Release 4.0.0. version.

Remove deprecated argument of `remember_me!`

.travis.yml

@@ -1,19 +1,19 @@
 language: ruby
 
 rvm:
-  - 2.1.5
-  - 2.2.4
   - 2.3.0
+  - 2.2.4
+  - 2.1.8
 
 gemfile:
+  - Gemfile
+  - gemfiles/Gemfile.rails-5.0-beta
   - gemfiles/Gemfile.rails-4.2-stable
   - gemfiles/Gemfile.rails-4.1-stable
-  - gemfiles/Gemfile.rails-5.0-beta
-  - Gemfile
 
 matrix:
   exclude:
-    - rvm: 2.1.5
+    - rvm: 2.1.8
       gemfile: gemfiles/Gemfile.rails-5.0-beta
     - env: DEVISE_ORM=mongoid
       gemfile: gemfiles/Gemfile.rails-5.0-beta
@@ -26,14 +26,14 @@ cache: bundler
 
 env:
   matrix:
-    - DEVISE_ORM=mongoid
     - DEVISE_ORM=active_record
+    - DEVISE_ORM=mongoid
 
 before_install: "rm ${BUNDLE_GEMFILE}.lock"
 
 before_script: "bundle update"
 
-script: "bundle exec rake test"
+script: "bin/test"
 
 notifications:
   email: false

CHANGELOG.md

@@ -1,3 +1,38 @@
+### Unreleased
+
+### 4.0.0 - 2016-04-18
+
+* bug fixes
+  * Fix the `extend_remember_period` configuration. When set to `false` it does
+    not update the cookie expiration anymore.(by @ulissesalmeida)
+
+* deprecations
+  * Added a warning of default value change in Devise 4.1 for users that uses
+    the the default configuration of the following configurations: (by @ulissesalmeida)
+    * `strip_whitespace_keys` - The default will be `[:email]`.
+    * `skip_session_storage` - The default will be `[:http_auth]`.
+    * `sign_out_via` - The default will be `:delete`.
+    * `reconfirmable` - The default will be `true`.
+    * `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/`.
+  * Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida)
+  * Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in!
+    (by @bogdanvlviv)
+
+### 4.0.0.rc2 - 2016-03-09
+
+* enhancements
+  * Introduced `DeviseController#set_flash_message!` for conditional flash
+    messages setting to reduce complexity.
+  * `rails g devise:install` will fail if the app does not have a ORM configured
+    (by @arjunsharma)
+  * Support to Rails 5 versioned migrations added.
+
+* deprecations
+  * omniauth routes are no longer defined with a wildcard `:provider` parameter,
+    and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_authorize_path`.
+    You can still use `omniauth_authorize_path(:user, :github)` if you need to
+    call the helpers dynamically.
+
 ### 4.0.0.rc1 - 2016-01-02
 
 * Support added to Rails 5 (by @twalpole).

Gemfile

@@ -2,9 +2,9 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "4.2.2"
-gem "omniauth", "~> 1.2.0"
-gem "omniauth-oauth2", "~> 1.1.0"
+gem "rails", "~> 4.2.6"
+gem "omniauth", "~> 1.3"
+gem "omniauth-oauth2", "~> 1.4"
 gem "rdoc"
 
 group :test do

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    devise (4.0.0.rc1)
+    devise (4.0.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -11,46 +11,46 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.2)
-      actionpack (= 4.2.2)
-      actionview (= 4.2.2)
-      activejob (= 4.2.2)
+    actionmailer (4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.2)
-      actionview (= 4.2.2)
-      activesupport (= 4.2.2)
+    actionpack (4.2.6)
+      actionview (= 4.2.6)
+      activesupport (= 4.2.6)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    actionview (4.2.2)
-      activesupport (= 4.2.2)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    activejob (4.2.2)
-      activesupport (= 4.2.2)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.6)
+      activesupport (= 4.2.6)
       globalid (>= 0.3.0)
-    activemodel (4.2.2)
-      activesupport (= 4.2.2)
+    activemodel (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
-    activerecord (4.2.2)
-      activemodel (= 4.2.2)
-      activesupport (= 4.2.2)
+    activerecord (4.2.6)
+      activemodel (= 4.2.6)
+      activesupport (= 4.2.6)
       arel (~> 6.0)
-    activesupport (4.2.2)
+    activesupport (4.2.6)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     arel (6.0.3)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.1)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -60,13 +60,13 @@ GEM
     hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.2)
+    jwt (1.5.1)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.99)
+    mime-types (2.99.1)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -85,21 +85,19 @@ GEM
     multipart-post (2.0.0)
     nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
-    oauth2 (0.9.4)
+    oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
       hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-facebook (1.6.0)
-      omniauth-oauth2 (~> 1.1)
-    omniauth-oauth2 (1.1.2)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
-      oauth2 (~> 0.9.3)
+      rack (>= 1.0, < 3)
+    omniauth-facebook (3.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
       omniauth (~> 1.2)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
@@ -113,16 +111,16 @@ GEM
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.2)
-      actionmailer (= 4.2.2)
-      actionpack (= 4.2.2)
-      actionview (= 4.2.2)
-      activejob (= 4.2.2)
-      activemodel (= 4.2.2)
-      activerecord (= 4.2.2)
-      activesupport (= 4.2.2)
+    rails (4.2.6)
+      actionmailer (= 4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
+      activemodel (= 4.2.6)
+      activerecord (= 4.2.6)
+      activesupport (= 4.2.6)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.2)
+      railties (= 4.2.6)
       sprockets-rails
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
@@ -132,20 +130,21 @@ GEM
       rails-deprecated_sanitizer (>= 1.0.1)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    railties (4.2.2)
-      actionpack (= 4.2.2)
-      activesupport (= 4.2.2)
+    railties (4.2.6)
+      actionpack (= 4.2.6)
+      activesupport (= 4.2.6)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.5.0)
-    rdoc (4.2.1)
-    responders (2.1.1)
+    rake (11.0.1)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.1.2)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
     sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.0.4)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -171,11 +170,11 @@ DEPENDENCIES
   jruby-openssl
   mocha (~> 1.1)
   mongoid (~> 4.0)
-  omniauth (~> 1.2.0)
+  omniauth (~> 1.3)
   omniauth-facebook
-  omniauth-oauth2 (~> 1.1.0)
+  omniauth-oauth2 (~> 1.4)
   omniauth-openid (~> 1.0.1)
-  rails (= 4.2.2)
+  rails (~> 4.2.6)
   rdoc
   sqlite3
   webrat (= 0.7.3)

README.md

@@ -4,7 +4,6 @@ By [Plataformatec](http://plataformatec.com.br/).
 
 [![Build Status](https://api.travis-ci.org/plataformatec/devise.svg?branch=master)](http://travis-ci.org/plataformatec/devise)
 [![Code Climate](https://codeclimate.com/github/plataformatec/devise.svg)](https://codeclimate.com/github/plataformatec/devise)
-[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master)
 
 This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
 
@@ -17,7 +16,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 
 It's composed of 10 modules:
 
-* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
+* [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
 * [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
 * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
@@ -28,8 +27,6 @@ It's composed of 10 modules:
 * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 
-Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.
-
 ## Information
 
 ### The Devise wiki
@@ -112,7 +109,7 @@ The generator will install an initializer which describes ALL of Devise's config
 rails generate devise MODEL
 ```
 
-Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
+Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
 
 Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
 
@@ -132,6 +129,8 @@ Devise will create some helpers to use inside your controllers and views. To set
 before_action :authenticate_user!
 ```
 
+For Rails 5, note that `protect_from_forgery` is no longer prepended to the `before_action` chain, so if you have set `authenticate_user` before `protect_from_forgery`, your request will result in "Can't verify CSRF token authenticity." To resolve this, either change the order in which you call them, or use `protect_from_forgery prepend: true`.
+
 If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
 
 To verify if a user is signed in, use the following helper:
@@ -174,7 +173,7 @@ member_session
 
 ### Configuring Models
 
-The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with:
+The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
 
 ```ruby
 devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
@@ -190,7 +189,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
 
 When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
 
-There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:
+There are just three actions in Devise that allow any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and default permitted parameters are:
 
 * `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`)
 * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
@@ -412,7 +411,7 @@ Caution: Devise Controllers inherit from ApplicationController. If your app uses
 
 ### Test helpers
 
-Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
+Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file (make sure you place it out of scope of `ActiveSupport::TestCase` which is the default class inside of `test/test_helper.rb`):
 
 ```ruby
 class ActionController::TestCase

app/controllers/devise/confirmations_controller.rb

@@ -22,7 +22,7 @@ class Devise::ConfirmationsController < DeviseController
     yield resource if block_given?
 
