Release 3.4.1

Update CHANGELOG
Check for a Hash when using the authentication_keys to generate the FailureApp flash message.
2026-01-10 16:18:04 -05:00 · 2014-10-29 12:59:33 -02:00 · 2014-10-27 22:58:24 -02:00 · 2014-10-27 22:32:19 -02:00 · 2014-10-26 16:36:01 -02:00 · 2014-10-26 18:33:27 +00:00
174 changed files with 3310 additions and 1468 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,3 @@ rdoc/*
 pkg
 log
 test/tmp/*
-gemfiles/*.lock
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,16 +1,23 @@
 language: ruby
 script: "bundle exec rake test"
-before_install:
-  - gem install bundler -v '>= 1.5.1'
+install: script/cached-bundle install --deployment --path vendor/bundle
 rvm:
  - 1.9.3
  - 2.0.0
-  - 2.1.0
+  - 2.1.2
 env:
-  - DEVISE_ORM=mongoid
-  - DEVISE_ORM=active_record
+  matrix:
+    - DEVISE_ORM=mongoid
+    - DEVISE_ORM=active_record
+  global:
+    # AMAZON_S3_BUCKET
+    - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
+    # AMAZON_ACCESS_KEY_ID
+    - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
+    # AMAZON_SECRET_ACCESS_KEY
+    - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
 gemfile:
-  - gemfiles/Gemfile.rails-head
+  - gemfiles/Gemfile.rails-4.1-stable
  - gemfiles/Gemfile.rails-4.0-stable
  - gemfiles/Gemfile.rails-3.2-stable
  - Gemfile
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,66 @@
 ### Unreleased

+### 3.4.1
+
+* enhancements
+  * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns)
+  * Passing `now: true` to the `set_flash_message` helper now sets the message into
+    the `flash.now` Hash. (by @hbriggs)
+* bugfixes
+  * Fixed an regression with translation of flash messages for when the `authentication_keys`
+  config is a Hash. (by @lucasmazza)
+
+### 3.4.0
+
+* enhancements
+  * Support added for Rails 4.2. Devise now depends on the `responders` gem due
+    the extraction of the `respond_with` API from Rails. (by @lucasmazza)
+  * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding
+    a hint about the minimum password length when `validatable` is enabled. (by @aried3r)
+  * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag
+    to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang)
+  * Removed the hardcoded references for "email" in the flash messages. If you are using
+    different attributes as the `authentication_keys` they will be interpolated in the
+    messages instead. (by @timoschilling)
+* bug fix
+  * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished`
+    exception when executed inside a mountable engine. (by @lucasmazza)
+  * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat)
+  * Ensure all causes of failed login have the same error message (by @pjungwir)
+  * The `last_attempt_warning` now takes effect when generating the unauthenticated
+    message for your users. To keep the current behavior, this flag is now `true`
+    by default. (by @lucasmazza)
+
+### 3.3.0
+
+* enhancements
+  * Support multiple warden configuration blocks on devise configuration. (by @rossta)
+  * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
+    invalidated, and this behavior could not be changed. This behavior is now configurable via
+    `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
+  * Default email messages was updated with grammar fixes, check the diff on
+    #2906 for the updated copy (by @p-originate)
+  * Allow a resource to be found based on its encrypted password token (by @karlentwistle)
+  * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
+  * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
+    the current scope is using the `validatable` module (by @alexsoble)
+
+* bug fix
+  * Check if there is a signed in user before executing the `SessionsController#destroy`.
+  * `SessionsController#destroy` no longer yields the `resource` to receiving block,
+    since the resource isn't loaded in the action. If you need access to the current
+    resource when overring the action use the scope helper (like `current_user`) before
+    calling `super`
+  * Serialize the `last_request_at` entry as an Integer
+  * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
+  * Only valid paths will be stored for redirections (by @parallel588)
+
+### 3.2.4
+
+* enhancements
+  * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
+  * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
+
 ### 3.2.3

 * enhancements
@@ -170,6 +231,16 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
  * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
  * Properly handle namespaced models on Active Record generator (by @nashby)

+### 2.1.4
+
+* bugfix
+  * Do not confirm account after reset password
+
+### 2.1.3
+
+* bugfix
+  * Require string conversion for all values
+
 ### 2.1.2

 * enhancements
--- a/10
+++ b/10
@@ -2,16 +2,16 @@ source "https://rubygems.org"

 gemspec

-gem "rails", "~> 4.0.0"
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", "4.2.0.beta2"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,138 +1,170 @@
 GIT
  remote: git://github.com/mongoid/mongoid.git
-  revision: 346a79a7d01aa194de80e649916239a18d38ce13
+  revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5
  branch: master
  specs:
    mongoid (4.0.0)
-      activemodel (~> 4.0.0)
-      moped (~> 1.5)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)

 PATH
  remote: .
  specs:
-    devise (3.2.3)
-      bcrypt-ruby (~> 3.0)
+    devise (3.4.1)
+      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
+      responders
      thread_safe (~> 0.1)
      warden (~> 1.2.3)

 GEM
  remote: https://rubygems.org/
  specs:
-    actionmailer (4.0.0)
-      actionpack (= 4.0.0)
-      mail (~> 2.5.3)
-    actionpack (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+    actionmailer (4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activejob (= 4.2.0.beta2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+    actionpack (4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      rack (~> 1.6.0.beta)
      rack-test (~> 0.6.2)
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      globalid (>= 0.3.0)
+    activemodel (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      builder (~> 3.1)
+    activerecord (4.2.0.beta2)
+      activemodel (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      arel (>= 6.0.0.beta1, < 6.1)
+    activesupport (4.2.0.beta2)
+      i18n (>= 0.7.0.beta1, < 0.8)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.12)
-    bcrypt-ruby (3.1.2)
-    builder (3.1.4)
+      tzinfo (~> 1.1)
+    arel (6.0.0.beta1)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
    erubis (2.7.0)
-    faraday (0.8.8)
-      multipart-post (~> 1.2.0)
-    hashie (1.2.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    globalid (0.3.0)
+      activesupport (>= 4.1.0)
+    hashie (3.2.0)
    hike (1.2.3)
-    httpauth (0.2.0)
-    i18n (0.6.5)
-    json (1.8.0)
-    jwt (0.1.8)
-      multi_json (>= 1.5)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    minitest (4.7.5)
-    mocha (0.13.3)
+    i18n (0.7.0.beta1)
+    json (1.8.1)
+    jwt (1.0.0)
+    loofah (2.0.1)
+      nokogiri (>= 1.5.9)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (5.4.2)
+    mocha (1.1.0)
      metaclass (~> 0.0.1)
-    moped (1.5.1)
-    multi_json (1.7.9)
-    multipart-post (1.2.0)
-    nokogiri (1.5.9)
-    oauth2 (0.8.1)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
      rack (~> 1.2)
-    omniauth (1.0.3)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.4.0)
-      omniauth-oauth2 (~> 1.0.2)
-    omniauth-oauth2 (1.0.3)
-      oauth2 (~> 0.8.0)
-      omniauth (~> 1.0)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
-    origin (1.1.0)
+    optionable (0.2.0)
+    origin (2.1.1)
    orm_adapter (0.5.0)
-    polyglot (0.3.3)
-    rack (1.5.2)
+    rack (1.6.0.beta)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
      ruby-openid (>= 2.1.8)
    rack-test (0.6.2)
      rack (>= 1.0)
-    rails (4.0.0)
-      actionmailer (= 4.0.0)
-      actionpack (= 4.0.0)
-      activerecord (= 4.0.0)
-      activesupport (= 4.0.0)
+    rails (4.2.0.beta2)
+      actionmailer (= 4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activejob (= 4.2.0.beta2)
+      activemodel (= 4.2.0.beta2)
+      activerecord (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.0)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.0)
-      actionpack (= 4.0.0)
-      activesupport (= 4.0.0)
+      railties (= 4.2.0.beta2)
+      sprockets-rails (~> 3.0.0.beta1)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.3)
+      activesupport
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.1)
+      loofah (~> 2.0)
+    railties (4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (10.1.0)
-    rdoc (4.0.1)
+    rake (10.3.2)
+    rdoc (4.1.1)
      json (~> 1.4)
-    ruby-openid (2.2.3)
-    sprockets (2.10.0)
+    responders (2.0.0)
+      railties (>= 4.2.0.alpha, < 5)
+    ruby-openid (2.5.0)
+    sprockets (2.12.2)
      hike (~> 1.2)
      multi_json (~> 1.0)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
+    sprockets-rails (3.0.0.beta1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
      sprockets (~> 2.8)
-    sqlite3 (1.3.7)
-    thor (0.18.1)
-    thread_safe (0.1.2)
-      atomic
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
    tilt (1.4.1)
-    treetop (1.4.14)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
    warden (1.2.3)
      rack (>= 1.0)
    webrat (0.7.3)
@@ -148,13 +180,13 @@ DEPENDENCIES
  activerecord-jdbcsqlite3-adapter
  devise!
  jruby-openssl
-  mocha (~> 0.13.1)
+  mocha (~> 1.1)
  mongoid!
-  omniauth (~> 1.0.0)
+  omniauth (~> 1.2.0)
  omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
+  omniauth-oauth2 (~> 1.1.0)
  omniauth-openid (~> 1.0.1)
-  rails (~> 4.0.0)
+  rails (= 4.2.0.beta2)
  rdoc
  sqlite3
  webrat (= 0.7.3)
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ By [Plataformatec](http://plataformatec.com.br/).

 [![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise)
 [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise)
+[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master)

 This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).

@@ -27,7 +28,7 @@ It's composed of 10 modules:
 * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.

-Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is on progress.
+Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.

 ## Information

@@ -83,7 +84,7 @@ You will usually want to write tests for your changes.  To run the test suite, g

 If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:

-* Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top
+* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users
 * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch

 Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
@@ -110,24 +111,28 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```

-Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller.
+Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.

-Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
+
+Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:

 ```ruby
-config.action_mailer.default_url_options = { host: 'localhost:3000' }
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ```

 You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.

 ### Controller filters and helpers

-Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
+Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):

 ```ruby
-before_filter :authenticate_user!
+before_action :authenticate_user!
 ```

+If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
+
 To verify if a user is signed in, use the following helper:

 ```ruby
@@ -157,7 +162,7 @@ You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to
 Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are:

 ```ruby
-before_filter :authenticate_member!
+before_action :authenticate_member!

 member_signed_in?

@@ -182,7 +187,7 @@ When you customize your own views, you may end up adding new attributes to forms

 There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:

-* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`)
+* `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`)
 * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
 * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`

@@ -190,7 +195,7 @@ In case you want to permit additional parameters (the lazy way™) you can do wi

 ```ruby
 class ApplicationController < ActionController::Base
-  before_filter :configure_permitted_parameters, if: :devise_controller?
+  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

@@ -200,7 +205,7 @@ class ApplicationController < ActionController::Base
 end
 ```

-The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:

 To permit simple scalar values for username and email, use this

@@ -214,7 +219,7 @@ If you have some checkboxes that express the roles a user may take on registrati

 ```ruby
 def configure_permitted_parameters
-  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) }
+  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
 end
 ```
 For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
@@ -267,33 +272,50 @@ After doing so, you will be able to have views based on the role like `users/ses
 rails generate devise:views users
 ```

+If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module,
+you can pass a list of modules to the generator with the `-v` flag.
+
+```console
+rails generate devise:views -v registrations confirmations
+```
+
 ### Configuring controllers

 If the customization at the views level is not enough, you can customize each controller by following these steps:

-1. Create your custom controller, for example a `Admins::SessionsController`:
+1. Create your custom controllers using the generator which requires a scope:

-    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
-    end
+    ```console
+    rails generate devise:controllers [scope]
    ```

-    Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory.
+    If you specify `users` as the scope, controllers will be created in `app/controllers/users/`.
+    And the sessions controller will look like this:
+
+    ```ruby
+    class Users::SessionsController < Devise::SessionsController
+      # GET /resource/sign_in
+      # def new
+      #   super
+      # end
+      ...
+    end
+    ```

 2. Tell the router to use this controller:

    ```ruby
-    devise_for :admins, controllers: { sessions: "admins/sessions" }
+    devise_for :users, controllers: { sessions: "users/sessions" }
    ```

-3. Copy the views from `devise/sessions` to `admins/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.
+3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.

 4. Finally, change or extend the desired controller actions.

    You can completely override a controller action:

    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
+    class Users::SessionsController < Devise::SessionsController
      def create
        # custom sign-in code
      end
@@ -303,7 +325,7 @@ If the customization at the views level is not enough, you can customize each co
    Or you can simply add new behaviour to it:

    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
+    class Users::SessionsController < Devise::SessionsController
      def create
        super do |resource|
          BackgroundWorker.trigger(resource)
@@ -376,6 +398,8 @@ Take a look at our locale file to check all available messages. You may also be

 https://github.com/plataformatec/devise/wiki/I18n

+Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController
+
 ### Test helpers

 Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
@@ -386,7 +410,7 @@ class ActionController::TestCase
 end
 ```

-If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb`:
+If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails):

 ```ruby
 RSpec.configure do |config|
@@ -404,11 +428,11 @@ sign_out :user         # sign_out(scope)
 sign_out @user         # sign_out(resource)
 ```

-There are two things that is important to keep in mind:
+There are two things that are important to keep in mind:

 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;

-2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
+2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:

    ```ruby
    @request.env["devise.mapping"] = Devise.mappings[:user]
@@ -456,7 +480,19 @@ admin_session

 Alternatively, you can simply run the Devise generator.

-Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using [CanCan](https://github.com/ryanb/cancan).
+Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
+
+### ActiveJob Integration
+
+If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the
+background through a queueing backend, you can send Devise emails through your
+existing queue by overriding the `send_devise_notification` method in your model.
+
+```ruby
+def send_devise_notification(notification, *args)
+  devise_mailer.send(notification, self, *args).deliver_later
+end
+```

 ### Other ORMs

--- a/2
+++ b/2
@@ -4,7 +4,7 @@ require 'rake/testtask'
 require 'rdoc/task'

 desc 'Default: run tests for all ORMs.'
-task :default => :test
+task default: :test

 desc 'Run Devise tests for all ORMs.'
 task :pre_commit do
--- a/app/controllers/devise/confirmations_controller.rb
+++ b/app/controllers/devise/confirmations_controller.rb
@@ -10,7 +10,7 @@ class Devise::ConfirmationsController < DeviseController
    yield resource if block_given?

    if successfully_sent?(resource)
-      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
    else
      respond_with(resource)
    end
@@ -25,7 +25,7 @@ class Devise::ConfirmationsController < DeviseController
      set_flash_message(:notice, :confirmed) if is_flashing_format?
      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
    else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
    end
  end

@@ -33,12 +33,12 @@ class Devise::ConfirmationsController < DeviseController

    # The path used after resending confirmation instructions.
    def after_resending_confirmation_instructions_path_for(resource_name)
-      new_session_path(resource_name) if is_navigational_format?
+      is_navigational_format? ? new_session_path(resource_name) : '/'
    end

    # The path used after confirmation.
    def after_confirmation_path_for(resource_name, resource)
-      if signed_in?
+      if signed_in?(resource_name)
        signed_in_root_path(resource)
      else
        new_session_path(resource_name)
--- a/app/controllers/devise/omniauth_callbacks_controller.rb
+++ b/app/controllers/devise/omniauth_callbacks_controller.rb
@@ -2,11 +2,11 @@ class Devise::OmniauthCallbacksController < DeviseController
  prepend_before_filter { request.env["devise.skip_timeout"] = true }

  def passthru
-    render :status => 404, :text => "Not found. Authentication passthru."
+    render status: 404, text: "Not found. Authentication passthru."
  end

  def failure
-    set_flash_message :alert, :failure, :kind => OmniAuth::Utils.camelize(failed_strategy.name), :reason => failure_message
+    set_flash_message :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message
    redirect_to after_omniauth_failure_path_for(resource_name)
  end

--- a/app/controllers/devise/passwords_controller.rb
+++ b/app/controllers/devise/passwords_controller.rb
@@ -1,7 +1,7 @@
 class Devise::PasswordsController < DeviseController
  prepend_before_filter :require_no_authentication
  # Render the #edit only if coming from a reset password email link
-  append_before_filter :assert_reset_token_passed, :only => :edit
+  append_before_filter :assert_reset_token_passed, only: :edit

  # GET /resource/password/new
  def new
@@ -14,7 +14,7 @@ class Devise::PasswordsController < DeviseController
    yield resource if block_given?

    if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+      respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
    else
      respond_with(resource)
    end
@@ -36,7 +36,7 @@ class Devise::PasswordsController < DeviseController
      flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
      set_flash_message(:notice, flash_message) if is_flashing_format?
      sign_in(resource_name, resource)
-      respond_with resource, :location => after_resetting_password_path_for(resource)
+      respond_with resource, location: after_resetting_password_path_for(resource)
    else
      respond_with resource
    end
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -1,10 +1,14 @@
 class Devise::RegistrationsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
-  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+  prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ]
+  prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]

  # GET /resource/sign_up
  def new
    build_resource({})
+    @validatable = devise_mapping.validatable?
+    if @validatable
+      @minimum_password_length = resource_class.password_length.min
+    end
    respond_with self.resource
  end

@@ -12,19 +16,24 @@ class Devise::RegistrationsController < DeviseController
  def create
    build_resource(sign_up_params)

-    if resource.save
-      yield resource if block_given?
+    resource_saved = resource.save
+    yield resource if block_given?
+    if resource_saved
      if resource.active_for_authentication?
        set_flash_message :notice, :signed_up if is_flashing_format?
        sign_up(resource_name, resource)
-        respond_with resource, :location => after_sign_up_path_for(resource)
+        respond_with resource, location: after_sign_up_path_for(resource)
      else
        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
        expire_data_after_sign_in!
-        respond_with resource, :location => after_inactive_sign_up_path_for(resource)
+        respond_with resource, location: after_inactive_sign_up_path_for(resource)
      end
    else
      clean_up_passwords resource
+      @validatable = devise_mapping.validatable?
+      if @validatable
+        @minimum_password_length = resource_class.password_length.min
+      end
      respond_with resource
    end
  end
@@ -41,15 +50,16 @@ class Devise::RegistrationsController < DeviseController
    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
    prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)

-    if update_resource(resource, account_update_params)
-      yield resource if block_given?
+    resource_updated = update_resource(resource, account_update_params)
+    yield resource if block_given?
+    if resource_updated
      if is_flashing_format?
        flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
          :update_needs_confirmation : :updated
        set_flash_message :notice, flash_key
      end
-      sign_in resource_name, resource, :bypass => true
-      respond_with resource, :location => after_update_path_for(resource)
+      sign_in resource_name, resource, bypass: true
+      respond_with resource, location: after_update_path_for(resource)
    else
      clean_up_passwords resource
      respond_with resource
@@ -110,7 +120,10 @@ class Devise::RegistrationsController < DeviseController
  # The path used after sign up for inactive accounts. You need to overwrite
  # this method in your own RegistrationsController.
  def after_inactive_sign_up_path_for(resource)
-    respond_to?(:root_path) ? root_path : "/"
+    scope = Devise::Mapping.find_scope!(resource)
+    router_name = Devise.mappings[scope].router_name
+    context = router_name ? send(router_name) : self
+    context.respond_to?(:root_path) ? context.root_path : "/"
  end

  # The default url to be used after updating a resource. You need to overwrite
@@ -121,7 +134,7 @@ class Devise::RegistrationsController < DeviseController

  # Authenticates the current scope and gets the current resource from the session.
  def authenticate_scope!
-    send(:"authenticate_#{resource_name}!", :force => true)
+    send(:"authenticate_#{resource_name}!", force: true)
    self.resource = send(:"current_#{resource_name}")
  end

--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -1,7 +1,8 @@
 class Devise::SessionsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  prepend_before_filter :allow_params_authentication!, :only => :create
-  prepend_before_filter :only => [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
+  prepend_before_filter :require_no_authentication, only: [ :new, :create ]
+  prepend_before_filter :allow_params_authentication!, only: :create
+  prepend_before_filter :verify_signed_out_user, only: :destroy
+  prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }

  # GET /resource/sign_in
  def new
@@ -16,22 +17,15 @@ class Devise::SessionsController < DeviseController
    set_flash_message(:notice, :signed_in) if is_flashing_format?
    sign_in(resource_name, resource)
    yield resource if block_given?
-    respond_with resource, :location => after_sign_in_path_for(resource)
+    respond_with resource, location: after_sign_in_path_for(resource)
  end

  # DELETE /resource/sign_out
  def destroy
-    redirect_path = after_sign_out_path_for(resource_name)
    signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
    set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
-    yield resource if block_given?
-
-    # We actually need to hardcode this as Rails default responder doesn't
-    # support returning empty response on GET request
-    respond_to do |format|
-      format.all { head :no_content }
-      format.any(*navigational_formats) { redirect_to redirect_path }
-    end
+    yield if block_given?
+    respond_to_on_destroy
  end

  protected
@@ -44,10 +38,39 @@ class Devise::SessionsController < DeviseController
    methods = resource_class.authentication_keys.dup
    methods = methods.keys if methods.is_a?(Hash)
    methods << :password if resource.respond_to?(:password)
-    { :methods => methods, :only => [:password] }
+    { methods: methods, only: [:password] }
  end

  def auth_options
-    { :scope => resource_name, :recall => "#{controller_path}#new" }
+    { scope: resource_name, recall: "#{controller_path}#new" }
+  end
+
+  private
+
+  # Check if there is no signed in user before doing the sign out.
+  #
+  # If there is no signed in user, it will set the flash message and redirect
+  # to the after_sign_out path.
+  def verify_signed_out_user
+    if all_signed_out?
+      set_flash_message :notice, :already_signed_out if is_flashing_format?
+
+      respond_to_on_destroy
+    end
+  end
+
+  def all_signed_out?
+    users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
+
+    users.all?(&:blank?)
+  end
+
+  def respond_to_on_destroy
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      format.all { head :no_content }
+      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
+    end
  end
 end
--- a/app/controllers/devise/unlocks_controller.rb
+++ b/app/controllers/devise/unlocks_controller.rb
@@ -12,7 +12,7 @@ class Devise::UnlocksController < DeviseController
    yield resource if block_given?

    if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_unlock_instructions_path_for(resource))
+      respond_with({}, location: after_sending_unlock_instructions_path_for(resource))
    else
      respond_with(resource)
    end
@@ -27,7 +27,7 @@ class Devise::UnlocksController < DeviseController
      set_flash_message :notice, :unlocked if is_flashing_format?
      respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
    else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
    end
  end

--- a/app/controllers/devise_controller.rb
+++ b/app/controllers/devise_controller.rb
@@ -6,8 +6,8 @@ class DeviseController < Devise.parent_controller.constantize

  helpers = %w(resource scope_name resource_name signed_in_resource
               resource_class resource_params devise_mapping)
-  hide_action *helpers
-  helper_method *helpers
+  hide_action(*helpers)
+  helper_method(*helpers)

  prepend_before_filter :assert_is_devise_resource!
  respond_to :html if mimes_for_respond_to.empty?
@@ -30,7 +30,7 @@ class DeviseController < Devise.parent_controller.constantize

  # Returns a signed in resource from session (if one exists)
  def signed_in_resource
-    warden.authenticate(:scope => resource_name)
+    warden.authenticate(scope: resource_name)
  end

  # Attempt to find the mapped route for devise based on request path
@@ -44,7 +44,7 @@ class DeviseController < Devise.parent_controller.constantize
  # loaded before even having a request object.
  def _prefixes #:nodoc:
    @_prefixes ||= if self.class.scoped_views? && request && devise_mapping
-      super.unshift("#{devise_mapping.scoped_path}/#{controller_name}")
+      ["#{devise_mapping.scoped_path}/#{controller_name}"] + super
    else
      super
    end
@@ -92,14 +92,14 @@ MESSAGE
  # Helper for use in before_filters where no authentication is required.
  #
  # Example:
-  #   before_filter :require_no_authentication, :only => :new
+  #   before_filter :require_no_authentication, only: :new
  def require_no_authentication
    assert_is_devise_resource!
    return unless is_navigational_format?
    no_input = devise_mapping.no_input_strategies

    authenticated = if no_input.present?
-      args = no_input.dup.push :scope => resource_name
+      args = no_input.dup.push scope: resource_name
      warden.authenticate?(*args)
    else
      warden.authenticated?(resource_name)
@@ -129,8 +129,11 @@ MESSAGE
  end

  # Sets the flash message with :key, using I18n. By default you are able
-  # to setup your messages using specific resource scope, and if no one is
-  # found we look to default scope.
+  # to setup your messages using specific resource scope, and if no message is
+  # found we look to the default scope. Set the "now" options key to a true
+  # value to populate the flash.now hash in lieu of the default flash hash (so
+  # the flash message will be available to the current action instead of the
+  # next action).
  # Example (i18n locale file):
  #
  #   en:
@@ -144,7 +147,11 @@ MESSAGE
  # available.
  def set_flash_message(key, kind, options = {})
    message = find_message(kind, options)
-    flash[key] = message if message.present?
+    if options[:now]
+      flash.now[key] = message if message.present?
+    else
+      flash[key] = message if message.present?
+    end
  end

  def devise_i18n_options(options)
--- a/app/helpers/devise_helper.rb
+++ b/app/helpers/devise_helper.rb
@@ -10,8 +10,8 @@ module DeviseHelper

    messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
    sentence = I18n.t("errors.messages.not_saved",
-                      :count => resource.errors.count,
-                      :resource => resource.class.model_name.human.downcase)
+                      count: resource.errors.count,
+                      resource: resource.class.model_name.human.downcase)

    html = <<-HTML
    <div id="error_explanation">
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
@@ -1,12 +1,16 @@
 <h2>Resend confirmation instructions</h2>

-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Resend confirmation instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Resend confirmation instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/mailer/confirmation_instructions.html.erb
+++ b/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -2,4 +2,4 @@

 <p>You can confirm your account email through the link below:</p>

-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>
--- a/app/views/devise/mailer/reset_password_instructions.html.erb
+++ b/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -2,7 +2,7 @@

 <p>Someone has requested a link to change your password. You can do this through the link below.</p>

-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>

 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>
--- a/app/views/devise/mailer/unlock_instructions.html.erb
+++ b/app/views/devise/mailer/unlock_instructions.html.erb
@@ -4,4 +4,4 @@

 <p>Click the link below to unlock your account:</p>

-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@@ -1,16 +1,22 @@
 <h2>Change your password</h2>

-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
  <%= devise_error_messages! %>
  <%= f.hidden_field :reset_password_token %>

-  <div><%= f.label :password, "New password" %><br />
-  <%= f.password_field :password, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :password, "New password" %><br />
+    <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation, "Confirm new password" %><br />
-  <%= f.password_field :password_confirmation %></div>
+  <div class="field">
+    <%= f.label :password_confirmation, "Confirm new password" %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Change my password" %></div>
+  <div class="actions">
+    <%= f.submit "Change my password" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@@ -1,12 +1,16 @@
 <h2>Forgot your password?</h2>

-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Send me reset password instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Send me reset password instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -1,29 +1,39 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>

-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>

-  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-  <%= f.password_field :password, :autocomplete => "off" %></div>
+  <div class="field">
+    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-  <%= f.password_field :current_password %></div>
+  <div class="field">
+    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+    <%= f.password_field :current_password, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Update" %></div>
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
 <% end %>

 <h3>Cancel my account</h3>

-<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>

 <%= link_to "Back", :back %>
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@@ -1,18 +1,29 @@
 <h2>Sign up</h2>

-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+  <div class="field">
+    <%= f.label :password %>
+    <% if @validatable %>
+    <em>(<%= @minimum_password_length %> characters minimum)</em>
+    <% end %><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Sign up" %></div>
+  <div class="actions">
+    <%= f.submit "Sign up" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -1,17 +1,26 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>

-<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

  <% if devise_mapping.rememberable? -%>
-    <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
+    <div class="field">
+      <%= f.check_box :remember_me %>
+      <%= f.label :remember_me %>
+    </div>
  <% end -%>

-  <div><%= f.submit "Sign in" %></div>
+  <div class="actions">
+    <%= f.submit "Log in" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/shared/_links.html.erb
+++ b/app/views/devise/shared/_links.html.erb
@@ -1,5 +1,5 @@
 <%- if controller_name != 'sessions' %>
-  <%= link_to "Sign in", new_session_path(resource_name) %><br />
+  <%= link_to "Log in", new_session_path(resource_name) %><br />
 <% end -%>

 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
--- a/app/views/devise/unlocks/new.html.erb
+++ b/app/views/devise/unlocks/new.html.erb
@@ -1,12 +1,16 @@
 <h2>Resend unlock instructions</h2>

