Bump to 4.8.1 with Rails 7 support

Also note in the Changelog that Turbo is not fully supported yet.

.github/workflows/test.yml

@@ -0,0 +1,138 @@
+name: Test
+on: [push, pull_request]
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        gemfile:
+          - Gemfile
+          - gemfiles/Gemfile-rails-main
+          - gemfiles/Gemfile-rails-6-1
+          - gemfiles/Gemfile-rails-6-0
+          - gemfiles/Gemfile-rails-5-2
+          - gemfiles/Gemfile-rails-5-1
+          - gemfiles/Gemfile-rails-5-0
+          - gemfiles/Gemfile-rails-4-2
+          - gemfiles/Gemfile-rails-4-1
+        ruby:
+          - 2.1
+          - 2.2
+          - 2.3
+          - 2.4
+          - 2.5
+          - 2.6
+          - 2.7
+          - 3.0
+        env:
+          - DEVISE_ORM=active_record
+          - DEVISE_ORM=mongoid
+        exclude:
+          - ruby: 2.1
+            gemfile: Gemfile
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-6-0
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-6-1
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-5-2
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-5-1
+          - ruby: 2.1
+            gemfile: gemfiles/Gemfile-rails-5-0
+          - ruby: 2.2
+            gemfile: Gemfile
+          - ruby: 2.2
+            gemfile: gemfiles/Gemfile-rails-6-0
+          - ruby: 2.2
+            gemfile: gemfiles/Gemfile-rails-6-1
+          - ruby: 2.2
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.2
+            gemfile: gemfiles/Gemfile-rails-5-2
+          - ruby: 2.3
+            gemfile: Gemfile
+          - ruby: 2.3
+            gemfile: gemfiles/Gemfile-rails-6-0
+          - ruby: 2.3
+            gemfile: gemfiles/Gemfile-rails-6-1
+          - ruby: 2.3
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.4
+            gemfile: Gemfile
+          - ruby: 2.4
+            gemfile: gemfiles/Gemfile-rails-6-0
+          - ruby: 2.4
+            gemfile: gemfiles/Gemfile-rails-6-1
+          - ruby: 2.4
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.4
+            gemfile: gemfiles/Gemfile-rails-4-1
+          - ruby: 2.5
+            gemfile: gemfiles/Gemfile-rails-4-1
+          - ruby: 2.5
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.5
+            gemfile: Gemfile
+          - ruby: 2.6
+            gemfile: gemfiles/Gemfile-rails-4-1
+          - ruby: 2.6
+            gemfile: gemfiles/Gemfile-rails-4-2
+          - ruby: 2.6
+            gemfile: Gemfile
+          - ruby: 2.6
+            gemfile: gemfiles/Gemfile-rails-main
+          - ruby: 2.7
+            gemfile: gemfiles/Gemfile-rails-4-1
+          - ruby: 2.7
+            gemfile: gemfiles/Gemfile-rails-4-2
+          - ruby: 2.7
+            gemfile: gemfiles/Gemfile-rails-5-0
+          - ruby: 2.7
+            gemfile: gemfiles/Gemfile-rails-5-1
+          - ruby: 2.7
+            gemfile: gemfiles/Gemfile-rails-5-2
+          - ruby: 3.0
+            gemfile: gemfiles/Gemfile-rails-4-1
+          - ruby: 3.0
+            gemfile: gemfiles/Gemfile-rails-4-2
+          - ruby: 3.0
+            gemfile: gemfiles/Gemfile-rails-5-0
+          - ruby: 3.0
+            gemfile: gemfiles/Gemfile-rails-5-1
+          - ruby: 3.0
+            gemfile: gemfiles/Gemfile-rails-5-2
+          - env: DEVISE_ORM=mongoid
+            gemfile: Gemfile
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-5-0
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-5-1
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-5-2
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-6-0
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-6-1
+          - env: DEVISE_ORM=mongoid
+            gemfile: Gemfile
+          - env: DEVISE_ORM=mongoid
+            gemfile: gemfiles/Gemfile-rails-main
+    runs-on: ubuntu-latest
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ matrix.gemfile }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Bundler 1.x for Rails 4.x
+        if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }}
+        run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true # runs bundle install and caches installed gems automatically
+          bundler: ${{ env.BUNDLER_VERSION || 'latest' }}
+      - uses: supercharge/mongodb-github-action@1.3.0
+        if: ${{ matrix.env == 'DEVISE_ORM=mongoid' }}
+      - run: bundle exec rake

.gitignore

@@ -8,3 +8,4 @@ rdoc/*
 pkg
 log
 test/tmp/*
+gemfiles/*.lock

.travis.yml

@@ -1,110 +0,0 @@
-language: ruby
-
-rvm:
-  - 2.1.10
-  - 2.2.10
-  - 2.3.8
-  - 2.4.10
-  - 2.5.8
-  - 2.6.6
-  - 2.7.1
-  - ruby-head
-
-gemfile:
-  - Gemfile
-  - gemfiles/Gemfile.rails-6.0-stable
-  - gemfiles/Gemfile.rails-5.2-stable
-  - gemfiles/Gemfile.rails-5.1-stable
-  - gemfiles/Gemfile.rails-5.0-stable
-  - gemfiles/Gemfile.rails-4.2-stable
-  - gemfiles/Gemfile.rails-4.1-stable
-
-matrix:
-  exclude:
-    - rvm: 2.1.10
-      gemfile: Gemfile
-    - rvm: 2.1.10
-      gemfile: gemfiles/Gemfile.rails-6.0-stable
-    - rvm: 2.1.10
-      gemfile: gemfiles/Gemfile.rails-5.2-stable
-    - rvm: 2.1.10
-      gemfile: gemfiles/Gemfile.rails-5.1-stable
-    - rvm: 2.1.10
-      gemfile: gemfiles/Gemfile.rails-5.0-stable
-    - rvm: 2.2.10
-      gemfile: Gemfile
-    - rvm: 2.2.10
-      gemfile: gemfiles/Gemfile.rails-6.0-stable
-    - rvm: 2.2.10
-      gemfile: gemfiles/Gemfile.rails-5.2-stable
-    - rvm: 2.3.8
-      gemfile: Gemfile
-    - rvm: 2.3.8
-      gemfile: gemfiles/Gemfile.rails-6.0-stable
-    - rvm: 2.4.10
-      gemfile: Gemfile
-    - rvm: 2.4.10
-      gemfile: gemfiles/Gemfile.rails-6.0-stable
-    - rvm: 2.4.10
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.5.8
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.6.6
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.6.6
-      gemfile: gemfiles/Gemfile.rails-4.2-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-4.2-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-5.0-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-5.1-stable
-    - rvm: 2.7.1
-      gemfile: gemfiles/Gemfile.rails-5.2-stable
-    - rvm: ruby-head
-      gemfile: gemfiles/Gemfile.rails-4.1-stable
-    - rvm: ruby-head
-      gemfile: gemfiles/Gemfile.rails-4.2-stable
-    - env: DEVISE_ORM=mongoid
-      gemfile: Gemfile
-    - env: DEVISE_ORM=mongoid
-      gemfile: gemfiles/Gemfile.rails-5.0-stable
-    - env: DEVISE_ORM=mongoid
-      gemfile: gemfiles/Gemfile.rails-5.1-stable
-    - env: DEVISE_ORM=mongoid
-      gemfile: gemfiles/Gemfile.rails-5.2-stable
-    - env: DEVISE_ORM=mongoid
-      gemfile: gemfiles/Gemfile.rails-6.0-stable
-  allow_failures:
-    - rvm: ruby-head
-
-services:
-  - mongodb
-
-cache: bundler
-
-env:
-  matrix:
-    - DEVISE_ORM=active_record
-    - DEVISE_ORM=mongoid
-
-before_install:
-  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-  - gem install bundler -v '< 2'
-  - "rm ${BUNDLE_GEMFILE}.lock"
-
-before_script: "bundle update"
-
-script: "bin/test"
-
-notifications:
-  email: false
-  slack:
-    on_pull_requests: false
-    on_success: change
-    on_failure: always
-    secure: Q3M+kmude3FjisibEeeGe0wSMXgvwLH+vL7Zrx9//q4QtkfnrQ/BBMvY9KXxPEsNF+eys4YopYjTkJ8uRmeboUATW/oQ4Jrv3+u3zkIHK2sFn/Q2cQWpK5w+CbgEnHPjKYnUu34b09njXTgDlr/mqtbPqrKeZ1dLlpKXCB/q4GY=

CHANGELOG.md

@@ -1,4 +1,31 @@
-### 4.7.1 - 2020-06-10
+### 4.8.1
+
+* enhancements
+  * Add support for Rails 7.0. Please note that Turbo integration is not fully supported by Devise yet.
+
+### 4.8.0 - 2021-04-29
+
+* enhancements
+  * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements.
+    - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.)
+    - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info.
+  * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in.
+    - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`.
+  * Add support for Ruby 3.
+  * Add support for Rails 6.1.
+  * Move CI to GitHub Actions.
+
+* deprecations
+  * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin)
+
+### 4.7.3 - 2020-09-20
+
+* bug fixes
+  * Do not modify `:except` option given to `#serializable_hash`. (by @dpep)
+  * Fix thor deprecation when running the devise generator. (by @deivid-rodriguez)
+  * Fix hanging tests for streaming controllers using Devise. (by @afn)
+
+### 4.7.2 - 2020-06-10
 
 * enhancements
   * Increase default stretches to 12 (by @sergey-alekseev)

Gemfile

@@ -4,13 +4,11 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 6.0.0"
+gem "rails", "~> 7.0.0"
 gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
 
-gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
-
 gem "rails-controller-testing", github: "rails/rails-controller-testing"
 
 gem "responders", "~> 3.0"
@@ -18,6 +16,7 @@ gem "responders", "~> 3.0"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid"
+  gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
   gem "mocha", "~> 1.1", require: false

Gemfile.lock

@@ -1,17 +1,8 @@
 GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
+  remote: https://github.com/rails/rails-controller-testing.git
+  revision: 36e84822ee997d69c971f03f3f3759ee4f4bdc37
   specs:
-    activemodel-serializers-xml (1.0.2)
-      activemodel (>= 5.0.0.a)
-      activesupport (>= 5.0.0.a)
-      builder (~> 3.1)
-
-GIT
-  remote: git://github.com/rails/rails-controller-testing.git
-  revision: a60b3da1c1c77959b28606dd087c058c64b5a08f
-  specs:
-    rails-controller-testing (1.0.4)
+    rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
@@ -19,7 +10,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (4.7.2)
+    devise (4.8.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -29,191 +20,209 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.3.1)
-      actionpack (= 6.0.3.1)
+    actioncable (7.0.0)
+      actionpack (= 7.0.0)
+      activesupport (= 7.0.0)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionmailbox (7.0.0)
+      actionpack (= 7.0.0)
+      activejob (= 7.0.0)
+      activerecord (= 7.0.0)
+      activestorage (= 7.0.0)
+      activesupport (= 7.0.0)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
+    actionmailer (7.0.0)
+      actionpack (= 7.0.0)
+      actionview (= 7.0.0)
+      activejob (= 7.0.0)
+      activesupport (= 7.0.0)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.1)
-      actionview (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (7.0.0)
+      actionview (= 7.0.0)
+      activesupport (= 7.0.0)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actiontext (7.0.0)
+      actionpack (= 7.0.0)
+      activerecord (= 7.0.0)
+      activestorage (= 7.0.0)
+      activesupport (= 7.0.0)
+      globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    actionview (7.0.0)
+      activesupport (= 7.0.0)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.1)
-      activesupport (= 6.0.3.1)
+    activejob (7.0.0)
+      activesupport (= 7.0.0)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activerecord (6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activestorage (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      marcel (~> 0.3.1)
-    activesupport (6.0.3.1)
+    activemodel (7.0.0)
+      activesupport (= 7.0.0)
+    activerecord (7.0.0)
+      activemodel (= 7.0.0)
+      activesupport (= 7.0.0)
+    activestorage (7.0.0)
+      actionpack (= 7.0.0)
+      activejob (= 7.0.0)
+      activerecord (= 7.0.0)
+      activesupport (= 7.0.0)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
-    bcrypt (3.1.13)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    bcrypt (3.1.16)
     builder (3.2.4)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.9)
     crass (1.0.6)
-    erubi (1.9.0)
-    faraday (1.0.1)
+    erubi (1.10.0)
+    faraday (1.8.0)
+      faraday-em_http (~> 1.0)
+      faraday-em_synchrony (~> 1.0)
+      faraday-excon (~> 1.1)
+      faraday-httpclient (~> 1.0.1)
+      faraday-net_http (~> 1.0)
+      faraday-net_http_persistent (~> 1.1)
+      faraday-patron (~> 1.0)
+      faraday-rack (~> 1.0)
       multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (1.8.3)
+      ruby2_keywords (>= 0.0.4)
+    faraday-em_http (1.0.0)
+    faraday-em_synchrony (1.0.0)
+    faraday-excon (1.1.0)
+    faraday-httpclient (1.0.1)
+    faraday-net_http (1.0.1)
+    faraday-net_http_persistent (1.2.0)
+    faraday-patron (1.0.0)
+    faraday-rack (1.0.0)
+    globalid (1.0.0)
+      activesupport (>= 5.0)
+    hashie (5.0.0)
+    i18n (1.8.11)
       concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
+    jwt (2.3.0)
+    loofah (2.13.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
+    marcel (1.0.2)
     method_source (1.0.0)
-    mimemagic (0.3.5)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    multi_json (1.14.1)
+    mini_mime (1.1.2)
+    mini_portile2 (2.6.1)
+    minitest (5.15.0)
+    mocha (1.13.0)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
+    nio4r (2.5.8)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
+      racc (~> 1.4)
+    oauth2 (1.4.7)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.9.1)
+    omniauth (2.0.4)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
+      rack-protection
+    omniauth-facebook (9.0.0)
       omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
+    omniauth-oauth2 (1.7.2)
+      oauth2 (~> 1.4)
+      omniauth (>= 1.9, < 3)
+    omniauth-openid (2.0.1)
+      omniauth (>= 1.0, < 3.0)
+      rack-openid (~> 1.4.0)
     orm_adapter (0.5.0)
-    rack (2.2.2)
-    rack-openid (1.3.1)
+    racc (1.6.0)
+    rack (2.2.3)
+    rack-openid (1.4.2)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
+    rack-protection (2.1.0)
+      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.1)
-      actioncable (= 6.0.3.1)
-      actionmailbox (= 6.0.3.1)
-      actionmailer (= 6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actiontext (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      bundler (>= 1.3.0)
-      railties (= 6.0.3.1)
-      sprockets-rails (>= 2.0.0)
+    rails (7.0.0)
+      actioncable (= 7.0.0)
+      actionmailbox (= 7.0.0)
+      actionmailer (= 7.0.0)
+      actionpack (= 7.0.0)
+      actiontext (= 7.0.0)
+      actionview (= 7.0.0)
+      activejob (= 7.0.0)
+      activemodel (= 7.0.0)
+      activerecord (= 7.0.0)
+      activestorage (= 7.0.0)
+      activesupport (= 7.0.0)
+      bundler (>= 1.15.0)
+      railties (= 7.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
+    railties (7.0.0)
+      actionpack (= 7.0.0)
+      activesupport (= 7.0.0)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (13.0.1)
-    rdoc (6.2.1)
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rake (13.0.6)
+    rdoc (6.3.3)
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
+    rexml (3.2.5)
     ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
+    ruby2_keywords (0.0.5)
     sqlite3 (1.4.2)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    thor (1.1.0)
+    timecop (0.9.4)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.7.2)
+    websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.3.0)
+    zeitwerk (2.5.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  activemodel-serializers-xml!
   devise!
   mocha (~> 1.1)
   omniauth
   omniauth-facebook
   omniauth-oauth2
   omniauth-openid
-  rails (~> 6.0.0)
+  rails (~> 7.0.0)
   rails-controller-testing!
   rdoc
   responders (~> 3.0)
+  rexml
   sqlite3 (~> 1.4)
   timecop
   webrat (= 0.7.3)
 
