Release v3.3.0

UX feature: heads-up for new users about minimum password length

.gitignore

@@ -8,4 +8,3 @@ rdoc/*
 pkg
 log
 test/tmp/*
-gemfiles/*.lock

.travis.yml

@@ -1,14 +1,21 @@
 language: ruby
 script: "bundle exec rake test"
-before_install:
-  - gem install bundler -v '>= 1.5.1'
+install: script/cached-bundle install --deployment --path vendor/bundle
 rvm:
   - 1.9.3
   - 2.0.0
-  - 2.1.0
+  - 2.1.2
 env:
-  - DEVISE_ORM=mongoid
-  - DEVISE_ORM=active_record
+  matrix:
+    - DEVISE_ORM=mongoid
+    - DEVISE_ORM=active_record
+  global:
+    # AMAZON_S3_BUCKET
+    - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
+    # AMAZON_ACCESS_KEY_ID
+    - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
+    # AMAZON_SECRET_ACCESS_KEY
+    - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
 gemfile:
   - gemfiles/Gemfile.rails-head
   - gemfiles/Gemfile.rails-4.0-stable

CHANGELOG.md

@@ -1,5 +1,38 @@
 ### Unreleased
 
+* enhancements
+* bug fixes
+
+### 3.3.0
+
+* enhancements
+  * Support multiple warden configuration blocks on devise configuration. (by @rossta)
+  * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
+    invalidated, and this behavior could not be changed. This behavior is now configurable via
+    `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
+  * Default email messages was updated with grammar fixes, check the diff on
+    #2906 for the updated copy (by @p-originate)
+  * Allow a resource to be found based on its encrypted password token (by @karlentwistle)
+  * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
+  * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
+    the current scope is using the `validatable` module (by @alexsoble)
+
+* bug fix
+  * Check if there is a signed in user before executing the `SessionsController#destroy`.
+  * `SessionsController#destroy` no longer yields the `resource` to receiving block,
+    since the resource isn't loaded in the action. If you need access to the current
+    resource when overring the action use the scope helper (like `current_user`) before
+    calling `super`
+  * Serialize the `last_request_at` entry as an Integer
+  * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
+  * Only valid paths will be stored for redirections (by @parallel588)
+
+### 3.2.4
+
+* enhancements
+  * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
+  * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
+
 ### 3.2.3
 
 * enhancements
@@ -170,6 +203,16 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
   * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
   * Properly handle namespaced models on Active Record generator (by @nashby)
 
+### 2.1.4
+
+* bugfix
+  * Do not confirm account after reset password
+
+### 2.1.3
+
+* bugfix
+  * Require string conversion for all values
+
 ### 2.1.2
 
 * enhancements

Gemfile

@@ -2,16 +2,16 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 4.0.0"
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", "~> 4.1.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end
 
 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end

Gemfile.lock

@@ -1,19 +1,8 @@
-GIT
-  remote: git://github.com/mongoid/mongoid.git
-  revision: 346a79a7d01aa194de80e649916239a18d38ce13
-  branch: master
-  specs:
-    mongoid (4.0.0)
-      activemodel (~> 4.0.0)
-      moped (~> 1.5)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
-
 PATH
   remote: .
   specs:
-    devise (3.2.3)
-      bcrypt-ruby (~> 3.0)
+    devise (3.3.0)
+      bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
       thread_safe (~> 0.1)
@@ -22,117 +11,134 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.0.0)
-      actionpack (= 4.0.0)
-      mail (~> 2.5.3)
-    actionpack (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
+    actionmailer (4.1.4)
+      actionpack (= 4.1.4)
+      actionview (= 4.1.4)
+      mail (~> 2.5.4)
+    actionpack (4.1.4)
+      actionview (= 4.1.4)
+      activesupport (= 4.1.4)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+    actionview (4.1.4)
+      activesupport (= 4.1.4)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.4)
+      activesupport (= 4.1.4)
+      builder (~> 3.1)
+    activerecord (4.1.4)
+      activemodel (= 4.1.4)
+      activesupport (= 4.1.4)
+      arel (~> 5.0.0)
+    activesupport (4.1.4)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
       thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.12)
-    bcrypt-ruby (3.1.2)
-    builder (3.1.4)
+      tzinfo (~> 1.1)
+    arel (5.0.1.20140414130214)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
     erubis (2.7.0)
-    faraday (0.8.8)
-      multipart-post (~> 1.2.0)
-    hashie (1.2.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
     hike (1.2.3)
-    httpauth (0.2.0)
-    i18n (0.6.5)
-    json (1.8.0)
-    jwt (0.1.8)
-      multi_json (>= 1.5)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    minitest (4.7.5)
-    mocha (0.13.3)
+    metaclass (0.0.4)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    minitest (5.4.0)
+    mocha (1.1.0)
       metaclass (~> 0.0.1)
-    moped (1.5.1)
-    multi_json (1.7.9)
-    multipart-post (1.2.0)
-    nokogiri (1.5.9)
-    oauth2 (0.8.1)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
       rack (~> 1.2)
-    omniauth (1.0.3)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.4.0)
-      omniauth-oauth2 (~> 1.0.2)
-    omniauth-oauth2 (1.0.3)
-      oauth2 (~> 0.8.0)
-      omniauth (~> 1.0)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
-    origin (1.1.0)
+    optionable (0.2.0)
+    origin (2.1.1)
     orm_adapter (0.5.0)
-    polyglot (0.3.3)
+    polyglot (0.3.5)
     rack (1.5.2)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (4.0.0)
-      actionmailer (= 4.0.0)
-      actionpack (= 4.0.0)
-      activerecord (= 4.0.0)
-      activesupport (= 4.0.0)
+    rails (4.1.4)
+      actionmailer (= 4.1.4)
+      actionpack (= 4.1.4)
+      actionview (= 4.1.4)
+      activemodel (= 4.1.4)
+      activerecord (= 4.1.4)
+      activesupport (= 4.1.4)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.0)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.0)
-      actionpack (= 4.0.0)
-      activesupport (= 4.0.0)
+      railties (= 4.1.4)
+      sprockets-rails (~> 2.0)
+    railties (4.1.4)
+      actionpack (= 4.1.4)
+      activesupport (= 4.1.4)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.1.0)
-    rdoc (4.0.1)
+    rake (10.3.2)
+    rdoc (4.1.1)
       json (~> 1.4)
-    ruby-openid (2.2.3)
-    sprockets (2.10.0)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
+    sprockets-rails (2.1.3)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
-    sqlite3 (1.3.7)
-    thor (0.18.1)
-    thread_safe (0.1.2)
-      atomic
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
     tilt (1.4.1)
-    treetop (1.4.14)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (1.2.1)
+      thread_safe (~> 0.1)
     warden (1.2.3)
       rack (>= 1.0)
     webrat (0.7.3)
@@ -148,13 +154,13 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mocha (~> 0.13.1)
-  mongoid!
-  omniauth (~> 1.0.0)
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
   omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
+  omniauth-oauth2 (~> 1.1.0)
   omniauth-openid (~> 1.0.1)
-  rails (~> 4.0.0)
+  rails (~> 4.1.0)
   rdoc
   sqlite3
   webrat (= 0.7.3)

README.md

@@ -27,7 +27,7 @@ It's composed of 10 modules:
 * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
-Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is on progress.
+Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.
 
 ## Information
 
@@ -83,7 +83,7 @@ You will usually want to write tests for your changes.  To run the test suite, g
 
 If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:
 
-* Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top
+* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users
 * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch
 
 Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
@@ -110,24 +110,28 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```
 
-Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller.
+Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
 
-Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
+
+Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
 
 ```ruby
-config.action_mailer.default_url_options = { host: 'localhost:3000' }
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ```
 
 You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.
 
 ### Controller filters and helpers
 
-Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
+Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):
 
 ```ruby
-before_filter :authenticate_user!
+before_action :authenticate_user!
 ```
 
+If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
+
 To verify if a user is signed in, use the following helper:
 
 ```ruby
@@ -157,7 +161,7 @@ You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to
 Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are:
 
 ```ruby
-before_filter :authenticate_member!
+before_action :authenticate_member!
 
 member_signed_in?
 
@@ -190,7 +194,7 @@ In case you want to permit additional parameters (the lazy way™) you can do wi
 
 ```ruby
 class ApplicationController < ActionController::Base
-  before_filter :configure_permitted_parameters, if: :devise_controller?
+  before_action :configure_permitted_parameters, if: :devise_controller?
 
   protected
 
@@ -200,7 +204,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
 
 To permit simple scalar values for username and email, use this
 
@@ -214,7 +218,7 @@ If you have some checkboxes that express the roles a user may take on registrati
 
 ```ruby
 def configure_permitted_parameters
-  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) }
+  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
 end
 ```
 For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
@@ -267,6 +271,13 @@ After doing so, you will be able to have views based on the role like `users/ses
 rails generate devise:views users
 ```
 
+If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module,
+you can pass a list of modules to the generator with the `-v` flag.
+
+```console
+rails generate devise:views -v registrations confirmations
+```
+
 ### Configuring controllers
 
 If the customization at the views level is not enough, you can customize each controller by following these steps:
@@ -278,7 +289,7 @@ If the customization at the views level is not enough, you can customize each co
     end
     ```
 
-    Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory.
+    Note that in the above example, the controller needs to be created in the `app/controllers/admins/` directory.
 
 2. Tell the router to use this controller:
 
@@ -376,6 +387,8 @@ Take a look at our locale file to check all available messages. You may also be
 
 https://github.com/plataformatec/devise/wiki/I18n
 
+Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController
+
 ### Test helpers
 
 Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
@@ -386,7 +399,7 @@ class ActionController::TestCase
 end
 ```
 
-If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb`:
+If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb`:
 
 ```ruby
 RSpec.configure do |config|
@@ -404,11 +417,11 @@ sign_out :user         # sign_out(scope)
 sign_out @user         # sign_out(resource)
 ```
 
-There are two things that is important to keep in mind:
+There are two things that are important to keep in mind:
 
 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
 
-2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
+2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
 
     ```ruby
     @request.env["devise.mapping"] = Devise.mappings[:user]
@@ -456,7 +469,7 @@ admin_session
 
 Alternatively, you can simply run the Devise generator.
 
-Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using [CanCan](https://github.com/ryanb/cancan).
+Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
 
 ### Other ORMs
 

Rakefile

@@ -4,7 +4,7 @@ require 'rake/testtask'
 require 'rdoc/task'
 
 desc 'Default: run tests for all ORMs.'
-task :default => :test
+task default: :test
 
 desc 'Run Devise tests for all ORMs.'
 task :pre_commit do

app/controllers/devise/confirmations_controller.rb

@@ -10,7 +10,7 @@ class Devise::ConfirmationsController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
     else
       respond_with(resource)
     end
@@ -25,7 +25,7 @@ class Devise::ConfirmationsController < DeviseController
       set_flash_message(:notice, :confirmed) if is_flashing_format?
       respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
     else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
     end
   end
 
@@ -38,7 +38,7 @@ class Devise::ConfirmationsController < DeviseController
 
     # The path used after confirmation.
     def after_confirmation_path_for(resource_name, resource)
-      if signed_in?
+      if signed_in?(resource_name)
         signed_in_root_path(resource)
       else
         new_session_path(resource_name)

app/controllers/devise/omniauth_callbacks_controller.rb

@@ -2,11 +2,11 @@ class Devise::OmniauthCallbacksController < DeviseController
   prepend_before_filter { request.env["devise.skip_timeout"] = true }
 
   def passthru
-    render :status => 404, :text => "Not found. Authentication passthru."
+    render status: 404, text: "Not found. Authentication passthru."
   end
 
   def failure
-    set_flash_message :alert, :failure, :kind => OmniAuth::Utils.camelize(failed_strategy.name), :reason => failure_message
+    set_flash_message :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message
     redirect_to after_omniauth_failure_path_for(resource_name)
   end
 

app/controllers/devise/passwords_controller.rb

@@ -1,7 +1,7 @@
 class Devise::PasswordsController < DeviseController
   prepend_before_filter :require_no_authentication
   # Render the #edit only if coming from a reset password email link
-  append_before_filter :assert_reset_token_passed, :only => :edit
+  append_before_filter :assert_reset_token_passed, only: :edit
 
   # GET /resource/password/new
   def new
@@ -14,7 +14,7 @@ class Devise::PasswordsController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+      respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
     else
       respond_with(resource)
     end
@@ -36,7 +36,7 @@ class Devise::PasswordsController < DeviseController
       flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
       set_flash_message(:notice, flash_message) if is_flashing_format?
       sign_in(resource_name, resource)
-      respond_with resource, :location => after_resetting_password_path_for(resource)
+      respond_with resource, location: after_resetting_password_path_for(resource)
     else
       respond_with resource
     end

app/controllers/devise/registrations_controller.rb

@@ -1,10 +1,14 @@
 class Devise::RegistrationsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
-  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+  prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ]
+  prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
 
   # GET /resource/sign_up
   def new
     build_resource({})
+    @validatable = devise_mapping.validatable?
+    if @validatable
+      @minimum_password_length = resource_class.password_length.min
+    end
     respond_with self.resource
   end
 
@@ -12,19 +16,24 @@ class Devise::RegistrationsController < DeviseController
   def create
     build_resource(sign_up_params)
 
-    if resource.save
-      yield resource if block_given?
+    resource_saved = resource.save
+    yield resource if block_given?
+    if resource_saved
       if resource.active_for_authentication?
         set_flash_message :notice, :signed_up if is_flashing_format?
         sign_up(resource_name, resource)
-        respond_with resource, :location => after_sign_up_path_for(resource)
+        respond_with resource, location: after_sign_up_path_for(resource)
       else
         set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
         expire_data_after_sign_in!
-        respond_with resource, :location => after_inactive_sign_up_path_for(resource)
+        respond_with resource, location: after_inactive_sign_up_path_for(resource)
       end
     else
       clean_up_passwords resource
+      @validatable = devise_mapping.validatable?
+      if @validatable
+        @minimum_password_length = resource_class.password_length.min
+      end
       respond_with resource
     end
   end
@@ -41,15 +50,16 @@ class Devise::RegistrationsController < DeviseController
     self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
     prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)
 