-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Resend unlock instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Resend unlock instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -3,26 +3,26 @@
 en:
  devise:
    confirmations:
-      confirmed: "Your account was successfully confirmed."
-      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
-      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
    failure:
      already_authenticated: "You are already signed in."
      inactive: "Your account is not activated yet."
-      invalid: "Invalid email or password."
+      invalid: "Invalid %{authentication_keys} or password."
      locked: "Your account is locked."
-      last_attempt: "You have one more attempt before your account will be locked."
-      not_found_in_database: "Invalid email or password."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid %{authentication_keys} or password."
      timeout: "Your session expired. Please sign in again to continue."
      unauthenticated: "You need to sign in or sign up before continuing."
-      unconfirmed: "You have to confirm your account before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
    mailer:
      confirmation_instructions:
        subject: "Confirmation instructions"
      reset_password_instructions:
        subject: "Reset password instructions"
      unlock_instructions:
-        subject: "Unlock Instructions"
+        subject: "Unlock instructions"
    omniauth_callbacks:
      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
      success: "Successfully authenticated from %{kind} account."
@@ -30,22 +30,23 @@ en:
      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      updated: "Your password was changed successfully. You are now signed in."
-      updated_not_active: "Your password was changed successfully."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
    registrations:
-      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
      signed_up: "Welcome! You have signed up successfully."
      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
-      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
-      updated: "You updated your account successfully."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+      updated: "Your account has been updated successfully."
    sessions:
      signed_in: "Signed in successfully."
      signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
    unlocks:
-      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
-      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
  errors:
    messages:
--- a/devise.gemspec
+++ b/devise.gemspec
@@ -18,10 +18,12 @@ Gem::Specification.new do |s|
  s.files         = `git ls-files`.split("\n")
  s.test_files    = `git ls-files -- test/*`.split("\n")
  s.require_paths = ["lib"]
+  s.required_ruby_version = '>= 1.9.3'

  s.add_dependency("warden", "~> 1.2.3")
  s.add_dependency("orm_adapter", "~> 0.1")
-  s.add_dependency("bcrypt-ruby", "~> 3.0")
+  s.add_dependency("bcrypt", "~> 3.0")
  s.add_dependency("thread_safe", "~> 0.1")
  s.add_dependency("railties", ">= 3.2.6", "< 5")
+  s.add_dependency("responders")
 end
--- a/gemfiles/Gemfile.rails-3.2-stable
+++ b/gemfiles/Gemfile.rails-3.2-stable
@@ -1,17 +1,17 @@
 source "https://rubygems.org"

-gemspec :path => '..'
+gemspec path: '..'

 gem "rails", github: 'rails/rails', branch: '3-2-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
--- a/gemfiles/Gemfile.rails-3.2-stable.lock
+++ b/gemfiles/Gemfile.rails-3.2-stable.lock
@@ -0,0 +1,169 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61
+  branch: 3-2-stable
+  specs:
+    actionmailer (3.2.19)
+      actionpack (= 3.2.19)
+      mail (~> 2.5.4)
+    actionpack (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+    activerecord (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+    activesupport (3.2.19)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    rails (3.2.19)
+      actionmailer (= 3.2.19)
+      actionpack (= 3.2.19)
+      activerecord (= 3.2.19)
+      activeresource (= 3.2.19)
+      activesupport (= 3.2.19)
+      bundler (~> 1.0)
+      railties (= 3.2.19)
+    railties (3.2.19)
+      actionpack (= 3.2.19)
+      activesupport (= 3.2.19)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arel (3.0.3)
+    bcrypt (3.1.7)
+    builder (3.0.4)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    journey (1.0.4)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.4)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (3.1.6)
+      activemodel (~> 3.2)
+      moped (~> 1.4)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.29)
+    moped (1.5.2)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    origin (1.1.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.41)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 3.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/gemfiles/Gemfile.rails-4.0-stable
+++ b/gemfiles/Gemfile.rails-4.0-stable
@@ -1,17 +1,17 @@
 source "https://rubygems.org"

-gemspec :path => '..'
+gemspec path: '..'

 gem "rails", github: 'rails/rails', branch: '4-0-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end

 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end
--- a/gemfiles/Gemfile.rails-4.0-stable.lock
+++ b/gemfiles/Gemfile.rails-4.0-stable.lock
@@ -0,0 +1,165 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 2d8886e05104316273a0f95dfbcd171d3b12678b
+  branch: 4-0-stable
+  specs:
+    actionmailer (4.0.9)
+      actionpack (= 4.0.9)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.0.9)
+      activesupport (= 4.0.9)
+      builder (~> 3.1.0)
+      erubis (~> 2.7.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.9)
+      activesupport (= 4.0.9)
+      builder (~> 3.1.0)
+    activerecord (4.0.9)
+      activemodel (= 4.0.9)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.9)
+      arel (~> 4.0.0)
+    activesupport (4.0.9)
+      i18n (~> 0.6, >= 0.6.9)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    rails (4.0.9)
+      actionmailer (= 4.0.9)
+      actionpack (= 4.0.9)
+      activerecord (= 4.0.9)
+      activesupport (= 4.0.9)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.9)
+      sprockets-rails (~> 2.0)
+    railties (4.0.9)
+      actionpack (= 4.0.9)
+      activesupport (= 4.0.9)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activerecord-deprecated_finders (1.0.3)
+    arel (4.0.2)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.1.4)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (4.7.5)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack (1.5.2)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (0.3.41)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/gemfiles/Gemfile.rails-4.1-stable
+++ b/gemfiles/Gemfile.rails-4.1-stable
@@ -1,17 +1,17 @@
 source "https://rubygems.org"

-gemspec :path => '..'
+gemspec path: '..'

-gem "rails", github: 'rails/rails'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", github: 'rails/rails', branch: '4-1-stable'
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.14", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end

 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end
--- a/gemfiles/Gemfile.rails-4.1-stable.lock
+++ b/gemfiles/Gemfile.rails-4.1-stable.lock
@@ -0,0 +1,170 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 90b70cd453e6b88b2ad484861ad9913f70bd15c9
+  branch: 4-1-stable
+  specs:
+    actionmailer (4.1.5)
+      actionpack (= 4.1.5)
+      actionview (= 4.1.5)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.1.5)
+      actionview (= 4.1.5)
+      activesupport (= 4.1.5)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.5)
+      activesupport (= 4.1.5)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.5)
+      activesupport (= 4.1.5)
+      builder (~> 3.1)
+    activerecord (4.1.5)
+      activemodel (= 4.1.5)
+      activesupport (= 4.1.5)
+      arel (~> 5.0.0)
+    activesupport (4.1.5)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    rails (4.1.5)
+      actionmailer (= 4.1.5)
+      actionpack (= 4.1.5)
+      actionview (= 4.1.5)
+      activemodel (= 4.1.5)
+      activerecord (= 4.1.5)
+      activesupport (= 4.1.5)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.1.5)
+      sprockets-rails (~> 2.0)
+    railties (4.1.5)
+      actionpack (= 4.1.5)
+      activesupport (= 4.1.5)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arel (5.0.1.20140414130214)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (5.4.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack (1.5.2)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -4,6 +4,7 @@ require 'active_support/dependencies'
 require 'orm_adapter'
 require 'set'
 require 'securerandom'
+require 'responders'

 module Devise
  autoload :Delegator,          'devise/delegator'
@@ -134,6 +135,10 @@ module Devise
  mattr_accessor :extend_remember_period
  @@extend_remember_period = false

+  # If true, all the remember me tokens are going to be invalidated when the user signs out.
+  mattr_accessor :expire_all_remember_me_on_sign_out
+  @@expire_all_remember_me_on_sign_out = true
+
  # Time interval you can access your account before confirming your account.
  # nil - allows unconfirmed access for unlimited time
  mattr_accessor :allow_unconfirmed_access_for
@@ -268,7 +273,7 @@ module Devise
  # Private methods to interface with Warden.
  mattr_accessor :warden_config
  @@warden_config = nil
-  @@warden_config_block = nil
+  @@warden_config_blocks = []

  # When true, enter in paranoid mode to avoid user enumeration.
  mattr_accessor :paranoid
@@ -276,7 +281,7 @@ module Devise

  # When true, warn user if they just used next-to-last attempt of authentication
  mattr_accessor :last_attempt_warning
-  @@last_attempt_warning = false
+  @@last_attempt_warning = true

  # Stores the token generator
  mattr_accessor :token_generator
@@ -350,8 +355,8 @@ module Devise
  # == Examples:
  #
  #   Devise.add_module(:party_module)
-  #   Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
-  #   Devise.add_module(:party_module, :model => 'party_module/model')
+  #   Devise.add_module(:party_module, strategy: true, controller: :sessions)
+  #   Devise.add_module(:party_module, model: 'party_module/model')
  #
  def self.add_module(module_name, options = {})
    ALL << module_name
@@ -400,7 +405,7 @@ module Devise
  # Sets warden configuration using a block that will be invoked on warden
  # initialization.
  #
-  #  Devise.initialize do |config|
+  #  Devise.setup do |config|
  #    config.allow_unconfirmed_access_for = 2.days
  #
  #    config.warden do |manager|
@@ -409,7 +414,7 @@ module Devise
  #    end
  #  end
  def self.warden(&block)
-    @@warden_config_block = block
+    @@warden_config_blocks << block
  end

  # Specify an omniauth provider.
@@ -449,7 +454,7 @@ module Devise
      warden_config.intercept_401 = false

      Devise.mappings.each_value do |mapping|
-        warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
+        warden_config.scope_defaults mapping.name, strategies: mapping.strategies

        warden_config.serialize_into_session(mapping.name) do |record|
          mapping.to.serialize_into_session(record)
@@ -463,7 +468,7 @@ module Devise
        end
      end

-      @@warden_config_block.try :call, Devise.warden_config
+      @@warden_config_blocks.map { |block| block.call Devise.warden_config }
      true
    end
  end
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -11,6 +11,68 @@ module Devise
      end

      module ClassMethods
+        # Define authentication filters and accessor helpers for a group of mappings.
+        # These methods are useful when you are working with multiple mappings that
+        # share some functionality. They are pretty much the same as the ones
+        # defined for normal mappings.
+        #
+        # Example:
+        #
+        #   inside BlogsController (or any other controller, it doesn't matter which):
+        #     devise_group :blogger, contains: [:user, :admin]
+        #
+        #   Generated methods:
+        #     authenticate_blogger!  # Redirects unless user or admin are signed in
+        #     blogger_signed_in?     # Checks whether there is either a user or an admin signed in
+        #     current_blogger        # Currently signed in user or admin
+        #     current_bloggers       # Currently signed in user and admin
+        #
+        #   Use:
+        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     current_blogger :user                             # Preferably returns a User if one is signed in
+        #
+        def devise_group(group_name, opts={})
+          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+
+          class_eval <<-METHODS, __FILE__, __LINE__ + 1
+            def authenticate_#{group_name}!(favourite=nil, opts={})
+              unless #{group_name}_signed_in?
+                mappings = #{mappings}
+                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.each do |mapping|
+                  opts[:scope] = mapping
+                  warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
+                end
+              end
+            end
+
+            def #{group_name}_signed_in?
+              #{mappings}.any? do |mapping|
+                warden.authenticate?(scope: mapping)
+              end
+            end
+
+            def current_#{group_name}(favourite=nil)
+              mappings = #{mappings}
+              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.each do |mapping|
+                current = warden.authenticate(scope: mapping)
+                return current if current
+              end
+              nil
+            end
+
+            def current_#{group_name.to_s.pluralize}
+              #{mappings}.map do |mapping|
+                warden.authenticate(scope: mapping)
+              end.compact
+            end
+
+            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+          METHODS
+        end
+
        def log_process_action(payload)
          payload[:status] ||= 401 unless payload[:exception]
          super
@@ -55,7 +117,7 @@ module Devise
          end

          def current_#{mapping}
-            @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
+            @current_#{mapping} ||= warden.authenticate(scope: :#{mapping})
          end

          def #{mapping}_session
@@ -77,9 +139,9 @@ module Devise
      # the controllers defined inside devise. Useful if you want to apply a before
      # filter to all controllers, except the ones in devise:
      #
-      #   before_filter :my_filter, :unless => :devise_controller?
+      #   before_filter :my_filter, unless: :devise_controller?
      def devise_controller?
-        is_a?(DeviseController)
+        is_a?(::DeviseController)
      end

      # Setup a param sanitizer to filter parameters using strong_parameters. See
@@ -102,9 +164,16 @@ module Devise
      # tries to find a resource_root_path, otherwise it uses the root_path.
      def signed_in_root_path(resource_or_scope)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+
        home_path = "#{scope}_root_path"
-        if respond_to?(home_path, true)
-          send(home_path)
+
+        context = router_name ? send(router_name) : self
+
+        if context.respond_to?(home_path, true)
+          context.send(home_path)
+        elsif context.respond_to?(:root_path)
+          context.root_path
        elsif respond_to?(:root_path)
          root_path
        else
@@ -121,10 +190,10 @@ module Devise
      # root path. For a user scope, you can define the default url in
      # the following way:
      #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #   map.user_root '/users', controller: 'users' # creates user_root_path
      #
      #   map.namespace :user do |user|
-      #     user.root :controller => 'users' # creates user_root_path
+      #     user.root controller: 'users' # creates user_root_path
      #   end
      #
      # If the resource root path is not defined, root_path is used. However,
@@ -150,7 +219,10 @@ module Devise
      #
      # By default it is the root_path.
      def after_sign_out_path_for(resource_or_scope)
-        respond_to?(:root_path) ? root_path : "/"
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+        context = router_name ? send(router_name) : self
+        context.respond_to?(:root_path) ? context.root_path : "/"
      end

      # Sign in a user and tries to redirect first to the stored location and
@@ -176,10 +248,9 @@ module Devise
      # Overwrite Rails' handle unverified request to sign out all scopes,
      # clear run strategies and remove cached variables.
      def handle_unverified_request
-        sign_out_all_scopes(false)
+        super # call the default behaviour which resets/nullifies/raises
        request.env["devise.skip_storage"] = true
-        expire_data_after_sign_out!
-        super # call the default behaviour which resets the session
+        sign_out_all_scopes(false)
      end

      def request_format
--- a/lib/devise/controllers/rememberable.rb
+++ b/lib/devise/controllers/rememberable.rb
@@ -31,11 +31,11 @@ module Devise
      end

      def remember_cookie_values(resource)
-        options = { :httponly => true }
+        options = { httponly: true }
        options.merge!(forget_cookie_values(resource))
        options.merge!(
-          :value => resource.class.serialize_into_cookie(resource),
-          :expires => resource.remember_expires_at
+          value: resource.class.serialize_into_cookie(resource),
+          expires: resource.remember_expires_at
        )
      end