     if resource.errors.empty?
-      set_flash_message(:notice, :confirmed) if is_flashing_format?
+      set_flash_message!(:notice, :confirmed)
       respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
     else
       respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }

app/controllers/devise/passwords_controller.rb

@@ -36,10 +36,10 @@ class Devise::PasswordsController < DeviseController
       resource.unlock_access! if unlockable?(resource)
       if Devise.sign_in_after_reset_password
         flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
-        set_flash_message(:notice, flash_message) if is_flashing_format?
+        set_flash_message!(:notice, flash_message)
         sign_in(resource_name, resource)
       else
-        set_flash_message(:notice, :updated_not_active) if is_flashing_format?
+        set_flash_message!(:notice, :updated_not_active)
       end
       respond_with resource, location: after_resetting_password_path_for(resource)
     else

app/controllers/devise/registrations_controller.rb

@@ -18,11 +18,11 @@ class Devise::RegistrationsController < DeviseController
     yield resource if block_given?
     if resource.persisted?
       if resource.active_for_authentication?
-        set_flash_message :notice, :signed_up if is_flashing_format?
+        set_flash_message! :notice, :signed_up
         sign_up(resource_name, resource)
         respond_with resource, location: after_sign_up_path_for(resource)
       else
-        set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
+        set_flash_message! :notice, :"signed_up_but_#{resource.inactive_message}"
         expire_data_after_sign_in!
         respond_with resource, location: after_inactive_sign_up_path_for(resource)
       end
@@ -65,7 +65,7 @@ class Devise::RegistrationsController < DeviseController
   def destroy
     resource.destroy
     Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name)
-    set_flash_message :notice, :destroyed if is_flashing_format?
+    set_flash_message! :notice, :destroyed
     yield resource if block_given?
     respond_with_navigational(resource){ redirect_to after_sign_out_path_for(resource_name) }
   end

app/controllers/devise/sessions_controller.rb

@@ -15,7 +15,7 @@ class Devise::SessionsController < DeviseController
   # POST /resource/sign_in
   def create
     self.resource = warden.authenticate!(auth_options)
-    set_flash_message(:notice, :signed_in) if is_flashing_format?
+    set_flash_message!(:notice, :signed_in)
     sign_in(resource_name, resource)
     yield resource if block_given?
     respond_with resource, location: after_sign_in_path_for(resource)
@@ -24,7 +24,7 @@ class Devise::SessionsController < DeviseController
   # DELETE /resource/sign_out
   def destroy
     signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
-    set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
+    set_flash_message! :notice, :signed_out if signed_out
     yield if block_given?
     respond_to_on_destroy
   end
@@ -58,7 +58,7 @@ class Devise::SessionsController < DeviseController
   # to the after_sign_out path.
   def verify_signed_out_user
     if all_signed_out?
-      set_flash_message :notice, :already_signed_out if is_flashing_format?
+      set_flash_message! :notice, :already_signed_out
 
       respond_to_on_destroy
     end

app/controllers/devise/unlocks_controller.rb

@@ -24,7 +24,7 @@ class Devise::UnlocksController < DeviseController
     yield resource if block_given?
 
     if resource.errors.empty?
-      set_flash_message :notice, :unlocked if is_flashing_format?
+      set_flash_message! :notice, :unlocked
       respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
     else
       respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }

app/controllers/devise_controller.rb

@@ -127,13 +127,13 @@ MESSAGE
     end
 
     if notice
-      set_flash_message :notice, notice if is_flashing_format?
+      set_flash_message! :notice, notice
       true
     end
   end
 
   # Sets the flash message with :key, using I18n. By default you are able
-  # to setup your messages using specific resource scope, and if no message is
+  # to set up your messages using specific resource scope, and if no message is
   # found we look to the default scope. Set the "now" options key to a true
   # value to populate the flash.now hash in lieu of the default flash hash (so
   # the flash message will be available to the current action instead of the
@@ -158,6 +158,13 @@ MESSAGE
     end
   end
 
+  # Sets flash message if is_flashing_format? equals true
+  def set_flash_message!(key, kind, options = {})
+    if is_flashing_format?
+      set_flash_message(key, kind, options)
+    end
+  end
+
   # Sets minimum password length to show to user
   def set_minimum_password_length
     if devise_mapping.validatable?

app/views/devise/confirmations/new.html.erb

@@ -5,7 +5,7 @@
 
   <div class="field">
     <%= f.label :email %><br />
-    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %> 
+    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
   </div>
 
   <div class="actions">

bin/test

@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+$: << File.expand_path(File.expand_path('../../test', __FILE__))
+
+require 'bundler/setup'
+begin
+  require 'rails/test_unit/minitest_plugin'
+rescue LoadError
+  exec 'rake'
+end
+
+Rails::TestUnitReporter.executable = 'bin/test'
+
+exit Minitest.run(ARGV)

gemfiles/Gemfile.rails-4.1-stable

@@ -1,10 +1,10 @@
 source "https://rubygems.org"
 
-gemspec path: '..'
+gemspec path: ".."
 
-gem "rails", github: 'rails/rails', branch: '4-1-stable'
-gem "omniauth", "~> 1.2.0"
-gem "omniauth-oauth2", "~> 1.1.0"
+gem "rails", github: "rails/rails", branch: "4-1-stable"
+gem "omniauth", "~> 1.3"
+gem "omniauth-oauth2", "~> 1.4"
 gem "rdoc"
 
 group :test do

gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,54 +1,54 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: e8eda76893479a29ace8d85cf4e4cfc67cd6fd4b
+  revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
   branch: 4-1-stable
   specs:
-    actionmailer (4.1.14.1)
-      actionpack (= 4.1.14.1)
-      actionview (= 4.1.14.1)
+    actionmailer (4.1.15)
+      actionpack (= 4.1.15)
+      actionview (= 4.1.15)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.14.1)
-      actionview (= 4.1.14.1)
-      activesupport (= 4.1.14.1)
+    actionpack (4.1.15)
+      actionview (= 4.1.15)
+      activesupport (= 4.1.15)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    actionview (4.1.14.1)
-      activesupport (= 4.1.14.1)
+    actionview (4.1.15)
+      activesupport (= 4.1.15)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-    activemodel (4.1.14.1)
-      activesupport (= 4.1.14.1)
+    activemodel (4.1.15)
+      activesupport (= 4.1.15)
       builder (~> 3.1)
-    activerecord (4.1.14.1)
-      activemodel (= 4.1.14.1)
-      activesupport (= 4.1.14.1)
+    activerecord (4.1.15)
+      activemodel (= 4.1.15)
+      activesupport (= 4.1.15)
       arel (~> 5.0.0)
-    activesupport (4.1.14.1)
+    activesupport (4.1.15)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.1)
       tzinfo (~> 1.1)
-    rails (4.1.14.1)
-      actionmailer (= 4.1.14.1)
-      actionpack (= 4.1.14.1)
-      actionview (= 4.1.14.1)
-      activemodel (= 4.1.14.1)
-      activerecord (= 4.1.14.1)
-      activesupport (= 4.1.14.1)
+    rails (4.1.15)
+      actionmailer (= 4.1.15)
+      actionpack (= 4.1.15)
+      actionview (= 4.1.15)
+      activemodel (= 4.1.15)
+      activerecord (= 4.1.15)
+      activesupport (= 4.1.15)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.14.1)
+      railties (= 4.1.15)
       sprockets-rails (~> 2.0)
-    railties (4.1.14.1)
-      actionpack (= 4.1.14.1)
-      activesupport (= 4.1.14.1)
+    railties (4.1.15)
+      actionpack (= 4.1.15)
+      activesupport (= 4.1.15)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 PATH
   remote: ..
   specs:
-    devise (4.0.0.rc1)
+    devise (4.0.0.rc2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -59,10 +59,10 @@ GEM
   remote: https://rubygems.org/
   specs:
     arel (5.0.1.20140414130214)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.1)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -70,11 +70,11 @@ GEM
     hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.2)
+    jwt (1.5.1)
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.99)
+    mime-types (2.99.1)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -93,21 +93,19 @@ GEM
     multipart-post (2.0.0)
     nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
-    oauth2 (0.9.4)
+    oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
       hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-facebook (1.6.0)
-      omniauth-oauth2 (~> 1.1)
-    omniauth-oauth2 (1.1.2)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
-      oauth2 (~> 0.9.3)
+      rack (>= 1.0, < 3)
+    omniauth-facebook (3.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
       omniauth (~> 1.2)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
@@ -121,8 +119,9 @@ GEM
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rake (10.5.0)
-    rdoc (4.2.1)
+    rake (11.0.1)
+    rdoc (4.2.2)
+      json (~> 1.4)
     responders (1.1.2)
       railties (>= 3.2, < 4.2)
     ruby-openid (2.7.0)
@@ -155,9 +154,9 @@ DEPENDENCIES
   jruby-openssl
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
-  omniauth (~> 1.2.0)
+  omniauth (~> 1.3)
   omniauth-facebook
-  omniauth-oauth2 (~> 1.1.0)
+  omniauth-oauth2 (~> 1.4)
   omniauth-openid (~> 1.0.1)
   rails!
   rdoc

gemfiles/Gemfile.rails-4.2-stable

@@ -1,10 +1,10 @@
 source "https://rubygems.org"
 
-gemspec path: '..'
+gemspec path: ".."
 