-    if update_resource(resource, account_update_params)
-      yield resource if block_given?
+    resource_updated = update_resource(resource, account_update_params)
+    yield resource if block_given?
+    if resource_updated
       if is_flashing_format?
         flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
           :update_needs_confirmation : :updated
         set_flash_message :notice, flash_key
       end
-      sign_in resource_name, resource, :bypass => true
-      respond_with resource, :location => after_update_path_for(resource)
+      sign_in resource_name, resource, bypass: true
+      respond_with resource, location: after_update_path_for(resource)
     else
       clean_up_passwords resource
       respond_with resource
@@ -110,7 +120,10 @@ class Devise::RegistrationsController < DeviseController
   # The path used after sign up for inactive accounts. You need to overwrite
   # this method in your own RegistrationsController.
   def after_inactive_sign_up_path_for(resource)
-    respond_to?(:root_path) ? root_path : "/"
+    scope = Devise::Mapping.find_scope!(resource)
+    router_name = Devise.mappings[scope].router_name
+    context = router_name ? send(router_name) : self
+    context.respond_to?(:root_path) ? context.root_path : "/"
   end
 
   # The default url to be used after updating a resource. You need to overwrite
@@ -121,7 +134,7 @@ class Devise::RegistrationsController < DeviseController
 
   # Authenticates the current scope and gets the current resource from the session.
   def authenticate_scope!
-    send(:"authenticate_#{resource_name}!", :force => true)
+    send(:"authenticate_#{resource_name}!", force: true)
     self.resource = send(:"current_#{resource_name}")
   end
 

app/controllers/devise/sessions_controller.rb

@@ -1,7 +1,8 @@
 class Devise::SessionsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  prepend_before_filter :allow_params_authentication!, :only => :create
-  prepend_before_filter :only => [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
+  prepend_before_filter :require_no_authentication, only: [ :new, :create ]
+  prepend_before_filter :allow_params_authentication!, only: :create
+  prepend_before_filter :verify_signed_out_user, only: :destroy
+  prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
 
   # GET /resource/sign_in
   def new
@@ -16,22 +17,15 @@ class Devise::SessionsController < DeviseController
     set_flash_message(:notice, :signed_in) if is_flashing_format?
     sign_in(resource_name, resource)
     yield resource if block_given?
-    respond_with resource, :location => after_sign_in_path_for(resource)
+    respond_with resource, location: after_sign_in_path_for(resource)
   end
 
   # DELETE /resource/sign_out
   def destroy
-    redirect_path = after_sign_out_path_for(resource_name)
     signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
     set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
-    yield resource if block_given?
-
-    # We actually need to hardcode this as Rails default responder doesn't
-    # support returning empty response on GET request
-    respond_to do |format|
-      format.all { head :no_content }
-      format.any(*navigational_formats) { redirect_to redirect_path }
-    end
+    yield if block_given?
+    respond_to_on_destroy
   end
 
   protected
@@ -44,10 +38,39 @@ class Devise::SessionsController < DeviseController
     methods = resource_class.authentication_keys.dup
     methods = methods.keys if methods.is_a?(Hash)
     methods << :password if resource.respond_to?(:password)
-    { :methods => methods, :only => [:password] }
+    { methods: methods, only: [:password] }
   end
 
   def auth_options
-    { :scope => resource_name, :recall => "#{controller_path}#new" }
+    { scope: resource_name, recall: "#{controller_path}#new" }
+  end
+
+  private
+
+  # Check if there is no signed in user before doing the sign out.
+  #
+  # If there is no signed in user, it will set the flash message and redirect
+  # to the after_sign_out path.
+  def verify_signed_out_user
+    if all_signed_out?
+      set_flash_message :notice, :already_signed_out if is_flashing_format?
+
+      respond_to_on_destroy
+    end
+  end
+
+  def all_signed_out?
+    users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
+
+    users.all?(&:blank?)
+  end
+
+  def respond_to_on_destroy
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      format.all { head :no_content }
+      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
+    end
   end
 end

app/controllers/devise/unlocks_controller.rb

@@ -12,7 +12,7 @@ class Devise::UnlocksController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_unlock_instructions_path_for(resource))
+      respond_with({}, location: after_sending_unlock_instructions_path_for(resource))
     else
       respond_with(resource)
     end
@@ -27,7 +27,7 @@ class Devise::UnlocksController < DeviseController
       set_flash_message :notice, :unlocked if is_flashing_format?
       respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
     else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
     end
   end
 

app/controllers/devise_controller.rb

@@ -6,8 +6,8 @@ class DeviseController < Devise.parent_controller.constantize
 
   helpers = %w(resource scope_name resource_name signed_in_resource
                resource_class resource_params devise_mapping)
-  hide_action *helpers
-  helper_method *helpers
+  hide_action(*helpers)
+  helper_method(*helpers)
 
   prepend_before_filter :assert_is_devise_resource!
   respond_to :html if mimes_for_respond_to.empty?
@@ -30,7 +30,7 @@ class DeviseController < Devise.parent_controller.constantize
 
   # Returns a signed in resource from session (if one exists)
   def signed_in_resource
-    warden.authenticate(:scope => resource_name)
+    warden.authenticate(scope: resource_name)
   end
 
   # Attempt to find the mapped route for devise based on request path
@@ -44,7 +44,7 @@ class DeviseController < Devise.parent_controller.constantize
   # loaded before even having a request object.
   def _prefixes #:nodoc:
     @_prefixes ||= if self.class.scoped_views? && request && devise_mapping
-      super.unshift("#{devise_mapping.scoped_path}/#{controller_name}")
+      ["#{devise_mapping.scoped_path}/#{controller_name}"] + super
     else
       super
     end
@@ -92,14 +92,14 @@ MESSAGE
   # Helper for use in before_filters where no authentication is required.
   #
   # Example:
-  #   before_filter :require_no_authentication, :only => :new
+  #   before_filter :require_no_authentication, only: :new
   def require_no_authentication
     assert_is_devise_resource!
     return unless is_navigational_format?
     no_input = devise_mapping.no_input_strategies
 
     authenticated = if no_input.present?
-      args = no_input.dup.push :scope => resource_name
+      args = no_input.dup.push scope: resource_name
       warden.authenticate?(*args)
     else
       warden.authenticated?(resource_name)

app/helpers/devise_helper.rb

@@ -10,8 +10,8 @@ module DeviseHelper
 
     messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
     sentence = I18n.t("errors.messages.not_saved",
-                      :count => resource.errors.count,
-                      :resource => resource.class.model_name.human.downcase)
+                      count: resource.errors.count,
+                      resource: resource.class.model_name.human.downcase)
 
     html = <<-HTML
     <div id="error_explanation">

app/views/devise/confirmations/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Resend confirmation instructions" %></div>
 <% end %>

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p>You can confirm your account email through the link below:</p>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
 
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -4,4 +4,4 @@
 
 <p>Click the link below to unlock your account:</p>
 
-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -1,14 +1,14 @@
 <h2>Change your password</h2>
 
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
   <%= f.hidden_field :reset_password_token %>
 
   <div><%= f.label :password, "New password" %><br />
-  <%= f.password_field :password, :autofocus => true %></div>
+    <%= f.password_field :password, autofocus: true, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation, "Confirm new password" %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.submit "Change my password" %></div>
 <% end %>

app/views/devise/passwords/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Forgot your password?</h2>
 
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Send me reset password instructions" %></div>
 <% end %>

app/views/devise/registrations/edit.html.erb

@@ -1,29 +1,29 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
     <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
   <% end %>
 
   <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-  <%= f.password_field :password, :autocomplete => "off" %></div>
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-  <%= f.password_field :current_password %></div>
+    <%= f.password_field :current_password, autocomplete: "off" %></div>
 
   <div><%= f.submit "Update" %></div>
 <% end %>
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
 
 <%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -1,16 +1,16 @@
 <h2>Sign up</h2>
 
-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
-  <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+  <div><%= f.label :password %> <% if @validatable %><i>(<%= @minimum_password_length %> characters minimum)</i><% end %><br />
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.submit "Sign up" %></div>
 <% end %>

app/views/devise/sessions/new.html.erb

@@ -1,17 +1,17 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>
 
-<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <% if devise_mapping.rememberable? -%>
     <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
   <% end -%>
 
-  <div><%= f.submit "Sign in" %></div>
+  <div><%= f.submit "Log in" %></div>
 <% end %>
 
 <%= render "devise/shared/links" %>

app/views/devise/shared/_links.erb

@@ -1,5 +1,5 @@
 <%- if controller_name != 'sessions' %>
-  <%= link_to "Sign in", new_session_path(resource_name) %><br />
+  <%= link_to "Log in", new_session_path(resource_name) %><br />
 <% end -%>
 
 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>

app/views/devise/unlocks/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Resend unlock instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Resend unlock instructions" %></div>
 <% end %>

config/locales/en.yml

@@ -3,26 +3,26 @@
 en:
   devise:
     confirmations:
-      confirmed: "Your account was successfully confirmed."
-      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
-      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
     failure:
       already_authenticated: "You are already signed in."
       inactive: "Your account is not activated yet."
       invalid: "Invalid email or password."
       locked: "Your account is locked."
-      last_attempt: "You have one more attempt before your account will be locked."
-      not_found_in_database: "Invalid email or password."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid email address or password."
       timeout: "Your session expired. Please sign in again to continue."
       unauthenticated: "You need to sign in or sign up before continuing."
-      unconfirmed: "You have to confirm your account before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
     mailer:
       confirmation_instructions:
         subject: "Confirmation instructions"
       reset_password_instructions:
         subject: "Reset password instructions"
       unlock_instructions:
-        subject: "Unlock Instructions"
+        subject: "Unlock instructions"
     omniauth_callbacks:
       failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
       success: "Successfully authenticated from %{kind} account."
@@ -30,22 +30,23 @@ en:
       no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
       send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
       send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      updated: "Your password was changed successfully. You are now signed in."
-      updated_not_active: "Your password was changed successfully."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
     registrations:
-      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
       signed_up: "Welcome! You have signed up successfully."
       signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
       signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
-      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
-      updated: "You updated your account successfully."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+      updated: "Your account has been updated successfully."
     sessions:
       signed_in: "Signed in successfully."
       signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
     unlocks:
-      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
-      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
       unlocked: "Your account has been unlocked successfully. Please sign in to continue."
   errors:
     messages:

devise.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency("warden", "~> 1.2.3")
   s.add_dependency("orm_adapter", "~> 0.1")
-  s.add_dependency("bcrypt-ruby", "~> 3.0")
+  s.add_dependency("bcrypt", "~> 3.0")
   s.add_dependency("thread_safe", "~> 0.1")
   s.add_dependency("railties", ">= 3.2.6", "< 5")
 end

gemfiles/Gemfile.rails-3.2-stable

@@ -1,17 +1,17 @@
 source "https://rubygems.org"
 
-gemspec :path => '..'
+gemspec path: '..'
 
 gem "rails", github: 'rails/rails', branch: '3-2-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do

gemfiles/Gemfile.rails-3.2-stable.lock

@@ -0,0 +1,166 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61
+  branch: 3-2-stable
+  specs:
+    actionmailer (3.2.19)
+      actionpack (= 3.2.19)
+      mail (~> 2.5.4)
+    actionpack (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+    activerecord (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+    activesupport (3.2.19)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    rails (3.2.19)
+      actionmailer (= 3.2.19)
+      actionpack (= 3.2.19)
+      activerecord (= 3.2.19)
+      activeresource (= 3.2.19)
+      activesupport (= 3.2.19)
+      bundler (~> 1.0)
+      railties (= 3.2.19)
+    railties (3.2.19)
+      actionpack (= 3.2.19)
+      activesupport (= 3.2.19)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.3.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arel (3.0.3)
+    bcrypt (3.1.7)
+    builder (3.0.4)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    journey (1.0.4)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.4)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (3.1.6)
+      activemodel (~> 3.2)
+      moped (~> 1.4)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.29)
+    moped (1.5.2)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    origin (1.1.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    ruby-openid (2.5.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.40)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 3.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)

gemfiles/Gemfile.rails-4.0-stable

@@ -1,17 +1,17 @@
 source "https://rubygems.org"
 
-gemspec :path => '..'
+gemspec path: '..'
 
 gem "rails", github: 'rails/rails', branch: '4-0-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end
 
 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end

gemfiles/Gemfile.rails-4.0-stable.lock

@@ -0,0 +1,162 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 6d95e04c6968fb7597ea5dbd08b31f271fb87c9c
+  branch: 4-0-stable
+  specs:
+    actionmailer (4.0.8)
+      actionpack (= 4.0.8)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.0.8)
+      activesupport (= 4.0.8)
+      builder (~> 3.1.0)
+      erubis (~> 2.7.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.8)
+      activesupport (= 4.0.8)
+      builder (~> 3.1.0)
+    activerecord (4.0.8)
+      activemodel (= 4.0.8)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.8)
+      arel (~> 4.0.0)
+    activesupport (4.0.8)
+      i18n (~> 0.6, >= 0.6.9)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    rails (4.0.8)
+      actionmailer (= 4.0.8)
+      actionpack (= 4.0.8)
+      activerecord (= 4.0.8)
+      activesupport (= 4.0.8)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.8)
+      sprockets-rails (~> 2.0)
+    railties (4.0.8)
+      actionpack (= 4.0.8)
+      activesupport (= 4.0.8)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.3.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activerecord-deprecated_finders (1.0.3)
+    arel (4.0.2)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.1.4)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (4.7.5)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack (1.5.2)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (0.3.40)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)

gemfiles/Gemfile.rails-head

@@ -1,17 +1,20 @@
 source "https://rubygems.org"
 
-gemspec :path => '..'
+gemspec path: '..'
 