--- a/lib/devise/controllers/sign_in_out.rb
+++ b/lib/devise/controllers/sign_in_out.rb
@@ -7,7 +7,7 @@ module Devise
      # true if any scope is signed in. Does not run authentication hooks.
      def signed_in?(scope=nil)
        [ scope || Devise.mappings.keys ].flatten.any? do |_scope|
-          warden.authenticate?(:scope => _scope)
+          warden.authenticate?(scope: _scope)
        end
      end

@@ -23,9 +23,9 @@ module Devise
      #
      #   sign_in :user, @user                      # sign_in(scope, resource)
      #   sign_in @user                             # sign_in(resource)
-      #   sign_in @user, :event => :authentication  # sign_in(resource, options)
-      #   sign_in @user, :store => false            # sign_in(resource, options)
-      #   sign_in @user, :bypass => true            # sign_in(resource, options)
+      #   sign_in @user, event: :authentication  # sign_in(resource, options)
+      #   sign_in @user, store: false            # sign_in(resource, options)
+      #   sign_in @user, bypass: true            # sign_in(resource, options)
      #
      def sign_in(resource_or_scope, *args)
        options  = args.extract_options!
@@ -40,7 +40,7 @@ module Devise
          # Do nothing. User already signed in and we are not forcing it.
          true
        else
-          warden.set_user(resource, options.merge!(:scope => scope))
+          warden.set_user(resource, options.merge!(scope: scope))
        end
      end

@@ -56,11 +56,11 @@ module Devise
      def sign_out(resource_or_scope=nil)
        return sign_out_all_scopes unless resource_or_scope
        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user
+        user = warden.user(scope: scope, run_callbacks: false) # If there is no user

        warden.raw_session.inspect # Without this inspect here. The session does not clear.
        warden.logout(scope)
-        warden.clear_strategies_cache!(:scope => scope)
+        warden.clear_strategies_cache!(scope: scope)
        instance_variable_set(:"@current_#{scope}", nil)

        !!user
@@ -70,9 +70,8 @@ module Devise
      # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
      # and false if there was no user logged in on all scopes.
      def sign_out_all_scopes(lock=true)
-        users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) }
+        users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }

-        warden.raw_session.inspect
        warden.logout
        expire_data_after_sign_out!
        warden.clear_strategies_cache!
--- a/lib/devise/controllers/store_location.rb
+++ b/lib/devise/controllers/store_location.rb
@@ -33,14 +33,20 @@ module Devise
      #
      def store_location_for(resource_or_scope, location)
        session_key = stored_location_key_for(resource_or_scope)
-        if location
-          uri = URI.parse(location)
+        uri = parse_uri(location)
+        if uri
          session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
        end
      end

      private

+      def parse_uri(location)
+        location && URI.parse(location)
+      rescue URI::InvalidURIError
+        nil
+      end
+
      def stored_location_key_for(resource_or_scope)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
        "#{scope}_return_to"
--- a/lib/devise/controllers/url_helpers.rb
+++ b/lib/devise/controllers/url_helpers.rb
@@ -47,7 +47,9 @@ module Devise
              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
                def #{method}(resource_or_scope, *args)
                  scope = Devise::Mapping.find_scope!(resource_or_scope)
-                  _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                  router_name = Devise.mappings[scope].router_name
+                  context = router_name ? send(router_name) : _devise_route_context
+                  context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                end
              URL_HELPERS
            end
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -15,7 +15,7 @@ module Devise

    include Devise::Controllers::StoreLocation

-    delegate :flash, :to => :request
+    delegate :flash, to: :request

    def self.call(env)
      @respond ||= action(:respond)
@@ -78,6 +78,9 @@ module Devise
        options[:resource_name] = scope
        options[:scope] = "devise.failure"
        options[:default] = [message]
+        auth_keys = scope_class.authentication_keys
+        keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
+        options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
        options = i18n_options(options)

        I18n.t(:"#{scope}.#{message}", options)
@@ -96,15 +99,15 @@ module Devise
          request.referrer
        end

-        path || scope_path
+        path || scope_url
      else
-        scope_path
+        scope_url
      end
    end

-    def scope_path
+    def scope_url
      opts  = {}
-      route = :"new_#{scope}_session_path"
+      route = :"new_#{scope}_session_url"
      opts[:format] = request_format unless skip_format?

      config = Rails.application.config
@@ -114,8 +117,8 @@ module Devise

      if context.respond_to?(route)
        context.send(route, opts)
-      elsif respond_to?(:root_path)
-        root_path(opts)
+      elsif respond_to?(:root_url)
+        root_url(opts)
      else
        "/"
      end
@@ -144,16 +147,16 @@ module Devise
    # It does not make sense to send authenticate headers in ajax requests
    # or if the user disabled them.
    def http_auth_header?
-      Devise.mappings[scope].to.http_authenticatable && !request.xhr?
+      scope_class.http_authenticatable && !request.xhr?
    end

    def http_auth_body
      return i18n_message unless request_format
      method = "to_#{request_format}"
      if method == "to_xml"
-        { :error => i18n_message }.to_xml(:root => "errors")
+        { error: i18n_message }.to_xml(root: "errors")
      elsif {}.respond_to?(method)
-        { :error => i18n_message }.send(method)
+        { error: i18n_message }.send(method)
      else
        i18n_message
      end
@@ -182,6 +185,10 @@ module Devise
      @scope ||= warden_options[:scope] || Devise.default_scope
    end

+    def scope_class
+      @scope_class ||= Devise.mappings[scope].to
+    end
+
    def attempted_path
      warden_options[:attempted_path]
    end
--- a/lib/devise/hooks/activatable.rb
+++ b/lib/devise/hooks/activatable.rb
@@ -1,11 +1,10 @@
-# Deny user access whenever their account is not active yet. All strategies that inherits from
-# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
-# before actively signing them in. However, we need this as hook to validate the user activity
-# in each request and in case the user is using other strategies beside Devise ones.
+# Deny user access whenever their account is not active yet.
+# We need this as hook to validate the user activity on each request
+# and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
  if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
    scope = options[:scope]
    warden.logout(scope)
-    throw :warden, :scope => scope, :message => record.inactive_message
+    throw :warden, scope: scope, message: record.inactive_message
  end
 end
--- a/lib/devise/hooks/csrf_cleaner.rb
+++ b/lib/devise/hooks/csrf_cleaner.rb
@@ -1,5 +1,7 @@
 Warden::Manager.after_authentication do |record, warden, options|
-  if Devise.clean_up_csrf_token_on_authentication
+  clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) ||
+    warden.winning_strategy.clean_up_csrf?
+  if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy
    warden.request.session.try(:delete, :_csrf_token)
  end
 end
--- a/lib/devise/hooks/lockable.rb
+++ b/lib/devise/hooks/lockable.rb
@@ -1,6 +1,6 @@
 # After each sign in, if resource responds to failed_attempts, sets it to 0
 # This is only triggered when the user is explicitly set (with set_user)
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
    record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero?
  end
--- a/lib/devise/hooks/proxy.rb
+++ b/lib/devise/hooks/proxy.rb
@@ -7,7 +7,7 @@ module Devise
      include Devise::Controllers::SignInOut

      attr_reader :warden
-      delegate :cookies, :env, :to => :warden
+      delegate :cookies, :env, to: :warden

      def initialize(warden)
        @warden = warden
--- a/lib/devise/hooks/rememberable.rb
+++ b/lib/devise/hooks/rememberable.rb
@@ -1,4 +1,4 @@
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
  scope = options[:scope]
  if record.respond_to?(:remember_me) && options[:store] != false &&
     record.remember_me && warden.authenticated?(scope)
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -9,6 +9,13 @@ Warden::Manager.after_set_user do |record, warden, options|

  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
    last_request_at = warden.session(scope)['last_request_at']
+
+    if last_request_at.is_a? Integer
+      last_request_at = Time.at(last_request_at).utc
+    elsif last_request_at.is_a? String
+      last_request_at = Time.parse(last_request_at)
+    end
+
    proxy = Devise::Hooks::Proxy.new(warden)

    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
@@ -18,11 +25,11 @@ Warden::Manager.after_set_user do |record, warden, options|
        record.reset_authentication_token!
      end

-      throw :warden, :scope => scope, :message => :timeout
+      throw :warden, scope: scope, message: :timeout
    end

    unless env['devise.skip_trackable']
-      warden.session(scope)['last_request_at'] = Time.now.utc
+      warden.session(scope)['last_request_at'] = Time.now.utc.to_i
    end
  end
 end
--- a/lib/devise/hooks/trackable.rb
+++ b/lib/devise/hooks/trackable.rb
@@ -2,7 +2,7 @@
 # This is only triggered when the user is explicitly set (with set_user)
 # and on authentication. Retrieving the user from session (:fetch) does
 # not trigger it.
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
  if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
    record.update_tracked_fields!(warden.request)
  end
--- a/lib/devise/mailers/helpers.rb
+++ b/lib/devise/mailers/helpers.rb
@@ -27,12 +27,12 @@ module Devise

      def headers_for(action, opts)
        headers = {
-          :subject       => subject_for(action),
-          :to            => resource.email,
-          :from          => mailer_sender(devise_mapping),
-          :reply_to      => mailer_reply_to(devise_mapping),
-          :template_path => template_paths,
-          :template_name => action
+          subject: subject_for(action),
+          to: resource.email,
+          from: mailer_sender(devise_mapping),
+          reply_to: mailer_reply_to(devise_mapping),
+          template_path: template_paths,
+          template_name: action
        }.merge(opts)

        @email = headers[:to]
@@ -82,8 +82,8 @@ module Devise
      #           subject: '...'
      #
      def subject_for(key)
-        I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key],
-          :default => [:subject, key.to_s.humanize])
+        I18n.t(:"#{devise_mapping.name}_subject", scope: [:devise, :mailer, key],
+          default: [:subject, key.to_s.humanize])
      end
    end
  end
--- a/lib/devise/mapping.rb
+++ b/lib/devise/mapping.rb
@@ -23,7 +23,8 @@ module Devise
  #
  class Mapping #:nodoc:
    attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
+                :failure_app, :router_name

    alias :name :singular

@@ -32,7 +33,7 @@ module Devise
    def self.find_scope!(obj)
      case obj
      when String, Symbol
-        return obj
+        return obj.to_sym
      when Class
        Devise.mappings.each_value { |m| return m.name if obj <= m.to }
      else
@@ -60,6 +61,8 @@ module Devise
      @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
      @format = options[:format]

+      @router_name = options[:router_name]
+
      default_failure_app(options)
      default_controllers(options)
      default_path_names(options)
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -29,7 +29,7 @@ module Devise
    #     It also accepts an array specifying the strategies that should allow params authentication.
    #
    #   * +skip_session_storage+: By default Devise will store the user in session.
-    #     By default is set to :skip_session_storage => [:http_auth].
+    #     By default is set to skip_session_storage: [:http_auth].
    #
    # == active_for_authentication?
    #
@@ -59,7 +59,7 @@ module Devise
        :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]

      included do
-        class_attribute :devise_modules, :instance_writer => false
+        class_attribute :devise_modules, instance_writer: false
        self.devise_modules ||= []

        before_validation :downcase_keys
@@ -170,7 +170,13 @@ module Devise
      #     end
      #
      def send_devise_notification(notification, *args)
-        devise_mailer.send(notification, self, *args).deliver
+        message = devise_mailer.send(notification, self, *args)
+        # Remove once we move to Rails 4.2+ only.
+        if message.respond_to?(:deliver_now)
+          message.deliver_now
+        else
+          message.deliver
+        end
      end

      def downcase_keys
@@ -231,7 +237,7 @@ module Devise
        # Example:
        #
        #   def self.find_for_authentication(tainted_conditions)
-        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
        #   end
        #
        # Finally, notice that Devise also queries for users in other scenarios
@@ -253,7 +259,7 @@ module Devise

        # Find an initialize a group of attributes based on a list of required attributes.
        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
-          attributes = attributes.slice(*required_attributes)
+          attributes = attributes.slice(*required_attributes).with_indifferent_access
          attributes.delete_if { |key, value| value.blank? }

          if attributes.size == required_attributes.size
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -33,10 +33,10 @@ module Devise
      include ActionView::Helpers::DateHelper

      included do
-        before_create :generate_confirmation_token, :if => :confirmation_required?
-        after_create  :send_on_create_confirmation_instructions, :if => :send_confirmation_notification?
-        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, :if => :postpone_email_change?
-        after_update  :send_reconfirmation_instructions,  :if => :reconfirmation_required?
+        before_create :generate_confirmation_token, if: :confirmation_required?
+        after_create  :send_on_create_confirmation_instructions, if: :send_confirmation_notification?
+        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change?
+        after_update  :send_reconfirmation_instructions,  if: :reconfirmation_required?
      end

      def initialize(*args, &block)
@@ -60,7 +60,7 @@ module Devise
        pending_any_confirmation do
          if confirmation_period_expired?
            self.errors.add(:email, :confirmation_period_expired,
-              :period => Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
+              period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
            return false
          end

@@ -73,9 +73,9 @@ module Devise
            self.unconfirmed_email = nil

            # We need to validate in such cases to enforce e-mail uniqueness
-            save(:validate => true)
+            save(validate: true)
          else
-            save(:validate => false)
+            save(validate: false)
          end

          after_confirmation if saved
@@ -98,7 +98,7 @@ module Devise
          generate_confirmation_token!
        end

-        opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
+        opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
        send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
      end

@@ -225,7 +225,7 @@ module Devise
        end

        def generate_confirmation_token!
-          generate_confirmation_token && save(:validate => false)
+          generate_confirmation_token && save(validate: false)
        end

        def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
@@ -236,17 +236,17 @@ module Devise
        end

        def postpone_email_change?
-          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && !self.email.blank?
+          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
          @bypass_confirmation_postpone = false
          postpone
        end

        def reconfirmation_required?
-          self.class.reconfirmable && @reconfirmation_required && !self.email.blank?
+          self.class.reconfirmable && @reconfirmation_required && self.email.present?
        end

        def send_confirmation_notification?
-          confirmation_required? && !@skip_confirmation_notification && !self.email.blank?
+          confirmation_required? && !@skip_confirmation_notification && self.email.present?
        end

        def after_confirmation
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -4,7 +4,7 @@ require 'bcrypt'
 module Devise
  # Digests the password using bcrypt.
  def self.bcrypt(klass, password)
-    ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s
+    ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
  end

  module Models
@@ -55,9 +55,13 @@ module Devise
        self.password = self.password_confirmation = nil
      end

