults, old_options = 
+          *@scope.values_at(:as, :path, :module, :constraints, :defaults, :options)
+        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults], @scope[:options] =
+          new_as, new_path, nil, *options.values_at(:constraints, :defaults, :options)
         yield
       ensure
-        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults] = old_as, old_path, old_module, old_constraints, old_defaults
+        @scope[:as], @scope[:path], @scope[:module], @scope[:constraints], @scope[:defaults], @scope[:options] = 
+          old_as, old_path, old_module, old_constraints, old_defaults, old_options
       end
 
       def raise_no_devise_method_error!(klass) #:nodoc:

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "1.5.0".freeze
+  VERSION = "1.5.4".freeze
 end

lib/generators/templates/devise.rb

@@ -1,5 +1,5 @@
-# Use this hook to configure devise mailer, warden hooks and so forth. The first
-# four configuration values can also be set straight in your models.
+# Use this hook to configure devise mailer, warden hooks and so forth.
+# Many of these configuration options can be set straight in your model.
 Devise.setup do |config|
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,

test/delegator_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+
+class DelegatorTest < ActiveSupport::TestCase
+  def delegator
+    Devise::Delegator.new
+  end
+
+  test 'failure_app returns default failure app if no warden options in env' do
+    assert_equal Devise::FailureApp, delegator.failure_app({})
+  end
+
+  test 'failure_app returns default failure app if no scope in warden options' do
+    assert_equal Devise::FailureApp, delegator.failure_app({"warden.options" => {}})
+  end
+
+  test 'failure_app returns associated failure app by scope in the given environment' do
+    assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}})
+  end
+end

test/integration/authenticatable_test.rb

@@ -407,7 +407,7 @@ class AuthenticationOthersTest < ActionController::IntegrationTest
 
   test 'sign in stub in xml format' do
     get new_user_session_path(:format => 'xml')
-    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"></password>\n</user>\n", response.body
+    assert_equal "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>\n  <email></email>\n  <password nil=\"true\"/>\n</user>\n", response.body
   end
 
   test 'sign in stub in json format' do

test/models/authenticatable_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+
+class AuthenticatableTest < ActiveSupport::TestCase
+  test 'find_first_by_auth_conditions allows custom filtering parameters' do
+    user = User.create!(:email => "example@example.com", :password => "123456")
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }), user
+    assert_equal User.find_first_by_auth_conditions({ :email => "example@example.com" }, :id => user.id + 1), nil
+  end
+end

test/models/database_authenticatable_test.rb

@@ -11,7 +11,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     user.save!
     assert_equal email.downcase, user.email
   end
-  
+
   test 'should remove whitespace from strip whitespace keys when saving' do
     # strip_whitespace_keys is set to :email by default.
     email = ' foo@bar.com '
@@ -23,9 +23,9 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test "param filter should not convert booleans and integer to strings" do
-    conditions = { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
+    conditions = { "login" => "foo@bar.com", "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => (1..10) }
     conditions = Devise::ParamFilter.new([], []).filter(conditions)
-    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
+    assert_equal( { "login" => "foo@bar.com", "bool1" => "true", "bool2" => "false", "fixnum" => "123", "will_be_converted" => "1..10" }, conditions)
   end
 
   test 'should respond to password and password confirmation' do
@@ -86,7 +86,14 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
       :password => 'pass321', :password_confirmation => 'pass321')
     assert user.reload.valid_password?('pass321')
   end
-  
+
+  test 'should update password with valid current password and :as option' do
+    user = create_user
+    assert user.update_with_password(:current_password => '123456',
+      :password => 'pass321', :password_confirmation => 'pass321', :as => :admin)
+    assert user.reload.valid_password?('pass321')
+  end
+
   test 'should add an error to current password when it is invalid' do
     user = create_user
     assert_not user.update_with_password(:current_password => 'other',
@@ -139,6 +146,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert_equal 'new@example.com', user.email
   end
 