-gem "rails", github: 'rails/rails'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", github: "rails/rails"
+gem "arel", github: "rails/arel"
+gem "rack", github: "rack/rack"
+gem "i18n", github: "svenfuchs/i18n"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"
 
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.14", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do

gemfiles/Gemfile.rails-head.lock

@@ -0,0 +1,190 @@
+GIT
+  remote: git://github.com/mongoid/mongoid.git
+  revision: 8cb17e9839973b76295cf87189e91a5ffcc03ab0
+  branch: master
+  specs:
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+
+GIT
+  remote: git://github.com/rack/rack.git
+  revision: 92811eec6e86cb4dba52b3969c4dd66e639df158
+  specs:
+    rack (1.6.0.alpha)
+
+GIT
+  remote: git://github.com/rails/arel.git
+  revision: 66cee768bc163537087037a583f60639eae49fc3
+  specs:
+    arel (6.0.0.20140505020427)
+
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: d5be08347fb7ff758572775ec93247a3ca886004
+  specs:
+    actionmailer (4.2.0.alpha)
+      actionpack (= 4.2.0.alpha)
+      actionview (= 4.2.0.alpha)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.2.0.alpha)
+      actionview (= 4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      rack (~> 1.6.0.alpha)
+      rack-test (~> 0.6.2)
+    actionview (4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      builder (~> 3.1)
+    activerecord (4.2.0.alpha)
+      activemodel (= 4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      arel (~> 6.0.0)
+    activesupport (4.2.0.alpha)
+      i18n (>= 0.7.0.dev, < 0.8)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    rails (4.2.0.alpha)
+      actionmailer (= 4.2.0.alpha)
+      actionpack (= 4.2.0.alpha)
+      actionview (= 4.2.0.alpha)
+      activemodel (= 4.2.0.alpha)
+      activerecord (= 4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.0.alpha)
+      sprockets-rails (~> 2.1)
+    railties (4.2.0.alpha)
+      actionpack (= 4.2.0.alpha)
+      activesupport (= 4.2.0.alpha)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+GIT
+  remote: git://github.com/svenfuchs/i18n.git
+  revision: cb679b8cdbab675703a3f88de4d48a48f7b50e06
+  specs:
+    i18n (0.7.0.dev)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.3.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (5.4.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (1.2.1)
+      thread_safe (~> 0.1)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  arel!
+  devise!
+  i18n!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid!
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rack!
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)

lib/devise.rb

@@ -134,6 +134,10 @@ module Devise
   mattr_accessor :extend_remember_period
   @@extend_remember_period = false
 
+  # If true, all the remember me tokens are going to be invalidated when the user signs out.
+  mattr_accessor :expire_all_remember_me_on_sign_out
+  @@expire_all_remember_me_on_sign_out = true
+
   # Time interval you can access your account before confirming your account.
   # nil - allows unconfirmed access for unlimited time
   mattr_accessor :allow_unconfirmed_access_for
@@ -268,7 +272,7 @@ module Devise
   # Private methods to interface with Warden.
   mattr_accessor :warden_config
   @@warden_config = nil
-  @@warden_config_block = nil
+  @@warden_config_blocks = []
 
   # When true, enter in paranoid mode to avoid user enumeration.
   mattr_accessor :paranoid
@@ -350,8 +354,8 @@ module Devise
   # == Examples:
   #
   #   Devise.add_module(:party_module)
-  #   Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
-  #   Devise.add_module(:party_module, :model => 'party_module/model')
+  #   Devise.add_module(:party_module, strategy: true, controller: :sessions)
+  #   Devise.add_module(:party_module, model: 'party_module/model')
   #
   def self.add_module(module_name, options = {})
     ALL << module_name
@@ -400,7 +404,7 @@ module Devise
   # Sets warden configuration using a block that will be invoked on warden
   # initialization.
   #
-  #  Devise.initialize do |config|
+  #  Devise.setup do |config|
   #    config.allow_unconfirmed_access_for = 2.days
   #
   #    config.warden do |manager|
@@ -409,7 +413,7 @@ module Devise
   #    end
   #  end
   def self.warden(&block)
-    @@warden_config_block = block
+    @@warden_config_blocks << block
   end
 
   # Specify an omniauth provider.
@@ -449,7 +453,7 @@ module Devise
       warden_config.intercept_401 = false
 
       Devise.mappings.each_value do |mapping|
-        warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
+        warden_config.scope_defaults mapping.name, strategies: mapping.strategies
 
         warden_config.serialize_into_session(mapping.name) do |record|
           mapping.to.serialize_into_session(record)
@@ -463,7 +467,7 @@ module Devise
         end
       end
 
-      @@warden_config_block.try :call, Devise.warden_config
+      @@warden_config_blocks.map { |block| block.call Devise.warden_config }
       true
     end
   end

lib/devise/controllers/helpers.rb

@@ -11,6 +11,68 @@ module Devise
       end
 
       module ClassMethods
+        # Define authentication filters and accessor helpers for a group of mappings.
+        # These methods are useful when you are working with multiple mappings that
+        # share some functionality. They are pretty much the same as the ones
+        # defined for normal mappings.
+        #
+        # Example:
+        #
+        #   inside BlogsController (or any other controller, it doesn't matter which):
+        #     devise_group :blogger, contains: [:user, :admin]
+        #
+        #   Generated methods:
+        #     authenticate_blogger!  # Redirects unless user or admin are signed in
+        #     blogger_signed_in?     # Checks whether there is either a user or an admin signed in
+        #     current_blogger        # Currently signed in user or admin
+        #     current_bloggers       # Currently signed in user and admin
+        #
+        #   Use:
+        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     current_blogger :user                             # Preferably returns a User if one is signed in
+        #
+        def devise_group(group_name, opts={})
+          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+
+          class_eval <<-METHODS, __FILE__, __LINE__ + 1
+            def authenticate_#{group_name}!(favourite=nil, opts={})
+              unless #{group_name}_signed_in?
+                mappings = #{mappings}
+                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.each do |mapping|
+                  opts[:scope] = mapping
+                  warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
+                end
+              end
+            end
+
+            def #{group_name}_signed_in?
+              #{mappings}.any? do |mapping|
+                warden.authenticate?(scope: mapping)
+              end
+            end
+
+            def current_#{group_name}(favourite=nil)
+              mappings = #{mappings}
+              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.each do |mapping|
+                current = warden.authenticate(scope: mapping)
+                return current if current
+              end
+              nil
+            end
+
+            def current_#{group_name.to_s.pluralize}
+              #{mappings}.map do |mapping|
+                warden.authenticate(scope: mapping)
+              end.compact
+            end
+
+            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+          METHODS
+        end
+
         def log_process_action(payload)
           payload[:status] ||= 401 unless payload[:exception]
           super
@@ -55,7 +117,7 @@ module Devise
           end
 
           def current_#{mapping}
-            @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
+            @current_#{mapping} ||= warden.authenticate(scope: :#{mapping})
           end
 
           def #{mapping}_session
@@ -77,9 +139,9 @@ module Devise
       # the controllers defined inside devise. Useful if you want to apply a before
       # filter to all controllers, except the ones in devise:
       #
-      #   before_filter :my_filter, :unless => :devise_controller?
+      #   before_filter :my_filter, unless: :devise_controller?
       def devise_controller?
-        is_a?(DeviseController)
+        is_a?(::DeviseController)
       end
 
       # Setup a param sanitizer to filter parameters using strong_parameters. See
@@ -102,9 +164,16 @@ module Devise
       # tries to find a resource_root_path, otherwise it uses the root_path.
       def signed_in_root_path(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+
         home_path = "#{scope}_root_path"
-        if respond_to?(home_path, true)
-          send(home_path)
+
+        context = router_name ? send(router_name) : self
+
+        if context.respond_to?(home_path, true)
+          context.send(home_path)
+        elsif context.respond_to?(:root_path)
+          context.root_path
         elsif respond_to?(:root_path)
           root_path
         else
@@ -121,10 +190,10 @@ module Devise
       # root path. For a user scope, you can define the default url in
       # the following way:
       #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #   map.user_root '/users', controller: 'users' # creates user_root_path
       #
       #   map.namespace :user do |user|
-      #     user.root :controller => 'users' # creates user_root_path
+      #     user.root controller: 'users' # creates user_root_path
       #   end
       #
       # If the resource root path is not defined, root_path is used. However,
@@ -150,7 +219,10 @@ module Devise
       #
       # By default it is the root_path.
       def after_sign_out_path_for(resource_or_scope)
-        respond_to?(:root_path) ? root_path : "/"
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+        context = router_name ? send(router_name) : self
+        context.respond_to?(:root_path) ? context.root_path : "/"
       end
 
       # Sign in a user and tries to redirect first to the stored location and
@@ -176,10 +248,9 @@ module Devise
       # Overwrite Rails' handle unverified request to sign out all scopes,
       # clear run strategies and remove cached variables.
       def handle_unverified_request
-        sign_out_all_scopes(false)
+        super # call the default behaviour which resets/nullifies/raises
         request.env["devise.skip_storage"] = true
-        expire_data_after_sign_out!
-        super # call the default behaviour which resets the session
+        sign_out_all_scopes(false)
       end
 
       def request_format

lib/devise/controllers/rememberable.rb

@@ -31,11 +31,11 @@ module Devise
       end
 
       def remember_cookie_values(resource)
-        options = { :httponly => true }
+        options = { httponly: true }
         options.merge!(forget_cookie_values(resource))
         options.merge!(
-          :value => resource.class.serialize_into_cookie(resource),
-          :expires => resource.remember_expires_at
+          value: resource.class.serialize_into_cookie(resource),
+          expires: resource.remember_expires_at
         )
       end
 

lib/devise/controllers/sign_in_out.rb

@@ -7,7 +7,7 @@ module Devise
       # true if any scope is signed in. Does not run authentication hooks.
       def signed_in?(scope=nil)
         [ scope || Devise.mappings.keys ].flatten.any? do |_scope|
-          warden.authenticate?(:scope => _scope)
+          warden.authenticate?(scope: _scope)
         end
       end
 
@@ -23,9 +23,9 @@ module Devise
       #
       #   sign_in :user, @user                      # sign_in(scope, resource)
       #   sign_in @user                             # sign_in(resource)
-      #   sign_in @user, :event => :authentication  # sign_in(resource, options)
-      #   sign_in @user, :store => false            # sign_in(resource, options)
-      #   sign_in @user, :bypass => true            # sign_in(resource, options)
+      #   sign_in @user, event: :authentication  # sign_in(resource, options)
+      #   sign_in @user, store: false            # sign_in(resource, options)
+      #   sign_in @user, bypass: true            # sign_in(resource, options)
       #
       def sign_in(resource_or_scope, *args)
         options  = args.extract_options!
@@ -40,7 +40,7 @@ module Devise
           # Do nothing. User already signed in and we are not forcing it.
           true
         else
-          warden.set_user(resource, options.merge!(:scope => scope))
+          warden.set_user(resource, options.merge!(scope: scope))
         end
       end
 
@@ -56,11 +56,11 @@ module Devise
       def sign_out(resource_or_scope=nil)
         return sign_out_all_scopes unless resource_or_scope
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user
+        user = warden.user(scope: scope, run_callbacks: false) # If there is no user
 
         warden.raw_session.inspect # Without this inspect here. The session does not clear.
         warden.logout(scope)
-        warden.clear_strategies_cache!(:scope => scope)
+        warden.clear_strategies_cache!(scope: scope)
         instance_variable_set(:"@current_#{scope}", nil)
 
         !!user
@@ -70,9 +70,8 @@ module Devise
       # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
       # and false if there was no user logged in on all scopes.
       def sign_out_all_scopes(lock=true)
-        users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) }
+        users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
 
-        warden.raw_session.inspect
         warden.logout
         expire_data_after_sign_out!
         warden.clear_strategies_cache!

lib/devise/controllers/store_location.rb

@@ -33,14 +33,20 @@ module Devise
       #
       def store_location_for(resource_or_scope, location)
         session_key = stored_location_key_for(resource_or_scope)
-        if location
-          uri = URI.parse(location)
+        uri = parse_uri(location)
+        if uri
           session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
         end
       end
 
       private
 
+      def parse_uri(location)
+        location && URI.parse(location)
+      rescue URI::InvalidURIError
+        nil
+      end
+
       def stored_location_key_for(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
         "#{scope}_return_to"

lib/devise/controllers/url_helpers.rb

@@ -47,7 +47,9 @@ module Devise
               class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
                 def #{method}(resource_or_scope, *args)
                   scope = Devise::Mapping.find_scope!(resource_or_scope)
-                  _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                  router_name = Devise.mappings[scope].router_name
+                  context = router_name ? send(router_name) : _devise_route_context
+                  context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                 end
               URL_HELPERS
             end

lib/devise/failure_app.rb

@@ -15,7 +15,7 @@ module Devise
 
     include Devise::Controllers::StoreLocation
 
-    delegate :flash, :to => :request
+    delegate :flash, to: :request
 
     def self.call(env)
       @respond ||= action(:respond)
@@ -96,15 +96,15 @@ module Devise
           request.referrer
         end
 
-        path || scope_path
+        path || scope_url
       else
-        scope_path
+        scope_url
       end
     end
 
-    def scope_path
+    def scope_url
       opts  = {}
-      route = :"new_#{scope}_session_path"
+      route = :"new_#{scope}_session_url"
       opts[:format] = request_format unless skip_format?
 