-      # Update record attributes when :current_password matches, otherwise returns
-      # error on :current_password. It also automatically rejects :password and
-      # :password_confirmation if they are blank.
+      # Update record attributes when :current_password matches, otherwise
+      # returns error on :current_password.
+      #
+      # This method also rejects the password field if it is blank (allowing
+      # users to change relevant information like the e-mail without changing
+      # their password). In case the password field is rejected, the confirmation
+      # is also rejected as long as it is also blank.
      def update_with_password(params, *options)
        current_password = params.delete(:current_password)

--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@@ -22,7 +22,7 @@ module Devise
    module Lockable
      extend  ActiveSupport::Concern

-      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
+      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, to: "self.class"

      def self.required_fields(klass)
        attributes = []
@@ -36,14 +36,14 @@ module Devise
      # Lock a user setting its locked_at to actual time.
      # * +opts+: Hash options if you don't want to send email
      #   when you lock access, you could pass the next hash
-      #   `{ :send_instructions => false } as option`.
+      #   `{ send_instructions: false } as option`.
      def lock_access!(opts = { })
        self.locked_at = Time.now.utc

        if unlock_strategy_enabled?(:email) && opts.fetch(:send_instructions, true)
          send_unlock_instructions
        else
-          save(:validate => false)
+          save(validate: false)
        end
      end

@@ -52,7 +52,7 @@ module Devise
        self.locked_at = nil
        self.failed_attempts = 0 if respond_to?(:failed_attempts=)
        self.unlock_token = nil  if respond_to?(:unlock_token=)
-        save(:validate => false)
+        save(validate: false)
      end

      # Verifies whether a user is locked or not.
@@ -64,7 +64,7 @@ module Devise
      def send_unlock_instructions
        raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
        self.unlock_token = enc
-        self.save(:validate => false)
+        self.save(validate: false)
        send_devise_notification(:unlock_instructions, raw, {})
        raw
      end
@@ -104,7 +104,7 @@ module Devise
          if attempts_exceeded?
            lock_access! unless access_locked?
          else
-            save(:validate => false)
+            save(validate: false)
          end
          false
        end
@@ -115,10 +115,10 @@ module Devise
        # leaks the existence of an account.
        if Devise.paranoid
          super
-        elsif lock_strategy_enabled?(:failed_attempts) && last_attempt?
-          :last_attempt
-        elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
+        elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
          :locked
+        elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? && self.class.last_attempt_warning
+          :last_attempt
        else
          super
        end
@@ -189,7 +189,7 @@ module Devise
          self.lock_strategy == strategy
        end

-        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys)
+        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys, :last_attempt_warning)
      end
    end
  end
--- a/lib/devise/models/omniauthable.rb
+++ b/lib/devise/models/omniauthable.rb
@@ -10,7 +10,7 @@ module Devise
    #
    #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
    #
-    #       devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
+    #       devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
    #
    module Omniauthable
      extend ActiveSupport::Concern
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -45,14 +45,10 @@ module Devise
      # Resets reset password token and send reset password instructions by email.
      # Returns the token sent in the e-mail.
      def send_reset_password_instructions
-        raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+        token = set_reset_password_token
+        send_reset_password_instructions_notification(token)

-        self.reset_password_token   = enc
-        self.reset_password_sent_at = Time.now.utc
-        self.save(:validate => false)
-
-        send_devise_notification(:reset_password_instructions, raw, {})
-        raw
+        token
      end

      # Checks if the reset password token sent is within the limit time.
@@ -90,7 +86,27 @@ module Devise
        def after_password_reset
        end

+        def set_reset_password_token
+          raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+
+          self.reset_password_token   = enc
+          self.reset_password_sent_at = Time.now.utc
+          self.save(validate: false)
+          raw
+        end
+
+        def send_reset_password_instructions_notification(token)
+          send_devise_notification(:reset_password_instructions, token, {})
+        end
+
      module ClassMethods
+        # Attempt to find a user by password reset token. If a user is found, return it
+        # If a user is not found, return nil
+        def with_reset_password_token(token)
+          reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)
+          to_adapter.find_first(reset_password_token: reset_password_token)
+        end
+
        # Attempt to find a user by its email. If a record is found, send new
        # password instructions to it. If user is not found, returns a new user
        # with an email not found error.
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@@ -50,7 +50,7 @@ module Devise
      def remember_me!(extend_period=false)
        self.remember_token = self.class.remember_token if generate_remember_token?
        self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
-        save(:validate => false) if self.changed?
+        save(validate: false) if self.changed?
      end

      # If the record is persisted, remove the remember token (but only if
@@ -58,8 +58,8 @@ module Devise
      def forget_me!
        return unless persisted?
        self.remember_token = nil if respond_to?(:remember_token=)
-        self.remember_created_at = nil
-        save(:validate => false)
+        self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
+        save(validate: false)
      end

      # Remember token should be expired if expiration time not overpass now.
@@ -118,11 +118,11 @@ module Devise
        def remember_token #:nodoc:
          loop do
            token = Devise.friendly_token
-            break token unless to_adapter.find_first({ :remember_token => token })
+            break token unless to_adapter.find_first({ remember_token: token })
          end
        end

-        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
+        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
      end
    end
  end
--- a/lib/devise/models/trackable.rb
+++ b/lib/devise/models/trackable.rb
@@ -15,7 +15,7 @@ module Devise
        [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
      end

-      def update_tracked_fields!(request)
+      def update_tracked_fields(request)
        old_current, new_current = self.current_sign_in_at, Time.now.utc
        self.last_sign_in_at     = old_current || new_current
        self.current_sign_in_at  = new_current
@@ -26,8 +26,11 @@ module Devise

        self.sign_in_count ||= 0
        self.sign_in_count += 1
+      end

-        save(:validate => false) or raise "Devise trackable could not save #{inspect}." \
+      def update_tracked_fields!(request)
+        update_tracked_fields(request)
+        save(validate: false) or raise "Devise trackable could not save #{inspect}." \
          "Please make sure a model using trackable can be saved at sign in."
      end
    end
--- a/lib/devise/models/validatable.rb
+++ b/lib/devise/models/validatable.rb
@@ -26,13 +26,13 @@ module Devise
        assert_validations_api!(base)

        base.class_eval do
-          validates_presence_of   :email, :if => :email_required?
-          validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
-          validates_format_of     :email, :with  => email_regexp, :allow_blank => true, :if => :email_changed?
+          validates_presence_of   :email, if: :email_required?
+          validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?

-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-          validates_length_of       :password, :within => password_length, :allow_blank => true
+          validates_presence_of     :password, if: :password_required?
+          validates_confirmation_of :password, if: :password_required?
+          validates_length_of       :password, within: password_length, allow_blank: true
        end
      end

--- a/lib/devise/modules.rb
+++ b/lib/devise/modules.rb
@@ -1,26 +1,26 @@
 require 'active_support/core_ext/object/with_options'

-Devise.with_options :model => true do |d|
+Devise.with_options model: true do |d|
  # Strategies first
-  d.with_options :strategy => true do |s|
+  d.with_options strategy: true do |s|
    routes = [nil, :new, :destroy]
-    s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
-    s.add_module :rememberable, :no_input => true
+    s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
+    s.add_module :rememberable, no_input: true
  end

  # Other authentications
-  d.add_module :omniauthable, :controller => :omniauth_callbacks,  :route => :omniauth_callback
+  d.add_module :omniauthable, controller: :omniauth_callbacks,  route: :omniauth_callback

  # Misc after
  routes = [nil, :new, :edit]
-  d.add_module :recoverable,  :controller => :passwords,     :route => { :password => routes }
-  d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) }
+  d.add_module :recoverable,  controller: :passwords,     route: { password: routes }
+  d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
  d.add_module :validatable

  # The ones which can sign out after
  routes = [nil, :new]
-  d.add_module :confirmable,  :controller => :confirmations, :route => { :confirmation => routes }
-  d.add_module :lockable,     :controller => :unlocks,       :route => { :unlock => routes }
+  d.add_module :confirmable,  controller: :confirmations, route: { confirmation: routes }
+  d.add_module :lockable,     controller: :unlocks,       route: { unlock: routes }
  d.add_module :timeoutable

  # Stats for last, so we make sure the user is really signed in
--- a/lib/devise/omniauth/url_helpers.rb
+++ b/lib/devise/omniauth/url_helpers.rb
@@ -6,12 +6,12 @@ module Devise

      def omniauth_authorize_path(resource_or_scope, *args)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_authorize_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_authorize_path", *args)
      end

      def omniauth_callback_path(resource_or_scope, *args)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_callback_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_callback_path", *args)
      end
    end
  end
--- a/lib/devise/rails.rb
+++ b/lib/devise/rails.rb
@@ -29,7 +29,7 @@ module Devise
      end
    end

-    config.after_initialize do |app|
+    initializer "devise.secret_key" do |app|
      if app.respond_to?(:secrets)
        Devise.secret_key ||= app.secrets.secret_key_base
      elsif app.config.respond_to?(:secret_key_base)
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -43,20 +43,20 @@ module ActionDispatch::Routing
    # needed routes:
    #
    #  # Session routes for Authenticatable (default)
-    #       new_user_session GET    /users/sign_in                    {:controller=>"devise/sessions", :action=>"new"}
-    #           user_session POST   /users/sign_in                    {:controller=>"devise/sessions", :action=>"create"}
-    #   destroy_user_session DELETE /users/sign_out                   {:controller=>"devise/sessions", :action=>"destroy"}
+    #       new_user_session GET    /users/sign_in                    {controller:"devise/sessions", action:"new"}
+    #           user_session POST   /users/sign_in                    {controller:"devise/sessions", action:"create"}
+    #   destroy_user_session DELETE /users/sign_out                   {controller:"devise/sessions", action:"destroy"}
    #
    #  # Password routes for Recoverable, if User model has :recoverable configured
-    #      new_user_password GET    /users/password/new(.:format)     {:controller=>"devise/passwords", :action=>"new"}
-    #     edit_user_password GET    /users/password/edit(.:format)    {:controller=>"devise/passwords", :action=>"edit"}
-    #          user_password PUT    /users/password(.:format)         {:controller=>"devise/passwords", :action=>"update"}
-    #                        POST   /users/password(.:format)         {:controller=>"devise/passwords", :action=>"create"}
+    #      new_user_password GET    /users/password/new(.:format)     {controller:"devise/passwords", action:"new"}
+    #     edit_user_password GET    /users/password/edit(.:format)    {controller:"devise/passwords", action:"edit"}
+    #          user_password PUT    /users/password(.:format)         {controller:"devise/passwords", action:"update"}
+    #                        POST   /users/password(.:format)         {controller:"devise/passwords", action:"create"}
    #
    #  # Confirmation routes for Confirmable, if User model has :confirmable configured
-    #  new_user_confirmation GET    /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"}
-    #      user_confirmation GET    /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"show"}
-    #                        POST   /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"create"}
+    #  new_user_confirmation GET    /users/confirmation/new(.:format) {controller:"devise/confirmations", action:"new"}
+    #      user_confirmation GET    /users/confirmation(.:format)     {controller:"devise/confirmations", action:"show"}
+    #                        POST   /users/confirmation(.:format)     {controller:"devise/confirmations", action:"create"}
    #
    # ==== Routes integration
    #
@@ -84,22 +84,22 @@ module ActionDispatch::Routing
    #
    # You can configure your routes with some options:
    #
-    #  * :class_name => setup a different class to be looked up by devise, if it cannot be
+    #  * class_name: setup a different class to be looked up by devise, if it cannot be
    #    properly found by the route name.
    #
-    #      devise_for :users, :class_name => 'Account'
+    #      devise_for :users, class_name: 'Account'
    #
-    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #  * path: allows you to setup path name that will be used, as rails routes does.
    #    The following route configuration would setup your route as /accounts instead of /users:
    #
-    #      devise_for :users, :path => 'accounts'
+    #      devise_for :users, path: 'accounts'
    #
-    #  * :singular => setup the singular name for the given resource. This is used as the instance variable
+    #  * singular: setup the singular name for the given resource. This is used as the instance variable
    #    name in controller, as the name in routes and the scope given to warden.
    #
-    #      devise_for :users, :singular => :user
+    #      devise_for :users, singular: :user
    #
-    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #  * path_names: configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
    #    :password, :confirmation, :unlock.
    #
    #      devise_for :users, path_names: {
@@ -108,50 +108,53 @@ module ActionDispatch::Routing
    #        registration: 'register', edit: 'edit/profile'
    #      }
    #
-    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #  * controllers: the controller which should be used. All routes by default points to Devise controllers.
    #    However, if you want them to point to custom controller, you should do:
    #
-    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #      devise_for :users, controllers: { sessions: "users/sessions" }
    #
-    #  * :failure_app => a rack app which is invoked whenever there is a failure. Strings representing a given
+    #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
    #    are also allowed as parameter.
    #
-    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
    #    if you wish to restrict this to accept only :post or :delete requests you should do:
    #
-    #      devise_for :users, :sign_out_via => [ :post, :delete ]
+    #      devise_for :users, sign_out_via: [ :post, :delete ]
    #
    #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
    #
-    #  * :module => the namespace to find controllers (default: "devise", thus
+    #  * module: the namespace to find controllers (default: "devise", thus
    #    accessing devise/sessions, devise/registrations, and so on). If you want
    #    to namespace all at once, use module:
    #
-    #      devise_for :users, :module => "users"
+    #      devise_for :users, module: "users"
    #
-    #  * :skip => tell which controller you want to skip routes from being created:
+    #  * skip: tell which controller you want to skip routes from being created.
+    #    It accepts :all as an option, meaning it will not generate any route at all:
    #
-    #      devise_for :users, :skip => :sessions
+    #      devise_for :users, skip: :sessions
    #
-    #  * :only => the opposite of :skip, tell which controllers only to generate routes to:
+    #  * only: the opposite of :skip, tell which controllers only to generate routes to:
    #
-    #      devise_for :users, :only => :sessions
+    #      devise_for :users, only: :sessions
    #
-    #  * :skip_helpers => skip generating Devise url helpers like new_session_path(@user).
+    #  * skip_helpers: skip generating Devise url helpers like new_session_path(@user).
    #    This is useful to avoid conflicts with previous routes and is false by default.
    #    It accepts true as option, meaning it will skip all the helpers for the controllers
    #    given in :skip but it also accepts specific helpers to be skipped:
    #
-    #      devise_for :users, :skip => [:registrations, :confirmations], :skip_helpers => true
-    #      devise_for :users, :skip_helpers => [:registrations, :confirmations]
+    #      devise_for :users, skip: [:registrations, :confirmations], skip_helpers: true
+    #      devise_for :users, skip_helpers: [:registrations, :confirmations]
    #
-    #  * :format => include "(.:format)" in the generated routes? true by default, set to false to disable:
+    #  * format: include "(.:format)" in the generated routes? true by default, set to false to disable:
    #
-    #      devise_for :users, :format => false
+    #      devise_for :users, format: false
    #
-    #  * :constraints => works the same as Rails' constraints
+    #  * constraints: works the same as Rails' constraints
    #
-    #  * :defaults => works the same as Rails' defaults
+    #  * defaults: works the same as Rails' defaults
+    #
+    #  * router_name: allows application level router name to be overwritten for the current scope
    #
    # ==== Scoping
    #
@@ -173,7 +176,7 @@ module ActionDispatch::Routing
    #
    #   class ApplicationController < ActionController::Base
    #     def self.default_url_options
-    #       { :locale => I18n.locale }
+    #       { locale: I18n.locale }
    #     end
    #   end
    #
@@ -198,7 +201,7 @@ module ActionDispatch::Routing
    # In order to get Devise to recognize the deactivate action, your devise_scope entry should look like this:
    #
    #     devise_scope :owner do
-    #       post "deactivate", :to => "registrations#deactivate", :as => "deactivate_registration"
+    #       post "deactivate", to: "registrations#deactivate", as: "deactivate_registration"
    #     end
    #
    def devise_for(*resources)
@@ -224,7 +227,7 @@ module ActionDispatch::Routing
          raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
        rescue NameError => e
          raise unless mapping.class_name == resource.to_s.classify
-          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " <<
+          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " \
            "no model #{mapping.class_name} defined in your application"
          next
        rescue NoMethodError => e
@@ -234,13 +237,12 @@ module ActionDispatch::Routing