-gem "rails", github: 'rails/rails', branch: '4-2-stable'
-gem "omniauth", "~> 1.2.2"
-gem "omniauth-oauth2", "~> 1.2.0"
+gem "rails", github: "rails/rails", branch: "4-2-stable"
+gem "omniauth", "~> 1.3"
+gem "omniauth-oauth2", "~> 1.4"
 gem "rdoc"
 
 group :test do

gemfiles/Gemfile.rails-4.2-stable.lock

@@ -1,64 +1,64 @@
 GIT
   remote: git://github.com/rails/rails.git
-  revision: acf654b1c4a1ffe2a90d6ea63a0b989d656bb87d
+  revision: 2aa27582c202148296bb169159b0bf9a47a7bd80
   branch: 4-2-stable
   specs:
-    actionmailer (4.2.5.1)
-      actionpack (= 4.2.5.1)
-      actionview (= 4.2.5.1)
-      activejob (= 4.2.5.1)
+    actionmailer (4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.5.1)
-      actionview (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    actionpack (4.2.6)
+      actionview (= 4.2.6)
+      activesupport (= 4.2.6)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.5.1)
-      activesupport (= 4.2.5.1)
+    actionview (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.5.1)
-      activesupport (= 4.2.5.1)
+    activejob (4.2.6)
+      activesupport (= 4.2.6)
       globalid (>= 0.3.0)
-    activemodel (4.2.5.1)
-      activesupport (= 4.2.5.1)
+    activemodel (4.2.6)
+      activesupport (= 4.2.6)
       builder (~> 3.1)
-    activerecord (4.2.5.1)
-      activemodel (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    activerecord (4.2.6)
+      activemodel (= 4.2.6)
+      activesupport (= 4.2.6)
       arel (~> 6.0)
-    activesupport (4.2.5.1)
+    activesupport (4.2.6)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    rails (4.2.5.1)
-      actionmailer (= 4.2.5.1)
-      actionpack (= 4.2.5.1)
-      actionview (= 4.2.5.1)
-      activejob (= 4.2.5.1)
-      activemodel (= 4.2.5.1)
-      activerecord (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    rails (4.2.6)
+      actionmailer (= 4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
+      activemodel (= 4.2.6)
+      activerecord (= 4.2.6)
+      activesupport (= 4.2.6)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.5.1)
+      railties (= 4.2.6)
       sprockets-rails
-    railties (4.2.5.1)
-      actionpack (= 4.2.5.1)
-      activesupport (= 4.2.5.1)
+    railties (4.2.6)
+      actionpack (= 4.2.6)
+      activesupport (= 4.2.6)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
 
 PATH
   remote: ..
   specs:
-    devise (4.0.0.rc1)
+    devise (4.0.0.rc2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -69,10 +69,10 @@ GEM
   remote: https://rubygems.org/
   specs:
     arel (6.0.3)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     bson (3.2.6)
     builder (3.2.2)
-    concurrent-ruby (1.0.0)
+    concurrent-ruby (1.0.1)
     connection_pool (2.2.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -82,13 +82,13 @@ GEM
     hashie (3.4.3)
     i18n (0.7.0)
     json (1.8.3)
-    jwt (1.5.2)
+    jwt (1.5.1)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     metaclass (0.0.4)
-    mime-types (2.99)
+    mime-types (2.99.1)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -107,20 +107,18 @@ GEM
     multipart-post (2.0.0)
     nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
-    oauth2 (1.0.0)
+    oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
       hashie (>= 1.2, < 4)
-      rack (~> 1.0)
+      rack (>= 1.0, < 3)
     omniauth-facebook (3.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
+    omniauth-oauth2 (1.4.0)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
     omniauth-openid (1.0.1)
@@ -143,15 +141,16 @@ GEM
       rails-deprecated_sanitizer (>= 1.0.1)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    rake (10.5.0)
-    rdoc (4.2.1)
+    rake (11.0.1)
+    rdoc (4.2.2)
+      json (~> 1.4)
     responders (2.1.1)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
     sprockets (3.5.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.0.4)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -177,9 +176,9 @@ DEPENDENCIES
   jruby-openssl
   mocha (~> 1.1)
   mongoid (~> 4.0.0)
-  omniauth (~> 1.2.2)
+  omniauth (~> 1.3)
   omniauth-facebook
-  omniauth-oauth2 (~> 1.2.0)
+  omniauth-oauth2 (~> 1.4)
   omniauth-openid (~> 1.0.1)
   rails!
   rdoc

gemfiles/Gemfile.rails-5.0-beta

@@ -1,37 +1,37 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
-gemspec path: '..'
+gemspec path: ".."
 
-gem 'rails', '5.0.0.beta1.1'
-gem 'omniauth', '~>1.3.1'
-gem 'oauth2', github: 'intridea/oauth2', branch: 'master'
-gem 'omniauth-oauth2', '>= 1.2.0', '< 1.5.0'
-gem 'rdoc'
+gem "rails", "5.0.0.beta3"
+gem "omniauth", " ~>1.3"
+gem "oauth2"
+gem "omniauth-oauth2", ">= 1.2.0", "< 1.5.0"
+gem "rdoc"
 
-gem 'activemodel-serializers-xml', github: 'rails/activemodel-serializers-xml'
+gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
 
-gem 'rails-controller-testing'
+gem "rails-controller-testing"
 
-gem 'responders', '~>2.1.1'
+gem "responders", "~> 2.1.1"
 
 group :test do
-  gem 'omniauth-facebook'
-  gem 'omniauth-openid', '~> 1.0.1'
-  gem 'webrat', '0.7.3', require: false
-  gem 'mocha', '~> 1.1', require: false
+  gem "omniauth-facebook"
+  gem "omniauth-openid", "~> 1.0.1"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
 end
 
 platforms :jruby do
-  gem 'activerecord-jdbc-adapter'
-  gem 'activerecord-jdbcsqlite3-adapter'
-  gem 'jruby-openssl'
+  gem "activerecord-jdbc-adapter"
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jruby-openssl"
 end
 
 platforms :ruby do
-  gem 'sqlite3'
+  gem "sqlite3"
 end
 
 # TODO:
 # group :mongoid do
-#   gem 'mongoid', '~> 4.0.0'
+#   gem "mongoid", "~> 4.0.0"
 # end

gemfiles/Gemfile.rails-5.0-beta.lock

@@ -1,28 +1,17 @@
-GIT
-  remote: git://github.com/intridea/oauth2.git
-  revision: 43e1fdd87e95a5b02438d5cce6a67e411afb5fec
-  branch: master
-  specs:
-    oauth2 (1.0.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0, < 1.5.2)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-
 GIT
   remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 1f72d9507c91b1cda10d1d20eac2b74dd6d9d4b9
+  revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a
   specs:
-    activemodel-serializers-xml (0.1.0)
-      activemodel
-      activerecord
-      activesupport
+    activemodel-serializers-xml (1.0.0)
+      activemodel (> 5.x)
+      activerecord (> 5.x)
+      activesupport (> 5.x)
+      builder (~> 3.1)
 