       config = Rails.application.config
@@ -114,8 +114,8 @@ module Devise
 
       if context.respond_to?(route)
         context.send(route, opts)
-      elsif respond_to?(:root_path)
-        root_path(opts)
+      elsif respond_to?(:root_url)
+        root_url(opts)
       else
         "/"
       end
@@ -151,9 +151,9 @@ module Devise
       return i18n_message unless request_format
       method = "to_#{request_format}"
       if method == "to_xml"
-        { :error => i18n_message }.to_xml(:root => "errors")
+        { error: i18n_message }.to_xml(root: "errors")
       elsif {}.respond_to?(method)
-        { :error => i18n_message }.send(method)
+        { error: i18n_message }.send(method)
       else
         i18n_message
       end

lib/devise/hooks/activatable.rb

@@ -1,11 +1,10 @@
-# Deny user access whenever their account is not active yet. All strategies that inherits from
-# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
-# before actively signing them in. However, we need this as hook to validate the user activity
-# in each request and in case the user is using other strategies beside Devise ones.
+# Deny user access whenever their account is not active yet.
+# We need this as hook to validate the user activity on each request
+# and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
   if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
     scope = options[:scope]
     warden.logout(scope)
-    throw :warden, :scope => scope, :message => record.inactive_message
+    throw :warden, scope: scope, message: record.inactive_message
   end
 end

lib/devise/hooks/csrf_cleaner.rb

@@ -1,5 +1,7 @@
 Warden::Manager.after_authentication do |record, warden, options|
-  if Devise.clean_up_csrf_token_on_authentication
+  clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) ||
+    warden.winning_strategy.clean_up_csrf?
+  if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy
     warden.request.session.try(:delete, :_csrf_token)
   end
 end

lib/devise/hooks/lockable.rb

@@ -1,6 +1,6 @@
 # After each sign in, if resource responds to failed_attempts, sets it to 0
 # This is only triggered when the user is explicitly set (with set_user)
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
     record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero?
   end

lib/devise/hooks/proxy.rb

@@ -7,7 +7,7 @@ module Devise
       include Devise::Controllers::SignInOut
 
       attr_reader :warden
-      delegate :cookies, :env, :to => :warden
+      delegate :cookies, :env, to: :warden
 
       def initialize(warden)
         @warden = warden

lib/devise/hooks/rememberable.rb

@@ -1,4 +1,4 @@
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   scope = options[:scope]
   if record.respond_to?(:remember_me) && options[:store] != false &&
      record.remember_me && warden.authenticated?(scope)

lib/devise/hooks/timeoutable.rb

@@ -9,6 +9,13 @@ Warden::Manager.after_set_user do |record, warden, options|
 
   if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
     last_request_at = warden.session(scope)['last_request_at']
+
+    if last_request_at.is_a? Integer
+      last_request_at = Time.at(last_request_at).utc
+    elsif last_request_at.is_a? String
+      last_request_at = Time.parse(last_request_at)
+    end
+
     proxy = Devise::Hooks::Proxy.new(warden)
 
     if record.timedout?(last_request_at) && !env['devise.skip_timeout']
@@ -18,11 +25,11 @@ Warden::Manager.after_set_user do |record, warden, options|
         record.reset_authentication_token!
       end
 
-      throw :warden, :scope => scope, :message => :timeout
+      throw :warden, scope: scope, message: :timeout
     end
 
     unless env['devise.skip_trackable']
-      warden.session(scope)['last_request_at'] = Time.now.utc
+      warden.session(scope)['last_request_at'] = Time.now.utc.to_i
     end
   end
 end

lib/devise/hooks/trackable.rb

@@ -2,7 +2,7 @@
 # This is only triggered when the user is explicitly set (with set_user)
 # and on authentication. Retrieving the user from session (:fetch) does
 # not trigger it.
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
     record.update_tracked_fields!(warden.request)
   end

lib/devise/mailers/helpers.rb

@@ -27,12 +27,12 @@ module Devise
 
       def headers_for(action, opts)
         headers = {
-          :subject       => subject_for(action),
-          :to            => resource.email,
-          :from          => mailer_sender(devise_mapping),
-          :reply_to      => mailer_reply_to(devise_mapping),
-          :template_path => template_paths,
-          :template_name => action
+          subject: subject_for(action),
+          to: resource.email,
+          from: mailer_sender(devise_mapping),
+          reply_to: mailer_reply_to(devise_mapping),
+          template_path: template_paths,
+          template_name: action
         }.merge(opts)
 
         @email = headers[:to]
@@ -82,8 +82,8 @@ module Devise
       #           subject: '...'
       #
       def subject_for(key)
-        I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key],
-          :default => [:subject, key.to_s.humanize])
+        I18n.t(:"#{devise_mapping.name}_subject", scope: [:devise, :mailer, key],
+          default: [:subject, key.to_s.humanize])
       end
     end
   end

lib/devise/mapping.rb

@@ -23,7 +23,8 @@ module Devise
   #
   class Mapping #:nodoc:
     attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
+                :failure_app, :router_name
 
     alias :name :singular
 
@@ -60,6 +61,8 @@ module Devise
       @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
       @format = options[:format]
 
+      @router_name = options[:router_name]
+
       default_failure_app(options)
       default_controllers(options)
       default_path_names(options)

lib/devise/models/authenticatable.rb

@@ -29,7 +29,7 @@ module Devise
     #     It also accepts an array specifying the strategies that should allow params authentication.
     #
     #   * +skip_session_storage+: By default Devise will store the user in session.
-    #     By default is set to :skip_session_storage => [:http_auth].
+    #     By default is set to skip_session_storage: [:http_auth].
     #
     # == active_for_authentication?
     #
@@ -59,7 +59,7 @@ module Devise
         :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
 
       included do
-        class_attribute :devise_modules, :instance_writer => false
+        class_attribute :devise_modules, instance_writer: false
         self.devise_modules ||= []
 
         before_validation :downcase_keys
@@ -231,7 +231,7 @@ module Devise
         # Example:
         #
         #   def self.find_for_authentication(tainted_conditions)
-        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios

lib/devise/models/confirmable.rb

@@ -33,10 +33,10 @@ module Devise
       include ActionView::Helpers::DateHelper
 
       included do
-        before_create :generate_confirmation_token, :if => :confirmation_required?
-        after_create  :send_on_create_confirmation_instructions, :if => :send_confirmation_notification?
-        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, :if => :postpone_email_change?
-        after_update  :send_reconfirmation_instructions,  :if => :reconfirmation_required?
+        before_create :generate_confirmation_token, if: :confirmation_required?
+        after_create  :send_on_create_confirmation_instructions, if: :send_confirmation_notification?
+        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change?
+        after_update  :send_reconfirmation_instructions,  if: :reconfirmation_required?
       end
 
       def initialize(*args, &block)
@@ -60,7 +60,7 @@ module Devise
         pending_any_confirmation do
           if confirmation_period_expired?
             self.errors.add(:email, :confirmation_period_expired,
-              :period => Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
+              period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
             return false
           end
 
@@ -73,9 +73,9 @@ module Devise
             self.unconfirmed_email = nil
 
             # We need to validate in such cases to enforce e-mail uniqueness
-            save(:validate => true)
+            save(validate: true)
           else
-            save(:validate => false)
+            save(validate: false)
           end
 
           after_confirmation if saved
@@ -98,7 +98,7 @@ module Devise
           generate_confirmation_token!
         end
 
-        opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
+        opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
         send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
       end
 
@@ -225,7 +225,7 @@ module Devise
         end
 
         def generate_confirmation_token!
-          generate_confirmation_token && save(:validate => false)
+          generate_confirmation_token && save(validate: false)
         end
 
         def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
@@ -236,17 +236,17 @@ module Devise
         end
 
         def postpone_email_change?
-          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && !self.email.blank?
+          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
           @bypass_confirmation_postpone = false
           postpone
         end
 
         def reconfirmation_required?
-          self.class.reconfirmable && @reconfirmation_required && !self.email.blank?
+          self.class.reconfirmable && @reconfirmation_required && self.email.present?
         end
 
         def send_confirmation_notification?
-          confirmation_required? && !@skip_confirmation_notification && !self.email.blank?
+          confirmation_required? && !@skip_confirmation_notification && self.email.present?
         end
 
         def after_confirmation

lib/devise/models/database_authenticatable.rb

@@ -4,7 +4,7 @@ require 'bcrypt'
 module Devise
   # Digests the password using bcrypt.
   def self.bcrypt(klass, password)
-    ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s
+    ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
   end
 
   module Models
@@ -55,9 +55,13 @@ module Devise
         self.password = self.password_confirmation = nil
       end
 
-      # Update record attributes when :current_password matches, otherwise returns
-      # error on :current_password. It also automatically rejects :password and
-      # :password_confirmation if they are blank.
+      # Update record attributes when :current_password matches, otherwise
+      # returns error on :current_password.
+      #
+      # This method also rejects the password field if it is blank (allowing
+      # users to change relevant information like the e-mail without changing
+      # their password). In case the password field is rejected, the confirmation
+      # is also rejected as long as it is also blank.
       def update_with_password(params, *options)
         current_password = params.delete(:current_password)
 

lib/devise/models/lockable.rb

@@ -22,7 +22,7 @@ module Devise
     module Lockable
       extend  ActiveSupport::Concern
 
-      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
+      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, to: "self.class"
 
       def self.required_fields(klass)
         attributes = []
@@ -36,14 +36,14 @@ module Devise
       # Lock a user setting its locked_at to actual time.
       # * +opts+: Hash options if you don't want to send email
       #   when you lock access, you could pass the next hash
-      #   `{ :send_instructions => false } as option`.
+      #   `{ send_instructions: false } as option`.
       def lock_access!(opts = { })
         self.locked_at = Time.now.utc
 
         if unlock_strategy_enabled?(:email) && opts.fetch(:send_instructions, true)
           send_unlock_instructions
         else
-          save(:validate => false)
+          save(validate: false)
         end
       end
 
@@ -52,7 +52,7 @@ module Devise
         self.locked_at = nil
         self.failed_attempts = 0 if respond_to?(:failed_attempts=)
         self.unlock_token = nil  if respond_to?(:unlock_token=)
-        save(:validate => false)
+        save(validate: false)
       end
 
       # Verifies whether a user is locked or not.
@@ -64,7 +64,7 @@ module Devise
       def send_unlock_instructions
         raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
         self.unlock_token = enc
-        self.save(:validate => false)
+        self.save(validate: false)
         send_devise_notification(:unlock_instructions, raw, {})
         raw
       end
@@ -104,7 +104,7 @@ module Devise
           if attempts_exceeded?
             lock_access! unless access_locked?
           else
-            save(:validate => false)
+            save(validate: false)
           end
           false
         end
@@ -115,10 +115,10 @@ module Devise
         # leaks the existence of an account.
         if Devise.paranoid
           super
+        elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
+          :locked
         elsif lock_strategy_enabled?(:failed_attempts) && last_attempt?
           :last_attempt
-        elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
-          :locked
         else
           super
         end

lib/devise/models/omniauthable.rb

@@ -10,7 +10,7 @@ module Devise
     #
     #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
     #
-    #       devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
+    #       devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
     #
     module Omniauthable
       extend ActiveSupport::Concern

lib/devise/models/recoverable.rb

@@ -45,14 +45,10 @@ module Devise
       # Resets reset password token and send reset password instructions by email.
       # Returns the token sent in the e-mail.
       def send_reset_password_instructions
-        raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+        token = set_reset_password_token
+        send_reset_password_instructions_notification(token)
 
-        self.reset_password_token   = enc
-        self.reset_password_sent_at = Time.now.utc
-        self.save(:validate => false)
-
-        send_devise_notification(:reset_password_instructions, raw, {})
-        raw
+        token
       end
 
       # Checks if the reset password token sent is within the limit time.
@@ -90,7 +86,27 @@ module Devise
         def after_password_reset
         end
 
+        def set_reset_password_token
+          raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+
+          self.reset_password_token   = enc
+          self.reset_password_sent_at = Time.now.utc
+          self.save(validate: false)
+          raw
+        end
+
+        def send_reset_password_instructions_notification(token)
+          send_devise_notification(:reset_password_instructions, token, {})
+        end
+
       module ClassMethods
+        # Attempt to find a user by password reset token. If a user is found, return it
+        # If a user is not found, return nil
+        def with_reset_password_token(token)
+          reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)
+          to_adapter.find_first(reset_password_token: reset_password_token)
+        end
+
         # Attempt to find a user by its email. If a record is found, send new
         # password instructions to it. If user is not found, returns a new user
         # with an email not found error.

lib/devise/models/rememberable.rb

@@ -50,7 +50,7 @@ module Devise
       def remember_me!(extend_period=false)
         self.remember_token = self.class.remember_token if generate_remember_token?
         self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
-        save(:validate => false) if self.changed?
+        save(validate: false) if self.changed?
       end
 
       # If the record is persisted, remove the remember token (but only if
@@ -58,8 +58,8 @@ module Devise
       def forget_me!
         return unless persisted?
         self.remember_token = nil if respond_to?(:remember_token=)
-        self.remember_created_at = nil
-        save(:validate => false)
+        self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
+        save(validate: false)
       end
 
       # Remember token should be expired if expiration time not overpass now.
@@ -118,11 +118,11 @@ module Devise
         def remember_token #:nodoc:
           loop do
             token = Devise.friendly_token
-            break token unless to_adapter.find_first({ :remember_token => token })
+            break token unless to_adapter.find_first({ remember_token: token })
           end
         end
 
-        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
+        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
       end
     end
   end

lib/devise/models/trackable.rb

@@ -15,7 +15,7 @@ module Devise
         [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
       end
 
-      def update_tracked_fields!(request)
+      def update_tracked_fields(request)
         old_current, new_current = self.current_sign_in_at, Time.now.utc
         self.last_sign_in_at     = old_current || new_current
         self.current_sign_in_at  = new_current
@@ -26,8 +26,11 @@ module Devise
 
         self.sign_in_count ||= 0
         self.sign_in_count += 1
+      end
 
-        save(:validate => false) or raise "Devise trackable could not save #{inspect}." \
+      def update_tracked_fields!(request)
+        update_tracked_fields(request)
+        save(validate: false) or raise "Devise trackable could not save #{inspect}." \
           "Please make sure a model using trackable can be saved at sign in."
       end
     end

lib/devise/models/validatable.rb

@@ -26,13 +26,13 @@ module Devise
         assert_validations_api!(base)
 
         base.class_eval do
-          validates_presence_of   :email, :if => :email_required?
-          validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
-          validates_format_of     :email, :with  => email_regexp, :allow_blank => true, :if => :email_changed?
+          validates_presence_of   :email, if: :email_required?
+          validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
 
