Release 4.7.3

This reverts commit 2da46d8dd6.

CHANGELOG.md

@@ -1,4 +1,11 @@
-### 4.7.1 - 2020-06-10
+### 4.7.3 - 2020-09-20
+
+* bug fixes
+  * Do not modify `:except` option given to `#serializable_hash`. (by @dpep)
+  * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
+  * Fix hanging tests for streaming controllers using Devise. (by @afn)
+
+### 4.7.2 - 2020-06-10
 
 * enhancements
   * Increase default stretches to 12 (by @sergey-alekseev)

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
+  remote: https://github.com/rails/activemodel-serializers-xml.git
+  revision: 694f4071c6b16e4c8597cc323c241b5f787b3ea8
   specs:
     activemodel-serializers-xml (1.0.2)
       activemodel (>= 5.0.0.a)
@@ -8,10 +8,10 @@ GIT
       builder (~> 3.1)
 
 GIT
-  remote: git://github.com/rails/rails-controller-testing.git
-  revision: a60b3da1c1c77959b28606dd087c058c64b5a08f
+  remote: https://github.com/rails/rails-controller-testing.git
+  revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
   specs:
-    rails-controller-testing (1.0.4)
+    rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
@@ -19,7 +19,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -29,64 +29,64 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.3.1)
-      actionpack (= 6.0.3.1)
+    actioncable (6.0.3.3)
+      actionpack (= 6.0.3.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionmailbox (6.0.3.3)
+      actionpack (= 6.0.3.3)
+      activejob (= 6.0.3.3)
+      activerecord (= 6.0.3.3)
+      activestorage (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
+    actionmailer (6.0.3.3)
+      actionpack (= 6.0.3.3)
+      actionview (= 6.0.3.3)
+      activejob (= 6.0.3.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.1)
-      actionview (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionpack (6.0.3.3)
+      actionview (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actiontext (6.0.3.3)
+      actionpack (= 6.0.3.3)
+      activerecord (= 6.0.3.3)
+      activestorage (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionview (6.0.3.3)
+      activesupport (= 6.0.3.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    activejob (6.0.3.3)
+      activesupport (= 6.0.3.3)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activerecord (6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activestorage (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
+    activemodel (6.0.3.3)
+      activesupport (= 6.0.3.3)
+    activerecord (6.0.3.3)
+      activemodel (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
+    activestorage (6.0.3.3)
+      actionpack (= 6.0.3.3)
+      activejob (= 6.0.3.3)
+      activerecord (= 6.0.3.3)
       marcel (~> 0.3.1)
-    activesupport (6.0.3.1)
+    activesupport (6.0.3.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
       zeitwerk (~> 2.2, >= 2.2.2)
-    bcrypt (3.1.13)
+    bcrypt (3.1.16)
     builder (3.2.4)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     crass (1.0.6)
     erubi (1.9.0)
     faraday (1.0.1)
@@ -94,10 +94,10 @@ GEM
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashie (4.1.0)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
+    jwt (2.2.2)
+    loofah (2.7.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -108,13 +108,13 @@ GEM
     mimemagic (0.3.5)
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.14.1)
+    minitest (5.14.2)
     mocha (1.11.2)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
+    nio4r (2.5.4)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -125,44 +125,44 @@ GEM
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
+    omniauth-facebook (7.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
+    omniauth-oauth2 (1.7.0)
+      oauth2 (~> 1.4)
       omniauth (~> 1.9)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     orm_adapter (0.5.0)
-    rack (2.2.2)
+    rack (2.2.3)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.1)
-      actioncable (= 6.0.3.1)
-      actionmailbox (= 6.0.3.1)
-      actionmailer (= 6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actiontext (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    rails (6.0.3.3)
+      actioncable (= 6.0.3.3)
+      actionmailbox (= 6.0.3.3)
+      actionmailer (= 6.0.3.3)
+      actionpack (= 6.0.3.3)
+      actiontext (= 6.0.3.3)
+      actionview (= 6.0.3.3)
+      activejob (= 6.0.3.3)
+      activemodel (= 6.0.3.3)
+      activerecord (= 6.0.3.3)
+      activestorage (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.1)
+      railties (= 6.0.3.3)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    railties (6.0.3.3)
+      actionpack (= 6.0.3.3)
+      activesupport (= 6.0.3.3)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
@@ -172,10 +172,10 @@ GEM
       actionpack (>= 5.0)
       railties (>= 5.0)
     ruby-openid (2.9.2)
-    sprockets (4.0.1)
+    sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -185,16 +185,16 @@ GEM
     timecop (0.9.1)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.3)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby

README.md

@@ -54,7 +54,6 @@ It's composed of 10 modules:
 	- [Other ORMs](#other-orms)
 	- [Rails API mode](#rails-api-mode)
 - [Additional information](#additional-information)
-	- [Heroku](#heroku)
 	- [Warden](#warden)
 	- [Contributors](#contributors)
 - [License](#license)
@@ -120,7 +119,7 @@ Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid
 
 ### DEVISE_ORM
 Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
-The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`:
+The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
 ```
 DEVISE_ORM=mongoid bin/test
 
@@ -273,7 +272,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
 
 ### Strong Parameters
 
-![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
+The Parameter Sanitizer API has changed for Devise 4 :warning:
 
 *For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters*
 
@@ -313,7 +312,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block:
 
 To permit simple scalar values for username and email, use this
 
@@ -436,7 +435,7 @@ If the customization at the views level is not enough, you can customize each co
     end
     ```
 
-    Or you can simply add new behaviour to it:
+    Or you can simply add new behavior to it:
 
     ```ruby
     class Users::SessionsController < Devise::SessionsController
@@ -741,6 +740,6 @@ https://github.com/heartcombo/devise/graphs/contributors
 
 ## License
 
-MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
+MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
 
 The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).

app/helpers/devise_helper.rb

@@ -1,14 +1,26 @@
 # frozen_string_literal: true
 
 module DeviseHelper
-  # Retain this method for backwards compatibility, deprecated in favour of modifying the
-  # devise/shared/error_messages partial
+  # Retain this method for backwards compatibility, deprecated in favor of modifying the
+  # devise/shared/error_messages partial.
   def devise_error_messages!
     ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
-      [Devise] `DeviseHelper.devise_error_messages!`
-      is deprecated and it will be removed in the next major version.
-      To customize the errors styles please run `rails g devise:views` and modify the
-      `devise/shared/error_messages` partial.
+      [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
+      removed in the next major version.
+
+      Devise now uses a partial under "devise/shared/error_messages" to display
+      error messages by default, and make them easier to customize. Update your
+      views changing calls from:
+
+          <%= devise_error_messages! %>
+
+      to:
+
+          <%= render "devise/shared/error_messages", resource: resource %>
+
+      To start customizing how errors are displayed, you can copy the partial
+      from devise to your `app/views` folder. Alternatively, you can run
+      `rails g devise:views` which will copy all of them again to your app.
     DEPRECATION
 
     return "" if resource.errors.empty?

app/mailers/devise/mailer.rb

@@ -4,26 +4,26 @@ if defined?(ActionMailer)
   class Devise::Mailer < Devise.parent_mailer.constantize
     include Devise::Mailers::Helpers
 
-    def confirmation_instructions(record, token, opts={})
+    def confirmation_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :confirmation_instructions, opts)
     end
 
-    def reset_password_instructions(record, token, opts={})
+    def reset_password_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :reset_password_instructions, opts)
     end
 
-    def unlock_instructions(record, token, opts={})
+    def unlock_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :unlock_instructions, opts)
     end
 
-    def email_changed(record, opts={})
+    def email_changed(record, opts = {})
       devise_mail(record, :email_changed, opts)
     end
 
-    def password_change(record, opts={})
+    def password_change(record, opts = {})
       devise_mail(record, :password_change, opts)
     end
   end

gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/rails.git
+  remote: https://github.com/rails/rails.git
   revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8
   branch: 4-1-stable
   specs:
@@ -48,7 +48,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)

gemfiles/Gemfile.rails-4.2-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/rails.git
+  remote: https://github.com/rails/rails.git
   revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997
   branch: 4-2-stable
   specs:
@@ -57,7 +57,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)

gemfiles/Gemfile.rails-5.0-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
+  remote: https://github.com/rails/activemodel-serializers-xml.git
   revision: 93689638c28525acc65afb638fce866826532641
   specs:
     activemodel-serializers-xml (1.0.2)
@@ -10,7 +10,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)

gemfiles/Gemfile.rails-5.1-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
+  remote: https://github.com/rails/activemodel-serializers-xml.git
   revision: 93689638c28525acc65afb638fce866826532641
   specs:
     activemodel-serializers-xml (1.0.2)
@@ -10,7 +10,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)

gemfiles/Gemfile.rails-5.2-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
+  remote: https://github.com/rails/activemodel-serializers-xml.git
   revision: 93689638c28525acc65afb638fce866826532641
   specs:
     activemodel-serializers-xml (1.0.2)
@@ -10,7 +10,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)

gemfiles/Gemfile.rails-6.0-stable.lock

@@ -1,5 +1,5 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
+  remote: https://github.com/rails/activemodel-serializers-xml.git
   revision: 93689638c28525acc65afb638fce866826532641
   specs:
     activemodel-serializers-xml (1.0.2)
@@ -8,10 +8,10 @@ GIT
       builder (~> 3.1)
 
 GIT
-  remote: git://github.com/rails/rails-controller-testing.git
-  revision: a60b3da1c1c77959b28606dd087c058c64b5a08f
+  remote: https://github.com/rails/rails-controller-testing.git
+  revision: 4b15c86e82ee380f2a7cc009e470368f7520560a
   specs:
-    rails-controller-testing (1.0.4)
+    rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
@@ -19,7 +19,7 @@ GIT
 PATH
   remote: ..
   specs:
-    devise (4.7.2)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -29,64 +29,64 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.3.1)
-      actionpack (= 6.0.3.1)
+    actioncable (6.0.3.2)
+      actionpack (= 6.0.3.2)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionmailbox (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
+    actionmailer (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.1)
-      actionview (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionpack (6.0.3.2)
+      actionview (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actiontext (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionview (6.0.3.2)
+      activesupport (= 6.0.3.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    activejob (6.0.3.2)
+      activesupport (= 6.0.3.2)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activerecord (6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activestorage (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
+    activemodel (6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activerecord (6.0.3.2)
+      activemodel (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activestorage (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
       marcel (~> 0.3.1)
-    activesupport (6.0.3.1)
+    activesupport (6.0.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
       zeitwerk (~> 2.2, >= 2.2.2)
-    bcrypt (3.1.13)
+    bcrypt (3.1.15)
     builder (3.2.4)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     crass (1.0.6)
     erubi (1.9.0)
     faraday (1.0.1)
@@ -94,10 +94,10 @@ GEM
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     hashie (4.1.0)
-    i18n (1.8.3)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
     jwt (2.2.1)
-    loofah (2.5.0)
+    loofah (2.6.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -110,11 +110,11 @@ GEM
     mini_portile2 (2.4.0)
     minitest (5.14.1)
     mocha (1.11.2)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.2)
-    nokogiri (1.10.9)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -134,35 +134,35 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     orm_adapter (0.5.0)
-    rack (2.2.2)
+    rack (2.2.3)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.1)
-      actioncable (= 6.0.3.1)
-      actionmailbox (= 6.0.3.1)
-      actionmailer (= 6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actiontext (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    rails (6.0.3.2)
+      actioncable (= 6.0.3.2)
+      actionmailbox (= 6.0.3.2)
+      actionmailer (= 6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actiontext (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activemodel (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.1)
+      railties (= 6.0.3.2)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    railties (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
@@ -172,7 +172,7 @@ GEM
       actionpack (>= 5.0)
       railties (>= 5.0)
     ruby-openid (2.9.2)
-    sprockets (4.0.1)
+    sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -191,10 +191,10 @@ GEM
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.3)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.3.0)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby

lib/devise/controllers/helpers.rb

@@ -36,14 +36,14 @@ module Devise
         #     before_action ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
         #     current_blogger :user                             # Preferably returns a User if one is signed in
         #
-        def devise_group(group_name, opts={})
+        def devise_group(group_name, opts = {})
           mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
 
           class_eval <<-METHODS, __FILE__, __LINE__ + 1
-            def authenticate_#{group_name}!(favourite=nil, opts={})
+            def authenticate_#{group_name}!(favorite = nil, opts = {})
               unless #{group_name}_signed_in?