 BUNDLED WITH
-   1.17.3
+   2.2.33

README.md

@@ -1,6 +1,5 @@
 ![Devise Logo](https://raw.github.com/heartcombo/devise/master/devise.png)
 
-[![Build Status](https://api.travis-ci.org/heartcombo/devise.svg?branch=master)](http://travis-ci.org/heartcombo/devise)
 [![Code Climate](https://codeclimate.com/github/heartcombo/devise.svg)](https://codeclimate.com/github/heartcombo/devise)
 
 Devise is a flexible authentication solution for Rails based on Warden. It:
@@ -54,7 +53,6 @@ It's composed of 10 modules:
 	- [Other ORMs](#other-orms)
 	- [Rails API mode](#rails-api-mode)
 - [Additional information](#additional-information)
-	- [Heroku](#heroku)
 	- [Warden](#warden)
 	- [Contributors](#contributors)
 - [License](#license)
@@ -119,8 +117,8 @@ You will usually want to write tests for your changes.  To run the test suite, g
 Devise works with multiple Ruby and Rails versions, and ActiveRecord and Mongoid ORMs, which means you can run the test suite with some modifiers: `DEVISE_ORM` and `BUNDLE_GEMFILE`.
 
 ### DEVISE_ORM
-Since Devise support both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
-The default value of `DEVISE_ORM` is `active_record`. To run the tests for mongoid, you can pass `mongoid`:
+Since Devise supports both Mongoid and ActiveRecord, we rely on this variable to run specific code for each ORM.
+The default value of `DEVISE_ORM` is `active_record`. To run the tests for Mongoid, you can pass `mongoid`:
 ```
 DEVISE_ORM=mongoid bin/test
 
@@ -132,7 +130,7 @@ Please note that the command output will show the variable value being used.
 
 ### BUNDLE_GEMFILE
 We can use this variable to tell bundler what Gemfile it should use (instead of the one in the current directory).
-Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks on Travis using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
+Inside the [gemfiles](https://github.com/heartcombo/devise/tree/master/gemfiles) directory, we have one for each version of Rails we support. When you send us a pull request, it may happen that the test suite breaks using some of them. If that's the case, you can simulate the same environment using the `BUNDLE_GEMFILE` variable.
 For example, if the tests broke using Ruby 2.4.2 and Rails 4.1, you can do the following:
 ```bash
 rbenv shell 2.4.2 # or rvm use 2.4.2
@@ -273,7 +271,7 @@ Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`,
 
 ### Strong Parameters
 
-![The Parameter Sanitizer API has changed for Devise 4](http://messages.hellobits.com/warning.svg?message=The%20Parameter%20Sanitizer%20API%20has%20changed%20for%20Devise%204)
+The Parameter Sanitizer API has changed for Devise 4 :warning:
 
 *For previous Devise versions see https://github.com/heartcombo/devise/tree/3-stable#strong-parameters*
 
@@ -313,7 +311,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+Devise allows you to completely change Devise defaults or invoke custom behavior by passing a block:
 
 To permit simple scalar values for username and email, use this
 
@@ -436,7 +434,7 @@ If the customization at the views level is not enough, you can customize each co
     end
     ```
 
-    Or you can simply add new behaviour to it:
+    Or you can simply add new behavior to it:
 
     ```ruby
     class Users::SessionsController < Devise::SessionsController
@@ -686,7 +684,7 @@ If you enable the [Recoverable](http://rubydoc.info/github/heartcombo/devise/mas
 1. Action Mailer logs the entire contents of all outgoing emails to the DEBUG level. Password reset tokens delivered to users in email will be leaked.
 2. Active Job logs all arguments to every enqueued job at the INFO level. If you configure Devise to use `deliver_later` to send password reset emails, password reset tokens will be leaked.
 