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-          validates_length_of       :password, :within => password_length, :allow_blank => true
+          validates_presence_of     :password, if: :password_required?
+          validates_confirmation_of :password, if: :password_required?
+          validates_length_of       :password, within: password_length, allow_blank: true
         end
       end
 

lib/devise/modules.rb

@@ -1,26 +1,26 @@
 require 'active_support/core_ext/object/with_options'
 
-Devise.with_options :model => true do |d|
+Devise.with_options model: true do |d|
   # Strategies first
-  d.with_options :strategy => true do |s|
+  d.with_options strategy: true do |s|
     routes = [nil, :new, :destroy]
-    s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
-    s.add_module :rememberable, :no_input => true
+    s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
+    s.add_module :rememberable, no_input: true
   end
 
   # Other authentications
-  d.add_module :omniauthable, :controller => :omniauth_callbacks,  :route => :omniauth_callback
+  d.add_module :omniauthable, controller: :omniauth_callbacks,  route: :omniauth_callback
 
   # Misc after
   routes = [nil, :new, :edit]
-  d.add_module :recoverable,  :controller => :passwords,     :route => { :password => routes }
-  d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) }
+  d.add_module :recoverable,  controller: :passwords,     route: { password: routes }
+  d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
   d.add_module :validatable
 
   # The ones which can sign out after
   routes = [nil, :new]
-  d.add_module :confirmable,  :controller => :confirmations, :route => { :confirmation => routes }
-  d.add_module :lockable,     :controller => :unlocks,       :route => { :unlock => routes }
+  d.add_module :confirmable,  controller: :confirmations, route: { confirmation: routes }
+  d.add_module :lockable,     controller: :unlocks,       route: { unlock: routes }
   d.add_module :timeoutable
 
   # Stats for last, so we make sure the user is really signed in

lib/devise/omniauth/url_helpers.rb

@@ -6,12 +6,12 @@ module Devise
 
       def omniauth_authorize_path(resource_or_scope, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_authorize_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_authorize_path", *args)
       end
 
       def omniauth_callback_path(resource_or_scope, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_callback_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_callback_path", *args)
       end
     end
   end

lib/devise/rails.rb

@@ -29,7 +29,7 @@ module Devise
       end
     end
 
-    config.after_initialize do |app|
+    initializer "devise.secret_key" do |app|
       if app.respond_to?(:secrets)
         Devise.secret_key ||= app.secrets.secret_key_base
       elsif app.config.respond_to?(:secret_key_base)

lib/devise/rails/routes.rb

@@ -43,20 +43,20 @@ module ActionDispatch::Routing
     # needed routes:
     #
     #  # Session routes for Authenticatable (default)
-    #       new_user_session GET    /users/sign_in                    {:controller=>"devise/sessions", :action=>"new"}
-    #           user_session POST   /users/sign_in                    {:controller=>"devise/sessions", :action=>"create"}
-    #   destroy_user_session DELETE /users/sign_out                   {:controller=>"devise/sessions", :action=>"destroy"}
+    #       new_user_session GET    /users/sign_in                    {controller:"devise/sessions", action:"new"}
+    #           user_session POST   /users/sign_in                    {controller:"devise/sessions", action:"create"}
+    #   destroy_user_session DELETE /users/sign_out                   {controller:"devise/sessions", action:"destroy"}
     #
     #  # Password routes for Recoverable, if User model has :recoverable configured
-    #      new_user_password GET    /users/password/new(.:format)     {:controller=>"devise/passwords", :action=>"new"}
-    #     edit_user_password GET    /users/password/edit(.:format)    {:controller=>"devise/passwords", :action=>"edit"}
-    #          user_password PUT    /users/password(.:format)         {:controller=>"devise/passwords", :action=>"update"}
-    #                        POST   /users/password(.:format)         {:controller=>"devise/passwords", :action=>"create"}
+    #      new_user_password GET    /users/password/new(.:format)     {controller:"devise/passwords", action:"new"}
+    #     edit_user_password GET    /users/password/edit(.:format)    {controller:"devise/passwords", action:"edit"}
+    #          user_password PUT    /users/password(.:format)         {controller:"devise/passwords", action:"update"}
+    #                        POST   /users/password(.:format)         {controller:"devise/passwords", action:"create"}
     #
     #  # Confirmation routes for Confirmable, if User model has :confirmable configured
-    #  new_user_confirmation GET    /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"}
-    #      user_confirmation GET    /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"show"}
-    #                        POST   /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"create"}
+    #  new_user_confirmation GET    /users/confirmation/new(.:format) {controller:"devise/confirmations", action:"new"}
+    #      user_confirmation GET    /users/confirmation(.:format)     {controller:"devise/confirmations", action:"show"}
+    #                        POST   /users/confirmation(.:format)     {controller:"devise/confirmations", action:"create"}
     #
     # ==== Routes integration
     #
@@ -84,22 +84,22 @@ module ActionDispatch::Routing
     #
     # You can configure your routes with some options:
     #
-    #  * :class_name => setup a different class to be looked up by devise, if it cannot be
+    #  * class_name: setup a different class to be looked up by devise, if it cannot be
     #    properly found by the route name.
     #
-    #      devise_for :users, :class_name => 'Account'
+    #      devise_for :users, class_name: 'Account'
     #
-    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #  * path: allows you to setup path name that will be used, as rails routes does.
     #    The following route configuration would setup your route as /accounts instead of /users:
     #
-    #      devise_for :users, :path => 'accounts'
+    #      devise_for :users, path: 'accounts'
     #
-    #  * :singular => setup the singular name for the given resource. This is used as the instance variable
+    #  * singular: setup the singular name for the given resource. This is used as the instance variable
     #    name in controller, as the name in routes and the scope given to warden.
     #
-    #      devise_for :users, :singular => :user
+    #      devise_for :users, singular: :user
     #
-    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #  * path_names: configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
     #    :password, :confirmation, :unlock.
     #
     #      devise_for :users, path_names: {
@@ -108,50 +108,53 @@ module ActionDispatch::Routing
     #        registration: 'register', edit: 'edit/profile'
     #      }
     #
-    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #  * controllers: the controller which should be used. All routes by default points to Devise controllers.
     #    However, if you want them to point to custom controller, you should do:
     #
-    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #      devise_for :users, controllers: { sessions: "users/sessions" }
     #
-    #  * :failure_app => a rack app which is invoked whenever there is a failure. Strings representing a given
+    #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, :sign_out_via => [ :post, :delete ]
+    #      devise_for :users, sign_out_via: [ :post, :delete ]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #
-    #  * :module => the namespace to find controllers (default: "devise", thus
+    #  * module: the namespace to find controllers (default: "devise", thus
     #    accessing devise/sessions, devise/registrations, and so on). If you want
     #    to namespace all at once, use module:
     #
-    #      devise_for :users, :module => "users"
+    #      devise_for :users, module: "users"
     #
-    #  * :skip => tell which controller you want to skip routes from being created:
+    #  * skip: tell which controller you want to skip routes from being created.
+    #    It accepts :all as an option, meaning it will not generate any route at all:
     #
-    #      devise_for :users, :skip => :sessions
+    #      devise_for :users, skip: :sessions
     #
-    #  * :only => the opposite of :skip, tell which controllers only to generate routes to:
+    #  * only: the opposite of :skip, tell which controllers only to generate routes to:
     #
-    #      devise_for :users, :only => :sessions
+    #      devise_for :users, only: :sessions
     #
-    #  * :skip_helpers => skip generating Devise url helpers like new_session_path(@user).
+    #  * skip_helpers: skip generating Devise url helpers like new_session_path(@user).
     #    This is useful to avoid conflicts with previous routes and is false by default.
     #    It accepts true as option, meaning it will skip all the helpers for the controllers
     #    given in :skip but it also accepts specific helpers to be skipped:
     #
-    #      devise_for :users, :skip => [:registrations, :confirmations], :skip_helpers => true
-    #      devise_for :users, :skip_helpers => [:registrations, :confirmations]
+    #      devise_for :users, skip: [:registrations, :confirmations], skip_helpers: true
+    #      devise_for :users, skip_helpers: [:registrations, :confirmations]
     #
-    #  * :format => include "(.:format)" in the generated routes? true by default, set to false to disable:
+    #  * format: include "(.:format)" in the generated routes? true by default, set to false to disable:
     #
-    #      devise_for :users, :format => false
+    #      devise_for :users, format: false
     #
-    #  * :constraints => works the same as Rails' constraints
+    #  * constraints: works the same as Rails' constraints
     #
-    #  * :defaults => works the same as Rails' defaults
+    #  * defaults: works the same as Rails' defaults
+    #
+    #  * router_name: allows application level router name to be overwritten for the current scope
     #
     # ==== Scoping
     #
@@ -173,7 +176,7 @@ module ActionDispatch::Routing
     #
     #   class ApplicationController < ActionController::Base
     #     def self.default_url_options
-    #       { :locale => I18n.locale }
+    #       { locale: I18n.locale }
     #     end
     #   end
     #
@@ -198,7 +201,7 @@ module ActionDispatch::Routing
     # In order to get Devise to recognize the deactivate action, your devise_scope entry should look like this:
     #
     #     devise_scope :owner do
-    #       post "deactivate", :to => "registrations#deactivate", :as => "deactivate_registration"
+    #       post "deactivate", to: "registrations#deactivate", as: "deactivate_registration"
     #     end
     #
     def devise_for(*resources)
@@ -224,7 +227,7 @@ module ActionDispatch::Routing
           raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
         rescue NameError => e
           raise unless mapping.class_name == resource.to_s.classify
-          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " <<
+          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " \
             "no model #{mapping.class_name} defined in your application"
           next
         rescue NoMethodError => e
@@ -234,13 +237,12 @@ module ActionDispatch::Routing
 
         if options[:controllers] && options[:controllers][:omniauth_callbacks]
           unless mapping.omniauthable?
-            msg =  "Mapping omniauth_callbacks on a resource that is not omniauthable\n"
-            msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
-            raise msg
+            raise ArgumentError, "Mapping omniauth_callbacks on a resource that is not omniauthable\n" \
+              "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
           end
         end
 
-        routes  = mapping.used_routes
+        routes = mapping.used_routes
 
         devise_scope mapping.name do
           with_devise_exclusive_scope mapping.fullpath, mapping.name, options do
@@ -263,7 +265,7 @@ module ActionDispatch::Routing
     #   end
     #
     #   authenticate :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
     def authenticate(scope=nil, block=nil)
@@ -277,18 +279,18 @@ module ActionDispatch::Routing
     # a model and allows extra constraints to be done on the instance.
     #
     #   authenticated :admin do
-    #     root :to => 'admin/dashboard#show', :as => :admin_root
+    #     root to: 'admin/dashboard#show', as: :admin_root
     #   end
     #
     #   authenticated do
-    #     root :to => 'dashboard#show', :as => :authenticated_root
+    #     root to: 'dashboard#show', as: :authenticated_root
     #   end
     #
     #   authenticated :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    #   root :to => 'landing#show'
+    #   root to: 'landing#show'
     #
     def authenticated(scope=nil, block=nil)
       constraints_for(:authenticate?, scope, block) do
@@ -301,15 +303,15 @@ module ActionDispatch::Routing
     #
     #   unauthenticated do
     #     as :user do
-    #       root :to => 'devise/registrations#new'
+    #       root to: 'devise/registrations#new'
     #     end
     #   end
     #
-    #   root :to => 'dashboard#show'
+    #   root to: 'dashboard#show'
     #
     def unauthenticated(scope=nil)
       constraint = lambda do |request|
-        not request.env["warden"].authenticate? :scope => scope
+        not request.env["warden"].authenticate? scope: scope
       end
 
       constraints(constraint) do
@@ -322,7 +324,7 @@ module ActionDispatch::Routing
     # to which controller it is targetted.
     #
     #   as :user do
-    #     get "sign_in", :to => "devise/sessions#new"
+    #     get "sign_in", to: "devise/sessions#new"
     #   end
     #
     # Notice you cannot have two scopes mapping to the same URL. And remember, if
@@ -354,42 +356,42 @@ module ActionDispatch::Routing
     protected
 
       def devise_session(mapping, controllers) #:nodoc:
-        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
-          get   :new,     :path => mapping.path_names[:sign_in],  :as => "new"
-          post  :create,  :path => mapping.path_names[:sign_in]
-          match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
+        resource :session, only: [], controller: controllers[:sessions], path: "" do
+          get   :new,     path: mapping.path_names[:sign_in],  as: "new"
+          post  :create,  path: mapping.path_names[:sign_in]
+          match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via
         end
       end
 
       def devise_password(mapping, controllers) #:nodoc:
-        resource :password, :only => [:new, :create, :edit, :update],
-          :path => mapping.path_names[:password], :controller => controllers[:passwords]
+        resource :password, only: [:new, :create, :edit, :update],
+          path: mapping.path_names[:password], controller: controllers[:passwords]
       end
 
       def devise_confirmation(mapping, controllers) #:nodoc:
-        resource :confirmation, :only => [:new, :create, :show],
-          :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        resource :confirmation, only: [:new, :create, :show],
+          path: mapping.path_names[:confirmation], controller: controllers[:confirmations]
       end
 
       def devise_unlock(mapping, controllers) #:nodoc:
         if mapping.to.unlock_strategy_enabled?(:email)
-          resource :unlock, :only => [:new, :create, :show],
-            :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+          resource :unlock, only: [:new, :create, :show],
+            path: mapping.path_names[:unlock], controller: controllers[:unlocks]
         end
       end
 
       def devise_registration(mapping, controllers) #:nodoc:
         path_names = {
-          :new => mapping.path_names[:sign_up],
-          :edit => mapping.path_names[:edit],
-          :cancel => mapping.path_names[:cancel]
+          new: mapping.path_names[:sign_up],
+          edit: mapping.path_names[:edit],
+          cancel: mapping.path_names[:cancel]
         }
 
         options = {
-          :only => [:new, :create, :edit, :update, :destroy],
-          :path => mapping.path_names[:registration],
-          :path_names => path_names,
-          :controller => controllers[:registrations]
+          only: [:new, :create, :edit, :update, :destroy],
+          path: mapping.path_names[:registration],
+          path_names: path_names,
+          controller: controllers[:registrations]
         }
 
         resource :registration, options do
@@ -405,16 +407,16 @@ and you have set #{mapping.fullpath.inspect}. You can work around by passing
 `skip: :omniauth_callbacks` and manually defining the routes. Here is an example:
 
     match "/users/auth/:provider",
-      :constraints => { :provider => /google|facebook/ },
-      :to => "devise/omniauth_callbacks#passthru",
-      :as => :omniauth_authorize,
-      :via => [:get, :post]
+      constraints: { provider: /google|facebook/ },
+      to: "devise/omniauth_callbacks#passthru",
+      as: :omniauth_authorize,
+      via: [:get, :post]
 
     match "/users/auth/:action/callback",
-      :constraints => { :action => /google|facebook/ },
-      :to => "devise/omniauth_callbacks",
-      :as => :omniauth_callback,
-      :via => [:get, :post]
+      constraints: { action: /google|facebook/ },
+      to: "devise/omniauth_callbacks",
+      as: :omniauth_callback,
+      via: [:get, :post]
 ERROR
         end
 