        if options[:controllers] && options[:controllers][:omniauth_callbacks]
          unless mapping.omniauthable?
-            msg =  "Mapping omniauth_callbacks on a resource that is not omniauthable\n"
-            msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
-            raise msg
+            raise ArgumentError, "Mapping omniauth_callbacks on a resource that is not omniauthable\n" \
+              "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
          end
        end

-        routes  = mapping.used_routes
+        routes = mapping.used_routes

        devise_scope mapping.name do
          with_devise_exclusive_scope mapping.fullpath, mapping.name, options do
@@ -263,7 +265,7 @@ module ActionDispatch::Routing
    #   end
    #
    #   authenticate :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
    #   end
    #
    def authenticate(scope=nil, block=nil)
@@ -277,18 +279,18 @@ module ActionDispatch::Routing
    # a model and allows extra constraints to be done on the instance.
    #
    #   authenticated :admin do
-    #     root :to => 'admin/dashboard#show', :as => :admin_root
+    #     root to: 'admin/dashboard#show', as: :admin_root
    #   end
    #
    #   authenticated do
-    #     root :to => 'dashboard#show', :as => :authenticated_root
+    #     root to: 'dashboard#show', as: :authenticated_root
    #   end
    #
    #   authenticated :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
    #   end
    #
-    #   root :to => 'landing#show'
+    #   root to: 'landing#show'
    #
    def authenticated(scope=nil, block=nil)
      constraints_for(:authenticate?, scope, block) do
@@ -301,15 +303,15 @@ module ActionDispatch::Routing
    #
    #   unauthenticated do
    #     as :user do
-    #       root :to => 'devise/registrations#new'
+    #       root to: 'devise/registrations#new'
    #     end
    #   end
    #
-    #   root :to => 'dashboard#show'
+    #   root to: 'dashboard#show'
    #
    def unauthenticated(scope=nil)
      constraint = lambda do |request|
-        not request.env["warden"].authenticate? :scope => scope
+        not request.env["warden"].authenticate? scope: scope
      end

      constraints(constraint) do
@@ -322,7 +324,7 @@ module ActionDispatch::Routing
    # to which controller it is targetted.
    #
    #   as :user do
-    #     get "sign_in", :to => "devise/sessions#new"
+    #     get "sign_in", to: "devise/sessions#new"
    #   end
    #
    # Notice you cannot have two scopes mapping to the same URL. And remember, if
@@ -354,42 +356,42 @@ module ActionDispatch::Routing
    protected

      def devise_session(mapping, controllers) #:nodoc:
-        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
-          get   :new,     :path => mapping.path_names[:sign_in],  :as => "new"
-          post  :create,  :path => mapping.path_names[:sign_in]
-          match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
+        resource :session, only: [], controller: controllers[:sessions], path: "" do
+          get   :new,     path: mapping.path_names[:sign_in],  as: "new"
+          post  :create,  path: mapping.path_names[:sign_in]
+          match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via
        end
      end

      def devise_password(mapping, controllers) #:nodoc:
-        resource :password, :only => [:new, :create, :edit, :update],
-          :path => mapping.path_names[:password], :controller => controllers[:passwords]
+        resource :password, only: [:new, :create, :edit, :update],
+          path: mapping.path_names[:password], controller: controllers[:passwords]
      end

      def devise_confirmation(mapping, controllers) #:nodoc:
-        resource :confirmation, :only => [:new, :create, :show],
-          :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        resource :confirmation, only: [:new, :create, :show],
+          path: mapping.path_names[:confirmation], controller: controllers[:confirmations]
      end

      def devise_unlock(mapping, controllers) #:nodoc:
        if mapping.to.unlock_strategy_enabled?(:email)
-          resource :unlock, :only => [:new, :create, :show],
-            :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+          resource :unlock, only: [:new, :create, :show],
+            path: mapping.path_names[:unlock], controller: controllers[:unlocks]
        end
      end

      def devise_registration(mapping, controllers) #:nodoc:
        path_names = {
-          :new => mapping.path_names[:sign_up],
-          :edit => mapping.path_names[:edit],
-          :cancel => mapping.path_names[:cancel]
+          new: mapping.path_names[:sign_up],
+          edit: mapping.path_names[:edit],
+          cancel: mapping.path_names[:cancel]
        }

        options = {
-          :only => [:new, :create, :edit, :update, :destroy],
-          :path => mapping.path_names[:registration],
-          :path_names => path_names,
-          :controller => controllers[:registrations]
+          only: [:new, :create, :edit, :update, :destroy],
+          path: mapping.path_names[:registration],
+          path_names: path_names,
+          controller: controllers[:registrations]
        }

        resource :registration, options do
@@ -405,16 +407,16 @@ and you have set #{mapping.fullpath.inspect}. You can work around by passing
 `skip: :omniauth_callbacks` and manually defining the routes. Here is an example:

    match "/users/auth/:provider",
-      :constraints => { :provider => /google|facebook/ },
-      :to => "devise/omniauth_callbacks#passthru",
-      :as => :omniauth_authorize,
-      :via => [:get, :post]
+      constraints: { provider: /google|facebook/ },
+      to: "devise/omniauth_callbacks#passthru",
+      as: :omniauth_authorize,
+      via: [:get, :post]

    match "/users/auth/:action/callback",
-      :constraints => { :action => /google|facebook/ },
-      :to => "devise/omniauth_callbacks",
-      :as => :omniauth_callback,
-      :via => [:get, :post]
+      constraints: { action: /google|facebook/ },
+      to: "devise/omniauth_callbacks",
+      as: :omniauth_callback,
+      via: [:get, :post]
 ERROR
        end

@@ -426,38 +428,35 @@ ERROR
        providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s))

        match "#{path_prefix}/:provider",
-          :constraints => { :provider => providers },
-          :to => "#{controllers[:omniauth_callbacks]}#passthru",
-          :as => :omniauth_authorize,
-          :via => [:get, :post]
+          constraints: { provider: providers },
+          to: "#{controllers[:omniauth_callbacks]}#passthru",
+          as: :omniauth_authorize,
+          via: [:get, :post]

        match "#{path_prefix}/:action/callback",
-          :constraints => { :action => providers },
-          :to => controllers[:omniauth_callbacks],
-          :as => :omniauth_callback,
-          :via => [:get, :post]
+          constraints: { action: providers },
+          to: "#{controllers[:omniauth_callbacks]}#:action",
+          as: :omniauth_callback,
+          via: [:get, :post]
      ensure
        @scope[:path] = path
      end

-      DEVISE_SCOPE_KEYS = [:as, :path, :module, :constraints, :defaults, :options]
-
      def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc:
-        old = {}
-        DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] }
+        current_scope = @scope.dup

-        new = { :as => new_as, :path => new_path, :module => nil }
-        new.merge!(options.slice(:constraints, :defaults, :options))
+        exclusive = { as: new_as, path: new_path, module: nil }
+        exclusive.merge!(options.slice(:constraints, :defaults, :options))

-        @scope.merge!(new)
+        exclusive.each_pair { |key, value| @scope[key] = value }
        yield
      ensure
-        @scope.merge!(old)
+        @scope = current_scope
      end

      def constraints_for(method_to_apply, scope=nil, block=nil)
        constraint = lambda do |request|
-          request.env['warden'].send(method_to_apply, :scope => scope) &&
+          request.env['warden'].send(method_to_apply, scope: scope) &&
            (block.nil? || block.call(request.env["warden"].user(scope)))
        end

--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -16,6 +16,13 @@ module Devise
        valid_for_params_auth? || valid_for_http_auth?
      end

+      # Override and set to false for things like OmniAuth that technically
+      # run through Authentication (user_set) very often, which would normally
+      # reset CSRF data in the session
+      def clean_up_csrf?
+        true
+      end
+
    private

      # Receives a resource and check if it is valid by calling valid_for_authentication?
@@ -29,7 +36,6 @@ module Devise
        result = resource && resource.valid_for_authentication?(&block)

        if result
-          decorate(resource)
          true
        else
          if resource
@@ -40,7 +46,7 @@ module Devise
      end

      # Get values from params and set in the resource.
-      def decorate(resource)
+      def remember_me(resource)
        resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
      end

--- a/lib/devise/strategies/database_authenticatable.rb
+++ b/lib/devise/strategies/database_authenticatable.rb
@@ -9,6 +9,7 @@ module Devise
        encrypted = false

        if validate(resource){ encrypted = true; resource.valid_password?(password) }
+          remember_me(resource)
          resource.after_database_authentication
          success!(resource)
        end
--- a/lib/devise/strategies/rememberable.rb
+++ b/lib/devise/strategies/rememberable.rb
@@ -25,15 +25,18 @@ module Devise
        end

        if validate(resource)
+          remember_me(resource)
+          extend_remember_me_period(resource)
          success!(resource)
        end
      end

    private

-      def decorate(resource)
-        super
-        resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
+      def extend_remember_me_period(resource)
+        if resource.respond_to?(:extend_remember_period=)
+          resource.extend_remember_period = mapping.to.extend_remember_period
+        end
      end

      def remember_me?
--- a/lib/devise/test_helpers.rb
+++ b/lib/devise/test_helpers.rb
@@ -109,8 +109,8 @@ module Devise

        status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
        @controller.response.headers.merge!(headers)
-        @controller.send :render, :status => status, :text => response.body,
-          :content_type => headers["Content-Type"], :location => headers["Location"]
+        @controller.send :render, status: status, text: response.body,
+          content_type: headers["Content-Type"], location: headers["Location"]
        nil # causes process return @response
      end

--- a/lib/devise/time_inflector.rb
+++ b/lib/devise/time_inflector.rb
@@ -6,7 +6,7 @@ module Devise

    class << self
      attr_reader :instance
-      delegate :time_ago_in_words, :to => :instance
+      delegate :time_ago_in_words, to: :instance
    end

    @instance = new
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.2.3".freeze
+  VERSION = "3.4.1".freeze
 end
--- a/lib/generators/active_record/devise_generator.rb
+++ b/lib/generators/active_record/devise_generator.rb
@@ -4,7 +4,7 @@ require 'generators/devise/orm_helpers'
 module ActiveRecord
  module Generators
    class DeviseGenerator < ActiveRecord::Generators::Base
-      argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"

      include Devise::Generators::OrmHelpers
      source_root File.expand_path("../templates", __FILE__)
@@ -18,7 +18,7 @@ module ActiveRecord
      end

      def generate_model
-        invoke "active_record:model", [name], :migration => false unless model_exists? && behavior == :invoke
+        invoke "active_record:model", [name], migration: false unless model_exists? && behavior == :invoke
      end

      def inject_devise_content
@@ -39,8 +39,8 @@ module ActiveRecord
      def migration_data
 <<RUBY
      ## Database authenticatable
-      t.string :email,              :null => false, :default => ""
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""

      ## Recoverable
      t.string   :reset_password_token
@@ -50,11 +50,11 @@ module ActiveRecord
      t.datetime :remember_created_at

      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
+      t.integer  :sign_in_count, default: 0, null: false
      t.datetime :current_sign_in_at
      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
+      t.#{ip_column} :current_sign_in_ip
+      t.#{ip_column} :last_sign_in_ip

      ## Confirmable
      # t.string   :confirmation_token
@@ -63,11 +63,29 @@ module ActiveRecord
      # t.string   :unconfirmed_email # Only if using reconfirmable

      ## Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
      # t.string   :unlock_token # Only if unlock strategy is :email or :both
      # t.datetime :locked_at
 RUBY
      end
+
+      def ip_column
+        # Padded with spaces so it aligns nicely with the rest of the columns.
+        "%-8s" % (inet? ? "inet" : "string")
+      end
+
+      def inet?
+        rails4? && postgresql?
+      end
+
+      def rails4?
+        Rails.version.start_with? '4'
+      end
+
+      def postgresql?
+        config = ActiveRecord::Base.configurations[Rails.env]
+        config && config['adapter'] == 'postgresql'
+      end
    end
  end
 end
--- a/lib/generators/active_record/templates/migration.rb
+++ b/lib/generators/active_record/templates/migration.rb
@@ -10,9 +10,9 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
      t.timestamps
    end

-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
  end
 end
--- a/lib/generators/active_record/templates/migration_existing.rb
+++ b/lib/generators/active_record/templates/migration_existing.rb
@@ -11,10 +11,10 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
      # t.timestamps
    end