-Rails sets the production logger level to DEBUG by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
+Rails sets the production logger level to INFO by default. Consider changing your production logger level to WARN if you wish to prevent tokens from being leaked into your logs. In `config/environments/production.rb`:
 
 ```ruby
 config.log_level = :warn
@@ -741,6 +739,6 @@ https://github.com/heartcombo/devise/graphs/contributors
 
 ## License
 
-MIT License. Copyright 2020 Rafael França, Leaonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
+MIT License. Copyright 2020 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
 
 The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).

app/helpers/devise_helper.rb

@@ -1,14 +1,26 @@
 # frozen_string_literal: true
 
 module DeviseHelper
-  # Retain this method for backwards compatibility, deprecated in favour of modifying the
-  # devise/shared/error_messages partial
+  # Retain this method for backwards compatibility, deprecated in favor of modifying the
+  # devise/shared/error_messages partial.
   def devise_error_messages!
     ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
-      [Devise] `DeviseHelper.devise_error_messages!`
-      is deprecated and it will be removed in the next major version.
-      To customize the errors styles please run `rails g devise:views` and modify the
-      `devise/shared/error_messages` partial.
+      [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
+      removed in the next major version.
+
+      Devise now uses a partial under "devise/shared/error_messages" to display
+      error messages by default, and make them easier to customize. Update your
+      views changing calls from:
+
+          <%= devise_error_messages! %>
+
+      to:
+
+          <%= render "devise/shared/error_messages", resource: resource %>
+
+      To start customizing how errors are displayed, you can copy the partial
+      from devise to your `app/views` folder. Alternatively, you can run
+      `rails g devise:views` which will copy all of them again to your app.
     DEPRECATION
 
     return "" if resource.errors.empty?

app/mailers/devise/mailer.rb

@@ -4,26 +4,26 @@ if defined?(ActionMailer)
   class Devise::Mailer < Devise.parent_mailer.constantize
     include Devise::Mailers::Helpers
 
-    def confirmation_instructions(record, token, opts={})
+    def confirmation_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :confirmation_instructions, opts)
     end
 
-    def reset_password_instructions(record, token, opts={})
+    def reset_password_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :reset_password_instructions, opts)
     end
 
-    def unlock_instructions(record, token, opts={})
+    def unlock_instructions(record, token, opts = {})
       @token = token
       devise_mail(record, :unlock_instructions, opts)
     end
 
-    def email_changed(record, opts={})
+    def email_changed(record, opts = {})
       devise_mail(record, :email_changed, opts)
     end
 
-    def password_change(record, opts={})
+    def password_change(record, opts = {})
       devise_mail(record, :password_change, opts)
     end
   end

app/views/devise/shared/_links.html.erb

@@ -20,6 +20,6 @@
 
 <%- if devise_mapping.omniauthable? %>
   <%- resource_class.omniauth_providers.each do |provider| %>
-    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider) %><br />
+    <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), method: :post %><br />
   <% end %>
 <% end %>

config/locales/en.yml

@@ -44,7 +44,7 @@ en:
       signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
       update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address."
       updated: "Your account has been updated successfully."
-      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again"
+      updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again."
     sessions:
       signed_in: "Signed in successfully."
       signed_out: "Signed out successfully."

devise.gemspec

@@ -14,6 +14,14 @@ Gem::Specification.new do |s|
   s.homepage    = "https://github.com/heartcombo/devise"
   s.description = "Flexible authentication solution for Rails with Warden"
   s.authors     = ['José Valim', 'Carlos Antônio']
+  s.metadata    = {
+    "homepage_uri"      => "https://github.com/heartcombo/devise",
+    "documentation_uri" => "https://rubydoc.info/github/heartcombo/devise",
+    "changelog_uri"     => "https://github.com/heartcombo/devise/blob/master/CHANGELOG.md",
+    "source_code_uri"   => "https://github.com/heartcombo/devise",
+    "bug_tracker_uri"   => "https://github.com/heartcombo/devise/issues",
+    "wiki_uri"          => "https://github.com/heartcombo/devise/wiki"
+  }
 
   s.files         = Dir["{app,config,lib}/**/*", "CHANGELOG.md", "MIT-LICENSE", "README.md"]
   s.require_paths = ["lib"]

gemfiles/Gemfile-rails-5-0

@@ -9,8 +9,6 @@ gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
 
-gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
-
 gem "rails-controller-testing"
 
 gem "responders", "~> 2.1"

gemfiles/Gemfile-rails-5-1

@@ -7,8 +7,6 @@ gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
 
-gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
-
 gem "rails-controller-testing"
 
 gem "responders", "~> 2.1"

gemfiles/Gemfile-rails-5-2

@@ -7,8 +7,6 @@ gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
 
-gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
-
 gem "rails-controller-testing"
 
 gem "responders", "~> 2.1"

gemfiles/Gemfile-rails-6-0

@@ -0,0 +1,25 @@
+source "https://rubygems.org"
+
+gemspec path: ".."
+
+gem "rails", '~> 6.0.0', github: 'rails/rails', branch: '6-0-stable'
+gem "omniauth"
+gem "omniauth-oauth2"
+gem "rdoc"
+
+gem "rails-controller-testing", github: "rails/rails-controller-testing"
+
+gem "responders", "~> 3.0"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid"
+  gem "rexml"
+  gem "timecop"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
+end
+
+platforms :ruby do
+  gem "sqlite3", "~> 1.4"
+end

gemfiles/Gemfile-rails-6-1

@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 gemspec path: ".."
 
-gem "rails", '~> 6.0.0'
+gem "rails", '~> 6.1.0'
 gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
@@ -16,6 +16,7 @@ gem "responders", "~> 3.0"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid"
+  gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
   gem "mocha", "~> 1.1", require: false

gemfiles/Gemfile-rails-main

@@ -0,0 +1,27 @@
+source "https://rubygems.org"
+
+gemspec path: ".."
+
+gem "rails", github: "rails/rails", branch: "main"
+gem "omniauth"
+gem "omniauth-oauth2"
+gem "rdoc"
+
+gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
+
+gem "rails-controller-testing", github: "rails/rails-controller-testing"
+
+gem "responders", "~> 3.0"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid"
+  gem "rexml"
+  gem "timecop"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
+end
+
+platforms :ruby do
+  gem "sqlite3", "~> 1.4"
+end

gemfiles/Gemfile.rails-4.1-stable.lock

@@ -1,171 +0,0 @@
-GIT
-  remote: git://github.com/rails/rails.git
-  revision: 0cad778c2605a5204a05a9f1dbd3344e39f248d8
-  branch: 4-1-stable
-  specs:
-    actionmailer (4.1.16)
-      actionpack (= 4.1.16)
-      actionview (= 4.1.16)
-      mail (~> 2.5, >= 2.5.4)
-    actionpack (4.1.16)
-      actionview (= 4.1.16)
-      activesupport (= 4.1.16)
-      rack (~> 1.5.2)
-      rack-test (~> 0.6.2)
-    actionview (4.1.16)
-      activesupport (= 4.1.16)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-    activemodel (4.1.16)
-      activesupport (= 4.1.16)
-      builder (~> 3.1)
-    activerecord (4.1.16)
-      activemodel (= 4.1.16)
-      activesupport (= 4.1.16)
-      arel (~> 5.0.0)
-    activesupport (4.1.16)
-      i18n (~> 0.6, >= 0.6.9)
-      json (~> 1.7, >= 1.7.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.1)
-      tzinfo (~> 1.1)
-    rails (4.1.16)
-      actionmailer (= 4.1.16)
-      actionpack (= 4.1.16)
-      actionview (= 4.1.16)
-      activemodel (= 4.1.16)
-      activerecord (= 4.1.16)
-      activesupport (= 4.1.16)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.1.16)
-      sprockets-rails (~> 2.0)
-    railties (4.1.16)
-      actionpack (= 4.1.16)
-      activesupport (= 4.1.16)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    arel (5.0.1.20140414130214)
-    bcrypt (3.1.13)
-    bson (3.2.7)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    connection_pool (2.2.3)
-    erubis (2.7.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    hashie (3.6.0)
-    i18n (0.9.5)
-      concurrent-ruby (~> 1.0)
-    json (1.8.6)
-    jwt (2.2.1)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    mongoid (4.0.2)
-      activemodel (~> 4.0)
-      moped (~> 2.0.0)
-      origin (~> 2.1)
-      tzinfo (>= 0.3.37)
-    moped (2.0.7)
-      bson (~> 3.0)
-      connection_pool (~> 2.0)
-      optionable (~> 0.2.0)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nokogiri (1.9.1)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.4.2)
-      hashie (>= 1.2, < 4)
-      rack (>= 1.0, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.5.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.2)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    optionable (0.2.0)
-    origin (2.3.1)
-    orm_adapter (0.5.0)
-    rack (1.5.5)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rake (13.0.1)
-    rdoc (5.1.0)
-    responders (1.1.2)
-      railties (>= 3.2, < 4.2)
-    ruby-openid (2.9.2)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (2.3.3)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
-    sqlite3 (1.3.13)
-    test_after_commit (1.2.2)
-      activerecord (>= 3.2, < 5.0)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.7)
-      rack (>= 1.0)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord-jdbc-adapter
-  activerecord-jdbcsqlite3-adapter
-  devise!
-  jruby-openssl
-  mocha (~> 1.1)
-  mongoid (~> 4.0)
-  nokogiri (= 1.9.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails!
-  rdoc (~> 5.1)
-  sqlite3 (~> 1.3.6)
-  test_after_commit
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

gemfiles/Gemfile.rails-4.2-stable.lock

@@ -1,194 +0,0 @@
-GIT
-  remote: git://github.com/rails/rails.git
-  revision: c0cb0cbf976a3cf8ad1b0e2d0f813602a712e997
-  branch: 4-2-stable
-  specs:
-    actionmailer (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.11.3)
-      actionview (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      globalid (>= 0.3.0)
-    activemodel (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      builder (~> 3.1)
-    activerecord (4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      arel (~> 6.0)
-    activesupport (4.2.11.3)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
-      tzinfo (~> 1.1)
-    rails (4.2.11.3)
-      actionmailer (= 4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activerecord (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.11.3)
-      sprockets-rails
-    railties (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    arel (6.0.4)
-    bcrypt (3.1.13)
-    bson (3.2.7)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    connection_pool (2.2.3)
-    crass (1.0.6)
-    erubis (2.7.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (0.9.5)
-      concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    mongoid (4.0.2)
-      activemodel (~> 4.0)
-      moped (~> 2.0.0)
-      origin (~> 2.1)
-      tzinfo (>= 0.3.37)
-    moped (2.0.7)
-      bson (~> 3.0)
-      connection_pool (~> 2.0)
-      optionable (~> 0.2.0)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nokogiri (1.9.1)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    optionable (0.2.0)
-    origin (2.3.1)
-    orm_adapter (0.5.0)
-    rack (1.6.13)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.9)
-      activesupport (>= 4.2.0, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    rake (13.0.1)
-    rdoc (5.1.0)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    test_after_commit (1.2.2)
-      activerecord (>= 3.2, < 5.0)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.7)
-      rack (>= 1.0)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord-jdbc-adapter
-  activerecord-jdbcsqlite3-adapter
-  devise!
-  jruby-openssl
-  mocha (~> 1.1)
-  mongoid (~> 4.0)
-  nokogiri (= 1.9.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails!
-  rdoc (~> 5.1)
-  sqlite3 (~> 1.3.6)
-  test_after_commit
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

gemfiles/Gemfile.rails-5.0-stable.lock

@@ -1,190 +0,0 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
-  specs:
-    activemodel-serializers-xml (1.0.2)
-      activemodel (>= 5.0.0.a)
-      activesupport (>= 5.0.0.a)
-      builder (~> 3.1)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      nio4r (>= 1.2, < 3.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.0.7.2)
-      actionview (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      rack (~> 2.0)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      globalid (>= 0.3.6)
-    activemodel (5.0.7.2)
-      activesupport (= 5.0.7.2)
-    activerecord (5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      arel (~> 7.0)
-    activesupport (5.0.7.2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    arel (7.1.4)
-    bcrypt (3.1.13)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    crass (1.0.6)
-    erubis (2.7.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (1.8.3)
-      concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    method_source (1.0.0)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.5.0)
-    rack (2.2.2)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (5.0.7.2)
-      actioncable (= 5.0.7.2)
-      actionmailer (= 5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activerecord (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      bundler (>= 1.3.0)
-      railties (= 5.0.7.2)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.4)
-      actionpack (>= 5.0.1.x)
-      actionview (>= 5.0.1.x)
-      activesupport (>= 5.0.1.x)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (13.0.1)
-    rdoc (6.2.1)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activemodel-serializers-xml!
-  devise!
-  mocha (~> 1.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails (~> 5.0.0)
-  rails-controller-testing
-  rdoc
-  responders (~> 2.1)
-  sqlite3 (~> 1.3.6)
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

gemfiles/Gemfile.rails-5.1-stable.lock

@@ -1,190 +0,0 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
-  specs:
-    activemodel-serializers-xml (1.0.2)
-      activemodel (>= 5.0.0.a)
-      activesupport (>= 5.0.0.a)
-      builder (~> 3.1)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.1.7)
-      actionpack (= 5.1.7)
-      nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.7)
-      actionpack (= 5.1.7)
-      actionview (= 5.1.7)
-      activejob (= 5.1.7)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.1.7)
-      actionview (= 5.1.7)
-      activesupport (= 5.1.7)
-      rack (~> 2.0)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.7)
-      activesupport (= 5.1.7)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.1.7)
-      activesupport (= 5.1.7)
-      globalid (>= 0.3.6)
-    activemodel (5.1.7)
-      activesupport (= 5.1.7)
-    activerecord (5.1.7)
-      activemodel (= 5.1.7)
-      activesupport (= 5.1.7)
-      arel (~> 8.0)
-    activesupport (5.1.7)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    arel (8.0.0)
-    bcrypt (3.1.13)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    crass (1.0.6)
-    erubi (1.9.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (1.8.3)
-      concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    method_source (1.0.0)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.5.0)
-    rack (2.2.2)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.1.7)
-      actioncable (= 5.1.7)
-      actionmailer (= 5.1.7)
-      actionpack (= 5.1.7)
-      actionview (= 5.1.7)
-      activejob (= 5.1.7)
-      activemodel (= 5.1.7)
-      activerecord (= 5.1.7)
-      activesupport (= 5.1.7)
-      bundler (>= 1.3.0)
-      railties (= 5.1.7)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.4)
-      actionpack (>= 5.0.1.x)
-      actionview (>= 5.0.1.x)
-      activesupport (>= 5.0.1.x)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (5.1.7)
-      actionpack (= 5.1.7)
-      activesupport (= 5.1.7)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (13.0.1)
-    rdoc (6.2.1)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activemodel-serializers-xml!
-  devise!
-  mocha (~> 1.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails (~> 5.1.0)
-  rails-controller-testing
-  rdoc
-  responders (~> 2.1)
-  sqlite3 (~> 1.3.6)
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

gemfiles/Gemfile.rails-5.2-stable.lock

@@ -1,198 +0,0 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