                 mappings = #{mappings}
-                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.unshift mappings.delete(favorite.to_sym) if favorite
                 mappings.each do |mapping|
                   opts[:scope] = mapping
                   warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
@@ -57,9 +57,9 @@ module Devise
               end
             end
 
-            def current_#{group_name}(favourite=nil)
+            def current_#{group_name}(favorite = nil)
               mappings = #{mappings}
-              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.unshift mappings.delete(favorite.to_sym) if favorite
               mappings.each do |mapping|
                 current = warden.authenticate(scope: mapping)
                 return current if current
@@ -113,7 +113,7 @@ module Devise
         mapping = mapping.name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
-          def authenticate_#{mapping}!(opts={})
+          def authenticate_#{mapping}!(opts = {})
             opts[:scope] = :#{mapping}
             warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
           end
@@ -252,7 +252,7 @@ module Devise
       # Overwrite Rails' handle unverified request to sign out all scopes,
       # clear run strategies and remove cached variables.
       def handle_unverified_request
-        super # call the default behaviour which resets/nullifies/raises
+        super # call the default behavior which resets/nullifies/raises
         request.env["devise.skip_storage"] = true
         sign_out_all_scopes(false)
       end

lib/devise/controllers/sign_in_out.rb

@@ -10,7 +10,7 @@ module Devise
       # cause exceptions to be thrown from this method; if you simply want to check
       # if a scope has already previously been authenticated without running
       # authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
-      def signed_in?(scope=nil)
+      def signed_in?(scope = nil)
         [scope || Devise.mappings.keys].flatten.any? do |_scope|
           warden.authenticate?(scope: _scope)
         end
@@ -77,7 +77,7 @@ module Devise
       #   sign_out :user     # sign_out(scope)
       #   sign_out @user     # sign_out(resource)
       #
-      def sign_out(resource_or_scope=nil)
+      def sign_out(resource_or_scope = nil)
         return sign_out_all_scopes unless resource_or_scope
         scope = Devise::Mapping.find_scope!(resource_or_scope)
         user = warden.user(scope: scope, run_callbacks: false) # If there is no user
@@ -92,7 +92,7 @@ module Devise
       # Sign out all active users or scopes. This helper is useful for signing out all roles
       # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
       # and false if there was no user logged in on all scopes.
-      def sign_out_all_scopes(lock=true)
+      def sign_out_all_scopes(lock = true)
         users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
 
         warden.logout

lib/devise/controllers/url_helpers.rb

@@ -34,7 +34,7 @@ module Devise
         end
       end
 
-      def self.generate_helpers!(routes=nil)
+      def self.generate_helpers!(routes = nil)
         routes ||= begin
           mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
           Devise::URL_HELPERS.slice(*mappings)

lib/devise/failure_app.rb

@@ -71,7 +71,6 @@ module Devise
       end
 
       flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
-      # self.response = recall_app(warden_options[:recall]).call(env)
       self.response = recall_app(warden_options[:recall]).call(request.env)
     end
 

lib/devise/mapping.rb

@@ -46,7 +46,7 @@ module Devise
       raise "Could not find a valid mapping for #{obj.inspect}"
     end
 
-    def self.find_by_path!(path, path_type=:fullpath)
+    def self.find_by_path!(path, path_type = :fullpath)
       Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
       raise "Could not find a valid mapping for path #{path.inspect}"
     end

lib/devise/models/authenticatable.rb

@@ -104,7 +104,7 @@ module Devise
       # given to :except will simply add names to exempt to Devise internal list.
       def serializable_hash(options = nil)
         options = options.try(:dup) || {}
-        options[:except] = Array(options[:except])
+        options[:except] = Array(options[:except]).dup
 
         if options[:force_except]
           options[:except].concat Array(options[:force_except])
@@ -272,17 +272,17 @@ module Devise
           find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(tainted_conditions, opts={})
+        def find_first_by_auth_conditions(tainted_conditions, opts = {})
           to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find or initialize a record setting an error if it can't be found.
-        def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
+        def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc:
           find_or_initialize_with_errors([attribute], { attribute => value }, error)
         end
 
         # Find or initialize a record with group of attributes based on a list of required attributes.
-        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+        def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc:
           attributes.try(:permit!)
           attributes = attributes.to_h.with_indifferent_access
                                  .slice(*required_attributes)

lib/devise/models/confirmable.rb

@@ -76,7 +76,7 @@ module Devise
       # Confirm a user by setting it's confirmed_at to actual time. If the user
       # is already confirmed, add an error to email field. If the user is invalid
       # add errors
-      def confirm(args={})
+      def confirm(args = {})
         pending_any_confirmation do
           if confirmation_period_expired?
             self.errors.add(:email, :confirmation_period_expired,
@@ -334,7 +334,7 @@ module Devise
         # confirmation instructions to it. If not, try searching for a user by unconfirmed_email
         # field. If no user is found, returns a new user with an email not found error.
         # Options must contain the user email
-        def send_confirmation_instructions(attributes={})
+        def send_confirmation_instructions(attributes = {})
           confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable
           unless confirmable.try(:persisted?)
             confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found)

lib/devise/models/lockable.rb

@@ -168,7 +168,7 @@ module Devise
         # unlock instructions to it. If not user is found, returns a new user
         # with an email not found error.
         # Options must contain the user's unlock keys
-        def send_unlock_instructions(attributes={})
+        def send_unlock_instructions(attributes = {})
           lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
           lockable.resend_unlock_instructions if lockable.persisted?
           lockable

lib/devise/models/recoverable.rb

@@ -131,7 +131,7 @@ module Devise
         # password instructions to it. If user is not found, returns a new user
         # with an email not found error.
         # Attributes must contain the user's email
-        def send_reset_password_instructions(attributes={})
+        def send_reset_password_instructions(attributes = {})
           recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
@@ -142,7 +142,7 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password_by_token(attributes={})
+        def reset_password_by_token(attributes = {})
           original_token       = attributes[:reset_password_token]
           reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
 

lib/devise/rails/routes.rb

@@ -287,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -474,7 +474,7 @@ ERROR
         @scope = current_scope
       end
 
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))

lib/devise/test/controller_helpers.rb

@@ -143,7 +143,7 @@ module Devise
           @controller.response.headers.merge!(headers)
           @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
           @controller.status = status
-          @controller.response.body = response.body
+          @controller.response_body = response.body
           nil # causes process return @response
         end
 

lib/devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Devise
-  VERSION = "4.7.2".freeze
+  VERSION = "4.7.3".freeze
 end

lib/generators/devise/devise_generator.rb

@@ -13,7 +13,7 @@ module Devise
       desc "Generates a model with the given NAME (if one does not exist) with devise " \
            "configuration plus a migration file and devise routes."