@@ -426,16 +428,16 @@ ERROR
         providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s))
 
         match "#{path_prefix}/:provider",
-          :constraints => { :provider => providers },
-          :to => "#{controllers[:omniauth_callbacks]}#passthru",
-          :as => :omniauth_authorize,
-          :via => [:get, :post]
+          constraints: { provider: providers },
+          to: "#{controllers[:omniauth_callbacks]}#passthru",
+          as: :omniauth_authorize,
+          via: [:get, :post]
 
         match "#{path_prefix}/:action/callback",
-          :constraints => { :action => providers },
-          :to => controllers[:omniauth_callbacks],
-          :as => :omniauth_callback,
-          :via => [:get, :post]
+          constraints: { action: providers },
+          to: controllers[:omniauth_callbacks],
+          as: :omniauth_callback,
+          via: [:get, :post]
       ensure
         @scope[:path] = path
       end
@@ -446,7 +448,7 @@ ERROR
         old = {}
         DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] }
 
-        new = { :as => new_as, :path => new_path, :module => nil }
+        new = { as: new_as, path: new_path, module: nil }
         new.merge!(options.slice(:constraints, :defaults, :options))
 
         @scope.merge!(new)
@@ -457,7 +459,7 @@ ERROR
 
       def constraints_for(method_to_apply, scope=nil, block=nil)
         constraint = lambda do |request|
-          request.env['warden'].send(method_to_apply, :scope => scope) &&
+          request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))
         end
 

lib/devise/strategies/authenticatable.rb

@@ -16,6 +16,13 @@ module Devise
         valid_for_params_auth? || valid_for_http_auth?
       end
 
+      # Override and set to false for things like OmniAuth that technically
+      # run through Authentication (user_set) very often, which would normally
+      # reset CSRF data in the session
+      def clean_up_csrf?
+        true
+      end
+
     private
 
       # Receives a resource and check if it is valid by calling valid_for_authentication?

lib/devise/test_helpers.rb

@@ -109,8 +109,8 @@ module Devise
 
         status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
         @controller.response.headers.merge!(headers)
-        @controller.send :render, :status => status, :text => response.body,
-          :content_type => headers["Content-Type"], :location => headers["Location"]
+        @controller.send :render, status: status, text: response.body,
+          content_type: headers["Content-Type"], location: headers["Location"]
         nil # causes process return @response
       end
 

lib/devise/time_inflector.rb

@@ -6,7 +6,7 @@ module Devise
 
     class << self
       attr_reader :instance
-      delegate :time_ago_in_words, :to => :instance
+      delegate :time_ago_in_words, to: :instance
     end
 
     @instance = new

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.2.3".freeze
+  VERSION = "3.3.0".freeze
 end

lib/generators/active_record/devise_generator.rb

@@ -4,7 +4,7 @@ require 'generators/devise/orm_helpers'
 module ActiveRecord
   module Generators
     class DeviseGenerator < ActiveRecord::Generators::Base
-      argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"
 
       include Devise::Generators::OrmHelpers
       source_root File.expand_path("../templates", __FILE__)
@@ -18,7 +18,7 @@ module ActiveRecord
       end
 
       def generate_model
-        invoke "active_record:model", [name], :migration => false unless model_exists? && behavior == :invoke
+        invoke "active_record:model", [name], migration: false unless model_exists? && behavior == :invoke
       end
 
       def inject_devise_content
@@ -39,8 +39,8 @@ module ActiveRecord
       def migration_data
 <<RUBY
       ## Database authenticatable
-      t.string :email,              :null => false, :default => ""
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
 
       ## Recoverable
       t.string   :reset_password_token
@@ -50,11 +50,11 @@ module ActiveRecord
       t.datetime :remember_created_at
 
       ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
+      t.integer  :sign_in_count, default: 0, null: false
       t.datetime :current_sign_in_at
       t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
+      t.#{ip_column} :current_sign_in_ip
+      t.#{ip_column} :last_sign_in_ip
 
       ## Confirmable
       # t.string   :confirmation_token
@@ -63,11 +63,28 @@ module ActiveRecord
       # t.string   :unconfirmed_email # Only if using reconfirmable
 
       ## Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
       # t.string   :unlock_token # Only if unlock strategy is :email or :both
       # t.datetime :locked_at
 RUBY
       end
+
+      def ip_column
+        # Padded with spaces so it aligns nicely with the rest of the columns.
+        "%-8s" % (inet? ? "inet" : "string")
+      end
+
+      def inet?
+        rails4? && postgresql?
+      end
+
+      def rails4?
+        Rails.version.start_with? '4'
+      end
+
+      def postgresql?
+        ActiveRecord::Base.connection.adapter_name.downcase == "postgresql"
+      end
     end
   end
 end

lib/generators/active_record/templates/migration.rb

@@ -10,9 +10,9 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
       t.timestamps
     end
 
-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
   end
 end

lib/generators/active_record/templates/migration_existing.rb

@@ -11,10 +11,10 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
       # t.timestamps
     end
 
-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
   end
 
   def self.down

lib/generators/devise/devise_generator.rb

@@ -13,12 +13,12 @@ module Devise
 
       hook_for :orm
 
-      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
+      class_option :routes, desc: "Generate routes", type: :boolean, default: true
 
       def add_devise_routes
         devise_route  = "devise_for :#{plural_name}"
-        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
-        devise_route << %Q(, :skip => :all) unless options.routes?
+        devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, skip: :all) unless options.routes?
         route devise_route
       end
     end

lib/generators/devise/views_generator.rb

@@ -9,13 +9,14 @@ module Devise
       extend ActiveSupport::Concern
 
       included do
-        argument :scope, :required => false, :default => nil,
-                         :desc => "The scope to copy views to"
+        argument :scope, required: false, default: nil,
+                         desc: "The scope to copy views to"
 
         # Le sigh, ensure Thor won't handle opts as args
         # It should be fixed in future Rails releases
-        class_option :form_builder, :aliases => "-b"
+        class_option :form_builder, aliases: "-b"
         class_option :markerb
+        class_option :views, aliases: "-v", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)"
 
         public_task :copy_views
       end
@@ -28,11 +29,17 @@ module Devise
       end
 
       def copy_views
-        view_directory :confirmations
-        view_directory :passwords
-        view_directory :registrations
-        view_directory :sessions
-        view_directory :unlocks
+        if options[:views]
+          options[:views].each do |directory|
+            view_directory directory.to_sym
+          end
+        else
+          view_directory :confirmations
+          view_directory :passwords
+          view_directory :registrations
+          view_directory :sessions
+          view_directory :unlocks
+        end
       end
 
       protected
@@ -85,7 +92,9 @@ module Devise
       hide!
 
       def copy_views
-        view_directory :mailer
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :mailer
+        end
       end
     end
 
@@ -96,7 +105,9 @@ module Devise
       hide!
 
       def copy_views
-        view_directory :markerb, target_path
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :markerb, target_path
+        end
       end
 
       def target_path
@@ -107,18 +118,18 @@ module Devise
     class ViewsGenerator < Rails::Generators::Base
       desc "Copies Devise views to your application."
 
-      argument :scope, :required => false, :default => nil,
-                       :desc => "The scope to copy views to"
+      argument :scope, required: false, default: nil,
+                       desc: "The scope to copy views to"
 
       invoke SharedViewsGenerator
 
-      hook_for :form_builder, :aliases => "-b",
-                              :desc => "Form builder to be used",
-                              :default => defined?(SimpleForm) ? "simple_form_for" : "form_for"
+      hook_for :form_builder, aliases: "-b",
+                              desc: "Form builder to be used",
+                              default: defined?(SimpleForm) ? "simple_form_for" : "form_for"
 
-      hook_for :markerb,  :desc => "Generate markerb instead of erb mail views",
-                          :default => defined?(Markerb) ? :markerb : :erb,
-                          :type => :boolean
+      hook_for :markerb,  desc: "Generate markerb instead of erb mail views",
+                          default: defined?(Markerb) ? :markerb : :erb,
+                          type: :boolean
     end
   end
 end

lib/generators/mongoid/devise_generator.rb

@@ -11,43 +11,43 @@ module Mongoid
       end
 
       def inject_field_types
-        inject_into_file model_path, migration_data, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
       end
 
       def inject_devise_content
-        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
       end
 
       def migration_data
 <<RUBY
   ## Database authenticatable
-  field :email,              :type => String, :default => ""
-  field :encrypted_password, :type => String, :default => ""
+  field :email,              type: String, default: ""
+  field :encrypted_password, type: String, default: ""
 
   ## Recoverable
-  field :reset_password_token,   :type => String
-  field :reset_password_sent_at, :type => Time
+  field :reset_password_token,   type: String
+  field :reset_password_sent_at, type: Time
 
   ## Rememberable
-  field :remember_created_at, :type => Time
+  field :remember_created_at, type: Time
 
   ## Trackable
-  field :sign_in_count,      :type => Integer, :default => 0
-  field :current_sign_in_at, :type => Time
-  field :last_sign_in_at,    :type => Time
-  field :current_sign_in_ip, :type => String
-  field :last_sign_in_ip,    :type => String
+  field :sign_in_count,      type: Integer, default: 0
+  field :current_sign_in_at, type: Time
+  field :last_sign_in_at,    type: Time
+  field :current_sign_in_ip, type: String
+  field :last_sign_in_ip,    type: String
 
   ## Confirmable
-  # field :confirmation_token,   :type => String
-  # field :confirmed_at,         :type => Time
-  # field :confirmation_sent_at, :type => Time
-  # field :unconfirmed_email,    :type => String # Only if using reconfirmable
+  # field :confirmation_token,   type: String
+  # field :confirmed_at,         type: Time
+  # field :confirmation_sent_at, type: Time
+  # field :unconfirmed_email,    type: String # Only if using reconfirmable
 
   ## Lockable
-  # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
-  # field :unlock_token,    :type => String # Only if unlock strategy is :email or :both
-  # field :locked_at,       :type => Time
+  # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  # field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  # field :locked_at,       type: Time
 RUBY
       end
     end

lib/generators/templates/README

@@ -6,14 +6,14 @@ Some setup you must do manually if you haven't yet:
      is an example of default_url_options appropriate for a development environment
      in config/environments/development.rb:
 
-       config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+       config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 
      In production, :host should be set to the actual host of your application.
 
   2. Ensure you have defined root_url to *something* in your config/routes.rb.
      For example:
 
-       root :to => "home#index"
+       root to: "home#index"
 
   3. Ensure you have flash messages in app/views/layouts/application.html.erb.
      For example:

lib/generators/templates/devise.rb

@@ -80,7 +80,7 @@ Devise.setup do |config|
   # particular strategies by setting this option.
   # Notice that if you are skipping storage for all authentication paths, you
   # may want to disable generating routes to Devise's sessions controller by
-  # passing :skip => :sessions to `devise_for` in your config/routes.rb
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
 
   # By default, Devise cleans up the CSRF token on authentication to
@@ -95,7 +95,9 @@ Devise.setup do |config|
   #
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments.
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
@@ -119,8 +121,8 @@ Devise.setup do |config|
 
   # If true, requires any email changes to be confirmed (exactly the same way as
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed new email is stored in
-  # unconfirmed email column, and copied to email column on successful confirmation.
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
   config.reconfirmable = true
 
   # Defines which key will be used when confirming an account
@@ -130,11 +132,14 @@ Devise.setup do |config|
   # The time the user will be remembered without asking for credentials again.
   # config.remember_for = 2.weeks
 
+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
   # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
+  # secure: true in order to force SSL only cookies.
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
@@ -231,7 +236,7 @@ Devise.setup do |config|
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
@@ -239,7 +244,7 @@ Devise.setup do |config|
   #
   # config.warden do |manager|
   #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
   # end
 
   # ==> Mountable engine configurations

lib/generators/templates/markerb/confirmation_instructions.markerb

@@ -2,4 +2,4 @@ Welcome <%= @email %>!
 
 You can confirm your account through the link below:
 
-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %>
+<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

lib/generators/templates/markerb/reset_password_instructions.markerb

@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!
 
 Someone has requested a link to change your password, and you can do this through the link below.
 