-  specs:
-    activemodel-serializers-xml (1.0.2)
-      activemodel (>= 5.0.0.a)
-      activesupport (>= 5.0.0.a)
-      builder (~> 3.1)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.3)
-      actionview (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
-      rack (~> 2.0, >= 2.0.8)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.3)
-      activesupport (= 5.2.4.3)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.3)
-      activesupport (= 5.2.4.3)
-      globalid (>= 0.3.6)
-    activemodel (5.2.4.3)
-      activesupport (= 5.2.4.3)
-    activerecord (5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
-      arel (>= 9.0)
-    activestorage (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
-      marcel (~> 0.3.1)
-    activesupport (5.2.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    arel (9.0.0)
-    bcrypt (3.1.13)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    crass (1.0.6)
-    erubi (1.9.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (1.8.3)
-      concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    method_source (1.0.0)
-    mimemagic (0.3.5)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.5.0)
-    rack (2.2.2)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (5.2.4.3)
-      actioncable (= 5.2.4.3)
-      actionmailer (= 5.2.4.3)
-      actionpack (= 5.2.4.3)
-      actionview (= 5.2.4.3)
-      activejob (= 5.2.4.3)
-      activemodel (= 5.2.4.3)
-      activerecord (= 5.2.4.3)
-      activestorage (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
-      bundler (>= 1.3.0)
-      railties (= 5.2.4.3)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.4)
-      actionpack (>= 5.0.1.x)
-      actionview (>= 5.0.1.x)
-      activesupport (>= 5.0.1.x)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (5.2.4.3)
-      actionpack (= 5.2.4.3)
-      activesupport (= 5.2.4.3)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (13.0.1)
-    rdoc (6.2.1)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.13)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-    websocket-driver (0.7.2)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activemodel-serializers-xml!
-  devise!
-  mocha (~> 1.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails (~> 5.2.0)
-  rails-controller-testing
-  rdoc
-  responders (~> 2.1)
-  sqlite3 (~> 1.3.6)
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

gemfiles/Gemfile.rails-6.0-stable.lock

@@ -1,219 +0,0 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 93689638c28525acc65afb638fce866826532641
-  specs:
-    activemodel-serializers-xml (1.0.2)
-      activemodel (>= 5.0.0.a)
-      activesupport (>= 5.0.0.a)
-      builder (~> 3.1)
-
-GIT
-  remote: git://github.com/rails/rails-controller-testing.git
-  revision: a60b3da1c1c77959b28606dd087c058c64b5a08f
-  specs:
-    rails-controller-testing (1.0.4)
-      actionpack (>= 5.0.1.rc1)
-      actionview (>= 5.0.1.rc1)
-      activesupport (>= 5.0.1.rc1)
-
-PATH
-  remote: ..
-  specs:
-    devise (4.7.2)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      mail (>= 2.7.1)
-    actionmailer (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.1)
-      actionview (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      rack (~> 2.0, >= 2.0.8)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      nokogiri (>= 1.8.5)
-    actionview (6.0.3.1)
-      activesupport (= 6.0.3.1)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.1)
-      activesupport (= 6.0.3.1)
-      globalid (>= 0.3.6)
-    activemodel (6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activerecord (6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-    activestorage (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      marcel (~> 0.3.1)
-    activesupport (6.0.3.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
-    bcrypt (3.1.13)
-    builder (3.2.4)
-    concurrent-ruby (1.1.6)
-    crass (1.0.6)
-    erubi (1.9.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    hashie (4.1.0)
-    i18n (1.8.3)
-      concurrent-ruby (~> 1.0)
-    jwt (2.2.1)
-    loofah (2.5.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    method_source (1.0.0)
-    mimemagic (0.3.5)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    mocha (1.11.2)
-    multi_json (1.14.1)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.9)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (1.9.1)
-      hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
-    omniauth-facebook (6.0.0)
-      omniauth-oauth2 (~> 1.2)
-    omniauth-oauth2 (1.6.0)
-      oauth2 (~> 1.1)
-      omniauth (~> 1.9)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    orm_adapter (0.5.0)
-    rack (2.2.2)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (6.0.3.1)
-      actioncable (= 6.0.3.1)
-      actionmailbox (= 6.0.3.1)
-      actionmailer (= 6.0.3.1)
-      actionpack (= 6.0.3.1)
-      actiontext (= 6.0.3.1)
-      actionview (= 6.0.3.1)
-      activejob (= 6.0.3.1)
-      activemodel (= 6.0.3.1)
-      activerecord (= 6.0.3.1)
-      activestorage (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      bundler (>= 1.3.0)
-      railties (= 6.0.3.1)
-      sprockets-rails (>= 2.0.0)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    railties (6.0.3.1)
-      actionpack (= 6.0.3.1)
-      activesupport (= 6.0.3.1)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (13.0.1)
-    rdoc (6.2.1)
-    responders (3.0.1)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
-    ruby-openid (2.9.2)
-    sprockets (4.0.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.4.2)
-    thor (1.0.1)
-    thread_safe (0.3.6)
-    timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-    websocket-driver (0.7.2)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-    zeitwerk (2.3.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activemodel-serializers-xml!
-  devise!
-  mocha (~> 1.1)
-  omniauth
-  omniauth-facebook
-  omniauth-oauth2
-  omniauth-openid
-  rails (~> 6.0.0)
-  rails-controller-testing!
-  rdoc
-  responders (~> 3.0)
-  sqlite3 (~> 1.4)
-  timecop
-  webrat (= 0.7.3)
-
-BUNDLED WITH
-   1.17.3

lib/devise.rb

@@ -313,12 +313,20 @@ module Devise
     end
 
     def get
-      ActiveSupport::Dependencies.constantize(@name)
+      # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+      if ActiveSupport::Dependencies.respond_to?(:constantize)
+        ActiveSupport::Dependencies.constantize(@name)
+      else
+        @name.constantize
+      end
     end
   end
 
   def self.ref(arg)
-    ActiveSupport::Dependencies.reference(arg)
+    # TODO: Remove AS::Dependencies usage when dropping support to Rails < 7.
+    if ActiveSupport::Dependencies.respond_to?(:reference)
+      ActiveSupport::Dependencies.reference(arg)
+    end
     Getter.new(arg)
   end
 

lib/devise/controllers/helpers.rb

@@ -36,14 +36,14 @@ module Devise
         #     before_action ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
         #     current_blogger :user                             # Preferably returns a User if one is signed in
         #
-        def devise_group(group_name, opts={})
+        def devise_group(group_name, opts = {})
           mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
 
           class_eval <<-METHODS, __FILE__, __LINE__ + 1
-            def authenticate_#{group_name}!(favourite=nil, opts={})
+            def authenticate_#{group_name}!(favorite = nil, opts = {})
               unless #{group_name}_signed_in?
                 mappings = #{mappings}
-                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.unshift mappings.delete(favorite.to_sym) if favorite
                 mappings.each do |mapping|
                   opts[:scope] = mapping
                   warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
@@ -57,9 +57,9 @@ module Devise
               end
             end
 
-            def current_#{group_name}(favourite=nil)
+            def current_#{group_name}(favorite = nil)
               mappings = #{mappings}
-              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.unshift mappings.delete(favorite.to_sym) if favorite
               mappings.each do |mapping|
                 current = warden.authenticate(scope: mapping)
                 return current if current
@@ -113,7 +113,7 @@ module Devise
         mapping = mapping.name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
-          def authenticate_#{mapping}!(opts={})
+          def authenticate_#{mapping}!(opts = {})
             opts[:scope] = :#{mapping}
             warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
           end
@@ -252,7 +252,7 @@ module Devise
       # Overwrite Rails' handle unverified request to sign out all scopes,
       # clear run strategies and remove cached variables.
       def handle_unverified_request
-        super # call the default behaviour which resets/nullifies/raises
+        super # call the default behavior which resets/nullifies/raises
         request.env["devise.skip_storage"] = true
         sign_out_all_scopes(false)
       end

lib/devise/controllers/sign_in_out.rb

@@ -10,7 +10,7 @@ module Devise
       # cause exceptions to be thrown from this method; if you simply want to check
       # if a scope has already previously been authenticated without running
       # authentication hooks, you can directly call `warden.authenticated?(scope: scope)`
-      def signed_in?(scope=nil)
+      def signed_in?(scope = nil)
         [scope || Devise.mappings.keys].flatten.any? do |_scope|
           warden.authenticate?(scope: _scope)
         end
@@ -77,7 +77,7 @@ module Devise
       #   sign_out :user     # sign_out(scope)
       #   sign_out @user     # sign_out(resource)
       #
-      def sign_out(resource_or_scope=nil)
+      def sign_out(resource_or_scope = nil)
         return sign_out_all_scopes unless resource_or_scope
         scope = Devise::Mapping.find_scope!(resource_or_scope)
         user = warden.user(scope: scope, run_callbacks: false) # If there is no user
@@ -92,7 +92,7 @@ module Devise
       # Sign out all active users or scopes. This helper is useful for signing out all roles
       # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
       # and false if there was no user logged in on all scopes.
-      def sign_out_all_scopes(lock=true)
+      def sign_out_all_scopes(lock = true)
         users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
 
         warden.logout
@@ -106,10 +106,12 @@ module Devise
       private
 
       def expire_data_after_sign_in!
+        # TODO: remove once Rails 5.2+ and forward are only supported.
         # session.keys will return an empty array if the session is not yet loaded.
         # This is a bug in both Rack and Rails.
         # A call to #empty? forces the session to be loaded.
         session.empty?
+
         session.keys.grep(/^devise\./).each { |k| session.delete(k) }
       end
 

lib/devise/controllers/url_helpers.rb

@@ -34,7 +34,7 @@ module Devise
         end
       end
 
-      def self.generate_helpers!(routes=nil)
+      def self.generate_helpers!(routes = nil)
         routes ||= begin
           mappings = Devise.mappings.values.map(&:used_helpers).flatten.uniq
           Devise::URL_HELPERS.slice(*mappings)

lib/devise/failure_app.rb

@@ -71,7 +71,6 @@ module Devise
       end
 
       flash.now[:alert] = i18n_message(:invalid) if is_flashing_format?
-      # self.response = recall_app(warden_options[:recall]).call(env)
       self.response = recall_app(warden_options[:recall]).call(request.env)
     end
 

lib/devise/hooks/lockable.rb

@@ -3,10 +3,7 @@
 # After each sign in, if resource responds to failed_attempts, sets it to 0
 # This is only triggered when the user is explicitly set (with set_user)
 Warden::Manager.after_set_user except: :fetch do |record, warden, options|
-  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
-    unless record.failed_attempts.to_i.zero?
-      record.failed_attempts = 0
-      record.save(validate: false)
-    end
+  if record.respond_to?(:reset_failed_attempts!) && warden.authenticated?(options[:scope])
+    record.reset_failed_attempts!
   end
 end

lib/devise/mapping.rb

@@ -46,7 +46,7 @@ module Devise
       raise "Could not find a valid mapping for #{obj.inspect}"
     end
 
-    def self.find_by_path!(path, path_type=:fullpath)
+    def self.find_by_path!(path, path_type = :fullpath)
       Devise.mappings.each_value { |m| return m if path.include?(m.send(path_type)) }
       raise "Could not find a valid mapping for path #{path.inspect}"
     end

lib/devise/models/authenticatable.rb

@@ -2,6 +2,7 @@
 
 require 'devise/hooks/activatable'
 require 'devise/hooks/csrf_cleaner'
+require 'devise/rails/deprecated_constant_accessor'
 
 module Devise
   module Models
@@ -9,7 +10,7 @@ module Devise
     #
     # == Options
     #
-    # Authenticatable adds the following options to devise_for:
+    # Authenticatable adds the following options to +devise+:
     #
     #   * +authentication_keys+: parameters used for authentication. By default [:email].
     #
@@ -55,11 +56,14 @@ module Devise
     module Authenticatable
       extend ActiveSupport::Concern
 
-      BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at,
+      UNSAFE_ATTRIBUTES_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at,
         :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip,
         :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at,
         :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
 
+      include Devise::DeprecatedConstantAccessor
+      deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION"
+
       included do
         class_attribute :devise_modules, instance_writer: false
         self.devise_modules ||= []
@@ -104,12 +108,12 @@ module Devise
       # given to :except will simply add names to exempt to Devise internal list.
       def serializable_hash(options = nil)
         options = options.try(:dup) || {}
-        options[:except] = Array(options[:except])
+        options[:except] = Array(options[:except]).dup
 
         if options[:force_except]
           options[:except].concat Array(options[:force_except])
         else
-          options[:except].concat BLACKLIST_FOR_SERIALIZATION
+          options[:except].concat UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
         end
 
         super(options)
@@ -272,17 +276,17 @@ module Devise
           find_first_by_auth_conditions(tainted_conditions)
         end
 
-        def find_first_by_auth_conditions(tainted_conditions, opts={})
+        def find_first_by_auth_conditions(tainted_conditions, opts = {})
           to_adapter.find_first(devise_parameter_filter.filter(tainted_conditions).merge(opts))
         end
 
         # Find or initialize a record setting an error if it can't be found.
-        def find_or_initialize_with_error_by(attribute, value, error=:invalid) #:nodoc:
+        def find_or_initialize_with_error_by(attribute, value, error = :invalid) #:nodoc:
           find_or_initialize_with_errors([attribute], { attribute => value }, error)
         end
 
         # Find or initialize a record with group of attributes based on a list of required attributes.
-        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
+        def find_or_initialize_with_errors(required_attributes, attributes, error = :invalid) #:nodoc:
           attributes.try(:permit!)
           attributes = attributes.to_h.with_indifferent_access
                                  .slice(*required_attributes)

lib/devise/models/confirmable.rb

@@ -76,7 +76,7 @@ module Devise
       # Confirm a user by setting it's confirmed_at to actual time. If the user
       # is already confirmed, add an error to email field. If the user is invalid
       # add errors
-      def confirm(args={})
+      def confirm(args = {})
         pending_any_confirmation do
           if confirmation_period_expired?
             self.errors.add(:email, :confirmation_period_expired,
@@ -334,7 +334,7 @@ module Devise
         # confirmation instructions to it. If not, try searching for a user by unconfirmed_email
         # field. If no user is found, returns a new user with an email not found error.
         # Options must contain the user email
-        def send_confirmation_instructions(attributes={})
+        def send_confirmation_instructions(attributes = {})
           confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable
           unless confirmable.try(:persisted?)
             confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found)

lib/devise/models/database_authenticatable.rb

@@ -13,7 +13,7 @@ module Devise
     #
     # == Options
     #
-    # DatabaseAuthenticatable adds the following options to devise_for:
+    # DatabaseAuthenticatable adds the following options to +devise+:
     #
     #   * +pepper+: a random string used to provide a more secure hash. Use
     #     `rails secret` to generate new keys.