 
-      hook_for :orm, type: :boolean
+      hook_for :orm, required: true
 
       class_option :routes, desc: "Generate routes", type: :boolean, default: true
 

lib/generators/devise/install_generator.rb

@@ -11,7 +11,7 @@ module Devise
       source_root File.expand_path("../../templates", __FILE__)
 
       desc "Creates a Devise initializer and copy locale files to your application."
-      class_option :orm
+      class_option :orm, required: true
 
       def copy_initializer
         unless options[:orm]

test/controllers/custom_strategy_test.rb

@@ -42,9 +42,7 @@ class CustomStrategyTest < Devise::ControllerTestCase
   test "custom strategy can return its own status code" do
     ret = get :new
 
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal 400, ret.first
+    # check the returned response
     assert ret.is_a?(ActionDispatch::TestResponse)
 
     # check the saved response as well. This is purely so that the response is available to the testing framework
@@ -55,12 +53,10 @@ class CustomStrategyTest < Devise::ControllerTestCase
   test "custom strategy can return custom headers" do
     ret = get :new
 
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal ret.third['X-FOO'], 'BAR'
+    # check the returned response
     assert ret.is_a?(ActionDispatch::TestResponse)
 
     # check the saved response headers as well.
-    assert_equal response.headers['X-FOO'], 'BAR'
+    assert_equal 'BAR', response.headers['X-FOO']
   end
 end

test/controllers/internal_helpers_test.rb

@@ -51,7 +51,7 @@ class HelpersTest < Devise::ControllerTestCase
   end
 
   test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
+    assert_empty @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }
   end
 
   test 'require no authentication tests current mapping' do

test/controllers/load_hooks_controller_test.rb

@@ -16,6 +16,6 @@ class LoadHooksControllerTest < Devise::ControllerTestCase
   end
 
   test 'load hook called when controller is loaded' do
-    assert DeviseController.instance_methods.include? :defined_by_load_hook
+    assert_includes DeviseController.instance_methods, :defined_by_load_hook
   end
-end
+end

test/controllers/url_helpers_test.rb

@@ -5,7 +5,7 @@ require 'test_helper'
 class RoutesTest < Devise::ControllerTestCase
   tests ApplicationController
 
-  def assert_path_and_url(name, prepend_path=nil)
+  def assert_path_and_url(name, prepend_path = nil)
     @request.path = '/users/session'
     prepend_path = "#{prepend_path}_" if prepend_path
 

test/failure_app_test.rb

@@ -73,7 +73,7 @@ class FailureTest < ActiveSupport::TestCase
     instance_eval(&block)
   end
 
-  def call_failure(env_params={})
+  def call_failure(env_params = {})
     env = {
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
@@ -326,8 +326,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('Invalid Email or password.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'Invalid Email or password.'
     end
 
     test 'calls the original controller if not confirmed email' do
@@ -337,8 +337,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('You have to confirm your email address before continuing.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'You have to confirm your email address before continuing.'
     end
 
     test 'calls the original controller if inactive account' do
@@ -348,8 +348,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('Your account is not activated yet.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'Your account is not activated yet.'
     end
 
     if Rails.application.config.respond_to?(:relative_url_root)
@@ -361,10 +361,10 @@ class FailureTest < ActiveSupport::TestCase
             "warden" => stub_everything
           }
           call_failure(env)
-          assert @response.third.body.include?('<h2>Log in</h2>')
-          assert @response.third.body.include?('Invalid Email or password.')
-          assert_equal @request.env["SCRIPT_NAME"], '/sample'
-          assert_equal @request.env["PATH_INFO"], '/users/sign_in'
+          assert_includes @response.third.body, '<h2>Log in</h2>'
+          assert_includes @response.third.body, 'Invalid Email or password.'
+          assert_equal '/sample', @request.env["SCRIPT_NAME"]
+          assert_equal '/users/sign_in', @request.env["PATH_INFO"]
         end
       end
     end
@@ -372,7 +372,7 @@ class FailureTest < ActiveSupport::TestCase
 
   context "Lazy loading" do
     test "loads" do
-      assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does"
+      assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works?
     end
   end
   context "Without Flash Support" do

test/generators/views_generator_test.rb

@@ -77,7 +77,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
   end
 
-  def assert_files(scope = nil, options={})
+  def assert_files(scope = nil, options = {})
     scope = "devise" if scope.nil?
     mail_template_engine = options[:mail_template_engine] || "html.erb"
 

test/integration/authenticatable_test.rb

@@ -321,14 +321,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest
   test 'require_no_authentication should set the already_authenticated flash message' do
     sign_in_as_user
     visit new_user_session_path
-    assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
+    assert_equal I18n.t("devise.failure.already_authenticated"), flash[:alert]
   end
 
   test 'require_no_authentication should set the already_authenticated flash message as admin' do
     store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do
       sign_in_as_admin
       visit new_admin_session_path
-      assert_equal flash[:alert], "You are already signed in as admin."