 PATH
   remote: ..
   specs:
-    devise (4.0.0.rc1)
+    devise (4.0.0.rc2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0, < 5.1)
@@ -32,104 +21,65 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.0.0.beta1.1)
-      actionpack (= 5.0.0.beta1.1)
-      celluloid (~> 0.17.2)
-      coffee-rails (~> 4.1.0)
-      em-hiredis (~> 0.3.0)
-      faye-websocket (~> 0.10.0)
-      redis (~> 3.0)
+    actioncable (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      nio4r (~> 1.2)
       websocket-driver (~> 0.6.1)
-    actionmailer (5.0.0.beta1.1)
-      actionpack (= 5.0.0.beta1.1)
-      actionview (= 5.0.0.beta1.1)
-      activejob (= 5.0.0.beta1.1)
+    actionmailer (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activejob (= 5.0.0.beta3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (5.0.0.beta1.1)
-      actionview (= 5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    actionpack (5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       rack (~> 2.x)
       rack-test (~> 0.6.3)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    actionview (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    activejob (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       globalid (>= 0.3.6)
-    activemodel (5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
-      builder (~> 3.1)
-    activerecord (5.0.0.beta1.1)
-      activemodel (= 5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    activemodel (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+    activerecord (5.0.0.beta3)
+      activemodel (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       arel (~> 7.0)
-    activesupport (5.0.0.beta1.1)
+    activesupport (5.0.0.beta3)
       concurrent-ruby (~> 1.0)
       i18n (~> 0.7)
-      json (~> 1.7, >= 1.7.7)
-      method_source
       minitest (~> 5.1)
       tzinfo (~> 1.1)
     arel (7.0.0)
-    bcrypt (3.1.10)
+    bcrypt (3.1.11)
     builder (3.2.2)
-    celluloid (0.17.3)
-      celluloid-essentials
-      celluloid-extras
-      celluloid-fsm
-      celluloid-pool
-      celluloid-supervision
-      timers (>= 4.1.1)
-    celluloid-essentials (0.20.5)
-      timers (>= 4.1.1)
-    celluloid-extras (0.20.5)
-      timers (>= 4.1.1)
-    celluloid-fsm (0.20.5)
-      timers (>= 4.1.1)
-    celluloid-pool (0.20.5)
-      timers (>= 4.1.1)
-    celluloid-supervision (0.20.5)
-      timers (>= 4.1.1)
-    coffee-rails (4.1.1)
-      coffee-script (>= 2.2.0)
-      railties (>= 4.0.0, < 5.1.x)
-    coffee-script (2.4.1)
-      coffee-script-source
-      execjs
-    coffee-script-source (1.10.0)
-    concurrent-ruby (1.0.0)
-    em-hiredis (0.3.0)
-      eventmachine (~> 1.0)
-      hiredis (~> 0.5.0)
+    concurrent-ruby (1.0.1)
     erubis (2.7.0)
-    eventmachine (1.0.9.1)
-    execjs (2.6.0)
     faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    faye-websocket (0.10.2)
-      eventmachine (>= 0.12.0)
-      websocket-driver (>= 0.5.1)
     globalid (0.3.6)
       activesupport (>= 4.1.0)
     hashie (3.4.3)
-    hiredis (0.5.2)
-    hitimes (1.2.3)
     i18n (0.7.0)
     json (1.8.3)
     jwt (1.5.1)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.3)
-      mime-types (>= 1.16, < 3)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
     metaclass (0.0.4)
     method_source (0.8.2)
-    mime-types (2.99)
+    mime-types (3.0)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0221)
     mini_portile2 (2.0.0)
     minitest (5.8.4)
     mocha (1.1.0)
@@ -137,8 +87,15 @@ GEM
     multi_json (1.11.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
+    nio4r (1.2.1)
     nokogiri (1.6.7.2)
       mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0, < 1.5.2)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
     omniauth (1.3.1)
       hashie (>= 1.2, < 4)
       rack (>= 1.0, < 3)
@@ -158,20 +115,22 @@ GEM
       ruby-openid (>= 2.1.8)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (5.0.0.beta1.1)
-      actioncable (= 5.0.0.beta1.1)
-      actionmailer (= 5.0.0.beta1.1)
-      actionpack (= 5.0.0.beta1.1)
-      actionview (= 5.0.0.beta1.1)
-      activejob (= 5.0.0.beta1.1)
-      activemodel (= 5.0.0.beta1.1)
-      activerecord (= 5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    rails (5.0.0.beta3)
+      actioncable (= 5.0.0.beta3)
+      actionmailer (= 5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activejob (= 5.0.0.beta3)
+      activemodel (= 5.0.0.beta3)
+      activerecord (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.0.beta1.1)
+      railties (= 5.0.0.beta3)
       sprockets-rails (>= 2.0.0)
-    rails-controller-testing (0.0.3)
-      rails (>= 4.2)
+    rails-controller-testing (0.1.1)
+      actionpack (~> 5.x)
+      actionview (~> 5.x)
+      activesupport (~> 5.x)
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
     rails-dom-testing (1.0.7)
@@ -180,30 +139,28 @@ GEM
       rails-deprecated_sanitizer (>= 1.0.1)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    railties (5.0.0.beta1.1)
-      actionpack (= 5.0.0.beta1.1)
-      activesupport (= 5.0.0.beta1.1)
+    railties (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.5.0)
-    rdoc (4.2.1)
-    redis (3.2.2)
-    responders (2.1.1)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.1.2)
       railties (>= 4.2.0, < 5.1)
     ruby-openid (2.7.0)
-    sprockets (3.5.2)
+    sprockets (3.6.0)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.0.0)
+    sprockets-rails (3.0.4)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.3.11)
     thor (0.19.1)
     thread_safe (0.3.5)
-    timers (4.1.1)
-      hitimes
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
     warden (1.2.6)
@@ -226,12 +183,12 @@ DEPENDENCIES
   devise!
   jruby-openssl
   mocha (~> 1.1)
-  oauth2!
-  omniauth (~> 1.3.1)
+  oauth2
+  omniauth (~> 1.3)
   omniauth-facebook
   omniauth-oauth2 (>= 1.2.0, < 1.5.0)
   omniauth-openid (~> 1.0.1)
-  rails (= 5.0.0.beta1.1)
+  rails (= 5.0.0.beta3)
   rails-controller-testing
   rdoc
   responders (~> 2.1.1)

lib/devise.rb

@@ -53,6 +53,12 @@ module Devise
   # True values used to check params
   TRUE_VALUES = [true, 1, '1', 't', 'T', 'true', 'TRUE']
 
+  # Track the configs that user explicit changed the default value. It is
+  # helpfull to not warn users about default values changing when they willing
+  # changed.
+  mattr_accessor :app_set_configs
+  @@app_set_configs = Set.new
+
   # Secret key used by the key generator
   mattr_accessor :secret_key
   @@secret_key = nil
@@ -61,9 +67,9 @@ module Devise
   mattr_accessor :rememberable_options
   @@rememberable_options = {}
 
-  # The number of times to encrypt password.
+  # The number of times to hash the password.
   mattr_accessor :stretches
-  @@stretches = 10
+  @@stretches = 11
 
   # The default key used when authenticating over http auth.
   mattr_accessor :http_authentication_key
@@ -82,9 +88,20 @@ module Devise
   @@case_insensitive_keys = [:email]
 
   # Keys that should have whitespace stripped.
-  mattr_accessor :strip_whitespace_keys
+  # TODO: 4.1 Do: @@strip_whitespace_keys = [:email]
+  mattr_reader :strip_whitespace_keys
   @@strip_whitespace_keys = []
 
+  def self.strip_whitespace_keys=(strip_whitespace_keys)
+    app_set_configs << :strip_whitespace_keys
+    @@strip_whitespace_keys = strip_whitespace_keys
+  end
+
+  def strip_whitespace_keys=(strip_whitespace_keys)
+    app_set_configs << :strip_whitespace_keys
+    @@strip_whitespace_keys = strip_whitespace_keys
+  end
+
   # If http authentication is enabled by default.
   mattr_accessor :http_authenticatable
   @@http_authenticatable = false
@@ -104,9 +121,20 @@ module Devise
   # Email regex used to validate email formats. It simply asserts that
   # an one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
-  mattr_accessor :email_regexp
+  # TODO: 4.1 Do: @@email_regexp = [/\A[^@\s]+@[^@\s]+\z/]
+  mattr_reader :email_regexp
   @@email_regexp = /\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/
 
+  def self.email_regexp=(email_regexp)
+    app_set_configs << :email_regexp
+    @@email_regexp = email_regexp
+  end
+
+  def email_regexp=(email_regexp)
+    app_set_configs << :email_regexp
+    @@email_regexp = email_regexp
+  end
+
   # Range validation for password length
   mattr_accessor :password_length
   @@password_length = 6..128
@@ -115,7 +143,6 @@ module Devise
   mattr_accessor :remember_for
   @@remember_for = 2.weeks
 
-  # TODO: extend_remember_period is no longer used
   # If true, extends the user's remember period when remembered via cookie.
   mattr_accessor :extend_remember_period
   @@extend_remember_period = false
@@ -139,14 +166,25 @@ module Devise
 
   # Defines if email should be reconfirmable.
   # False by default for backwards compatibility.
-  mattr_accessor :reconfirmable
+  # TODO: 4.1 Do: @@reconfirmable = true
+  mattr_reader :reconfirmable
   @@reconfirmable = false
 