@@ -42,7 +42,7 @@ module Devise
       def initialize(*args, &block)
         @skip_email_changed_notification = false
         @skip_password_change_notification = false
-        super 
+        super
       end
 
       # Skips sending the email changed notification after_update

lib/devise/models/lockable.rb

@@ -57,6 +57,14 @@ module Devise
         save(validate: false)
       end
 
+      # Resets failed attempts counter to 0.
+      def reset_failed_attempts!
+        if respond_to?(:failed_attempts) && !failed_attempts.to_i.zero?
+          self.failed_attempts = 0
+          save(validate: false)
+        end
+      end
+
       # Verifies whether a user is locked or not.
       def access_locked?
         !!locked_at && !lock_expired?
@@ -110,7 +118,7 @@ module Devise
           false
         end
       end
-      
+
       def increment_failed_attempts
         self.class.increment_counter(:failed_attempts, id)
         reload
@@ -168,7 +176,7 @@ module Devise
         # unlock instructions to it. If not user is found, returns a new user
         # with an email not found error.
         # Options must contain the user's unlock keys
-        def send_unlock_instructions(attributes={})
+        def send_unlock_instructions(attributes = {})
           lockable = find_or_initialize_with_errors(unlock_keys, attributes, :not_found)
           lockable.resend_unlock_instructions if lockable.persisted?
           lockable

lib/devise/models/omniauthable.rb

@@ -8,11 +8,11 @@ module Devise
     #
     # == Options
     #
-    # Oauthable adds the following options to devise_for:
+    # Oauthable adds the following options to +devise+:
     #
     #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
     #
-    #       devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
+    #       devise :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
     #
     module Omniauthable
       extend ActiveSupport::Concern

lib/devise/models/recoverable.rb

@@ -7,7 +7,7 @@ module Devise
     #
     # ==Options
     #
-    # Recoverable adds the following options to devise_for:
+    # Recoverable adds the following options to +devise+:
     #
     #   * +reset_password_keys+: the keys you want to use when recovering the password for an account
     #   * +reset_password_within+: the time period within which the password must be reset or the token expires.
@@ -131,7 +131,7 @@ module Devise
         # password instructions to it. If user is not found, returns a new user
         # with an email not found error.
         # Attributes must contain the user's email
-        def send_reset_password_instructions(attributes={})
+        def send_reset_password_instructions(attributes = {})
           recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
           recoverable.send_reset_password_instructions if recoverable.persisted?
           recoverable
@@ -142,7 +142,7 @@ module Devise
         # try saving the record. If not user is found, returns a new user
         # containing an error in reset_password_token attribute.
         # Attributes must contain reset_password_token, password and confirmation
-        def reset_password_by_token(attributes={})
+        def reset_password_by_token(attributes = {})
           original_token       = attributes[:reset_password_token]
           reset_password_token = Devise.token_generator.digest(self, :reset_password_token, original_token)
 

lib/devise/models/rememberable.rb

@@ -15,7 +15,7 @@ module Devise
     #
     # == Options
     #
-    # Rememberable adds the following options in devise_for:
+    # Rememberable adds the following options to +devise+:
     #
     #   * +remember_for+: the time you want the user will be remembered without
     #     asking for credentials. After this time the user will be blocked and

lib/devise/models/timeoutable.rb

@@ -11,7 +11,7 @@ module Devise
     #
     # == Options
     #
-    # Timeoutable adds the following options to devise_for:
+    # Timeoutable adds the following options to +devise+:
     #
     #   * +timeout_in+: the interval to timeout the user session without activity.
     #

lib/devise/models/validatable.rb

@@ -9,7 +9,7 @@ module Devise
     #
     # == Options
     #
-    # Validatable adds the following options to devise_for:
+    # Validatable adds the following options to +devise+:
     #
     #   * +email_regexp+: the regular expression used to validate e-mails;
     #   * +password_length+: a range expressing password length. Defaults to 6..128.

lib/devise/omniauth.rb

@@ -1,17 +1,14 @@
 # frozen_string_literal: true
 
 begin
+  gem "omniauth", ">= 1.0.0"
+
   require "omniauth"
-  require "omniauth/version"
 rescue LoadError
   warn "Could not load 'omniauth'. Please ensure you have the omniauth gem >= 1.0.0 installed and listed in your Gemfile."
   raise
 end
 
-unless OmniAuth::VERSION =~ /^1\./
-  raise "You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed."
-end
-
 # Clean up the default path_prefix. It will be automatically set by Devise.
 OmniAuth.config.path_prefix = nil
 

lib/devise/rails/deprecated_constant_accessor.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+begin
+  require 'active_support/deprecation/constant_accessor'
+
+  module Devise
+    DeprecatedConstantAccessor = ActiveSupport::Deprecation::DeprecatedConstantAccessor #:nodoc:
+  end
+rescue LoadError
+
+  # Copy of constant deprecation module from Rails / Active Support version 6, so we can use it
+  # with Rails <= 5.0 versions. This can be removed once we support only Rails 5.1 or greater.
+  module Devise
+    module DeprecatedConstantAccessor #:nodoc:
+      def self.included(base)
+        require "active_support/inflector/methods"
+
+        extension = Module.new do
+          def const_missing(missing_const_name)
+            if class_variable_defined?(:@@_deprecated_constants)
+              if (replacement = class_variable_get(:@@_deprecated_constants)[missing_const_name.to_s])
+                replacement[:deprecator].warn(replacement[:message] || "#{name}::#{missing_const_name} is deprecated! Use #{replacement[:new]} instead.", Rails::VERSION::MAJOR == 4 ? caller : caller_locations)
+                return ActiveSupport::Inflector.constantize(replacement[:new].to_s)
+              end
+            end
+            super
+          end
+
+          def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
+            class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
+            class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
+          end
+        end
+        base.singleton_class.prepend extension
+      end
+    end
+  end
+
+end

lib/devise/rails/routes.rb

@@ -287,7 +287,7 @@ module ActionDispatch::Routing
     #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    def authenticate(scope=nil, block=nil)
+    def authenticate(scope = nil, block = nil)
       constraints_for(:authenticate!, scope, block) do
         yield
       end
@@ -311,7 +311,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'landing#show'
     #
-    def authenticated(scope=nil, block=nil)
+    def authenticated(scope = nil, block = nil)
       constraints_for(:authenticate?, scope, block) do
         yield
       end
@@ -328,7 +328,7 @@ module ActionDispatch::Routing
     #
     #   root to: 'dashboard#show'
     #
-    def unauthenticated(scope=nil)
+    def unauthenticated(scope = nil)
       constraint = lambda do |request|
         not request.env["warden"].authenticate? scope: scope
       end
@@ -474,7 +474,7 @@ ERROR
         @scope = current_scope
       end
 
-      def constraints_for(method_to_apply, scope=nil, block=nil)
+      def constraints_for(method_to_apply, scope = nil, block = nil)
         constraint = lambda do |request|
           request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))

lib/devise/test/controller_helpers.rb

@@ -143,7 +143,7 @@ module Devise
           @controller.response.headers.merge!(headers)
           @controller.response.content_type = headers["Content-Type"] unless Rails::VERSION::MAJOR >= 5
           @controller.status = status
-          @controller.response.body = response.body
+          @controller.response_body = response.body
           nil # causes process return @response
         end
 

lib/devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Devise
-  VERSION = "4.7.2".freeze
+  VERSION = "4.8.1".freeze
 end

lib/generators/active_record/devise_generator.rb

@@ -86,9 +86,24 @@ RUBY
         Rails::VERSION::MAJOR >= 5
       end
 
+      def rails61_and_up?
+        Rails::VERSION::MAJOR > 6 || (Rails::VERSION::MAJOR == 6 && Rails::VERSION::MINOR >= 1)
+      end
+
       def postgresql?
-        config = ActiveRecord::Base.configurations[Rails.env]
-        config && config['adapter'] == 'postgresql'
+        ar_config && ar_config['adapter'] == 'postgresql'
+      end
+
+      def ar_config
+        if ActiveRecord::Base.configurations.respond_to?(:configs_for)
+          if rails61_and_up?
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, name: "primary").configuration_hash
+          else
+            ActiveRecord::Base.configurations.configs_for(env_name: Rails.env, spec_name: "primary").config
+          end
+        else
+          ActiveRecord::Base.configurations[Rails.env]
+        end
       end
 
      def migration_version

lib/generators/devise/devise_generator.rb

@@ -13,7 +13,7 @@ module Devise
       desc "Generates a model with the given NAME (if one does not exist) with devise " \
            "configuration plus a migration file and devise routes."
 
-      hook_for :orm, type: :boolean
+      hook_for :orm, required: true
 
       class_option :routes, desc: "Generate routes", type: :boolean, default: true
 

lib/generators/devise/install_generator.rb

@@ -11,7 +11,7 @@ module Devise
       source_root File.expand_path("../../templates", __FILE__)
 
       desc "Creates a Devise initializer and copy locale files to your application."
-      class_option :orm
+      class_option :orm, required: true
 
       def copy_initializer
         unless options[:orm]

test/controllers/custom_strategy_test.rb

@@ -42,9 +42,7 @@ class CustomStrategyTest < Devise::ControllerTestCase
   test "custom strategy can return its own status code" do
     ret = get :new
 
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal 400, ret.first
+    # check the returned response
     assert ret.is_a?(ActionDispatch::TestResponse)
 
     # check the saved response as well. This is purely so that the response is available to the testing framework
@@ -55,12 +53,10 @@ class CustomStrategyTest < Devise::ControllerTestCase
   test "custom strategy can return custom headers" do
     ret = get :new
 
-    # check the returned rack array
-    # assert ret.is_a?(Array)
-    # assert_equal ret.third['X-FOO'], 'BAR'
+    # check the returned response
     assert ret.is_a?(ActionDispatch::TestResponse)
 
     # check the saved response headers as well.
-    assert_equal response.headers['X-FOO'], 'BAR'
+    assert_equal 'BAR', response.headers['X-FOO']
   end
 end

test/controllers/internal_helpers_test.rb

@@ -51,7 +51,7 @@ class HelpersTest < Devise::ControllerTestCase
   end
 
   test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
+    assert_empty @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }
   end
 
   test 'require no authentication tests current mapping' do

test/controllers/load_hooks_controller_test.rb

@@ -16,6 +16,6 @@ class LoadHooksControllerTest < Devise::ControllerTestCase
   end
 
   test 'load hook called when controller is loaded' do
-    assert DeviseController.instance_methods.include? :defined_by_load_hook
+    assert_includes DeviseController.instance_methods, :defined_by_load_hook
   end
-end
+end

test/controllers/url_helpers_test.rb

@@ -5,7 +5,7 @@ require 'test_helper'
 class RoutesTest < Devise::ControllerTestCase
   tests ApplicationController
 
-  def assert_path_and_url(name, prepend_path=nil)
+  def assert_path_and_url(name, prepend_path = nil)
     @request.path = '/users/session'
     prepend_path = "#{prepend_path}_" if prepend_path
 

test/failure_app_test.rb

@@ -73,13 +73,12 @@ class FailureTest < ActiveSupport::TestCase
     instance_eval(&block)
   end
 
-  def call_failure(env_params={})
+  def call_failure(env_params = {})
     env = {
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
       'REQUEST_METHOD' => 'GET',
       'warden.options' => { scope: :user },
-      'rack.session' => {},
       'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime[:html]),
       'rack.input' => "",
       'warden' => OpenStruct.new(message: nil)
@@ -220,8 +219,8 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'works for any navigational format' do
-      swap Devise, navigational_formats: [:xml] do
-        call_failure('formats' => Mime[:xml])
+      swap Devise, navigational_formats: [:json] do
+        call_failure('formats' => Mime[:json])
         assert_equal 302, @response.first
       end
     end
@@ -236,7 +235,7 @@ class FailureTest < ActiveSupport::TestCase
 
   context 'For HTTP request' do
     test 'return 401 status' do
-      call_failure('formats' => Mime[:xml])
+      call_failure('formats' => Mime[:json])
       assert_equal 401, @response.first
     end
 
@@ -258,13 +257,13 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'return WWW-authenticate headers if model allows' do
-      call_failure('formats' => Mime[:xml])
+      call_failure('formats' => Mime[:json])
       assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
     end
 
     test 'does not return WWW-authenticate headers if model does not allow' do
       swap Devise, http_authenticatable: false do
-        call_failure('formats' => Mime[:xml])
+        call_failure('formats' => Mime[:json])
         assert_nil @response.second["WWW-Authenticate"]
       end
     end
@@ -326,8 +325,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('Invalid Email or password.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'Invalid Email or password.'
     end
 
     test 'calls the original controller if not confirmed email' do
@@ -337,8 +336,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('You have to confirm your email address before continuing.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'You have to confirm your email address before continuing.'
     end
 
     test 'calls the original controller if inactive account' do
@@ -348,8 +347,8 @@ class FailureTest < ActiveSupport::TestCase
         "warden" => stub_everything
       }
       call_failure(env)
-      assert @response.third.body.include?('<h2>Log in</h2>')
-      assert @response.third.body.include?('Your account is not activated yet.')
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'Your account is not activated yet.'
     end
 
     if Rails.application.config.respond_to?(:relative_url_root)
@@ -361,10 +360,10 @@ class FailureTest < ActiveSupport::TestCase
             "warden" => stub_everything
           }
           call_failure(env)
-          assert @response.third.body.include?('<h2>Log in</h2>')
-          assert @response.third.body.include?('Invalid Email or password.')
-          assert_equal @request.env["SCRIPT_NAME"], '/sample'
-          assert_equal @request.env["PATH_INFO"], '/users/sign_in'
+          assert_includes @response.third.body, '<h2>Log in</h2>'
+          assert_includes @response.third.body, 'Invalid Email or password.'
+          assert_equal '/sample', @request.env["SCRIPT_NAME"]
+          assert_equal '/users/sign_in', @request.env["PATH_INFO"]
         end
       end
     end
@@ -372,7 +371,7 @@ class FailureTest < ActiveSupport::TestCase
 
   context "Lazy loading" do
     test "loads" do
-      assert_equal Devise::FailureApp.new.lazy_loading_works?, "yes it does"
+      assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works?
     end
   end
   context "Without Flash Support" do

test/generators/views_generator_test.rb

@@ -77,7 +77,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
     assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
   end
 
-  def assert_files(scope = nil, options={})
+  def assert_files(scope = nil, options = {})
     scope = "devise" if scope.nil?
     mail_template_engine = options[:mail_template_engine] || "html.erb"
 

test/integration/authenticatable_test.rb

@@ -321,14 +321,14 @@ class AuthenticationRedirectTest < Devise::IntegrationTest
   test 'require_no_authentication should set the already_authenticated flash message' do
     sign_in_as_user
     visit new_user_session_path
-    assert_equal flash[:alert], I18n.t("devise.failure.already_authenticated")
+    assert_equal I18n.t("devise.failure.already_authenticated"), flash[:alert]
   end
 
   test 'require_no_authentication should set the already_authenticated flash message as admin' do
     store_translations :en, devise: { failure: { admin: { already_authenticated: 'You are already signed in as admin.' } } } do
       sign_in_as_admin