+      assert_equal "You are already signed in as admin.", flash[:alert]
     end
   end
 end
@@ -496,7 +496,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
     create_user
     post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
   test 'sign in with xml format is idempotent' do
@@ -512,7 +512,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
 
     post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
   test 'sign out with html redirects' do

test/integration/confirmable_test.rb

@@ -218,28 +218,28 @@ class ConfirmationTest < Devise::IntegrationTest
     user = create_user(confirm: false)
     post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
     assert_response :success
-    assert_equal response.body, {}.to_xml
+    assert_equal({}.to_xml, response.body)
   end
 
   test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
     create_user(confirm: false)
     post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'confirm account with valid confirmation token in XML format should return valid response' do
     user = create_user(confirm: false)
     get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
   test 'confirm account with invalid confirmation token in XML format should return invalid response' do
     create_user(confirm: false)
     get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'request an account confirmation account with JSON, should return an empty JSON' do
@@ -247,7 +247,7 @@ class ConfirmationTest < Devise::IntegrationTest
 
     post user_confirmation_path, params: { user: { email: user.email }, format: :json }
     assert_response :success
-    assert_equal response.body, {}.to_json
+    assert_equal({}.to_json, response.body)
   end
 
   test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
@@ -282,7 +282,7 @@ class ConfirmationTest < Devise::IntegrationTest
 end
 
 class ConfirmationOnChangeTest < Devise::IntegrationTest
-  def create_second_admin(options={})
+  def create_second_admin(options = {})
     @admin = nil
     create_admin(options)
   end

test/integration/http_authenticatable_test.rb

@@ -99,7 +99,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
   end
 
   private
-    def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
+    def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678")
       user = create_user
       get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
       user

test/integration/lockable_test.rb

@@ -99,7 +99,7 @@ class LockTest < Devise::IntegrationTest
 
     sign_in_as_user(password: "invalid")
     assert_contain 'Your account is locked.'
-    assert ActionMailer::Base.deliveries.empty?
+    assert_empty ActionMailer::Base.deliveries
   end
 
   test 'error message is configurable by resource name' do
@@ -136,8 +136,7 @@ class LockTest < Devise::IntegrationTest
 
     post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
     assert_response :success
-    assert_equal response.body, {}.to_xml
-
+    assert_equal({}.to_xml, response.body)
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
 
@@ -147,7 +146,7 @@ class LockTest < Devise::IntegrationTest
 
     post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
@@ -157,21 +156,20 @@ class LockTest < Devise::IntegrationTest
     assert user.access_locked?
     get user_unlock_path(format: 'xml', unlock_token: raw)
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
-
   test 'user with invalid unlock token should not be able to unlock the account via XML request' do
     get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test "when using json to ask a unlock request, should not return the user" do
     user = create_user(locked: true)
     post user_unlock_path(format: "json", user: {email: user.email})
     assert_response :success
-    assert_equal response.body, {}.to_json
+    assert_equal({}.to_json, response.body)
   end
 
   test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do

test/integration/recoverable_test.rb

@@ -21,7 +21,7 @@ class PasswordTest < Devise::IntegrationTest
     click_button 'Send me reset password instructions'
   end
 
-  def reset_password(options={}, &block)
+  def reset_password(options = {}, &block)
     unless options[:visit] == false
       visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef")
       assert_response :success
@@ -265,14 +265,14 @@ class PasswordTest < Devise::IntegrationTest
     create_user
     post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
     assert_response :success
-    assert_equal response.body, { }.to_xml
+    assert_equal({}.to_xml, response.body)
   end
 
   test 'reset password request with invalid E-Mail in XML format should return valid response' do
     create_user
     post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
@@ -280,7 +280,7 @@ class PasswordTest < Devise::IntegrationTest
       create_user
       post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
       assert_response :success
-      assert_equal response.body, { }.to_xml
+      assert_equal({}.to_xml, response.body)
     end
   end
 
@@ -300,7 +300,7 @@ class PasswordTest < Devise::IntegrationTest
     request_forgot_password
     put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'change password with invalid new password in XML format should return invalid response' do
@@ -308,7 +308,7 @@ class PasswordTest < Devise::IntegrationTest
     request_forgot_password
     put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test "when using json requests to ask a confirmable request, should not return the object" do
@@ -317,7 +317,7 @@ class PasswordTest < Devise::IntegrationTest
     post user_password_path(format: :json), params: { user: { email: user.email } }
 
     assert_response :success
-    assert_equal response.body, "{}"
+    assert_equal "{}", response.body
   end
 
   test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do

test/integration/registerable_test.rb

@@ -20,7 +20,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_current_url "/admin_area/home"
 
     admin = Admin.to_adapter.find_first(order: [:id, :desc])
-    assert_equal admin.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', admin.email
   end
 
   test 'a guest admin should be able to sign in and be redirected to a custom location' do
@@ -69,7 +69,7 @@ class RegistrationTest < Devise::IntegrationTest
     refute warden.authenticated?(:user)
 
     user = User.to_adapter.find_first(order: [:id, :desc])
-    assert_equal user.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', user.email
     refute user.confirmed?
   end
 
@@ -254,7 +254,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_contain "Password confirmation doesn't match Password"
     refute User.to_adapter.find_first.valid_password?('pas123')
   end
-  
+
   test 'a signed in user should see a warning about minimum password length' do
     sign_in_as_user
     get edit_user_registration_path
@@ -268,7 +268,7 @@ class RegistrationTest < Devise::IntegrationTest
     click_button "Cancel my account"
     assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
 
-    assert User.to_adapter.find_all.empty?