-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
  end

  def self.down
--- a/lib/generators/devise/controllers_generator.rb
+++ b/lib/generators/devise/controllers_generator.rb
@@ -0,0 +1,44 @@
+require 'rails/generators/base'
+
+module Devise
+  module Generators
+    class ControllersGenerator < Rails::Generators::Base
+      CONTROLLERS = %w(confirmations passwords registrations sessions unlocks omniauth_callbacks).freeze
+
+      desc <<-DESC.strip_heredoc
+        Create inherited Devise controllers in your app/controllers folder.
+
+        Use -c to specify which controller you want to overwrite.
+        If you do no specify a controller, all controllers will be created.
+        For example:
+
+          rails generate devise:controllers users -c=sessions
+
+        This will create a controller class at app/controllers/users/sessions_controller.rb like this:
+
+          class Users::ConfirmationsController < Devise::ConfirmationsController
+            content...
+          end
+      DESC
+
+      source_root File.expand_path("../../templates/controllers", __FILE__)
+      argument :scope, required: true,
+        desc: "The scope to create controllers in, e.g. users, admins"
+      class_option :controllers, aliases: "-c", type: :array,
+        desc: "Select specific controllers to generate (#{CONTROLLERS.join(', ')})"
+
+      def create_controllers
+        @scope_prefix = scope.blank? ? '' : (scope.camelize + '::')
+        controllers = options[:controllers] || CONTROLLERS
+        controllers.each do |name|
+          template "#{name}_controller.rb",
+                   "app/controllers/#{scope}/#{name}_controller.rb"
+        end
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end
--- a/lib/generators/devise/devise_generator.rb
+++ b/lib/generators/devise/devise_generator.rb
@@ -13,12 +13,12 @@ module Devise

      hook_for :orm

-      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
+      class_option :routes, desc: "Generate routes", type: :boolean, default: true

      def add_devise_routes
        devise_route  = "devise_for :#{plural_name}"
-        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
-        devise_route << %Q(, :skip => :all) unless options.routes?
+        devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, skip: :all) unless options.routes?
        route devise_route
      end
    end
--- a/lib/generators/devise/views_generator.rb
+++ b/lib/generators/devise/views_generator.rb
@@ -9,13 +9,14 @@ module Devise
      extend ActiveSupport::Concern

      included do
-        argument :scope, :required => false, :default => nil,
-                         :desc => "The scope to copy views to"
+        argument :scope, required: false, default: nil,
+                         desc: "The scope to copy views to"

        # Le sigh, ensure Thor won't handle opts as args
        # It should be fixed in future Rails releases
-        class_option :form_builder, :aliases => "-b"
+        class_option :form_builder, aliases: "-b"
        class_option :markerb
+        class_option :views, aliases: "-v", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)"

        public_task :copy_views
      end
@@ -28,11 +29,17 @@ module Devise
      end

      def copy_views
-        view_directory :confirmations
-        view_directory :passwords
-        view_directory :registrations
-        view_directory :sessions
-        view_directory :unlocks
+        if options[:views]
+          options[:views].each do |directory|
+            view_directory directory.to_sym
+          end
+        else
+          view_directory :confirmations
+          view_directory :passwords
+          view_directory :registrations
+          view_directory :sessions
+          view_directory :unlocks
+        end
      end

      protected
@@ -85,7 +92,9 @@ module Devise
      hide!

      def copy_views
-        view_directory :mailer
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :mailer
+        end
      end
    end

@@ -96,7 +105,9 @@ module Devise
      hide!

      def copy_views
-        view_directory :markerb, target_path
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :markerb, target_path
+        end
      end

      def target_path
@@ -107,18 +118,18 @@ module Devise
    class ViewsGenerator < Rails::Generators::Base
      desc "Copies Devise views to your application."

-      argument :scope, :required => false, :default => nil,
-                       :desc => "The scope to copy views to"
+      argument :scope, required: false, default: nil,
+                       desc: "The scope to copy views to"

      invoke SharedViewsGenerator

-      hook_for :form_builder, :aliases => "-b",
-                              :desc => "Form builder to be used",
-                              :default => defined?(SimpleForm) ? "simple_form_for" : "form_for"
+      hook_for :form_builder, aliases: "-b",
+                              desc: "Form builder to be used",
+                              default: defined?(SimpleForm) ? "simple_form_for" : "form_for"

-      hook_for :markerb,  :desc => "Generate markerb instead of erb mail views",
-                          :default => defined?(Markerb) ? :markerb : :erb,
-                          :type => :boolean
+      hook_for :markerb,  desc: "Generate markerb instead of erb mail views",
+                          default: defined?(Markerb) ? :markerb : :erb,
+                          type: :boolean
    end
  end
 end
--- a/lib/generators/mongoid/devise_generator.rb
+++ b/lib/generators/mongoid/devise_generator.rb
@@ -11,43 +11,43 @@ module Mongoid
      end

      def inject_field_types
-        inject_into_file model_path, migration_data, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
      end

      def inject_devise_content
-        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
      end

      def migration_data
 <<RUBY
  ## Database authenticatable
-  field :email,              :type => String, :default => ""
-  field :encrypted_password, :type => String, :default => ""
+  field :email,              type: String, default: ""
+  field :encrypted_password, type: String, default: ""

  ## Recoverable
-  field :reset_password_token,   :type => String
-  field :reset_password_sent_at, :type => Time
+  field :reset_password_token,   type: String
+  field :reset_password_sent_at, type: Time

  ## Rememberable
-  field :remember_created_at, :type => Time
+  field :remember_created_at, type: Time

  ## Trackable
-  field :sign_in_count,      :type => Integer, :default => 0
-  field :current_sign_in_at, :type => Time
-  field :last_sign_in_at,    :type => Time
-  field :current_sign_in_ip, :type => String
-  field :last_sign_in_ip,    :type => String
+  field :sign_in_count,      type: Integer, default: 0
+  field :current_sign_in_at, type: Time
+  field :last_sign_in_at,    type: Time
+  field :current_sign_in_ip, type: String
+  field :last_sign_in_ip,    type: String

  ## Confirmable
-  # field :confirmation_token,   :type => String
-  # field :confirmed_at,         :type => Time
-  # field :confirmation_sent_at, :type => Time
-  # field :unconfirmed_email,    :type => String # Only if using reconfirmable
+  # field :confirmation_token,   type: String
+  # field :confirmed_at,         type: Time
+  # field :confirmation_sent_at, type: Time
+  # field :unconfirmed_email,    type: String # Only if using reconfirmable

  ## Lockable
-  # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
-  # field :unlock_token,    :type => String # Only if unlock strategy is :email or :both
-  # field :locked_at,       :type => Time
+  # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  # field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  # field :locked_at,       type: Time
 RUBY
      end
    end
--- a/lib/generators/templates/README
+++ b/lib/generators/templates/README
@@ -6,14 +6,14 @@ Some setup you must do manually if you haven't yet:
     is an example of default_url_options appropriate for a development environment
     in config/environments/development.rb:

-       config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+       config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }

     In production, :host should be set to the actual host of your application.

  2. Ensure you have defined root_url to *something* in your config/routes.rb.
     For example:

-       root :to => "home#index"
+       root to: "home#index"

  3. Ensure you have flash messages in app/views/layouts/application.html.erb.
     For example:
--- a/lib/generators/templates/controllers/README
+++ b/lib/generators/templates/controllers/README
@@ -0,0 +1,14 @@
+===============================================================================
+
+Some setup you must do manually if you haven't yet:
+
+  Ensure you have overridden routes for generated controllers in your route.rb.
+  For example:
+
+    Rails.application.routes.draw do
+      devise_for :users, controllers: {
+        sessions: 'sessions'
+      }
+    end
+
+===============================================================================
--- a/lib/generators/templates/controllers/confirmations_controller.rb
+++ b/lib/generators/templates/controllers/confirmations_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/confirmation
+  # def create
+  #   super
+  # end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after resending confirmation instructions.
+  # def after_resending_confirmation_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+
+  # The path used after confirmation.
+  # def after_confirmation_path_for(resource_name, resource)
+  #   super(resource_name, resource)
+  # end
+end
--- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb
+++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  # You should configure your model like this:
+  # devise :omniauthable, omniauth_providers: [:twitter]
+
+  # You should also create an action method in this controller like this:
+  # def twitter
+  # end
+
+  # More info at:
+  # https://github.com/plataformatec/devise#omniauth
+
+  # GET|POST /resource/auth/twitter
+  # def passthru
+  #   super
+  # end
+
+  # GET|POST /users/auth/twitter/callback
+  # def failure
+  #   super
+  # end
+
+  # protected
+
+  # The path used when omniauth fails
+  # def after_omniauth_failure_path_for(scope)
+  #   super(scope)
+  # end
+end
--- a/lib/generators/templates/controllers/passwords_controller.rb
+++ b/lib/generators/templates/controllers/passwords_controller.rb
@@ -0,0 +1,32 @@
+class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
+  # GET /resource/password/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/password
+  # def create
+  #   super
+  # end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource/password
+  # def update
+  #   super
+  # end
+
+  # protected
+
+  # def after_resetting_password_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sending reset password instructions
+  # def after_sending_reset_password_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+end
--- a/lib/generators/templates/controllers/registrations_controller.rb
+++ b/lib/generators/templates/controllers/registrations_controller.rb
@@ -0,0 +1,60 @@
+class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
+# before_filter :configure_sign_up_params, only: [:create]
+# before_filter :configure_account_update_params, only: [:update]
+
+  # GET /resource/sign_up
+  # def new
+  #   super
+  # end
+
+  # POST /resource
+  # def create
+  #   super
+  # end
+
+  # GET /resource/edit
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource
+  # def update
+  #   super
+  # end
+
+  # DELETE /resource
+  # def destroy
+  #   super
+  # end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  # def cancel
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.for(:sign_up) << :attribute
+  # end
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.for(:account_update) << :attribute
+  # end
+
+  # The path used after sign up.
+  # def after_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end
--- a/lib/generators/templates/controllers/sessions_controller.rb
+++ b/lib/generators/templates/controllers/sessions_controller.rb
@@ -0,0 +1,25 @@
+class <%= @scope_prefix %>SessionsController < Devise::SessionsController
+# before_filter :configure_sign_in_params, only: [:create]
+
+  # GET /resource/sign_in
+  # def new
+  #   super
+  # end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.for(:sign_in) << :attribute
+  # end
+end
--- a/lib/generators/templates/controllers/unlocks_controller.rb
+++ b/lib/generators/templates/controllers/unlocks_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@@ -65,7 +65,7 @@ Devise.setup do |config|
  # :database      = Support basic authentication with authentication key + password
  # config.http_authenticatable = false

-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
  # config.http_authenticatable_on_xhr = true

  # The realm used in Http Basic Authentication. 'Application' by default.
@@ -80,7 +80,7 @@ Devise.setup do |config|
  # particular strategies by setting this option.
  # Notice that if you are skipping storage for all authentication paths, you
  # may want to disable generating routes to Devise's sessions controller by
-  # passing :skip => :sessions to `devise_for` in your config/routes.rb
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
  config.skip_session_storage = [:http_auth]

  # By default, Devise cleans up the CSRF token on authentication to
@@ -95,7 +95,9 @@ Devise.setup do |config|
  #
  # Limiting the stretches to just one in testing will increase the performance of
  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments.
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
  config.stretches = Rails.env.test? ? 1 : 10

  # Setup a pepper to generate the encrypted password.
@@ -119,8 +121,8 @@ Devise.setup do |config|

  # If true, requires any email changes to be confirmed (exactly the same way as
  # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed new email is stored in
-  # unconfirmed email column, and copied to email column on successful confirmation.
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
  config.reconfirmable = true

  # Defines which key will be used when confirming an account
@@ -130,11 +132,14 @@ Devise.setup do |config|
  # The time the user will be remembered without asking for credentials again.
  # config.remember_for = 2.weeks

+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
  # If true, extends the user's remember period when remembered via cookie.
  # config.extend_remember_period = false

  # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
+  # secure: true in order to force SSL only cookies.
  # config.rememberable_options = {}

  # ==> Configuration for :validatable
@@ -178,7 +183,7 @@ Devise.setup do |config|
  # config.unlock_in = 1.hour

  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
+  # config.last_attempt_warning = true

  # ==> Configuration for :recoverable
  #
@@ -231,7 +236,7 @@ Devise.setup do |config|
  # ==> OmniAuth
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'

  # ==> Warden configuration
  # If you want to use other strategies, that are not supported by Devise, or
@@ -239,7 +244,7 @@ Devise.setup do |config|
  #
  # config.warden do |manager|
  #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
  # end

  # ==> Mountable engine configurations
--- a/lib/generators/templates/markerb/confirmation_instructions.markerb
+++ b/lib/generators/templates/markerb/confirmation_instructions.markerb
@@ -2,4 +2,4 @@ Welcome <%= @email %>!

 You can confirm your account through the link below:

-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %>
+<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>
--- a/lib/generators/templates/markerb/reset_password_instructions.markerb
+++ b/lib/generators/templates/markerb/reset_password_instructions.markerb
@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!

 Someone has requested a link to change your password, and you can do this through the link below.