       visit new_admin_session_path
-      assert_equal flash[:alert], "You are already signed in as admin."
+      assert_equal "You are already signed in as admin.", flash[:alert]
     end
   end
 end
@@ -344,16 +344,12 @@ class AuthenticationSessionTest < Devise::IntegrationTest
   end
 
   test 'refreshes _csrf_token' do
-    ApplicationController.allow_forgery_protection = true
-
-    begin
+    swap ApplicationController, allow_forgery_protection: true do
       get new_user_session_path
       token = request.session[:_csrf_token]
 
       sign_in_as_user
       assert_not_equal request.session[:_csrf_token], token
-    ensure
-      ApplicationController.allow_forgery_protection = false
     end
   end
 
@@ -462,14 +458,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest
     end
   end
 
-  test 'sign in stub in xml format' do
-    get new_user_session_path(format: 'xml')
-    assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
-    assert_match %r{<user>.*</user>}m, response.body
-    assert_match '<email></email>', response.body
-    assert_match '<password nil="true"', response.body
-  end
-
   test 'sign in stub in json format' do
     get new_user_session_path(format: 'json')
     assert_match '{"user":{', response.body
@@ -492,27 +480,27 @@ class AuthenticationOthersTest < Devise::IntegrationTest
     refute warden.authenticated?(:admin)
   end
 
-  test 'sign in with xml format returns xml response' do
+  test 'sign in with json format returns json response' do
     create_user
-    post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
+    post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, '{"user":{'
   end
 
-  test 'sign in with xml format is idempotent' do
-    get new_user_session_path(format: 'xml')
+  test 'sign in with json format is idempotent' do
+    get new_user_session_path(format: 'json')
     assert_response :success
 
     create_user
-    post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
+    post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} }
     assert_response :success
 
-    get new_user_session_path(format: 'xml')
+    get new_user_session_path(format: 'json')
     assert_response :success
 
-    post user_session_path(format: 'xml'), params: { user: {email: "user@test.com", password: '12345678'} }
+    post user_session_path(format: 'json'), params: { user: {email: "user@test.com", password: '12345678'} }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, '{"user":{'
   end
 
   test 'sign out with html redirects' do
@@ -527,13 +515,6 @@ class AuthenticationOthersTest < Devise::IntegrationTest
     assert_current_url '/'
   end
 
-  test 'sign out with xml format returns no content' do
-    sign_in_as_user
-    delete destroy_user_session_path(format: 'xml')
-    assert_response :no_content
-    refute warden.authenticated?(:user)
-  end
-
   test 'sign out with json format returns no content' do
     sign_in_as_user
     delete destroy_user_session_path(format: 'json')

test/integration/confirmable_test.rb

@@ -214,40 +214,32 @@ class ConfirmationTest < Devise::IntegrationTest
     end
   end
 
-  test 'resent confirmation token with valid E-Mail in XML format should return valid response' do
+  test 'resent confirmation token with valid e-mail in JSON format should return empty and valid response' do
     user = create_user(confirm: false)
-    post user_confirmation_path(format: 'xml'), params: { user: { email: user.email } }
+    post user_confirmation_path(format: 'json'), params: { user: { email: user.email } }
     assert_response :success
-    assert_equal response.body, {}.to_xml
+    assert_equal({}.to_json, response.body)
   end
 
-  test 'resent confirmation token with invalid E-Mail in XML format should return invalid response' do
+  test 'resent confirmation token with invalid e-mail in JSON format should return invalid response' do
     create_user(confirm: false)
-    post user_confirmation_path(format: 'xml'), params: { user: { email: 'invalid.test@test.com' } }
+    post user_confirmation_path(format: 'json'), params: { user: { email: 'invalid.test@test.com' } }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, '{"errors":{'
   end
 
-  test 'confirm account with valid confirmation token in XML format should return valid response' do
+  test 'confirm account with valid confirmation token in JSON format should return valid response' do
     user = create_user(confirm: false)
-    get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'xml')
+    get user_confirmation_path(confirmation_token: user.raw_confirmation_token, format: 'json')
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, '{"user":{'
   end
 
-  test 'confirm account with invalid confirmation token in XML format should return invalid response' do
+  test 'confirm account with invalid confirmation token in JSON format should return invalid response' do
     create_user(confirm: false)
-    get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'xml')
+    get user_confirmation_path(confirmation_token: 'invalid_confirmation', format: 'json')
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test 'request an account confirmation account with JSON, should return an empty JSON' do
-    user = create_user(confirm: false)
-
-    post user_confirmation_path, params: { user: { email: user.email }, format: :json }
-    assert_response :success
-    assert_equal response.body, {}.to_json
+    assert_includes response.body, '{"confirmation_token":['
   end
 
   test "when in paranoid mode and with a valid e-mail, should not say that the e-mail is valid" do
@@ -282,7 +274,7 @@ class ConfirmationTest < Devise::IntegrationTest
 end
 
 class ConfirmationOnChangeTest < Devise::IntegrationTest
-  def create_second_admin(options={})
+  def create_second_admin(options = {})
     @admin = nil
     create_admin(options)
   end

test/integration/http_authenticatable_test.rb

@@ -22,10 +22,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest
     swap Devise, skip_session_storage: [] do
       sign_in_as_new_user_with_http
       assert_response 200
-      assert_match '<email>user@test.com</email>', response.body
+      assert_match '"email":"user@test.com"', response.body
       assert warden.authenticated?(:user)
 
-      get users_path(format: :xml)
+      get users_path(format: :json)
       assert_response 200
     end
   end
@@ -34,10 +34,10 @@ class HttpAuthenticationTest < Devise::IntegrationTest
     swap Devise, skip_session_storage: [:http_auth] do
       sign_in_as_new_user_with_http
       assert_response 200
-      assert_match '<email>user@test.com</email>', response.body
+      assert_match '"email":"user@test.com"', response.body
       assert warden.authenticated?(:user)
 
-      get users_path(format: :xml)
+      get users_path(format: :json)
       assert_response 401
     end
   end
@@ -51,8 +51,8 @@ class HttpAuthenticationTest < Devise::IntegrationTest
   test 'uses the request format as response content type' do
     sign_in_as_new_user_with_http("unknown")
     assert_equal 401, status
-    assert_equal "application/xml; charset=utf-8", headers["Content-Type"]
-    assert_match "<error>Invalid Email or password.</error>", response.body
+    assert_equal "application/json; charset=utf-8", headers["Content-Type"]
+    assert_match '"error":"Invalid Email or password."', response.body
   end
 
   test 'returns a custom response with www-authenticate and chosen realm' do
@@ -67,7 +67,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
     swap Devise, authentication_keys: [:username] do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
-      assert_match '<email>user@test.com</email>', response.body
+      assert_match '"email":"user@test.com"', response.body
       assert warden.authenticated?(:user)
     end
   end
@@ -76,7 +76,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
     swap Devise, authentication_keys: { username: false, email: false } do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
-      assert_match '<email>user@test.com</email>', response.body
+      assert_match '"email":"user@test.com"', response.body
       assert warden.authenticated?(:user)
     end
   end
@@ -85,7 +85,7 @@ class HttpAuthenticationTest < Devise::IntegrationTest
     swap Devise, authentication_keys: { email: false, username: false }, http_authentication_key: :username do
       sign_in_as_new_user_with_http("usertest")
       assert_response :success
-      assert_match '<email>user@test.com</email>', response.body
+      assert_match '"email":"user@test.com"', response.body
       assert warden.authenticated?(:user)
     end
   end
@@ -99,16 +99,15 @@ class HttpAuthenticationTest < Devise::IntegrationTest
   end
 
   private
-    def sign_in_as_new_user_with_http(username="user@test.com", password="12345678")
+    def sign_in_as_new_user_with_http(username = "user@test.com", password = "12345678")
       user = create_user
-      get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
+      get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "Basic #{Base64.encode64("#{username}:#{password}")}" }
       user
     end
 
     # Sign in with oauth2 token. This is just to test that it isn't misinterpreted as basic authentication
     def add_oauth2_header
       user = create_user
-      get users_path(format: :xml), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
+      get users_path(format: :json), headers: { "HTTP_AUTHORIZATION" => "OAuth #{Base64.encode64("#{user.email}:12345678")}" }
     end
-
 end

test/integration/lockable_test.rb

@@ -99,7 +99,7 @@ class LockTest < Devise::IntegrationTest
 
     sign_in_as_user(password: "invalid")
     assert_contain 'Your account is locked.'
-    assert ActionMailer::Base.deliveries.empty?
+    assert_empty ActionMailer::Base.deliveries
   end
 
   test 'error message is configurable by resource name' do
@@ -130,48 +130,39 @@ class LockTest < Devise::IntegrationTest
     end
   end
 
-  test 'user should be able to request a new unlock token via XML request' do
+  test 'user should be able to request a new unlock token via JSON request and should return empty and valid response' do
     user = create_user(locked: true)
     ActionMailer::Base.deliveries.clear
 
-    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
+    post user_unlock_path(format: 'json'), params: { user: {email: user.email} }
     assert_response :success
-    assert_equal response.body, {}.to_xml
-
+    assert_equal({}.to_json, response.body)
     assert_equal 1, ActionMailer::Base.deliveries.size
   end
 
-  test 'unlocked user should not be able to request a unlock token via XML request' do
+  test 'unlocked user should not be able to request a unlock token via JSON request' do
     user = create_user(locked: false)
     ActionMailer::Base.deliveries.clear
 
-    post user_unlock_path(format: 'xml'), params: { user: {email: user.email} }
+    post user_unlock_path(format: 'json'), params: { user: {email: user.email} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, '{"errors":{'
     assert_equal 0, ActionMailer::Base.deliveries.size
   end
 
-  test 'user with valid unlock token should be able to unlock account via XML request' do
+  test 'user with valid unlock token should be able to unlock account via JSON request' do
     user = create_user()
     raw  = user.lock_access!
     assert user.access_locked?
-    get user_unlock_path(format: 'xml', unlock_token: raw)
+    get user_unlock_path(format: 'json', unlock_token: raw)
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, '{"user":{'
   end
 
-
-  test 'user with invalid unlock token should not be able to unlock the account via XML request' do
-    get user_unlock_path(format: 'xml', unlock_token: 'invalid_token')
+  test 'user with invalid unlock token should not be able to unlock the account via JSON request' do
+    get user_unlock_path(format: 'json', unlock_token: 'invalid_token')
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test "when using json to ask a unlock request, should not return the user" do
-    user = create_user(locked: true)
-    post user_unlock_path(format: "json", user: {email: user.email})
-    assert_response :success
-    assert_equal response.body, {}.to_json
+    assert_includes response.body, '{"unlock_token":['
   end
 
   test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do

test/integration/omniauthable_test.rb

@@ -23,6 +23,9 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
       "extra" => {"user_hash" => FACEBOOK_INFO}
     }
     OmniAuth.config.add_camelization 'facebook', 'FaceBook'
+    if OmniAuth.config.respond_to?(:request_validation_phase)
+      OmniAuth.config.request_validation_phase = ->(env) {}
+    end
   end
 
   teardown do
@@ -45,8 +48,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   test "omniauth sign in should not run model validations" do
     stub_action!(:sign_in_facebook) do
       create_user
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
       assert warden.authenticated?(:user)
 
       refute User.validations_performed
@@ -54,8 +57,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   end
 
   test "can access omniauth.auth in the env hash" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
 
     json = ActiveSupport::JSON.decode(response.body)
 
@@ -68,8 +71,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on sign up" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -89,8 +92,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on cancel" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -100,8 +103,8 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
 
   test "cleans up session on sign in" do
     assert_no_difference "User.count" do
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
     end
 
     assert session["devise.facebook_data"]
@@ -110,23 +113,28 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   end
 
   test "sign in and send remember token if configured" do
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
     assert_nil warden.cookies["remember_user_token"]
 
     stub_action!(:sign_in_facebook) do
       create_user
-      visit "/users/sign_in"
-      click_link "Sign in with FaceBook"
+      post "/users/auth/facebook"
+      follow_redirect!
       assert warden.authenticated?(:user)
       assert warden.cookies["remember_user_token"]
     end
   end
 
+  test "generates a link to authenticate with provider" do
+    visit "/users/sign_in"
+    assert_select "a[href=?][data-method='post']", "/users/auth/facebook", text: "Sign in with FaceBook"
+  end
+
   test "generates a proper link when SCRIPT_NAME is set" do
     header 'SCRIPT_NAME', '/q'
     visit "/users/sign_in"
-    assert_select "a", href: "/q/users/auth/facebook"
+    assert_select "a[href=?][data-method='post']", "/q/users/auth/facebook", text: "Sign in with FaceBook"
   end
 
   test "handles callback error parameter according to the specification" do
@@ -139,10 +147,10 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
   test "handles other exceptions from OmniAuth" do
     OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
-    visit "/users/sign_in"
-    click_link "Sign in with FaceBook"
+    post "/users/auth/facebook"
+    follow_redirect!
+    follow_redirect!
 
-    assert_current_url "/users/sign_in"
     assert_contain 'Could not authenticate you from FaceBook because "Invalid credentials".'
   end
 end

test/integration/recoverable_test.rb

@@ -21,7 +21,7 @@ class PasswordTest < Devise::IntegrationTest
     click_button 'Send me reset password instructions'
   end
 
-  def reset_password(options={}, &block)
+  def reset_password(options = {}, &block)
     unless options[:visit] == false
       visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef")
       assert_response :success
@@ -261,63 +261,53 @@ class PasswordTest < Devise::IntegrationTest
     end
   end
 
-  test 'reset password request with valid E-Mail in XML format should return valid response' do
+  test 'reset password request with valid e-mail in JSON format should return empty and valid response' do
     create_user
-    post user_password_path(format: 'xml'), params: { user: {email: "user@test.com"} }
+    post user_password_path(format: 'json'), params: { user: {email: "user@test.com"} }
     assert_response :success
-    assert_equal response.body, { }.to_xml
+    assert_equal({}.to_json, response.body)
   end
 
-  test 'reset password request with invalid E-Mail in XML format should return valid response' do
+  test 'reset password request with invalid e-mail in JSON format should return valid response' do
     create_user
-    post user_password_path(format: 'xml'), params: { user: {email: "invalid.test@test.com"} }
+    post user_password_path(format: 'json'), params: { user: {email: "invalid.test@test.com"} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, '{"errors":{'
   end
 
-  test 'reset password request with invalid E-Mail in XML format should return empty and valid response' do