-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %>
+<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
 
 If you didn't request this, please ignore this email.
 Your password won't change until you access the link above and create a new one.

lib/generators/templates/markerb/unlock_instructions.markerb

@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in
 
 Click the link below to unlock your account:
 
-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %>
+<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

lib/generators/templates/simple_form_for/confirmations/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
   <%= f.full_error :confirmation_token %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/passwords/edit.html.erb

@@ -1,14 +1,14 @@
 <h2>Change your password</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
   <%= f.error_notification %>
 
-  <%= f.input :reset_password_token, :as => :hidden %>
+  <%= f.input :reset_password_token, as: :hidden %>
   <%= f.full_error :reset_password_token %>
 
   <div class="form-inputs">
-    <%= f.input :password, :label => "New password", :required => true, :autofocus => true %>
-    <%= f.input :password_confirmation, :label => "Confirm your new password", :required => true %>
+    <%= f.input :password, label: "New password", required: true, autofocus: true %>
+    <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/passwords/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Forgot your password?</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/registrations/edit.html.erb

@@ -1,18 +1,18 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
 
     <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
       <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
     <% end %>
 
-    <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %>
-    <%= f.input :password_confirmation, :required => false %>
-    <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %>
+    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+    <%= f.input :password_confirmation, required: false %>
+    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
   </div>
 
   <div class="form-actions">
@@ -22,6 +22,6 @@
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
 
 <%= link_to "Back", :back %>

lib/generators/templates/simple_form_for/registrations/new.html.erb

@@ -1,12 +1,12 @@
 <h2>Sign up</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
-    <%= f.input :password, :required => true %>
-    <%= f.input :password_confirmation, :required => true %>
+    <%= f.input :email, required: true, autofocus: true %>
+    <%= f.input :password, required: true %>
+    <%= f.input :password_confirmation, required: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/sessions/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Sign in</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div class="form-inputs">
-    <%= f.input :email, :required => false, :autofocus => true %>
-    <%= f.input :password, :required => false %>
-    <%= f.input :remember_me, :as => :boolean if devise_mapping.rememberable? %>
+    <%= f.input :email, required: false, autofocus: true %>
+    <%= f.input :password, required: false %>
+    <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/unlocks/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Resend unlock instructions</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
   <%= f.full_error :unlock_token %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

script/cached-bundle

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+# Usage: cached-bundle install --deployment
+#
+# After running `bundle`, caches the `vendor/bundle` directory to S3.
+# On the next run, restores the cached directory before running `bundle`.
+# When `Gemfile.lock` changes, the cache gets rebuilt.
+#
+# Requirements:
+# - Gemfile.lock
+# - TRAVIS_REPO_SLUG
+# - TRAVIS_RUBY_VERSION
+# - AMAZON_S3_BUCKET
+# - script/s3-put
+# - bundle
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+compute_md5() {
+  local output="$(openssl md5)"
+  echo "${output##* }"
+}
+
+download() {
+  curl --tcp-nodelay -qsfL "$1" -o "$2"
+}
+
+
+gemfile="${BUNDLE_GEMFILE:-Gemfile}"
+bundle_fullpath="$(dirname $gemfile)/vendor/bundle"
+bundle_path=${bundle_fullpath#$PWD/}
+gemfile_hash="$(compute_md5 <"${gemfile}.lock")"
+cache_name="${TRAVIS_RUBY_VERSION}-${gemfile_hash}.tgz"
+fetch_url="http://${AMAZON_S3_BUCKET}.s3.amazonaws.com/${TRAVIS_REPO_SLUG}/${cache_name}"
+
+if download "$fetch_url" "$cache_name"; then
+  echo "Reusing cached bundle ${cache_name}"
+  tar xzf "$cache_name"
+fi
+
+bundle "$@"
+
+if [ ! -f "$cache_name" ] && [ -n "$AMAZON_SECRET_ACCESS_KEY" ]; then
+  echo "Caching \`${bundle_path}' to S3"
+  tar czf "$cache_name" "$bundle_path"
+  script/s3-put "$cache_name" "${AMAZON_S3_BUCKET}:${TRAVIS_REPO_SLUG}/${cache_name}"
+fi

script/s3-put

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# Usage: s3-put <FILE> <S3_BUCKET>[:<PATH>] [<CONTENT_TYPE>]
+#
+# Uploads a file to the Amazon S3 service.
+# Outputs the URL for the newly uploaded file.
+#
+# Requirements:
+# - AMAZON_ACCESS_KEY_ID
+# - AMAZON_SECRET_ACCESS_KEY
+# - openssl
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+authorization() {
+  local signature="$(string_to_sign | hmac_sha1 | base64)"
+  echo "AWS ${AMAZON_ACCESS_KEY_ID?}:${signature}"
+}
+
+hmac_sha1() {
+  openssl dgst -binary -sha1 -hmac "${AMAZON_SECRET_ACCESS_KEY?}"
+}
+
+base64() {
+  openssl enc -base64
+}
+
+bin_md5() {
+  openssl dgst -binary -md5
+}
+
+string_to_sign() {
+  echo "$http_method"
+  echo "$content_md5"
+  echo "$content_type"
+  echo "$date"
+  echo "x-amz-acl:$acl"
+  printf "/$bucket/$remote_path"
+}
+
+date_string() {
+  LC_TIME=C date "+%a, %d %h %Y %T %z"
+}
+
+file="$1"
+bucket="${2%%:*}"
+remote_path="${2#*:}"
+content_type="$3"
+
+if [ -z "$remote_path" ] || [ "$remote_path" = "$bucket" ]; then
+  remote_path="${file##*/}"
+fi
+
+http_method=PUT
+acl="public-read"
+content_md5="$(bin_md5 < "$file" | base64)"
+date="$(date_string)"
+
+url="https://$bucket.s3.amazonaws.com/$remote_path"
+
+curl -qsSf -T "$file" \
+  -H "Authorization: $(authorization)" \
+  -H "x-amz-acl: $acl" \
+  -H "Date: $date" \
+  -H "Content-MD5: $content_md5" \
+  -H "Content-Type: $content_type" \
+  "$url"
+
+echo "$url"

test/controllers/custom_registrations_controller_test.rb

@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class CustomRegistrationsControllerTest < ActionController::TestCase
+  tests Custom::RegistrationsController
+
+  include Devise::TestHelpers
+
+  setup do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @password = 'password'
+    @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!)
+  end
+
+  test "yield resource to block on create success" do
+    post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on create failure" do
+    post :create, { user: { } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update success" do
+    sign_in @user
+    put :update, { user: { current_password: @password } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update failure" do
+    sign_in @user
+    put :update, { user: { } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+end

test/controllers/helpers_test.rb

@@ -14,81 +14,110 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'proxy signed_in?(scope) to authenticate?' do
-    @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
+    @mock_warden.expects(:authenticate?).with(scope: :my_scope)
     @controller.signed_in?(:my_scope)
   end
 
   test 'proxy signed_in?(nil) to authenticate?' do
     Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @mock_warden.expects(:authenticate?).with(:scope => scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope)
     end
     @controller.signed_in?
   end
 
+  test 'proxy [group]_signed_in? to authenticate? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.commenter_signed_in?
+  end
+
   test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user)
+    @mock_warden.expects(:authenticate).with(scope: :user)
     @controller.current_user
   end
 
   test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
     @controller.current_admin
   end
 
+  test 'proxy current_[group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope).returns(nil)
+    end
+    @controller.current_commenter
+  end
+
+  test 'proxy current_[plural_group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope)
+    end
+    @controller.current_commenters
+  end
+
   test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
     @controller.current_publisher_account
   end
 
   test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user)
+    @mock_warden.expects(:authenticate!).with(scope: :user)
     @controller.authenticate_user!
   end
 
   test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
-    @controller.authenticate_user!(:recall => "foo")
+    @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo")
+    @controller.authenticate_user!(recall: "foo")
   end
 
   test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :admin)
+    @mock_warden.expects(:authenticate!).with(scope: :admin)
     @controller.authenticate_admin!
   end
 
+  test 'proxy authenticate_[group]! to authenticate!? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate!).with(scope: scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.authenticate_commenter!
+  end
+
   test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
     @controller.authenticate_publisher_account!
   end
 
   test 'proxy user_signed_in? to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns("user")
+    @mock_warden.expects(:authenticate).with(scope: :user).returns("user")
     assert @controller.user_signed_in?
   end
 
   test 'proxy admin_signed_in? to authenticatewith admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
     assert_not @controller.admin_signed_in?
   end
 
   test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
     @controller.publisher_account_signed_in?
   end
 
   test 'proxy user_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(true)
     @mock_warden.expects(:session).with(:user).returns({})
     @controller.user_session
   end
 
   test 'proxy admin_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :admin).returns(true)
     @mock_warden.expects(:session).with(:admin).returns({})
     @controller.admin_session
   end
 
   test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account).returns(true)
     @mock_warden.expects(:session).with(:publisher_account).returns({})
     @controller.publisher_account_session
   end
@@ -96,14 +125,14 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in proxy to set_user on warden' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.sign_in(:user, user)
   end
 
   test 'sign in accepts a resource as argument' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.sign_in(user)
   end
 
@@ -117,15 +146,15 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in again when the user is already in only if force is given' do
     user = User.new
     @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(user, :force => true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @controller.sign_in(user, force: true)
   end
 
   test 'sign in accepts bypass as option' do
     user = User.new
     @mock_warden.expects(:session_serializer).returns(serializer = mock())
     serializer.expects(:store).with(user, :user)
-    @controller.sign_in(user, :bypass => true)
+    @controller.sign_in(user, bypass: true)
   end
 
   test 'sign out clears up any signed in user from all scopes' do
@@ -141,18 +170,18 @@ class ControllerAuthenticatableTest < ActionController::TestCase
 
   test 'sign out logs out and clears up any signed in user by scope' do
     user = User.new
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(user)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(user)
     @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
     @controller.instance_variable_set(:@current_user, user)
     @controller.sign_out(:user)
     assert_equal nil, @controller.instance_variable_get(:@current_user)
   end
 
   test 'sign out accepts a resource as argument' do
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(true)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(true)
     @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
     @controller.sign_out(User.new)
   end
 
@@ -193,6 +222,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     assert_equal "/foo.bar", @controller.stored_location_for(:user)
   end
 
+  test 'store bad location for stores a location to redirect back to' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.store_location_for(:user, "/foo.bar\">Carry")
+    assert_nil @controller.stored_location_for(:user)
+  end
+
   test 'store location for accepts a resource as argument' do
     @controller.store_location_for(User.new, "/foo.bar")
     assert_equal "/foo.bar", @controller.stored_location_for(User.new)
@@ -227,7 +262,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     user = User.new
     @controller.session[:user_return_to] = "/foo.bar"
     @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.expects(:redirect_to).with("/foo.bar")
     @controller.sign_in_and_redirect(user)
   end
@@ -235,7 +270,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in and redirect uses the configured after sign in path' do
     admin = Admin.new
     @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
+    @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true)
     @controller.expects(:redirect_to).with(admin_root_path)
     @controller.sign_in_and_redirect(admin)
   end
@@ -249,10 +284,10 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
-    swap Devise, :sign_out_all_scopes => false do
-      @mock_warden.expects(:user).with(:scope => :admin, :run_callbacks => false).returns(true)
+    swap Devise, sign_out_all_scopes: false do
+      @mock_warden.expects(:user).with(scope: :admin, run_callbacks: false).returns(true)
       @mock_warden.expects(:logout).with(:admin).returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with(:scope => :admin).returns(true)
+      @mock_warden.expects(:clear_strategies_cache!).with(scope: :admin).returns(true)
       @controller.expects(:redirect_to).with(admin_root_path)
       @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
       @controller.sign_out_and_redirect(:admin)
@@ -260,7 +295,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
-    swap Devise, :sign_out_all_scopes => true do
+    swap Devise, sign_out_all_scopes: true do
       @mock_warden.expects(:user).times(Devise.mappings.size)
       @mock_warden.expects(:logout).with().returns(true)
       @mock_warden.expects(:clear_strategies_cache!).with().returns(true)

test/controllers/internal_helpers_test.rb

@@ -51,11 +51,11 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
+    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
   end
 
   test 'require no authentication tests current mapping' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication
@@ -71,7 +71,7 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'require no authentication sets a flash message' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication
@@ -79,7 +79,7 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'signed in resource returns signed in resource for current scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new)
     assert_kind_of User, @controller.signed_in_resource
   end
 
@@ -100,21 +100,21 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'uses custom i18n options' do
-    @controller.stubs(:devise_i18n_options).returns(:default => "devise custom options")
+    @controller.stubs(:devise_i18n_options).returns(default: "devise custom options")
     @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
     assert_equal 'devise custom options', flash[:notice]
   end
 
   test 'allows custom i18n options to override resource_name' do
     I18n.expects(:t).with("custom_resource_name.confirmed", anything)
-    @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name")
+    @controller.stubs(:devise_i18n_options).returns(resource_name: "custom_resource_name")
     @controller.send :set_flash_message, :notice, :confirmed
   end
 
   test 'navigational_formats not returning a wild card' do
     MyController.send(:public, :navigational_formats)
 
-    swap Devise, :navigational_formats => ['*/*', :html] do
+    swap Devise, navigational_formats: ['*/*', :html] do
       assert_not @controller.navigational_formats.include?("*/*")
     end
 

test/controllers/passwords_controller_test.rb

@@ -12,7 +12,7 @@ class PasswordsControllerTest < ActionController::TestCase
 
   def put_update_with_params
     put :update, "user" => {
-      "reset_password_token" => @raw, "password" => "123456", "password_confirmation" => "123456"
+      "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
     }
   end
 

test/controllers/sessions_controller_test.rb

@@ -12,9 +12,9 @@ class SessionsControllerTest < ActionController::TestCase
       request.env["devise.mapping"] = Devise.mappings[:user]
       request.session["user_return_to"] = 'foo.bar'
       create_user
-      post :create, :user => {
-        :email => "wrong@email.com",
-        :password => "wrongpassword"
+      post :create, user: {
+        email: "wrong@email.com",
+        password: "wrongpassword"
       }
       assert_equal 200, @response.status
     ensure
@@ -23,7 +23,7 @@ class SessionsControllerTest < ActionController::TestCase
   end
 
   test "#create works even with scoped views" do
-    swap Devise, :scoped_views => true do
+    swap Devise, scoped_views: true do
       request.env["devise.mapping"] = Devise.mappings[:user]
       post :create
       assert_equal 200, @response.status
@@ -37,9 +37,9 @@ class SessionsControllerTest < ActionController::TestCase
 
     user = create_user
     user.confirm!
-    post :create, :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, user: {
+      email: user.email,
+      password: user.password
     }
 
     assert_nil request.session["user_return_to"]
@@ -51,9 +51,9 @@ class SessionsControllerTest < ActionController::TestCase
 
     user = create_user
     user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
     }
 
     assert_equal 'foo.bar', request.session["user_return_to"]
@@ -61,9 +61,9 @@ class SessionsControllerTest < ActionController::TestCase
 
   test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
     request.env["devise.mapping"] = Devise.mappings[:user]
-    post :create, :user => {
-      :email => "nosuchuser@example.com",
-      :password => "wevdude"
+    post :create, user: {
+      email: "nosuchuser@example.com",
+      password: "wevdude"
     }
     assert_equal 200, @response.status
     assert_template "devise/sessions/new"
@@ -73,12 +73,12 @@ class SessionsControllerTest < ActionController::TestCase
     request.env["devise.mapping"] = Devise.mappings[:user]
     user = create_user
     user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
     }
 