+  def self.reconfirmable=(reconfirmable)
+    app_set_configs << :reconfirmable
+    @@reconfirmable = reconfirmable
+  end
+
+  def reconfirmable=(reconfirmable)
+    app_set_configs << :reconfirmable
+    @@reconfirmable = reconfirmable
+  end
+
   # Time interval to timeout the user session without activity.
   mattr_accessor :timeout_in
   @@timeout_in = 30.minutes
 
-  # Used to encrypt password. Please generate one with rake secret.
+  # Used to hash the password. Please generate one with rake secret.
   mattr_accessor :pepper
   @@pepper = nil
 
@@ -202,9 +240,20 @@ module Devise
   @@mailer_sender = nil
 
   # Skip session storage for the following strategies
-  mattr_accessor :skip_session_storage
+  # TODO: 4.1 Do: @@skip_session_storage = [:http_auth]
+  mattr_reader :skip_session_storage
   @@skip_session_storage = []
 
+  def self.skip_session_storage=(skip_session_storage)
+    app_set_configs << :skip_session_storage
+    @@skip_session_storage = skip_session_storage
+  end
+
+  def skip_session_storage=(skip_session_storage)
+    app_set_configs << :skip_session_storage
+    @@skip_session_storage = skip_session_storage
+  end
+
   # Which formats should be treated as navigational.
   mattr_accessor :navigational_formats
   @@navigational_formats = ["*/*", :html]
@@ -214,9 +263,20 @@ module Devise
   @@sign_out_all_scopes = true
 
   # The default method used while signing out
-  mattr_accessor :sign_out_via
+  # TODO: 4.1 Do: @@sign_out_via = :delete
+  mattr_reader :sign_out_via
   @@sign_out_via = :get
 
+  def self.sign_out_via=(sign_out_via)
+    app_set_configs << :sign_out_via
+    @@sign_out_via = sign_out_via
+  end
+
+  def sign_out_via=(sign_out_via)
+    app_set_configs << :sign_out_via
+    @@sign_out_via = sign_out_via
+  end
+
   # The parent controller all Devise controllers inherits from.
   # Defaults to ApplicationController. This should be set early
   # in the initialization process and should be set to a string.
@@ -276,10 +336,36 @@ module Devise
   mattr_accessor :token_generator
   @@token_generator = nil
 
-  # Default way to setup Devise. Run rails generate devise_install to create
+  # Default way to set up Devise. Run rails generate devise_install to create
   # a fresh initializer with all configuration values.
   def self.setup
     yield self
+
+    warn_default_config_changed(:email_regexp, '/\A[^@\s]+@([^@\s]+\.)+[^@\W]+\z/', '/\A[^@\s]+@[^@\s]+\z/')
+    warn_default_config_changed(:reconfirmable, 'false', 'true')
+    warn_default_config_changed(:sign_out_via, ':get', ':delete')
+    warn_default_config_changed(:skip_session_storage, '[]', '[:http_auth]')
+    warn_default_config_changed(:strip_whitespace_keys, '[]', '[:email]')
+  end
+
+  def self.warn_default_config_changed(config, current_default, new_default)
+    unless app_set_configs.include?(config)
+      warn = <<-MESSAGE.strip_heredoc
+        [Devise] config.#{config} will have a new default on Devise 4.1
+        To keep the current behavior please set in your config/initializers/devise.rb the following:
+
+          Devise.setup do |config|
+            config.#{config} = #{current_default}
+          end
+
+        If you want to use the new default:
+
+          Devise.setup do |config|
+            config.#{config} = #{new_default}
+          end
+      MESSAGE
+      ActiveSupport::Deprecation.warn(warn)
+    end
   end
 
   class Getter

lib/devise/controllers/helpers.rb

@@ -150,7 +150,7 @@ module Devise
         is_a?(::DeviseController)
       end
 
-      # Setup a param sanitizer to filter parameters using strong_parameters. See
+      # Set up a param sanitizer to filter parameters using strong_parameters. See
       # lib/devise/parameter_sanitizer.rb for more info. Override this
       # method in your application controller to use your own parameter sanitizer.
       def devise_parameter_sanitizer
@@ -271,12 +271,6 @@ module Devise
 
       private
 
-      def expire_session_data_after_sign_in!
-        ActiveSupport::Deprecation.warn "expire_session_data_after_sign_in! is deprecated " \
-          "in favor of expire_data_after_sign_in!"
-        expire_data_after_sign_in!
-      end
-
       def expire_data_after_sign_out!
         Devise.mappings.each { |_,m| instance_variable_set("@current_#{m.name}", nil) }
         super

lib/devise/encryptor.rb

@@ -9,14 +9,14 @@ module Devise
       ::BCrypt::Password.create(password, cost: klass.stretches).to_s
     end
 
-    def self.compare(klass, encrypted_password, password)
-      return false if encrypted_password.blank?
-      bcrypt   = ::BCrypt::Password.new(encrypted_password)
+    def self.compare(klass, hashed_password, password)
+      return false if hashed_password.blank?
+      bcrypt   = ::BCrypt::Password.new(hashed_password)
       if klass.pepper.present?
         password = "#{password}#{klass.pepper}"
       end
       password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
-      Devise.secure_compare(password, encrypted_password)
+      Devise.secure_compare(password, hashed_password)
     end
   end
 end

lib/devise/failure_app.rb

@@ -140,11 +140,10 @@ module Devise
 
       config = Rails.application.config
 
-      # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
-      if (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
-        opts[:script_name] = (config.relative_url_root if config.respond_to?(:relative_url_root))
-      else
-        if config.respond_to?(:relative_url_root) && config.relative_url_root.present?
+      if config.respond_to?(:relative_url_root)
+        # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
+        rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
+        if config.relative_url_root.present? || rails_4_2
           opts[:script_name] = config.relative_url_root
         end
       end

lib/devise/mailers/helpers.rb

@@ -64,7 +64,7 @@ module Devise
         template_path
       end
 
-      # Setup a subject doing an I18n lookup. At first, it attempts to set a subject
+      # Set up a subject doing an I18n lookup. At first, it attempts to set a subject
       # based on the current mapping:
       #
       #   en:

lib/devise/models/confirmable.rb

@@ -24,7 +24,7 @@ module Devise
     #     By default allow_unconfirmed_access_for is zero, it means users always have to confirm to sign in.
     #   * +reconfirmable+: requires any email changes to be confirmed (exactly the same way as
     #     initial account confirmation) to be applied. Requires additional unconfirmed_email
-    #     db field to be setup (t.reconfirmable in migrations). Until confirmed, new email is
+    #     db field to be set up (t.reconfirmable in migrations). Until confirmed, new email is
     #     stored in unconfirmed email column, and copied to email column on successful
     #     confirmation.
     #   * +confirm_within+: the time before a sent confirmation token becomes invalid.
@@ -75,7 +75,7 @@ module Devise
 
           self.confirmed_at = Time.now.utc
 
-          saved = if self.class.reconfirmable && unconfirmed_email.present?
+          saved = if pending_reconfirmation?
             skip_reconfirmation!
             self.email = unconfirmed_email
             self.unconfirmed_email = nil
@@ -179,7 +179,7 @@ module Devise
         # Checks if the confirmation for the user is within the limit time.
         # We do this by calculating if the difference between today and the
         # confirmation sent date does not exceed the confirm in time configured.
-        # Confirm_within is a model configuration, must always be an integer value.
+        # allow_unconfirmed_access_for is a model configuration, must always be an integer value.
         #
         # Example:
         #

lib/devise/models/database_authenticatable.rb

@@ -7,8 +7,8 @@ module Devise
   end
 
   module Models
-    # Authenticatable Module, responsible for encrypting password and validating
-    # authenticity of a user while signing in.
+    # Authenticatable Module, responsible for hashing the password and
+    # validating the authenticity of a user while signing in.
     #
     # == Options
     #
@@ -37,7 +37,9 @@ module Devise
         [:encrypted_password] + klass.authentication_keys
       end
 
-      # Generates password encryption based on the given value.
+      # Generates a hashed password based on the given value.
+      # For legacy reasons, we use `encrypted_password` to store
+      # the hashed password.
       def password=(new_password)
         attribute_will_change! 'password'
         @password = new_password
@@ -142,11 +144,11 @@ module Devise
 
     protected
 
-      # Digests the password using bcrypt. Custom encryption should override
+      # Hashes the password using bcrypt. Custom hash functions should override
       # this method to apply their own algorithm.
       #
       # See https://github.com/plataformatec/devise-encryptable for examples
-      # of other encryption engines.
+      # of other hashing engines.
       def password_digest(password)
         Devise::Encryptor.digest(self.class, password)
       end

lib/devise/models/lockable.rb

@@ -7,7 +7,7 @@ module Devise
     # blocked: email and time. The former will send an email to the user when
     # the lock happens, containing a link to unlock its account. The second
     # will unlock the user automatically after some configured time (ie 2.hours).
-    # It's also possible to setup lockable to use both email and time strategies.
+    # It's also possible to set up lockable to use both email and time strategies.
     #
     # == Options
     #

lib/devise/models/rememberable.rb

@@ -39,15 +39,13 @@ module Devise
     module Rememberable
       extend ActiveSupport::Concern
 