+    assert_empty User.to_adapter.find_all
   end
 
   test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -300,46 +300,46 @@ class RegistrationTest < Devise::IntegrationTest
   test 'an admin sign up with valid information in XML format should return valid response' do
     post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
 
     admin = Admin.to_adapter.find_first(order: [:id, :desc])
-    assert_equal admin.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', admin.email
   end
 
   test 'a user sign up with valid information in XML format should return valid response' do
     post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
 
     user = User.to_adapter.find_first(order: [:id, :desc])
-    assert_equal user.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', user.email
   end
 
   test 'a user sign up with invalid information in XML format should return invalid response' do
     post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'a user update information with valid data in XML format should return valid response' do
     user = sign_in_as_user
     put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
     assert_response :success
-    assert_equal user.reload.email, 'user.new@test.com'
+    assert_equal 'user.new@test.com', user.reload.email
   end
 
   test 'a user update information with invalid data in XML format should return invalid response' do
     user = sign_in_as_user
     put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
     assert_response :unprocessable_entity
-    assert_equal user.reload.email, 'user@test.com'
+    assert_equal 'user@test.com', user.reload.email
   end
 
   test 'a user cancel their account in XML format should return valid response' do
     sign_in_as_user
     delete user_registration_path(format: 'xml')
     assert_response :success
-    assert_equal User.to_adapter.find_all.size, 0
+    assert_equal 0, User.to_adapter.find_all.size
   end
 end
 

test/integration/rememberable_test.rb

@@ -3,7 +3,7 @@
 require 'test_helper'
 
 class RememberMeTest < Devise::IntegrationTest
-  def create_user_and_remember(add_to_token='')
+  def create_user_and_remember(add_to_token = '')
     user = create_user
     user.remember_me!
     raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }

test/mailers/confirmation_instructions_test.rb

@@ -31,7 +31,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send confirmation instructions to the user email' do
@@ -88,7 +88,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/confirmation\?confirmation_token=([^"]+)">}
-      assert_equal $1, user.confirmation_token
+      assert_equal user.confirmation_token, $1
     else
       flunk "expected confirmation url regex to match"
     end

test/mailers/email_changed_test.rb

@@ -35,7 +35,7 @@ class EmailChangedTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send email changed to the original user email' do

test/mailers/reset_password_instructions_test.rb

@@ -34,7 +34,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send confirmation instructions to the user email' do
@@ -84,7 +84,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/password/edit\?reset_password_token=([^"]+)">}
-      assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
+      assert_equal user.reset_password_token, Devise.token_generator.digest(user.class, :reset_password_token, $1)
     else
       flunk "expected reset password url regex to match"
     end

test/mailers/unlock_instructions_test.rb

@@ -35,7 +35,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send unlock instructions to the user email' do
@@ -85,7 +85,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/unlock\?unlock_token=([^"]+)">}
-      assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token
+      assert_equal user.unlock_token, Devise.token_generator.digest(user.class, :unlock_token, $1)
     else
       flunk "expected unlock url regex to match"
     end

test/mapping_test.rb

@@ -6,7 +6,7 @@ class FakeRequest < Struct.new(:path_info, :params)
 end
 
 class MappingTest < ActiveSupport::TestCase
-  def fake_request(path, params={})
+  def fake_request(path, params = {})
     FakeRequest.new(path, params)
   end
 

test/models/authenticatable_test.rb

@@ -4,12 +4,12 @@ require 'test_helper'
 
 class AuthenticatableTest < ActiveSupport::TestCase
   test 'required_fields should be an empty array' do
-    assert_equal Devise::Models::Validatable.required_fields(User), []
+    assert_equal [], Devise::Models::Validatable.required_fields(User)
   end
 
   test 'find_first_by_auth_conditions allows custom filtering parameters' do
     user = User.create!(email: "example@example.com", password: "1234567")
-    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal user, User.find_first_by_auth_conditions({ email: "example@example.com" })
     assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
   end
 
@@ -18,14 +18,14 @@ class AuthenticatableTest < ActiveSupport::TestCase
   # config.strip_whitespace_keys = [:email]
   test 'find_or_initialize_with_errors uses parameter filter on find' do
     user = User.create!(email: "example@example.com", password: "1234567")
-    assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user
+    assert_equal user, User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " })
   end
 
   # assumes default configuration of
   # config.case_insensitive_keys = [:email]
   # config.strip_whitespace_keys = [:email]
   test 'find_or_initialize_with_errors uses parameter filter on initialize' do
-    assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com"
+    assert_equal "example@example.com", User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email
   end
 
   test 'find_or_initialize_with_errors adds blank error' do

test/models/confirmable_test.rb

@@ -28,7 +28,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     confirmation_tokens = []
     3.times do
       token = create_user.confirmation_token
-      assert !confirmation_tokens.include?(token)
+      refute_includes confirmation_tokens, token
       confirmation_tokens << token
     end
   end
@@ -61,7 +61,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     raw  = user.raw_confirmation_token
     confirmed_user = User.confirm_by_token(raw)
-    assert_equal confirmed_user, user
+    assert_equal user, confirmed_user
     assert user.reload.confirmed?
   end
 
@@ -160,7 +160,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should find a user to send confirmation instructions' do
     user = create_user
     confirmation_user = User.send_confirmation_instructions(email: user.email)
-    assert_equal confirmation_user, user
+    assert_equal user, confirmation_user
   end
 
   test 'should return a new user if no email was found' do
@@ -305,7 +305,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username)
-      assert_equal confirm_user, user
+      assert_equal user, confirm_user
     end
   end
 
@@ -322,7 +322,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     user.update_attribute(:confirmation_sent_at, confirmation_sent_at)
     confirmed_user = User.confirm_by_token(user.raw_confirmation_token)
-    assert_equal confirmed_user, user
+    assert_equal user, confirmed_user
     user.reload.confirmed?
   end
 
@@ -497,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
     assert admin.confirm
     assert admin.update(email: 'new_test@example.com')
     confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email)
-    assert_equal confirmation_admin, admin
+    assert_equal admin, confirmation_admin
   end
 
   test 'should return a new admin if no email or unconfirmed_email was found' do
@@ -520,20 +520,20 @@ class ReconfirmableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Confirmable.required_fields(User), [
+    assert_equal [
       :confirmation_token,
       :confirmed_at,
       :confirmation_sent_at
-    ]
+    ], Devise::Models::Confirmable.required_fields(User)
   end
 
   test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do
-    assert_equal Devise::Models::Confirmable.required_fields(Admin), [
+    assert_equal [
       :confirmation_token,
       :confirmed_at,
       :confirmation_sent_at,
       :unconfirmed_email
-    ]
+    ], Devise::Models::Confirmable.required_fields(Admin)
   end
 
   test 'should not require reconfirmation after creating a record' do

test/models/database_authenticatable_test.rb

@@ -108,7 +108,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should support custom hashing methods' do
     user = UserWithCustomHashing.new(password: '654321')
-    assert_equal user.encrypted_password, '123456'
+    assert_equal '123456', user.encrypted_password
   end
 
   test 'allow authenticatable_salt to work even with nil hashed password' do
@@ -293,18 +293,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should be encryptable_password and the email field by default' do
-    assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+    assert_equal [
       :encrypted_password,
       :email
-    ]
+    ], Devise::Models::DatabaseAuthenticatable.required_fields(User)
   end
 
   test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
     swap Devise, authentication_keys: [:login] do
-      assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+      assert_equal [
         :encrypted_password,
         :login
-      ]
+      ], Devise::Models::DatabaseAuthenticatable.required_fields(User)
     end
   end
 end

test/models/lockable_test.rb

@@ -121,7 +121,7 @@ class LockableTest < ActiveSupport::TestCase
       user = create_user
       user.lock_access!