+  test 'should update the user without password with :as option' do
+    user = create_user
+    user.update_without_password(:email => 'new@example.com', :as => :admin)
+    assert_equal 'new@example.com', user.email
+  end
+
   test 'should not update password without password' do
     user = create_user
     user.update_without_password(:password => 'pass321', :password_confirmation => 'pass321')

test/models/timeoutable_test.rb

@@ -14,6 +14,20 @@ class TimeoutableTest < ActiveSupport::TestCase
     assert_not new_user.timedout?(nil)
   end
 
+  test 'should use timeout_in method' do
+    user = new_user
+    user.instance_eval { def timeout_in; 10.minutes end }
+
+    assert user.timedout?(12.minutes.ago)
+    assert_not user.timedout?(8.minutes.ago)
+  end
+
+  test 'should not be expired when timeout_in method returns nil' do
+    user = new_user
+    user.instance_eval { def timeout_in; nil end }
+    assert_not user.timedout?(10.hours.ago)
+  end
+
   test 'fallback to Devise config option' do
     swap Devise, :timeout_in => 1.minute do
       user = new_user

test/omniauth/config_test.rb

@@ -1,8 +1,8 @@
 require 'test_helper'
 
 class OmniAuthConfigTest < ActiveSupport::TestCase
-  setup do
-    $: << File.dirname(__FILE__)
+  class MyStrategy
+    include OmniAuth::Strategy
   end
 
   test 'strategy_name returns provider if no options given' do
@@ -42,15 +42,16 @@ class OmniAuthConfigTest < ActiveSupport::TestCase
     assert_equal UnNamedTestStrategy, config.strategy_class
   end
 
-  test 'attempts to load an as-yet not loaded plugin' do
-    config = Devise::OmniAuth::Config.new :my_strategy, [{}]
-    config_class = config.strategy_class
-    assert_equal MyStrategy, config_class
+  test 'raises an error if strategy cannot be found' do
+    config = Devise::OmniAuth::Config.new :my_other_strategy, [{}]
+    assert_raise Devise::OmniAuth::StrategyNotFound do
+      config.strategy_class
+    end
   end
 
   test 'allows the user to define a custom require path' do
-    config = Devise::OmniAuth::Config.new :my_other_strategy, [{:require => 'my_other_strategy'}]
+    config = Devise::OmniAuth::Config.new :my_strategy, [{:strategy_class => MyStrategy}]
     config_class = config.strategy_class
-    assert_equal MyOtherStrategy, config_class
+    assert_equal MyStrategy, config_class
   end
 end

test/omniauth/my_other_strategy.rb

@@ -1,5 +0,0 @@
-require 'omniauth'
-
-class MyOtherStrategy
-  include OmniAuth::Strategy
-end

test/omniauth/omniauth-my_strategy.rb

@@ -1,5 +0,0 @@
-require 'omniauth'
-
-class MyStrategy
-  include OmniAuth::Strategy
-end

test/path_checker_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+class PathCheckerTest < ActiveSupport::TestCase
+  test 'check if sign out path matches' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_out"}, :user)
+    assert path_checker.signing_out?
+
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :user)
+    assert_not path_checker.signing_out?
+  end
+
+  test 'considers script name' do
+    path_checker = Devise::PathChecker.new({"SCRIPT_NAME" => "/users", "PATH_INFO" => "/sign_out"}, :user)
+    assert path_checker.signing_out?
+  end
+
+  test 'ignores invalid routes' do
+    path_checker = Devise::PathChecker.new({"PATH_INFO" => "/users/sign_in"}, :omg)
+    assert_not path_checker.signing_out?
+  end
+end

test/rails_app/config/initializers/devise.rb

@@ -1,3 +1,6 @@
+require "omniauth-facebook"
+require "omniauth-openid"
+
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|

test/routes_test.rb

@@ -225,6 +225,10 @@ class CustomizedRoutingTest < ActionController::TestCase
       assert_recognizes({:controller => 'devise/unlocks', :action => 'show'}, {:path => '/htmlonly_users/unlock.xml', :method => :get})
     end
   end
+
+  test 'map with format false is not permanent' do
+    assert_equal "/set.xml", @routes.url_helpers.set_path(:xml)
+  end
 end
 
 class ScopedRoutingTest < ActionController::TestCase