-      attr_accessor :remember_me, :extend_remember_period
+      attr_accessor :remember_me
 
       def self.required_fields(klass)
         [:remember_created_at]
       end
 
-      # TODO: We were used to receive a extend period argument but we no longer do.
-      # Remove this for Devise 4.0.
-      def remember_me!(*)
+      def remember_me!
         self.remember_token = self.class.remember_token if respond_to?(:remember_token)
         self.remember_created_at ||= Time.now.utc
         save(validate: false) if self.changed?
@@ -66,6 +64,10 @@ module Devise
         self.class.remember_for.from_now
       end
 
+      def extend_remember_period
+        self.class.extend_remember_period
+      end
+
       def rememberable_value
         if respond_to?(:remember_token)
           remember_token
@@ -147,9 +149,6 @@ module Devise
           end
         end
 
-        private
-
-        # TODO: extend_remember_period is no longer used
         Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
       end
     end

lib/devise/omniauth/url_helpers.rb

@@ -2,16 +2,74 @@ module Devise
   module OmniAuth
     module UrlHelpers
       def self.define_helpers(mapping)
+        return unless mapping.omniauthable?
+
+        mapping = mapping.name
+
+        class_eval do
+          define_method("#{mapping}_omniauth_authorize_path") do |provider, *args|
+            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
+            [Devise] #{mapping}_omniauth_authorize_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
+
+            Please use #{mapping}_#{provider}_omniauth_authorize_path instead.
+            DEPRECATION
+            send("#{mapping}_#{provider}_omniauth_authorize_path", *args)
+          end
+
+          define_method("#{mapping}_omniauth_authorize_url") do |provider, *args|
+            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
+            [Devise] #{mapping}_omniauth_authorize_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
+
+            Please use #{mapping}_#{provider}_omniauth_authorize_url instead.
+            DEPRECATION
+            send("#{mapping}_#{provider}_omniauth_authorize_url", *args)
+          end
+
+          define_method("#{mapping}_omniauth_callback_path") do |provider, *args|
+            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
+            [Devise] #{mapping}_omniauth_callback_path(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
+
+            Please use #{mapping}_#{provider}_omniauth_callback_path instead.
+            DEPRECATION
+            send("#{mapping}_#{provider}_omniauth_callback_path", *args)
+          end
+
+          define_method("#{mapping}_omniauth_callback_url") do |provider, *args|
+            ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc)
+            [Devise] #{mapping}_omniauth_callback_url(#{provider.inspect}) is deprecated and it will be removed from Devise 4.1.
+
+            Please use #{mapping}_#{provider}_omniauth_callback_url instead.
+            DEPRECATION
+            send("#{mapping}_#{provider}_omniauth_callback_url", *args)
+          end
+        end
+
+        ActiveSupport.on_load(:action_controller) do
+          if respond_to?(:helper_method)
+            helper_method "#{mapping}_omniauth_authorize_path", "#{mapping}_omniauth_authorize_url"
+            helper_method "#{mapping}_omniauth_callback_path", "#{mapping}_omniauth_callback_url"
+          end
+        end
       end
 
-      def omniauth_authorize_path(resource_or_scope, *args)
+      def omniauth_authorize_path(resource_or_scope, provider, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        _devise_route_context.send("#{scope}_omniauth_authorize_path", *args)
+        _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_path", *args)
       end
 
-      def omniauth_callback_path(resource_or_scope, *args)
+      def omniauth_authorize_url(resource_or_scope, provider, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        _devise_route_context.send("#{scope}_omniauth_callback_path", *args)
+        _devise_route_context.send("#{scope}_#{provider}_omniauth_authorize_url", *args)
+      end
+
+      def omniauth_callback_path(resource_or_scope, provider, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        _devise_route_context.send("#{scope}_#{provider}_omniauth_callback_path", *args)
+      end
+
+      def omniauth_callback_url(resource_or_scope, provider, *args)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        _devise_route_context.send("#{scope}_#{provider}_omniauth_callback_url", *args)
       end
     end
   end

lib/devise/parameter_sanitizer.rb

@@ -169,7 +169,7 @@ module Devise
         If you want to define a new set of parameters to be sanitized use the
         `permit` method first:
 
-          devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, param2, param3])
+          devise_parameter_sanitizer.permit(:#{action}, keys: [:param1, :param2, :param3])
       MESSAGE
     end
 

lib/devise/rails/routes.rb

@@ -87,17 +87,17 @@ module ActionDispatch::Routing
     #
     # You can configure your routes with some options:
     #
-    #  * class_name: setup a different class to be looked up by devise, if it cannot be
+    #  * class_name: set up a different class to be looked up by devise, if it cannot be
     #    properly found by the route name.
     #
     #      devise_for :users, class_name: 'Account'
     #
-    #  * path: allows you to setup path name that will be used, as rails routes does.
-    #    The following route configuration would setup your route as /accounts instead of /users:
+    #  * path: allows you to set up path name that will be used, as rails routes does.
+    #    The following route configuration would set up your route as /accounts instead of /users:
     #
     #      devise_for :users, path: 'accounts'
     #
-    #  * singular: setup the singular name for the given resource. This is used as the helper methods
+    #  * singular: set up the singular name for the given resource. This is used as the helper methods
     #    names in controller ("authenticate_#{singular}!", "#{singular}_signed_in?", "current_#{singular}"
     #    and "#{singular}_session"), as the scope name in routes and as the scope given to warden.
     #
@@ -441,19 +441,17 @@ ERROR
 
         set_omniauth_path_prefix!(path_prefix)
 
-        providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s))
+        mapping.to.omniauth_providers.each do |provider|
+          match "#{path_prefix}/#{provider}",
+            to: "#{controllers[:omniauth_callbacks]}#passthru",
+            as: "#{provider}_omniauth_authorize",
+            via: [:get, :post]
 
-        match "#{path_prefix}/:provider",
-          constraints: { provider: providers },
-          to: "#{controllers[:omniauth_callbacks]}#passthru",
-          as: :omniauth_authorize,
-          via: [:get, :post]
-
-        match "#{path_prefix}/:action/callback",
-          constraints: { action: providers },
-          to: "#{controllers[:omniauth_callbacks]}#:action",
-          as: :omniauth_callback,
-          via: [:get, :post]
+          match "#{path_prefix}/#{provider}/callback",
+            to: "#{controllers[:omniauth_callbacks]}##{provider}",
+            as: "#{provider}_omniauth_callback",
+            via: [:get, :post]
+        end
       ensure
         @scope = current_scope
       end

lib/devise/strategies/database_authenticatable.rb

@@ -6,15 +6,15 @@ module Devise
     class DatabaseAuthenticatable < Authenticatable
       def authenticate!
         resource  = password.present? && mapping.to.find_for_database_authentication(authentication_hash)
-        encrypted = false
+        hashed = false
 
-        if validate(resource){ encrypted = true; resource.valid_password?(password) }
+        if validate(resource){ hashed = true; resource.valid_password?(password) }
           remember_me(resource)
           resource.after_database_authentication
           success!(resource)
         end
 
-        mapping.to.new.password = password if !encrypted && Devise.paranoid
+        mapping.to.new.password = password if !hashed && Devise.paranoid
         fail(:not_found_in_database) unless resource
       end
     end

lib/devise/strategies/rememberable.rb

@@ -25,8 +25,7 @@ module Devise
         end
 
         if validate(resource)
-          remember_me(resource)
-          extend_remember_me_period(resource)
+          remember_me(resource) if extend_remember_me?(resource)
           resource.after_remembered
           success!(resource)
         end
@@ -43,10 +42,8 @@ module Devise
 
     private
 
-      def extend_remember_me_period(resource)
-        if resource.respond_to?(:extend_remember_period=)
-          resource.extend_remember_period = mapping.to.extend_remember_period
-        end
+      def extend_remember_me?(resource)
+        resource.respond_to?(:extend_remember_period) && resource.extend_remember_period
       end
 
       def remember_me?