-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %>
+<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>

 If you didn't request this, please ignore this email.
 Your password won't change until you access the link above and create a new one.
--- a/lib/generators/templates/markerb/unlock_instructions.markerb
+++ b/lib/generators/templates/markerb/unlock_instructions.markerb
@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in

 Click the link below to unlock your account:

-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %>
+<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>
--- a/lib/generators/templates/simple_form_for/confirmations/new.html.erb
+++ b/lib/generators/templates/simple_form_for/confirmations/new.html.erb
@@ -1,11 +1,11 @@
 <h2>Resend confirmation instructions</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
  <%= f.error_notification %>
  <%= f.full_error :confirmation_token %>

  <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
  </div>

  <div class="form-actions">
--- a/lib/generators/templates/simple_form_for/passwords/edit.html.erb
+++ b/lib/generators/templates/simple_form_for/passwords/edit.html.erb
@@ -1,14 +1,14 @@
 <h2>Change your password</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
  <%= f.error_notification %>

-  <%= f.input :reset_password_token, :as => :hidden %>
+  <%= f.input :reset_password_token, as: :hidden %>
  <%= f.full_error :reset_password_token %>

  <div class="form-inputs">
-    <%= f.input :password, :label => "New password", :required => true, :autofocus => true %>
-    <%= f.input :password_confirmation, :label => "Confirm your new password", :required => true %>
+    <%= f.input :password, label: "New password", required: true, autofocus: true %>
+    <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
  </div>

  <div class="form-actions">
--- a/lib/generators/templates/simple_form_for/passwords/new.html.erb
+++ b/lib/generators/templates/simple_form_for/passwords/new.html.erb
@@ -1,10 +1,10 @@
 <h2>Forgot your password?</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
  <%= f.error_notification %>

  <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
  </div>

  <div class="form-actions">
--- a/lib/generators/templates/simple_form_for/registrations/edit.html.erb
+++ b/lib/generators/templates/simple_form_for/registrations/edit.html.erb
@@ -1,18 +1,18 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>

-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
  <%= f.error_notification %>

  <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>

    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
    <% end %>

-    <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %>
-    <%= f.input :password_confirmation, :required => false %>
-    <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %>
+    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+    <%= f.input :password_confirmation, required: false %>
+    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
  </div>

  <div class="form-actions">
@@ -22,6 +22,6 @@

 <h3>Cancel my account</h3>

-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>

 <%= link_to "Back", :back %>
--- a/lib/generators/templates/simple_form_for/registrations/new.html.erb
+++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb
@@ -1,12 +1,12 @@
 <h2>Sign up</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
  <%= f.error_notification %>

  <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
-    <%= f.input :password, :required => true %>
-    <%= f.input :password_confirmation, :required => true %>
+    <%= f.input :email, required: true, autofocus: true %>
+    <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %>
+    <%= f.input :password_confirmation, required: true %>
  </div>

  <div class="form-actions">
--- a/lib/generators/templates/simple_form_for/sessions/new.html.erb
+++ b/lib/generators/templates/simple_form_for/sessions/new.html.erb
@@ -1,14 +1,14 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
  <div class="form-inputs">
-    <%= f.input :email, :required => false, :autofocus => true %>
-    <%= f.input :password, :required => false %>
-    <%= f.input :remember_me, :as => :boolean if devise_mapping.rememberable? %>
+    <%= f.input :email, required: false, autofocus: true %>
+    <%= f.input :password, required: false %>
+    <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
  </div>

  <div class="form-actions">
-    <%= f.button :submit, "Sign in" %>
+    <%= f.button :submit, "Log in" %>
  </div>
 <% end %>

--- a/lib/generators/templates/simple_form_for/unlocks/new.html.erb
+++ b/lib/generators/templates/simple_form_for/unlocks/new.html.erb
@@ -1,11 +1,11 @@
 <h2>Resend unlock instructions</h2>

-<%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
  <%= f.error_notification %>
  <%= f.full_error :unlock_token %>

  <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
  </div>

  <div class="form-actions">
--- a/script/cached-bundle
+++ b/script/cached-bundle
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+# Usage: cached-bundle install --deployment
+#
+# After running `bundle`, caches the `vendor/bundle` directory to S3.
+# On the next run, restores the cached directory before running `bundle`.
+# When `Gemfile.lock` changes, the cache gets rebuilt.
+#
+# Requirements:
+# - Gemfile.lock
+# - TRAVIS_REPO_SLUG
+# - TRAVIS_RUBY_VERSION
+# - AMAZON_S3_BUCKET
+# - script/s3-put
+# - bundle
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+compute_md5() {
+  local output="$(openssl md5)"
+  echo "${output##* }"
+}
+
+download() {
+  curl --tcp-nodelay -qsfL "$1" -o "$2"
+}
+
+
+gemfile="${BUNDLE_GEMFILE:-Gemfile}"
+bundle_fullpath="$(dirname $gemfile)/vendor/bundle"
+bundle_path=${bundle_fullpath#$PWD/}
+gemfile_hash="$(compute_md5 <"${gemfile}.lock")"
+cache_name="${TRAVIS_RUBY_VERSION}-${gemfile_hash}.tgz"
+fetch_url="http://${AMAZON_S3_BUCKET}.s3.amazonaws.com/${TRAVIS_REPO_SLUG}/${cache_name}"
+
+if download "$fetch_url" "$cache_name"; then
+  echo "Reusing cached bundle ${cache_name}"
+  tar xzf "$cache_name"
+fi
+
+bundle "$@"
+
+if [ ! -f "$cache_name" ] && [ -n "$AMAZON_SECRET_ACCESS_KEY" ]; then
+  echo "Caching \`${bundle_path}' to S3"
+  tar czf "$cache_name" "$bundle_path"
+  script/s3-put "$cache_name" "${AMAZON_S3_BUCKET}:${TRAVIS_REPO_SLUG}/${cache_name}"
+fi
--- a/script/s3-put
+++ b/script/s3-put
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# Usage: s3-put <FILE> <S3_BUCKET>[:<PATH>] [<CONTENT_TYPE>]
+#
+# Uploads a file to the Amazon S3 service.
+# Outputs the URL for the newly uploaded file.
+#
+# Requirements:
+# - AMAZON_ACCESS_KEY_ID
+# - AMAZON_SECRET_ACCESS_KEY
+# - openssl
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+authorization() {
+  local signature="$(string_to_sign | hmac_sha1 | base64)"
+  echo "AWS ${AMAZON_ACCESS_KEY_ID?}:${signature}"
+}
+
+hmac_sha1() {
+  openssl dgst -binary -sha1 -hmac "${AMAZON_SECRET_ACCESS_KEY?}"
+}
+
+base64() {
+  openssl enc -base64
+}
+
+bin_md5() {
+  openssl dgst -binary -md5
+}
+
+string_to_sign() {
+  echo "$http_method"
+  echo "$content_md5"
+  echo "$content_type"
+  echo "$date"
+  echo "x-amz-acl:$acl"
+  printf "/$bucket/$remote_path"
+}
+
+date_string() {
+  LC_TIME=C date "+%a, %d %h %Y %T %z"
+}
+
+file="$1"
+bucket="${2%%:*}"
+remote_path="${2#*:}"
+content_type="$3"
+
+if [ -z "$remote_path" ] || [ "$remote_path" = "$bucket" ]; then
+  remote_path="${file##*/}"
+fi
+
+http_method=PUT
+acl="public-read"
+content_md5="$(bin_md5 < "$file" | base64)"
+date="$(date_string)"
+
+url="https://$bucket.s3.amazonaws.com/$remote_path"
+
+curl -qsSf -T "$file" \
+  -H "Authorization: $(authorization)" \
+  -H "x-amz-acl: $acl" \
+  -H "Date: $date" \
+  -H "Content-MD5: $content_md5" \
+  -H "Content-Type: $content_type" \
+  "$url"
+
+echo "$url"
--- a/test/controllers/custom_registrations_controller_test.rb
+++ b/test/controllers/custom_registrations_controller_test.rb
@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class CustomRegistrationsControllerTest < ActionController::TestCase
+  tests Custom::RegistrationsController
+
+  include Devise::TestHelpers
+
+  setup do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @password = 'password'
+    @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!)
+  end
+
+  test "yield resource to block on create success" do
+    post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on create failure" do
+    post :create, { user: { } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update success" do
+    sign_in @user
+    put :update, { user: { current_password: @password } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update failure" do
+    sign_in @user
+    put :update, { user: { } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+end
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -14,81 +14,110 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  end

  test 'proxy signed_in?(scope) to authenticate?' do
-    @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
+    @mock_warden.expects(:authenticate?).with(scope: :my_scope)
    @controller.signed_in?(:my_scope)
  end

  test 'proxy signed_in?(nil) to authenticate?' do
    Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @mock_warden.expects(:authenticate?).with(:scope => scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope)
    end
    @controller.signed_in?
  end

+  test 'proxy [group]_signed_in? to authenticate? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.commenter_signed_in?
+  end
+
  test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user)
+    @mock_warden.expects(:authenticate).with(scope: :user)
    @controller.current_user
  end

  test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
    @controller.current_admin
  end

+  test 'proxy current_[group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope).returns(nil)
+    end
+    @controller.current_commenter
+  end
+
+  test 'proxy current_[plural_group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope)
+    end
+    @controller.current_commenters
+  end
+
  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
    @controller.current_publisher_account
  end

  test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user)
+    @mock_warden.expects(:authenticate!).with(scope: :user)
    @controller.authenticate_user!
  end

  test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
-    @controller.authenticate_user!(:recall => "foo")
+    @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo")
+    @controller.authenticate_user!(recall: "foo")
  end

  test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :admin)
+    @mock_warden.expects(:authenticate!).with(scope: :admin)
    @controller.authenticate_admin!
  end

+  test 'proxy authenticate_[group]! to authenticate!? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate!).with(scope: scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.authenticate_commenter!
+  end
+
  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
    @controller.authenticate_publisher_account!
  end

  test 'proxy user_signed_in? to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns("user")
+    @mock_warden.expects(:authenticate).with(scope: :user).returns("user")
    assert @controller.user_signed_in?
  end

  test 'proxy admin_signed_in? to authenticatewith admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
    assert_not @controller.admin_signed_in?
  end

  test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
    @controller.publisher_account_signed_in?
  end

  test 'proxy user_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(true)
    @mock_warden.expects(:session).with(:user).returns({})
    @controller.user_session
  end

  test 'proxy admin_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :admin).returns(true)
    @mock_warden.expects(:session).with(:admin).returns({})
    @controller.admin_session
  end

  test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account).returns(true)
    @mock_warden.expects(:session).with(:publisher_account).returns({})
    @controller.publisher_account_session
  end
@@ -96,14 +125,14 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  test 'sign in proxy to set_user on warden' do
    user = User.new
    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
    @controller.sign_in(:user, user)
  end

  test 'sign in accepts a resource as argument' do
    user = User.new
    @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
    @controller.sign_in(user)
  end

@@ -117,15 +146,15 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  test 'sign in again when the user is already in only if force is given' do
    user = User.new
    @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(user, :force => true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @controller.sign_in(user, force: true)
  end

  test 'sign in accepts bypass as option' do
    user = User.new
    @mock_warden.expects(:session_serializer).returns(serializer = mock())
    serializer.expects(:store).with(user, :user)
-    @controller.sign_in(user, :bypass => true)
+    @controller.sign_in(user, bypass: true)
  end

  test 'sign out clears up any signed in user from all scopes' do
@@ -141,18 +170,18 @@ class ControllerAuthenticatableTest < ActionController::TestCase

  test 'sign out logs out and clears up any signed in user by scope' do
    user = User.new
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(user)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(user)
    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
    @controller.instance_variable_set(:@current_user, user)
    @controller.sign_out(:user)
    assert_equal nil, @controller.instance_variable_get(:@current_user)
  end

  test 'sign out accepts a resource as argument' do
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(true)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(true)
    @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
    @controller.sign_out(User.new)
  end

@@ -193,6 +222,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    assert_equal "/foo.bar", @controller.stored_location_for(:user)
  end

+  test 'store bad location for stores a location to redirect back to' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.store_location_for(:user, "/foo.bar\">Carry")
+    assert_nil @controller.stored_location_for(:user)
+  end
+
  test 'store location for accepts a resource as argument' do
    @controller.store_location_for(User.new, "/foo.bar")
    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
@@ -227,7 +262,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    user = User.new
    @controller.session[:user_return_to] = "/foo.bar"
    @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
    @controller.expects(:redirect_to).with("/foo.bar")
    @controller.sign_in_and_redirect(user)
  end
@@ -235,7 +270,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  test 'sign in and redirect uses the configured after sign in path' do
    admin = Admin.new
    @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
+    @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true)
    @controller.expects(:redirect_to).with(admin_root_path)
    @controller.sign_in_and_redirect(admin)
  end
@@ -249,10 +284,10 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  end

  test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
-    swap Devise, :sign_out_all_scopes => false do
-      @mock_warden.expects(:user).with(:scope => :admin, :run_callbacks => false).returns(true)
+    swap Devise, sign_out_all_scopes: false do
+      @mock_warden.expects(:user).with(scope: :admin, run_callbacks: false).returns(true)
      @mock_warden.expects(:logout).with(:admin).returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with(:scope => :admin).returns(true)
+      @mock_warden.expects(:clear_strategies_cache!).with(scope: :admin).returns(true)
      @controller.expects(:redirect_to).with(admin_root_path)
      @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
      @controller.sign_out_and_redirect(:admin)
@@ -260,7 +295,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
  end

  test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
-    swap Devise, :sign_out_all_scopes => true do
+    swap Devise, sign_out_all_scopes: true do
      @mock_warden.expects(:user).times(Devise.mappings.size)
      @mock_warden.expects(:logout).with().returns(true)
      @mock_warden.expects(:clear_strategies_cache!).with().returns(true)
--- a/test/controllers/internal_helpers_test.rb
+++ b/test/controllers/internal_helpers_test.rb
@@ -51,11 +51,11 @@ class HelpersTest < ActionController::TestCase
  end

  test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
+    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
  end

  test 'require no authentication tests current mapping' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
    @mock_warden.expects(:user).with(:user).returns(User.new)
    @controller.expects(:redirect_to).with(root_path)
    @controller.send :require_no_authentication
@@ -71,7 +71,7 @@ class HelpersTest < ActionController::TestCase
  end

  test 'require no authentication sets a flash message' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
    @mock_warden.expects(:user).with(:user).returns(User.new)
    @controller.expects(:redirect_to).with(root_path)
    @controller.send :require_no_authentication
@@ -79,7 +79,7 @@ class HelpersTest < ActionController::TestCase
  end

  test 'signed in resource returns signed in resource for current scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new)
    assert_kind_of User, @controller.signed_in_resource
  end

@@ -99,22 +99,28 @@ class HelpersTest < ActionController::TestCase
    assert_equal 'non-blank', flash[:notice]
  end

+  test 'issues non-blank flash.now messages normally' do
+    I18n.stubs(:t).returns('non-blank')
+    @controller.send :set_flash_message, :notice, :send_instructions, { now: true }
+    assert_equal 'non-blank', flash.now[:notice]
+  end
+
  test 'uses custom i18n options' do
-    @controller.stubs(:devise_i18n_options).returns(:default => "devise custom options")
+    @controller.stubs(:devise_i18n_options).returns(default: "devise custom options")
    @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
    assert_equal 'devise custom options', flash[:notice]
  end

  test 'allows custom i18n options to override resource_name' do
    I18n.expects(:t).with("custom_resource_name.confirmed", anything)
-    @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name")
+    @controller.stubs(:devise_i18n_options).returns(resource_name: "custom_resource_name")
    @controller.send :set_flash_message, :notice, :confirmed
  end

  test 'navigational_formats not returning a wild card' do
    MyController.send(:public, :navigational_formats)

-    swap Devise, :navigational_formats => ['*/*', :html] do
+    swap Devise, navigational_formats: ['*/*', :html] do
      assert_not @controller.navigational_formats.include?("*/*")
    end

--- a/Show More
+++ b/Show More