+  test 'reset password request with invalid e-mail in JSON format should return empty and valid response in paranoid mode' do
     swap Devise, paranoid: true do
       create_user
-      post user_password_path(format: 'xml'), params: { user: {email: "invalid@test.com"} }
+      post user_password_path(format: 'json'), params: { user: {email: "invalid@test.com"} }
       assert_response :success
-      assert_equal response.body, { }.to_xml
+      assert_equal({}.to_json, response.body)
     end
   end
 
-  test 'change password with valid parameters in XML format should return valid response' do
+  test 'change password with valid parameters in JSON format should return valid response' do
     create_user
     request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {
+    put user_password_path(format: 'json'), params: { user: {
       reset_password_token: 'abcdef', password: '987654321', password_confirmation: '987654321'
-      }
-    }
+    } }
     assert_response :success
     assert warden.authenticated?(:user)
   end
 
-  test 'change password with invalid token in XML format should return invalid response' do
+  test 'change password with invalid token in JSON format should return invalid response' do
     create_user
     request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
+    put user_password_path(format: 'json'), params: { user: {reset_password_token: 'invalid.token', password: '987654321', password_confirmation: '987654321'} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, '{"errors":{'
   end
 
-  test 'change password with invalid new password in XML format should return invalid response' do
+  test 'change password with invalid new password in JSON format should return invalid response' do
     user = create_user
     request_forgot_password
-    put user_password_path(format: 'xml'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
+    put user_password_path(format: 'json'), params: { user: {reset_password_token: user.reload.reset_password_token, password: '', password_confirmation: '987654321'} }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
-  end
-
-  test "when using json requests to ask a confirmable request, should not return the object" do
-    user = create_user(confirm: false)
-
-    post user_password_path(format: :json), params: { user: { email: user.email } }
-
-    assert_response :success
-    assert_equal response.body, "{}"
+    assert_includes response.body, '{"errors":{'
   end
 
   test "when in paranoid mode and with an invalid e-mail, asking to reset a password should display a message that does not indicates that the e-mail does not exists in the database" do

test/integration/registerable_test.rb

@@ -20,7 +20,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_current_url "/admin_area/home"
 
     admin = Admin.to_adapter.find_first(order: [:id, :desc])
-    assert_equal admin.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', admin.email
   end
 
   test 'a guest admin should be able to sign in and be redirected to a custom location' do
@@ -69,7 +69,7 @@ class RegistrationTest < Devise::IntegrationTest
     refute warden.authenticated?(:user)
 
     user = User.to_adapter.find_first(order: [:id, :desc])
-    assert_equal user.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', user.email
     refute user.confirmed?
   end
 
@@ -189,7 +189,7 @@ class RegistrationTest < Devise::IntegrationTest
       fill_in 'current password', with: '12345678'
       click_button 'Update'
 
-      assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again'
+      assert_contain 'Your account has been updated successfully, but since your password was changed, you need to sign in again.'
       assert_equal new_user_session_path, @request.path
       refute warden.authenticated?(:user)
     end
@@ -254,7 +254,7 @@ class RegistrationTest < Devise::IntegrationTest
     assert_contain "Password confirmation doesn't match Password"
     refute User.to_adapter.find_first.valid_password?('pas123')
   end
-  
+
   test 'a signed in user should see a warning about minimum password length' do
     sign_in_as_user
     get edit_user_registration_path
@@ -268,7 +268,7 @@ class RegistrationTest < Devise::IntegrationTest
     click_button "Cancel my account"
     assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
 
-    assert User.to_adapter.find_all.empty?
+    assert_empty User.to_adapter.find_all
   end
 
   test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -283,13 +283,6 @@ class RegistrationTest < Devise::IntegrationTest
     assert_redirected_to new_user_registration_path
   end
 
-  test 'a user with XML sign up stub' do
-    get new_user_registration_path(format: 'xml')
-    assert_response :success
-    assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
-    assert_no_match(/<confirmation-token/, response.body)
-  end
-
   test 'a user with JSON sign up stub' do
     get new_user_registration_path(format: 'json')
     assert_response :success
@@ -297,49 +290,49 @@ class RegistrationTest < Devise::IntegrationTest
     assert_no_match(/"confirmation_token"/, response.body)
   end
 
-  test 'an admin sign up with valid information in XML format should return valid response' do
-    post admin_registration_path(format: 'xml'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
+  test 'an admin sign up with valid information in JSON format should return valid response' do
+    post admin_registration_path(format: 'json'), params: { admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
+    assert_includes response.body, '{"admin":{'
 
     admin = Admin.to_adapter.find_first(order: [:id, :desc])
-    assert_equal admin.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', admin.email
   end
 
-  test 'a user sign up with valid information in XML format should return valid response' do
-    post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
+  test 'a user sign up with valid information in JSON format should return valid response' do
+    post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' } }
     assert_response :success
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
+    assert_includes response.body, '{"user":{'
 
     user = User.to_adapter.find_first(order: [:id, :desc])
-    assert_equal user.email, 'new_user@test.com'
+    assert_equal 'new_user@test.com', user.email
   end
 
-  test 'a user sign up with invalid information in XML format should return invalid response' do
-    post user_registration_path(format: 'xml'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
+  test 'a user sign up with invalid information in JSON format should return invalid response' do
+    post user_registration_path(format: 'json'), params: { user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' } }
     assert_response :unprocessable_entity
-    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
+    assert_includes response.body, '{"errors":{'
   end
 
-  test 'a user update information with valid data in XML format should return valid response' do
+  test 'a user update information with valid data in JSON format should return valid response' do
     user = sign_in_as_user
-    put user_registration_path(format: 'xml'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
+    put user_registration_path(format: 'json'), params: { user: { current_password: '12345678', email: 'user.new@test.com' } }
     assert_response :success
-    assert_equal user.reload.email, 'user.new@test.com'
+    assert_equal 'user.new@test.com', user.reload.email
   end
 
-  test 'a user update information with invalid data in XML format should return invalid response' do
+  test 'a user update information with invalid data in JSON format should return invalid response' do
     user = sign_in_as_user
-    put user_registration_path(format: 'xml'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
+    put user_registration_path(format: 'json'), params: { user: { current_password: 'invalid', email: 'user.new@test.com' } }
     assert_response :unprocessable_entity
-    assert_equal user.reload.email, 'user@test.com'
+    assert_equal 'user@test.com', user.reload.email
   end
 
-  test 'a user cancel their account in XML format should return valid response' do
+  test 'a user cancel their account in JSON format should return valid response' do
     sign_in_as_user
-    delete user_registration_path(format: 'xml')
+    delete user_registration_path(format: 'json')
     assert_response :success
-    assert_equal User.to_adapter.find_all.size, 0
+    assert_equal 0, User.to_adapter.find_all.size
   end
 end
 

test/integration/rememberable_test.rb

@@ -3,7 +3,7 @@
 require 'test_helper'
 
 class RememberMeTest < Devise::IntegrationTest
-  def create_user_and_remember(add_to_token='')
+  def create_user_and_remember(add_to_token = '')
     user = create_user
     user.remember_me!
     raw_cookie = User.serialize_into_cookie(user).tap { |a| a[1] << add_to_token }

test/mailers/confirmation_instructions_test.rb

@@ -31,7 +31,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send confirmation instructions to the user email' do
@@ -88,7 +88,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/confirmation\?confirmation_token=([^"]+)">}
-      assert_equal $1, user.confirmation_token
+      assert_equal user.confirmation_token, $1
     else
       flunk "expected confirmation url regex to match"
     end

test/mailers/email_changed_test.rb

@@ -35,7 +35,7 @@ class EmailChangedTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send email changed to the original user email' do

test/mailers/reset_password_instructions_test.rb

@@ -34,7 +34,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send confirmation instructions to the user email' do
@@ -84,7 +84,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/password/edit\?reset_password_token=([^"]+)">}
-      assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
+      assert_equal user.reset_password_token, Devise.token_generator.digest(user.class, :reset_password_token, $1)
     else
       flunk "expected reset password url regex to match"
     end

test/mailers/unlock_instructions_test.rb

@@ -35,7 +35,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
   end
 
   test 'content type should be set to html' do
-    assert mail.content_type.include?('text/html')
+    assert_includes mail.content_type, 'text/html'
   end
 
   test 'send unlock instructions to the user email' do
@@ -85,7 +85,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase
     host, port = ActionMailer::Base.default_url_options.values_at :host, :port
 
     if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/unlock\?unlock_token=([^"]+)">}
-      assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token
+      assert_equal user.unlock_token, Devise.token_generator.digest(user.class, :unlock_token, $1)
     else
       flunk "expected unlock url regex to match"
     end

test/mapping_test.rb

@@ -6,7 +6,7 @@ class FakeRequest < Struct.new(:path_info, :params)
 end
 
 class MappingTest < ActiveSupport::TestCase
-  def fake_request(path, params={})
+  def fake_request(path, params = {})
     FakeRequest.new(path, params)
   end
 

test/models/authenticatable_test.rb

@@ -4,12 +4,12 @@ require 'test_helper'
 
 class AuthenticatableTest < ActiveSupport::TestCase
   test 'required_fields should be an empty array' do
-    assert_equal Devise::Models::Validatable.required_fields(User), []
+    assert_equal [], Devise::Models::Validatable.required_fields(User)
   end
 
   test 'find_first_by_auth_conditions allows custom filtering parameters' do
     user = User.create!(email: "example@example.com", password: "1234567")
-    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
+    assert_equal user, User.find_first_by_auth_conditions({ email: "example@example.com" })
     assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
   end
 
@@ -18,24 +18,24 @@ class AuthenticatableTest < ActiveSupport::TestCase
   # config.strip_whitespace_keys = [:email]
   test 'find_or_initialize_with_errors uses parameter filter on find' do
     user = User.create!(email: "example@example.com", password: "1234567")
-    assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }), user
+    assert_equal user, User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " })
   end
 
   # assumes default configuration of
   # config.case_insensitive_keys = [:email]
   # config.strip_whitespace_keys = [:email]
   test 'find_or_initialize_with_errors uses parameter filter on initialize' do
-    assert_equal User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email, "example@example.com"
+    assert_equal "example@example.com", User.find_or_initialize_with_errors([:email], { email: " EXAMPLE@example.com " }).email
   end
 
   test 'find_or_initialize_with_errors adds blank error' do
     user_with_error = User.find_or_initialize_with_errors([:email], { email: "" })
-    assert_equal [:email, "can't be blank"], user_with_error.errors.first
+    assert_equal ["Email can't be blank"], user_with_error.errors.full_messages_for(:email)
   end
 
   test 'find_or_initialize_with_errors adds invalid error' do
     user_with_error = User.find_or_initialize_with_errors([:email], { email: "example@example.com" })
-    assert_equal [:email, "is invalid"], user_with_error.errors.first
+    assert_equal ["Email is invalid"], user_with_error.errors.full_messages_for(:email)
   end
 
   if defined?(ActionController::Parameters)

test/models/confirmable_test.rb

@@ -28,7 +28,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     confirmation_tokens = []
     3.times do
       token = create_user.confirmation_token
-      assert !confirmation_tokens.include?(token)
+      refute_includes confirmation_tokens, token
       confirmation_tokens << token
     end
   end
@@ -61,7 +61,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     raw  = user.raw_confirmation_token
     confirmed_user = User.confirm_by_token(raw)
-    assert_equal confirmed_user, user
+    assert_equal user, confirmed_user
     assert user.reload.confirmed?
   end
 
@@ -160,7 +160,7 @@ class ConfirmableTest < ActiveSupport::TestCase
   test 'should find a user to send confirmation instructions' do
     user = create_user
     confirmation_user = User.send_confirmation_instructions(email: user.email)
-    assert_equal confirmation_user, user
+    assert_equal user, confirmation_user
   end
 
   test 'should return a new user if no email was found' do
@@ -305,7 +305,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       confirm_user = User.send_confirmation_instructions(email: user.email, username: user.username)
-      assert_equal confirm_user, user
+      assert_equal user, confirm_user
     end
   end
 
@@ -322,7 +322,7 @@ class ConfirmableTest < ActiveSupport::TestCase
     user = create_user
     user.update_attribute(:confirmation_sent_at, confirmation_sent_at)
     confirmed_user = User.confirm_by_token(user.raw_confirmation_token)
-    assert_equal confirmed_user, user
+    assert_equal user, confirmed_user
     user.reload.confirmed?
   end
 
@@ -497,7 +497,7 @@ class ReconfirmableTest < ActiveSupport::TestCase
     assert admin.confirm
     assert admin.update(email: 'new_test@example.com')
     confirmation_admin = Admin.send_confirmation_instructions(email: admin.unconfirmed_email)
-    assert_equal confirmation_admin, admin
+    assert_equal admin, confirmation_admin
   end
 
   test 'should return a new admin if no email or unconfirmed_email was found' do
@@ -520,20 +520,20 @@ class ReconfirmableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Confirmable.required_fields(User), [
+    assert_equal [
       :confirmation_token,
       :confirmed_at,
       :confirmation_sent_at
-    ]
+    ], Devise::Models::Confirmable.required_fields(User)
   end
 
   test 'required_fields should also contain unconfirmable when reconfirmable_email is true' do
-    assert_equal Devise::Models::Confirmable.required_fields(Admin), [
+    assert_equal [
       :confirmation_token,
       :confirmed_at,
       :confirmation_sent_at,
       :unconfirmed_email
-    ]
+    ], Devise::Models::Confirmable.required_fields(Admin)
   end
 
   test 'should not require reconfirmation after creating a record' do

test/models/database_authenticatable_test.rb

@@ -97,8 +97,8 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should respond to password and password confirmation' do
     user = new_user
-    assert user.respond_to?(:password)
-    assert user.respond_to?(:password_confirmation)
+    assert_respond_to user, :password
+    assert_respond_to user, :password_confirmation
   end
 
   test 'should generate a hashed password while setting password' do
@@ -108,7 +108,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
 
   test 'should support custom hashing methods' do
     user = UserWithCustomHashing.new(password: '654321')
-    assert_equal user.encrypted_password, '123456'
+    assert_equal '123456', user.encrypted_password