       token = user.unlock_token
-      assert !unlock_tokens.include?(token)
+      refute_includes unlock_tokens, token
       unlock_tokens << token
     end
   end
@@ -174,7 +174,7 @@ class LockableTest < ActiveSupport::TestCase
     user = create_user
     raw  = user.send_unlock_instructions
     locked_user = User.unlock_access_by_token(raw)
-    assert_equal locked_user, user
+    assert_equal user, locked_user
     refute user.reload.access_locked?
   end
 
@@ -194,7 +194,7 @@ class LockableTest < ActiveSupport::TestCase
     user = create_user
     user.lock_access!
     unlock_user = User.send_unlock_instructions(email: user.email)
-    assert_equal unlock_user, user
+    assert_equal user, unlock_user
   end
 
   test 'should return a new user if no email was found' do
@@ -211,7 +211,7 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       unlock_user = User.send_unlock_instructions(email: user.email, username: user.username)
-      assert_equal unlock_user, user
+      assert_equal user, unlock_user
     end
   end
 
@@ -270,11 +270,11 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain the all the fields when all the strategies are enabled' do
     swap Devise, unlock_strategy: :both do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :locked_at,
-         :unlock_token
-        ]
+        assert_equal [
+          :failed_attempts,
+          :locked_at,
+          :unlock_token
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end
@@ -282,10 +282,10 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do
     swap Devise, unlock_strategy: :time do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :locked_at
-        ]
+        assert_equal [
+          :failed_attempts,
+          :locked_at
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end
@@ -293,10 +293,10 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do
     swap Devise, unlock_strategy: :email do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :unlock_token
-        ]
+        assert_equal [
+          :failed_attempts,
+          :unlock_token
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end

test/models/omniauthable_test.rb

@@ -4,6 +4,6 @@ require 'test_helper'
 
 class OmniauthableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Omniauthable.required_fields(User), []
+    assert_equal [], Devise::Models::Omniauthable.required_fields(User)
   end
 end

test/models/recoverable_test.rb

@@ -18,7 +18,7 @@ class RecoverableTest < ActiveSupport::TestCase
       user = create_user
       user.send_reset_password_instructions
       token = user.reset_password_token
-      assert !reset_password_tokens.include?(token)
+      refute_includes reset_password_tokens, token
       reset_password_tokens << token
     end
   end
@@ -116,7 +116,7 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should find a user to send instructions by email' do
     user = create_user
     reset_password_user = User.send_reset_password_instructions(email: user.email)
-    assert_equal reset_password_user, user
+    assert_equal user, reset_password_user
   end
 
   test 'should return a new record with errors if user was not found by e-mail' do
@@ -129,7 +129,7 @@ class RecoverableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
-      assert_equal reset_password_user, user
+      assert_equal user, reset_password_user
     end
   end
 
@@ -161,7 +161,7 @@ class RecoverableTest < ActiveSupport::TestCase
     raw  = user.send_reset_password_instructions
 
     reset_password_user = User.reset_password_by_token(reset_password_token: raw)
-    assert_equal reset_password_user, user
+    assert_equal user, reset_password_user
   end
 
   test 'should return a new record with errors if no reset_password_token is found' do
@@ -237,23 +237,23 @@ class RecoverableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Recoverable.required_fields(User), [
+    assert_equal [
       :reset_password_sent_at,
       :reset_password_token
-    ]
+    ], Devise::Models::Recoverable.required_fields(User)
   end
 
   test 'should return a user based on the raw token' do
     user = create_user
     raw  = user.send_reset_password_instructions
 
-    assert_equal User.with_reset_password_token(raw), user
+    assert_equal user, User.with_reset_password_token(raw)
   end
 
   test 'should return the same reset password token as generated' do
     user = create_user
     raw  = user.send_reset_password_instructions
-    assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
+    assert_equal user.reset_password_token, Devise.token_generator.digest(self.class, :reset_password_token, raw)
   end
 
   test 'should return nil if a user based on the raw token is not found' do

test/models/registerable_test.rb

@@ -4,6 +4,6 @@ require 'test_helper'
 
 class RegisterableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Registerable.required_fields(User), []
+    assert_equal [], Devise::Models::Registerable.required_fields(User)
   end
 end

test/models/rememberable_test.rb

@@ -177,8 +177,8 @@ class RememberableTest < ActiveSupport::TestCase
   end
 
   test 'should have the required_fields array' do
-    assert_equal Devise::Models::Rememberable.required_fields(User), [
+    assert_equal [
       :remember_created_at
-    ]
+    ], Devise::Models::Rememberable.required_fields(User)
   end
 end

test/models/serializable_test.rb

@@ -43,7 +43,7 @@ class SerializableTest < ActiveSupport::TestCase
   end
 
   test 'should accept frozen options' do
-    assert_key "username", @user.as_json({only: :username}.freeze)["user"]
+    assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"]
   end
 
   def assert_key(key, subject)
@@ -54,7 +54,7 @@ class SerializableTest < ActiveSupport::TestCase
     assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
   end
 
-  def from_json(options=nil)
+  def from_json(options = nil)
     ActiveSupport::JSON.decode(@user.to_json(options))["user"]
   end
 end

test/models/timeoutable_test.rb

@@ -43,7 +43,7 @@ class TimeoutableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Timeoutable.required_fields(User), []
+    assert_equal [], Devise::Models::Timeoutable.required_fields(User)
   end
 
   test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do

test/models/trackable_test.rb

@@ -4,13 +4,13 @@ require 'test_helper'
 
 class TrackableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Trackable.required_fields(User), [
+    assert_equal [
       :current_sign_in_at,
       :current_sign_in_ip,
       :last_sign_in_at,
       :last_sign_in_ip,
       :sign_in_count
-    ]
+    ], Devise::Models::Trackable.required_fields(User)
   end
 
   test 'update_tracked_fields should only set attributes but not save the record' do

test/models/validatable_test.rb

@@ -116,6 +116,6 @@ class ValidatableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should be an empty array' do
-    assert_equal Devise::Models::Validatable.required_fields(User), []
+    assert_equal [], Devise::Models::Validatable.required_fields(User)
   end
 end

test/omniauth/url_helpers_test.rb

@@ -5,7 +5,7 @@ require 'test_helper'
 class OmniAuthRoutesTest < ActionController::TestCase
   tests ApplicationController
 
-  def assert_path(action, provider, with_param=true)
+  def assert_path(action, provider, with_param = true)
     # Resource param
     assert_equal @controller.send(action, :user, provider),
                  @controller.send("user_#{provider}_#{action}")

test/rails_app/app/controllers/streaming_controller.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class StreamingController < ApplicationController
+  include ActionController::Live
+
+  before_action :authenticate_user!