lib/devise/test_helpers.rb

@@ -22,7 +22,7 @@ module Devise
       @response
     end
 
-    # We need to setup the environment variables and the response in the controller.
+    # We need to set up the environment variables and the response in the controller.
     def setup_controller_for_warden #:nodoc:
       @request.env['action_controller.instance'] = @controller
     end

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "4.0.0.rc1".freeze
+  VERSION = "4.0.0".freeze
 end

lib/generators/active_record/devise_generator.rb

@@ -11,9 +11,9 @@ module ActiveRecord
 
       def copy_devise_migration
         if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name))
-          migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb"
+          migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb", migration_version: migration_version
         else
-          migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb"
+          migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb", migration_version: migration_version
         end
       end
 
@@ -86,6 +86,12 @@ RUBY
         config = ActiveRecord::Base.configurations[Rails.env]
         config && config['adapter'] == 'postgresql'
       end
+
+     def migration_version
+       if rails5?
+         "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+       end
+     end
     end
   end
 end

lib/generators/active_record/templates/migration.rb

@@ -1,4 +1,4 @@
-class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
+class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
   def change
     create_table :<%= table_name %> do |t|
 <%= migration_data -%>

lib/generators/active_record/templates/migration_existing.rb

@@ -1,4 +1,4 @@
-class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
+class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
   def self.up
     change_table :<%= table_name %> do |t|
 <%= migration_data -%>

lib/generators/devise/install_generator.rb

@@ -3,6 +3,8 @@ require 'securerandom'
 
 module Devise
   module Generators
+    MissingORMError = Class.new(Thor::Error)
+
     class InstallGenerator < Rails::Generators::Base
       source_root File.expand_path("../../templates", __FILE__)
 
@@ -10,6 +12,19 @@ module Devise
       class_option :orm
 
       def copy_initializer
+        unless options[:orm]
+          raise MissingORMError, <<-ERROR.strip_heredoc
+          An ORM must be set to install Devise in your application.
+
+          Be sure to have an ORM like Active Record or Mongoid loaded in your
+          app or configure your own at `config/application.rb`.
+
+            config.generators do |g|
+              g.orm :your_orm_gem
+            end
+          ERROR
+        end
+
         template "devise.rb", "config/initializers/devise.rb"
       end
 

lib/generators/devise/orm_helpers.rb

@@ -15,7 +15,7 @@ CONTENT
       private
 
       def model_exists?
-        File.exists?(File.join(destination_root, model_path))
+        File.exist?(File.join(destination_root, model_path))
       end
 
       def migration_exists?(table_name)

lib/generators/templates/devise.rb

@@ -91,17 +91,17 @@ Devise.setup do |config|
   # config.clean_up_csrf_token_on_authentication = true
 
   # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
-  # using other encryptors, it sets how many times you want the password re-encrypted.
+  # For bcrypt, this is the cost for hashing the password and defaults to 11. If
+  # using other algorithms, it sets how many times you want the password to be hashed.
   #
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
   # a value less than 10 in other environments. Note that, for bcrypt (the default
-  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # algorithm), the cost increases exponentially with the number of stretches (e.g.
   # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 10
+  config.stretches = Rails.env.test? ? 1 : 11
 
-  # Setup a pepper to generate the encrypted password.
+  # Set up a pepper to generate the hashed password.
   # config.pepper = '<%= SecureRandom.hex(64) %>'
 
   # Send a notification email when the user's password is changed
@@ -148,12 +148,12 @@ Devise.setup do |config|
 
   # ==> Configuration for :validatable
   # Range for password length.
-  config.password_length = 8..72
+  config.password_length = 6..128
 
   # Email regex used to validate email formats. It simply asserts that
   # one (and only one) @ exists in the given string. This is mainly
   # to give user feedback and not to assert the e-mail validity.
-  # config.email_regexp = /\A[^@]+@[^@]+\z/
+  config.email_regexp = /\A[^@]+@[^@]+\z/
 
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
@@ -201,11 +201,11 @@ Devise.setup do |config|
   # config.sign_in_after_reset_password = true
 
   # ==> Configuration for :encryptable
-  # Allow you to use another encryption algorithm besides bcrypt (default). You can use
-  # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
-  # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
-  # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
-  # REST_AUTH_SITE_KEY to pepper).
+  # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
+  # You can use :sha1, :sha512 or algorithms from others authentication tools as
+  # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
+  # for default behavior) and :restful_authentication_sha1 (then you should set
+  # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
   #
   # Require the `devise-encryptable` gem when using anything other than bcrypt
   # config.encryptor = :sha512

test/devise_test.rb

@@ -35,6 +35,33 @@ class DeviseTest < ActiveSupport::TestCase
     end
   end
 
+  test 'setup block warns about defaults changing' do
+    Devise.app_set_configs = Set.new
+
+    ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /email_regexp/ }
+    ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /reconfirmable/ }
+    ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /sign_out_via/ }
+    ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /skip_session_storage/ }
+    ActiveSupport::Deprecation.expects(:warn).with() { |value| value =~ /strip_whitespace_keys/ }
+
+    Devise.setup do
+    end
+  end
+
+  test 'setup block doest not warns when the change is explicit set' do
+    ActiveSupport::Deprecation.expects(:warn).never
+
+    swap Devise,
+        email_regexp: /@/,
+        reconfirmable: false,
+        sign_out_via: :get,
+        skip_session_storage: [],
+        strip_whitespace_keys: [] do
+        Devise.setup do
+        end
+    end
+  end
+
   test 'stores warden configuration' do
     assert_kind_of Devise::Delegator, Devise.warden_config.failure_app
     assert_equal :user, Devise.warden_config.default_scope

test/failure_app_test.rb

@@ -160,7 +160,7 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal 'text/html; charset=utf-8', @response.second['Content-Type']
     end
 
-    test 'setup a default message' do
+    test 'set up a default message' do
       call_failure
       assert_match(/You are being/, @response.last.body)
       assert_match(/redirected/, @response.last.body)

test/generators/install_generator_test.rb

@@ -5,9 +5,20 @@ class InstallGeneratorTest < Rails::Generators::TestCase
   destination File.expand_path("../../tmp", __FILE__)
   setup :prepare_destination
 
-  test "Assert all files are properly created" do
-    run_generator
-    assert_file "config/initializers/devise.rb"
+  test "assert all files are properly created" do
+    run_generator(["--orm=active_record"])
+    assert_file "config/initializers/devise.rb", /devise\/orm\/active_record/
     assert_file "config/locales/devise.en.yml"
   end
+
+  test "fails if no ORM is specified" do
+    stderr = capture(:stderr) do
+      run_generator
+    end
+
+    assert_match %r{An ORM must be set to install Devise}, stderr
+
+    assert_no_file "config/initializers/devise.rb"
+    assert_no_file "config/locales/devise.en.yml"
+  end
 end

test/integration/rememberable_test.rb

@@ -94,7 +94,6 @@ class RememberMeTest < Devise::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
     assert warden.user(:user) == user
-    assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
   end
 
   test 'remember the user before sign up and redirect them to their home' do
@@ -120,6 +119,40 @@ class RememberMeTest < Devise::IntegrationTest
     end
   end
 
+  test 'extends remember period when extend remember period config is true' do
+    swap Devise, extend_remember_period: true, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      refute_equal old_remember_token, current_remember_token
+    end
+  end
+
+  test 'does not extend remember period when extend period config is false' do
+    swap Devise, extend_remember_period: false, remember_for: 1.year do
+      user = create_user_and_remember
+      old_remember_token = nil
+
+      travel_to 1.day.ago do
+        get root_path
+        old_remember_token = request.cookies['remember_user_token']
+      end
+
+      get root_path
+      current_remember_token = request.cookies['remember_user_token']
+
+      assert_equal old_remember_token, current_remember_token
+    end
+  end
+
   test 'do not remember other scopes' do
     create_user_and_remember
     get root_path

test/mailers/confirmation_instructions_test.rb

@@ -37,16 +37,16 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     assert_equal [user.email], mail.to
   end
 
-  test 'setup sender from configuration' do
+  test 'set up sender from configuration' do
     assert_equal ['test@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults' do
+  test 'set up sender from custom mailer defaults' do
     Devise.mailer = 'Users::Mailer'
     assert_equal ['custom@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults with proc' do
+  test 'set up sender from custom mailer defaults with proc' do
     Devise.mailer = 'Users::FromProcMailer'
     assert_equal ['custom@example.com'], mail.from
   end
@@ -56,17 +56,17 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     assert_present mail.body.encoded
   end
 
-  test 'setup reply to as copy from sender' do
+  test 'set up reply to as copy from sender' do
     assert_equal ['test@example.com'], mail.reply_to
   end
 