-    delete :destroy, :format => 'json'
+    delete :destroy, format: 'json'
     assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
     assert_equal 204, @response.status
   end
@@ -92,7 +92,7 @@ class SessionsControllerTest < ActionController::TestCase
 
       begin
         assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
-          get :new, :user => { :email => "allez viens!" }
+          get :new, user: { email: "allez viens!" }
         end
       ensure
         ActiveRecord::Base.mass_assignment_sanitizer = :logger

test/controllers/url_helpers_test.rb

@@ -14,10 +14,10 @@ class RoutesTest < ActionController::TestCase
                  send(:"#{prepend_path}user_#{name}_url")
 
     # Default url params
-    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_path", :param => 123)
-    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_url", :param => 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_path", param: 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_url", param: 123)
 
     @request.path = nil
     # With an object

test/delegator_test.rb

@@ -14,6 +14,6 @@ class DelegatorTest < ActiveSupport::TestCase
   end
 
   test 'failure_app returns associated failure app by scope in the given environment' do
-    assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}})
+    assert_kind_of Proc, delegator.failure_app({"warden.options" => {scope: "manager"}})
   end
 end

test/devise_test.rb

@@ -3,10 +3,10 @@ require 'test_helper'
 module Devise
   def self.yield_and_restore
     @@warden_configured = nil
-    c, b = @@warden_config, @@warden_config_block
+    c, b = @@warden_config, @@warden_config_blocks
     yield
   ensure
-    @@warden_config, @@warden_config_block = c, b
+    @@warden_config, @@warden_config_blocks = c, b
   end
 end
 
@@ -23,7 +23,7 @@ class DeviseTest < ActiveSupport::TestCase
   end
 
   test 'model options can be configured through Devise' do
-    swap Devise, :allow_unconfirmed_access_for => 113, :pepper => "foo" do
+    swap Devise, allow_unconfirmed_access_for: 113, pepper: "foo" do
       assert_equal 113, Devise.allow_unconfirmed_access_for
       assert_equal "foo", Devise.pepper
     end
@@ -42,14 +42,27 @@ class DeviseTest < ActiveSupport::TestCase
 
   test 'warden manager user configuration through a block' do
     Devise.yield_and_restore do
-      @executed = false
+      executed = false
       Devise.warden do |config|
-        @executed = true
+        executed = true
         assert_kind_of Warden::Config, config
       end
 
       Devise.configure_warden!
-      assert @executed
+      assert executed
+    end
+  end
+
+  test 'warden manager user configuration through multiple blocks' do
+    Devise.yield_and_restore do
+      executed = 0
+
+      3.times do
+        Devise.warden { |config| executed += 1 }
+      end
+
+      Devise.configure_warden!
+      assert_equal 3, executed
     end
   end
 
@@ -60,12 +73,12 @@ class DeviseTest < ActiveSupport::TestCase
     assert_not defined?(Devise::Models::Coconut)
     Devise::ALL.delete(:coconut)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => :fruits) }
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) }
     assert_equal :fruits, Devise::STRATEGIES[:banana]
     Devise::ALL.delete(:banana)
     Devise::STRATEGIES.delete(:banana)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) }
     assert_equal :fruits, Devise::CONTROLLERS[:kivi]
     Devise::ALL.delete(:kivi)
     Devise::CONTROLLERS.delete(:kivi)

test/failure_app_test.rb

@@ -8,9 +8,21 @@ class FailureTest < ActiveSupport::TestCase
     end
   end
 
+  class FailureWithSubdomain < RootFailureApp
+    routes = ActionDispatch::Routing::RouteSet.new
+
+    routes.draw do
+      scope subdomain: 'sub' do
+        root to: 'foo#bar'
+      end
+    end
+
+    include routes.url_helpers
+  end
+
   class FailureWithI18nOptions < Devise::FailureApp
     def i18n_options(options)
-      options.merge(:name => 'Steve')
+      options.merge(name: 'Steve')
     end
   end
 
@@ -23,11 +35,11 @@ class FailureTest < ActiveSupport::TestCase
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
       'REQUEST_METHOD' => 'GET',
-      'warden.options' => { :scope => :user },
+      'warden.options' => { scope: :user },
       'rack.session' => {},
       'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML),
       'rack.input' => "",
-      'warden' => OpenStruct.new(:message => nil)
+      'warden' => OpenStruct.new(message: nil)
     }.merge!(env_params)
 
     @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a
@@ -42,6 +54,13 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal 'http://test.host/users/sign_in', @response.second['Location']
     end
 
+    test 'returns to the default redirect location considering subdomain' do
+      call_failure('warden.options' => { scope: :subdomain_user })
+      assert_equal 302, @response.first
+      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+      assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location']
+    end
+
     test 'returns to the default redirect location for wildcard requests' do
       call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
       assert_equal 302, @response.first
@@ -49,37 +68,54 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'returns to the root path if no session path is available' do
-      swap Devise, :router_name => :fake_app do
-        call_failure :app => RootFailureApp
+      swap Devise, router_name: :fake_app do
+        call_failure app: RootFailureApp
         assert_equal 302, @response.first
         assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
         assert_equal 'http://test.host/', @response.second['Location']
       end
     end
 
+    test 'returns to the root path considering subdomain if no session path is available' do
+      swap Devise, router_name: :fake_app do
+        call_failure app: FailureWithSubdomain
+        assert_equal 302, @response.first
+        assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+        assert_equal 'http://sub.test.host/', @response.second['Location']
+      end
+    end
+
     if Rails.application.config.respond_to?(:relative_url_root)
       test 'returns to the default redirect location considering the relative url root' do
-        swap Rails.application.config, :relative_url_root => "/sample" do
+        swap Rails.application.config, relative_url_root: "/sample" do
           call_failure
           assert_equal 302, @response.first
           assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
         end
       end
+
+      test 'returns to the default redirect location considering the relative url root and subdomain' do
+        swap Rails.application.config, relative_url_root: "/sample" do
+          call_failure('warden.options' => { scope: :subdomain_user })
+          assert_equal 302, @response.first
+          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
+        end
+      end
     end
 
     test 'uses the proxy failure message as symbol' do
-      call_failure('warden' => OpenStruct.new(:message => :invalid))
+      call_failure('warden' => OpenStruct.new(message: :invalid))
       assert_equal 'Invalid email or password.', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
     end
 
     test 'uses custom i18n options' do
-      call_failure('warden' => OpenStruct.new(:message => :does_not_exist), :app => FailureWithI18nOptions)
+      call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions)
       assert_equal 'User Steve does not exist', @request.flash[:alert]
     end
 
     test 'uses the proxy failure message as string' do
-      call_failure('warden' => OpenStruct.new(:message => 'Hello world'))
+      call_failure('warden' => OpenStruct.new(message: 'Hello world'))
       assert_equal 'Hello world', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
     end
@@ -97,14 +133,14 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'works for any navigational format' do
-      swap Devise, :navigational_formats => [:xml] do
+      swap Devise, navigational_formats: [:xml] do
         call_failure('formats' => Mime::XML)
         assert_equal 302, @response.first
       end
     end
 
     test 'redirects the correct format if it is a non-html format request' do
-      swap Devise, :navigational_formats => [:js] do
+      swap Devise, navigational_formats: [:js] do
         call_failure('formats' => Mime::JS)
         assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
       end
@@ -140,28 +176,28 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'does not return WWW-authenticate headers if model does not allow' do
-      swap Devise, :http_authenticatable => false do
+      swap Devise, http_authenticatable: false do
         call_failure('formats' => Mime::XML)
         assert_nil @response.second["WWW-Authenticate"]
       end
     end
 
     test 'works for any non navigational format' do
-      swap Devise, :navigational_formats => [] do
+      swap Devise, navigational_formats: [] do
         call_failure('formats' => Mime::HTML)
         assert_equal 401, @response.first
       end
     end
 
     test 'uses the failure message as response body' do
-      call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(:message => :invalid))
+      call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(message: :invalid))
       assert_match '<error>Invalid email or password.</error>', @response.third.body
     end
 
     context 'on ajax call' do
       context 'when http_authenticatable_on_xhr is false' do
         test 'dont return 401 with navigational formats' do
-          swap Devise, :http_authenticatable_on_xhr => false do
+          swap Devise, http_authenticatable_on_xhr: false do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
@@ -169,7 +205,7 @@ class FailureTest < ActiveSupport::TestCase
         end
 
         test 'dont return 401 with non navigational formats' do
-          swap Devise, :http_authenticatable_on_xhr => false do
+          swap Devise, http_authenticatable_on_xhr: false do
             call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
@@ -179,14 +215,14 @@ class FailureTest < ActiveSupport::TestCase
 
       context 'when http_authenticatable_on_xhr is true' do
         test 'return 401' do
-          swap Devise, :http_authenticatable_on_xhr => true do
+          swap Devise, http_authenticatable_on_xhr: true do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 401, @response.first
           end
         end
 
         test 'skip WWW-Authenticate header' do
-          swap Devise, :http_authenticatable_on_xhr => true do
+          swap Devise, http_authenticatable_on_xhr: true do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_nil @response.second['WWW-Authenticate']
           end
@@ -198,34 +234,34 @@ class FailureTest < ActiveSupport::TestCase
   context 'With recall' do
     test 'calls the original controller if invalid email or password' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('<h2>Log in</h2>')
       assert @response.third.body.include?('Invalid email or password.')
     end
 
     test 'calls the original controller if not confirmed email' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :unconfirmed },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
-      assert @response.third.body.include?('You have to confirm your account before continuing.')
+      assert @response.third.body.include?('<h2>Log in</h2>')
+      assert @response.third.body.include?('You have to confirm your email address before continuing.')
     end
 
     test 'calls the original controller if inactive account' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :inactive },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('<h2>Log in</h2>')
       assert @response.third.body.include?('Your account is not activated yet.')
     end
   end

test/generators/active_record_generator_test.rb

@@ -30,13 +30,19 @@ if DEVISE_ORM == :active_record
       run_generator %w(monster)
       assert_migration "db/migrate/devise_create_monsters.rb"
       assert_migration "db/migrate/add_devise_to_monsters.rb"
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_migration "db/migrate/add_devise_to_monsters.rb"
       assert_migration "db/migrate/devise_create_monsters.rb"
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_file "app/models/monster.rb"
       assert_no_migration "db/migrate/devise_create_monsters.rb"
     end
+
+    test "use string column type for ip addresses" do
+      run_generator %w(monster)
+      assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :current_sign_in_ip/
+      assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :last_sign_in_ip/
+    end
   end
 
   module RailsEngine
@@ -47,11 +53,11 @@ if DEVISE_ORM == :active_record
 
   def simulate_inside_engine(engine, namespace)
     if Rails::Generators.respond_to?(:namespace=)
-      swap Rails::Generators, :namespace => namespace do
+      swap Rails::Generators, namespace: namespace do
         yield
       end
     else
-      swap Rails, :application => engine.instance do
+      swap Rails, application: engine.instance do
         yield
       end
     end

test/generators/devise_generator_test.rb

@@ -18,13 +18,13 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
 
   test "route generation for namespaced model names" do
     run_generator %w(monster/goblin name:string)
-    match = /devise_for :goblins, :class_name => "Monster::Goblin"/
+    match = /devise_for :goblins, class_name: "Monster::Goblin"/
     assert_file "config/routes.rb", match
   end
 
   test "route generation with skip routes" do
     run_generator %w(monster name:string --skip-routes)
-    match = /devise_for :monsters, :skip => :all/
+    match = /devise_for :monsters, skip: :all/
     assert_file "config/routes.rb", match
   end
 

test/generators/mongoid_generator_test.rb

@@ -15,7 +15,7 @@ if DEVISE_ORM == :mongoid
 
     test "all files are properly deleted" do
       run_generator %w(monster)
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_file "app/models/monster.rb"
     end
   end

test/generators/views_generator_test.rb

@@ -33,7 +33,36 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
 
   test "Assert views with markerb" do
     run_generator %w(--markerb)
-    assert_files nil, :mail_template_engine => "markerb"
+    assert_files nil, mail_template_engine: "markerb"
+  end
+
+
+  test "Assert only views within specified directories" do
+    run_generator %w(-v sessions registrations)
+    assert_file "app/views/devise/sessions/new.html.erb"
+    assert_file "app/views/devise/registrations/new.html.erb"
+    assert_file "app/views/devise/registrations/edit.html.erb"
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
+  end
+
+  test "Assert specified directories with scope" do
+    run_generator %w(users -v sessions)
+    assert_file "app/views/users/sessions/new.html.erb"
+    assert_no_file "app/views/users/confirmations/new.html.erb"
+  end
+
+  test "Assert specified directories with simple form" do
+    run_generator %w(-v registrations -b simple_form_for)
+    assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    end
+
+  test "Assert specified directories with markerb" do
+    run_generator %w(--markerb -v passwords mailer)
+    assert_file "app/views/devise/passwords/new.html.erb"
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
   end
 
   def assert_files(scope = nil, options={})