+
+  def index
+    render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index'
+  end
+
+  # Work around https://github.com/heartcombo/devise/issues/2332, which affects
+  # tests in Rails 4.x (and affects production in Rails >= 5)
+  def process(name)
+    super(name)
+  rescue ArgumentError => e
+    if e.message == 'uncaught throw :warden'
+      throw :warden
+    else
+      raise e
+    end
+  end
+end

test/rails_app/config/routes.rb

@@ -17,6 +17,8 @@ Rails.application.routes.draw do
 
   resources :admins, only: [:index]
 
+  resources :streaming, only: [:index]
+
   # Users scope
   devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
 

test/rails_app/lib/shared_user_without_email.rb

@@ -21,7 +21,7 @@ module SharedUserWithoutEmail
     raise NoMethodError
   end
 
-  def respond_to?(method_name, include_all=false)
+  def respond_to?(method_name, include_all = false)
     return false if method_name.to_sym == :email_changed?
     super(method_name, include_all)
   end

test/support/helpers.rb

@@ -27,32 +27,32 @@ class ActiveSupport::TestCase
     "test#{@@email_count}@example.com"
   end
 
-  def valid_attributes(attributes={})
+  def valid_attributes(attributes = {})
     { username: "usertest",
       email: generate_unique_email,
       password: '12345678',
       password_confirmation: '12345678' }.update(attributes)
   end
 
-  def new_user(attributes={})
+  def new_user(attributes = {})
     User.new(valid_attributes(attributes))
   end
 
-  def create_user(attributes={})
+  def create_user(attributes = {})
     User.create!(valid_attributes(attributes))
   end
 
-  def create_admin(attributes={})
+  def create_admin(attributes = {})
     valid_attributes = valid_attributes(attributes)
     valid_attributes.delete(:username)
     Admin.create!(valid_attributes)
   end
 
-  def create_user_without_email(attributes={})
+  def create_user_without_email(attributes = {})
     UserWithoutEmail.create!(valid_attributes(attributes))
   end
 
-  def create_user_with_validations(attributes={})
+  def create_user_with_validations(attributes = {})
     UserWithValidations.create!(valid_attributes(attributes))
   end
 

test/support/integration.rb

@@ -7,7 +7,7 @@ class ActionDispatch::IntegrationTest
     request.env['warden']
   end
 
-  def create_user(options={})
+  def create_user(options = {})
     @user ||= begin
       user = User.create!(
         username: 'usertest',
@@ -24,7 +24,7 @@ class ActionDispatch::IntegrationTest
     end
   end
 
-  def create_admin(options={})
+  def create_admin(options = {})
     @admin ||= begin
       admin = Admin.create!(
         email: options[:email] || 'admin@test.com',
@@ -36,7 +36,7 @@ class ActionDispatch::IntegrationTest
     end
   end
 
-  def sign_in_as_user(options={}, &block)
+  def sign_in_as_user(options = {}, &block)
     user = create_user(options)
     visit_with_option options[:visit], new_user_session_path
     fill_in 'email', with: options[:email] || 'user@test.com'
@@ -47,7 +47,7 @@ class ActionDispatch::IntegrationTest
     user
   end
 
-  def sign_in_as_admin(options={}, &block)
+  def sign_in_as_admin(options = {}, &block)
     admin = create_admin(options)
     visit_with_option options[:visit], new_admin_session_path
     fill_in 'email', with: 'admin@test.com'
@@ -61,7 +61,7 @@ class ActionDispatch::IntegrationTest
   # account Middleware redirects.
   #
   def assert_redirected_to(url)
-    assert [301, 302].include?(@integration_session.status),
+    assert_includes [301, 302], @integration_session.status,
            "Expected status to be 301 or 302, got #{@integration_session.status}"
 
     assert_url url, @integration_session.headers["Location"]

test/test/controller_helpers_test.rb

@@ -97,16 +97,16 @@ class TestControllerHelpersTest < Devise::ControllerTestCase
 
   test "returns the body of a failure app" do
     get :index
-    assert_equal response.body, "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>"
+    assert_equal "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>", response.body
   end
 
   test "returns the content type of a failure app" do
     get :index, params: { format: :xml }
 
     if Devise::Test.rails6?
-      assert response.media_type.include?('application/xml')
+      assert_includes response.media_type, 'application/xml'
     else
-      assert response.content_type.include?('application/xml')
+      assert_includes response.content_type, 'application/xml'
     end
   end
 
@@ -196,3 +196,13 @@ class TestControllerHelpersTest < Devise::ControllerTestCase
     assert_equal old_warden_proxy, new_warden_proxy
   end
 end
+
+class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCase
+  tests StreamingController
+  include Devise::Test::ControllerHelpers
+
+  test "doesn't hang when sending an authentication error response body" do
+    get :index
+    assert_equal "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>", response.body
+  end
+end