-  test 'setup reply to as different if set in defaults' do
+  test 'set up reply to as different if set in defaults' do
     Devise.mailer = 'Users::ReplyToMailer'
     assert_equal ['custom@example.com'], mail.from
     assert_equal ['custom_reply_to@example.com'], mail.reply_to
   end
 
-  test 'setup subject from I18n' do
+  test 'set up subject from I18n' do
     store_translations :en, devise: { mailer: { confirmation_instructions: { subject: 'Account Confirmation' } } } do
       assert_equal 'Account Confirmation', mail.subject
     end

test/mailers/reset_password_instructions_test.rb

@@ -39,16 +39,16 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     assert_equal [user.email], mail.to
   end
 
-  test 'setup sender from configuration' do
+  test 'set up sender from configuration' do
     assert_equal ['test@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults' do
+  test 'set up sender from custom mailer defaults' do
     Devise.mailer = 'Users::Mailer'
     assert_equal ['custom@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults with proc' do
+  test 'set up sender from custom mailer defaults with proc' do
     Devise.mailer = 'Users::FromProcMailer'
     assert_equal ['custom@example.com'], mail.from
   end
@@ -58,11 +58,11 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     assert_present mail.body.encoded
   end
 
-  test 'setup reply to as copy from sender' do
+  test 'set up reply to as copy from sender' do
     assert_equal ['test@example.com'], mail.reply_to
   end
 
-  test 'setup subject from I18n' do
+  test 'set up subject from I18n' do
     store_translations :en, devise: { mailer: { reset_password_instructions: { subject: 'Reset instructions' } } } do
       assert_equal 'Reset instructions', mail.subject
     end

test/mailers/unlock_instructions_test.rb

@@ -40,16 +40,16 @@ class UnlockInstructionsTest < ActionMailer::TestCase
     assert_equal [user.email], mail.to
   end
 
-  test 'setup sender from configuration' do
+  test 'set up sender from configuration' do
     assert_equal ['test@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults' do
+  test 'set up sender from custom mailer defaults' do
     Devise.mailer = 'Users::Mailer'
     assert_equal ['custom@example.com'], mail.from
   end
 
-  test 'setup sender from custom mailer defaults with proc' do
+  test 'set up sender from custom mailer defaults with proc' do
     Devise.mailer = 'Users::FromProcMailer'
     assert_equal ['custom@example.com'], mail.from
   end
@@ -59,11 +59,11 @@ class UnlockInstructionsTest < ActionMailer::TestCase
     assert_present mail.body.encoded
   end
 
-  test 'setup reply to as copy from sender' do
+  test 'set up reply to as copy from sender' do
     assert_equal ['test@example.com'], mail.reply_to
   end
 
-  test 'setup subject from I18n' do
+  test 'set up subject from I18n' do
     store_translations :en, devise: { mailer: { unlock_instructions:  { subject: 'Yo unlock instructions' } } } do
       assert_equal 'Yo unlock instructions', mail.subject
     end

test/models/confirmable_test.rb

@@ -188,7 +188,7 @@ class ConfirmableTest < ActiveSupport::TestCase
 
   test 'confirm time should fallback to devise confirm in default configuration' do
     swap Devise, allow_unconfirmed_access_for: 1.day do
-      user = new_user
+      user = create_user
       user.confirmation_sent_at = 2.days.ago
       assert_not user.active_for_authentication?
 
@@ -256,7 +256,7 @@ class ConfirmableTest < ActiveSupport::TestCase
       user.instance_eval { def confirmation_required?; false end }
       user.confirmation_sent_at = nil
       user.save
-      assert user.reload.confirm!
+      assert user.reload.confirm
     end
   end
 

test/models/database_authenticatable_test.rb

@@ -92,28 +92,28 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     assert user.respond_to?(:password_confirmation)
   end
 
-  test 'should generate encrypted password while setting password' do
+  test 'should generate a hashed password while setting password' do
     user = new_user
     assert_present user.encrypted_password
   end
 
-  test 'should support custom encryption methods' do
-    user = UserWithCustomEncryption.new(password: '654321')
+  test 'should support custom hashing methods' do
+    user = UserWithCustomHashing.new(password: '654321')
     assert_equal user.encrypted_password, '123456'
   end
 
-  test 'allow authenticatable_salt to work even with nil encrypted password' do
+  test 'allow authenticatable_salt to work even with nil hashed password' do
     user = User.new
     user.encrypted_password = nil
     assert_nil user.authenticatable_salt
   end
 
-  test 'should not generate encrypted password if password is blank' do
+  test 'should not generate a hashed password if password is blank' do
     assert_blank new_user(password: nil).encrypted_password
     assert_blank new_user(password: '').encrypted_password
   end
 
-  test 'should encrypt password again if password has changed' do
+  test 'should hash password again if password has changed' do
     user = create_user
     encrypted_password = user.encrypted_password
     user.password = user.password_confirmation = 'new_password'

test/omniauth/url_helpers_test.rb

@@ -1,23 +1,21 @@
 require 'test_helper'
 
 class OmniAuthRoutesTest < ActionController::TestCase
-  ExpectedUrlGeneratiorError = ActionController::UrlGenerationError
-
   tests ApplicationController
 
   def assert_path(action, provider, with_param=true)
     # Resource param
     assert_equal @controller.send(action, :user, provider),
-                 @controller.send("user_#{action}", provider)
+                 @controller.send("user_#{provider}_#{action}")
 
     # With an object
     assert_equal @controller.send(action, User.new, provider),
-                 @controller.send("user_#{action}", provider)
+                 @controller.send("user_#{provider}_#{action}")
 
     if with_param
       # Default url params
       assert_equal @controller.send(action, :user, provider, param: 123),
-                   @controller.send("user_#{action}", provider, param: 123)
+                   @controller.send("user_#{provider}_#{action}", param: 123)
     end
   end
 
@@ -32,7 +30,7 @@ class OmniAuthRoutesTest < ActionController::TestCase
   test 'should generate authorization path' do
     assert_match "/users/auth/facebook", @controller.omniauth_authorize_path(:user, :facebook)
 
-    assert_raise ExpectedUrlGeneratiorError do
+    assert_raise NoMethodError do
       @controller.omniauth_authorize_path(:user, :github)
     end
   end

test/rails_app/app/active_record/user.rb

@@ -1,6 +1,4 @@
 require 'shared_user'
-require 'active_model/serializers/xml' if Devise.rails5?
-require 'active_model-serializers' if Devise.rails5?
 
 class User < ActiveRecord::Base
   include Shim

test/rails_app/config/boot.rb

@@ -11,4 +11,4 @@ end
 
 # Set up gems listed in the Gemfile.
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

test/rails_app/config/initializers/devise.rb

@@ -135,7 +135,7 @@ Devise.setup do |config|
   # reset. Defaults to true, so a user is signed in automatically after a reset.
   # config.sign_in_after_reset_password = true
 
-  # Setup a pepper to generate the encrypted password.
+  # Set up a pepper to generate the encrypted password.
   config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
 
   # ==> Scopes configuration

test/routes_test.rb

@@ -96,12 +96,12 @@ class DefaultRoutingTest < ActionController::TestCase
   test 'map omniauth callbacks' do
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :get})
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'facebook'}, {path: 'users/auth/facebook/callback', method: :post})
-    assert_named_route "/users/auth/facebook/callback", :user_omniauth_callback_path, :facebook
+    assert_named_route "/users/auth/facebook/callback", :user_facebook_omniauth_callback_path
 
     # named open_id
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :get})
     assert_recognizes({controller: 'users/omniauth_callbacks', action: 'google'}, {path: 'users/auth/google/callback', method: :post})
-    assert_named_route "/users/auth/google/callback", :user_omniauth_callback_path, :google
+    assert_named_route "/users/auth/google/callback", :user_google_omniauth_callback_path
 
     assert_raise ExpectedRoutingError do
       assert_recognizes({controller: 'ysers/omniauth_callbacks', action: 'twitter'}, {path: 'users/auth/twitter/callback', method: :get})

test/test_helpers_test.rb

@@ -68,13 +68,13 @@ class TestHelpersTest < Devise::ControllerTestCase
   test "respects custom failure app" do
     custom_failure_app = Class.new(Devise::FailureApp) do
       def redirect
-        self.status = 306
+        self.status = 300
       end
     end
 
     swap Devise.warden_config, failure_app: custom_failure_app do
       get :index
-      assert_response 306
+      assert_response 300
     end
   end
 

test/test_models.rb

@@ -12,7 +12,7 @@ class UserWithValidation < User
   validates_presence_of :username
 end
 
-class UserWithCustomEncryption < User
+class UserWithCustomHashing < User
   protected
   def password_digest(password)
     password.reverse