   end
 
   test 'allow authenticatable_salt to work even with nil hashed password' do
@@ -149,7 +149,7 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'should respond to current password' do
-    assert new_user.respond_to?(:current_password)
+    assert_respond_to new_user, :current_password
   end
 
   test 'should update password with valid current password' do
@@ -293,18 +293,18 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should be encryptable_password and the email field by default' do
-    assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+    assert_equal [
       :encrypted_password,
       :email
-    ]
+    ], Devise::Models::DatabaseAuthenticatable.required_fields(User)
   end
 
   test 'required_fields should be encryptable_password and the login when the login is on authentication_keys' do
     swap Devise, authentication_keys: [:login] do
-      assert_equal Devise::Models::DatabaseAuthenticatable.required_fields(User), [
+      assert_equal [
         :encrypted_password,
         :login
-      ]
+      ], Devise::Models::DatabaseAuthenticatable.required_fields(User)
     end
   end
 end

test/models/lockable_test.rb

@@ -50,6 +50,32 @@ class LockableTest < ActiveSupport::TestCase
     assert_equal initial_failed_attempts + 2, user.reload.failed_attempts
   end
 
+  test "reset_failed_attempts! updates the failed attempts counter back to 0" do
+    user = create_user(failed_attempts: 3)
+    assert_equal 3, user.failed_attempts
+
+    user.reset_failed_attempts!
+    assert_equal 0, user.failed_attempts
+
+    user.reset_failed_attempts!
+    assert_equal 0, user.failed_attempts
+  end
+
+  test "reset_failed_attempts! does not run model validations" do
+    user = create_user(failed_attempts: 1)
+    user.expects(:after_validation_callback).never
+
+    assert user.reset_failed_attempts!
+    assert_equal 0, user.failed_attempts
+  end
+
+  test "reset_failed_attempts! does not try to reset if not using failed attempts strategy" do
+    admin = create_admin
+
+    refute_respond_to admin, :failed_attempts
+    refute admin.reset_failed_attempts!
+  end
+
   test 'should be valid for authentication with a unlocked user' do
     user = create_user
     user.lock_access!
@@ -121,7 +147,7 @@ class LockableTest < ActiveSupport::TestCase
       user = create_user
       user.lock_access!
       token = user.unlock_token
-      assert !unlock_tokens.include?(token)
+      refute_includes unlock_tokens, token
       unlock_tokens << token
     end
   end
@@ -174,7 +200,7 @@ class LockableTest < ActiveSupport::TestCase
     user = create_user
     raw  = user.send_unlock_instructions
     locked_user = User.unlock_access_by_token(raw)
-    assert_equal locked_user, user
+    assert_equal user, locked_user
     refute user.reload.access_locked?
   end
 
@@ -194,7 +220,7 @@ class LockableTest < ActiveSupport::TestCase
     user = create_user
     user.lock_access!
     unlock_user = User.send_unlock_instructions(email: user.email)
-    assert_equal unlock_user, user
+    assert_equal user, unlock_user
   end
 
   test 'should return a new user if no email was found' do
@@ -211,7 +237,7 @@ class LockableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       unlock_user = User.send_unlock_instructions(email: user.email, username: user.username)
-      assert_equal unlock_user, user
+      assert_equal user, unlock_user
     end
   end
 
@@ -270,11 +296,11 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain the all the fields when all the strategies are enabled' do
     swap Devise, unlock_strategy: :both do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :locked_at,
-         :unlock_token
-        ]
+        assert_equal [
+          :failed_attempts,
+          :locked_at,
+          :unlock_token
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end
@@ -282,10 +308,10 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain only failed_attempts and locked_at when the strategies are time and failed_attempts are enabled' do
     swap Devise, unlock_strategy: :time do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :locked_at
-        ]
+        assert_equal [
+          :failed_attempts,
+          :locked_at
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end
@@ -293,10 +319,10 @@ class LockableTest < ActiveSupport::TestCase
   test 'required_fields should contain only failed_attempts and unlock_token when the strategies are token and failed_attempts are enabled' do
     swap Devise, unlock_strategy: :email do
       swap Devise, lock_strategy: :failed_attempts do
-        assert_equal Devise::Models::Lockable.required_fields(User), [
-         :failed_attempts,
-         :unlock_token
-        ]
+        assert_equal [
+          :failed_attempts,
+          :unlock_token
+        ], Devise::Models::Lockable.required_fields(User)
       end
     end
   end

test/models/omniauthable_test.rb

@@ -4,6 +4,6 @@ require 'test_helper'
 
 class OmniauthableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Omniauthable.required_fields(User), []
+    assert_equal [], Devise::Models::Omniauthable.required_fields(User)
   end
 end

test/models/recoverable_test.rb

@@ -18,7 +18,7 @@ class RecoverableTest < ActiveSupport::TestCase
       user = create_user
       user.send_reset_password_instructions
       token = user.reset_password_token
-      assert !reset_password_tokens.include?(token)
+      refute_includes reset_password_tokens, token
       reset_password_tokens << token
     end
   end
@@ -116,7 +116,7 @@ class RecoverableTest < ActiveSupport::TestCase
   test 'should find a user to send instructions by email' do
     user = create_user
     reset_password_user = User.send_reset_password_instructions(email: user.email)
-    assert_equal reset_password_user, user
+    assert_equal user, reset_password_user
   end
 
   test 'should return a new record with errors if user was not found by e-mail' do
@@ -129,7 +129,7 @@ class RecoverableTest < ActiveSupport::TestCase
     swap Devise, authentication_keys: [:username, :email] do
       user = create_user
       reset_password_user = User.send_reset_password_instructions(email: user.email, username: user.username)
-      assert_equal reset_password_user, user
+      assert_equal user, reset_password_user
     end
   end
 
@@ -161,7 +161,7 @@ class RecoverableTest < ActiveSupport::TestCase
     raw  = user.send_reset_password_instructions
 
     reset_password_user = User.reset_password_by_token(reset_password_token: raw)
-    assert_equal reset_password_user, user
+    assert_equal user, reset_password_user
   end
 
   test 'should return a new record with errors if no reset_password_token is found' do
@@ -237,23 +237,23 @@ class RecoverableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Recoverable.required_fields(User), [
+    assert_equal [
       :reset_password_sent_at,
       :reset_password_token
-    ]
+    ], Devise::Models::Recoverable.required_fields(User)
   end
 
   test 'should return a user based on the raw token' do
     user = create_user
     raw  = user.send_reset_password_instructions
 
-    assert_equal User.with_reset_password_token(raw), user
+    assert_equal user, User.with_reset_password_token(raw)
   end
 
   test 'should return the same reset password token as generated' do
     user = create_user
     raw  = user.send_reset_password_instructions
-    assert_equal Devise.token_generator.digest(self.class, :reset_password_token, raw), user.reset_password_token
+    assert_equal user.reset_password_token, Devise.token_generator.digest(self.class, :reset_password_token, raw)
   end
 
   test 'should return nil if a user based on the raw token is not found' do

test/models/registerable_test.rb

@@ -4,6 +4,6 @@ require 'test_helper'
 
 class RegisterableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Registerable.required_fields(User), []
+    assert_equal [], Devise::Models::Registerable.required_fields(User)
   end
 end

test/models/rememberable_test.rb

@@ -129,8 +129,8 @@ class RememberableTest < ActiveSupport::TestCase
   end
 
   test 'should respond to remember_me attribute' do
-    assert resource_class.new.respond_to?(:remember_me)
-    assert resource_class.new.respond_to?(:remember_me=)
+    assert_respond_to resource_class.new, :remember_me
+    assert_respond_to resource_class.new, :remember_me=
   end
 
   test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
@@ -177,8 +177,8 @@ class RememberableTest < ActiveSupport::TestCase
   end
 
   test 'should have the required_fields array' do
-    assert_equal Devise::Models::Rememberable.required_fields(User), [
+    assert_equal [
       :remember_created_at
-    ]
+    ], Devise::Models::Rememberable.required_fields(User)
   end
 end

test/models/serializable_test.rb

@@ -7,21 +7,6 @@ class SerializableTest < ActiveSupport::TestCase
     @user = create_user
   end
 
-  test 'should not include unsafe keys on XML' do
-    assert_match(/email/, @user.to_xml)
-    assert_no_match(/confirmation-token/, @user.to_xml)
-  end
-
-  test 'should not include unsafe keys on XML even if a new except is provided' do
-    assert_no_match(/email/, @user.to_xml(except: :email))
-    assert_no_match(/confirmation-token/, @user.to_xml(except: :email))
-  end
-
-  test 'should include unsafe keys on XML if a force_except is provided' do
-    assert_no_match(/<email/, @user.to_xml(force_except: :email))
-    assert_match(/confirmation-token/, @user.to_xml(force_except: :email))
-  end
-
   test 'should not include unsafe keys on JSON' do
     keys = from_json().keys.select{ |key| !key.include?("id") }
     assert_equal %w(created_at email facebook_token updated_at username), keys.sort
@@ -43,7 +28,11 @@ class SerializableTest < ActiveSupport::TestCase
   end
 
   test 'should accept frozen options' do
-    assert_key "username", @user.as_json({only: :username}.freeze)["user"]
+    assert_key "username", @user.as_json({ only: :username, except: [:email].freeze }.freeze)["user"]
+  end
+
+  test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do
+    assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION }
   end
 
   def assert_key(key, subject)
@@ -54,7 +43,7 @@ class SerializableTest < ActiveSupport::TestCase
     assert !subject.key?(key), "Expected #{subject.inspect} to not have key #{key.inspect}"
   end
 
-  def from_json(options=nil)
+  def from_json(options = nil)
     ActiveSupport::JSON.decode(@user.to_json(options))["user"]
   end
 end

test/models/timeoutable_test.rb

@@ -43,7 +43,7 @@ class TimeoutableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Timeoutable.required_fields(User), []
+    assert_equal [], Devise::Models::Timeoutable.required_fields(User)
   end
 
   test 'should not raise error if remember_created_at is not empty and rememberable is disabled' do

test/models/trackable_test.rb

@@ -4,13 +4,13 @@ require 'test_helper'
 
 class TrackableTest < ActiveSupport::TestCase
   test 'required_fields should contain the fields that Devise uses' do
-    assert_equal Devise::Models::Trackable.required_fields(User), [
+    assert_equal [
       :current_sign_in_at,
       :current_sign_in_ip,
       :last_sign_in_at,
       :last_sign_in_ip,
       :sign_in_count
-    ]
+    ], Devise::Models::Trackable.required_fields(User)
   end
 
   test 'update_tracked_fields should only set attributes but not save the record' do

test/models/validatable_test.rb

@@ -116,6 +116,6 @@ class ValidatableTest < ActiveSupport::TestCase
   end
 
   test 'required_fields should be an empty array' do
-    assert_equal Devise::Models::Validatable.required_fields(User), []
+    assert_equal [], Devise::Models::Validatable.required_fields(User)
   end
 end

test/omniauth/url_helpers_test.rb

@@ -5,7 +5,7 @@ require 'test_helper'
 class OmniAuthRoutesTest < ActionController::TestCase
   tests ApplicationController
 
-  def assert_path(action, provider, with_param=true)
+  def assert_path(action, provider, with_param = true)
     # Resource param
     assert_equal @controller.send(action, :user, provider),
                  @controller.send("user_#{provider}_#{action}")

test/orm/active_record.rb

@@ -5,7 +5,7 @@ ActiveRecord::Base.logger = Logger.new(nil)
 ActiveRecord::Base.include_root_in_json = true
 
 migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__)
-if Devise::Test.rails6?
+if Devise::Test.rails6_and_up?
   ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate
 elsif Devise::Test.rails52_and_up?
   ActiveRecord::MigrationContext.new(migrate_path).migrate

test/rails_app/app/active_record/user.rb

@@ -5,7 +5,6 @@ require 'shared_user'
 class User < ActiveRecord::Base
   include Shim
   include SharedUser
-  include ActiveModel::Serializers::Xml if Devise::Test.rails5_and_up?
 
   validates :sign_in_count, presence: true
 

test/rails_app/app/controllers/streaming_controller.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class StreamingController < ApplicationController
+  include ActionController::Live
+
+  before_action :authenticate_user!
+
+  def index
+    render (Devise::Test.rails5_and_up? ? :body : :text) => 'Index'
+  end
+
+  # Work around https://github.com/heartcombo/devise/issues/2332, which affects
+  # tests in Rails 4.x (and affects production in Rails >= 5)
+  def process(name)
+    super(name)
+  rescue ArgumentError => e
+    if e.message == 'uncaught throw :warden'
+      throw :warden
+    else
+      raise e
+    end
+  end
+end

test/rails_app/app/controllers/users_controller.rb

@@ -3,7 +3,8 @@
 class UsersController < ApplicationController
   prepend_before_action :current_user, only: :exhibit
   before_action :authenticate_user!, except: [:accept, :exhibit]
-  respond_to :html, :xml
+  clear_respond_to
+  respond_to :html, :json
 
   def index
     user_session[:cart] = "Cart"

test/rails_app/config/application.rb

@@ -46,8 +46,12 @@ module RailsApp
     end
 
     # Remove the first check once Rails 5.0 support is removed.
-    if Devise::Test.rails52_and_up? && !Devise::Test.rails6?
+    if Devise::Test.rails52_and_up? && !Devise::Test.rails6_and_up?
       Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
     end
+
+    if Devise::Test.rails7_and_up?
+      config.active_record.legacy_connection_handling = false
+    end
   end
 end

test/rails_app/config/boot.rb

@@ -7,9 +7,13 @@ end
 module Devise
   module Test
     # Detection for minor differences between Rails versions in tests.
-    
-    def self.rails6?
-      Rails.version.start_with? '6'
+
+    def self.rails7_and_up?
+      Rails::VERSION::MAJOR >= 7
+    end
+
+    def self.rails6_and_up?
+      Rails::VERSION::MAJOR >= 6
     end
 
     def self.rails52_and_up?

test/rails_app/config/routes.rb

@@ -17,6 +17,8 @@ Rails.application.routes.draw do
 
   resources :admins, only: [:index]
 
+  resources :streaming, only: [:index]
+
   # Users scope
   devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" }
 

test/rails_app/lib/shared_user_without_email.rb

@@ -21,7 +21,7 @@ module SharedUserWithoutEmail
     raise NoMethodError
   end
 
-  def respond_to?(method_name, include_all=false)
+  def respond_to?(method_name, include_all = false)
     return false if method_name.to_sym == :email_changed?
     super(method_name, include_all)
   end

test/routes_test.rb

@@ -209,7 +209,7 @@ class CustomizedRoutingTest < ActionController::TestCase
 
     assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_in.json', method: :get})
     end
   end
 
@@ -219,7 +219,7 @@ class CustomizedRoutingTest < ActionController::TestCase
 
     assert_recognizes(expected_params, {path: '/htmlonly_admin/password', method: :post})
     assert_raise ExpectedRoutingError do
-      assert_recognizes(expected_params, {path: '/htmlonly_admin/password.xml', method: :post})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/password.json', method: :post})
     end
   end
 
@@ -229,7 +229,7 @@ class CustomizedRoutingTest < ActionController::TestCase
 
     assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_admin/sign_up.json', method: :get})
     end
   end
 
@@ -239,7 +239,7 @@ class CustomizedRoutingTest < ActionController::TestCase
 
     assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_users/confirmation.json', method: :get})
     end
   end
 
@@ -249,12 +249,12 @@ class CustomizedRoutingTest < ActionController::TestCase
 
     assert_recognizes(expected_params, {path: '/htmlonly_users/unlock', method: :get})
     assert_raise ExpectedRoutingError do
-      assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.xml', method: :get})
+      assert_recognizes(expected_params, {path: '/htmlonly_users/unlock.json', method: :get})
     end
   end
 
   test 'map with format false is not permanent' do
-    assert_equal "/set.xml", @routes.url_helpers.set_path(:xml)
+    assert_equal "/set.json", @routes.url_helpers.set_path(:json)
   end
 
   test 'checks if mapping has proper configuration for omniauth callback' do

test/support/helpers.rb

@@ -27,32 +27,32 @@ class ActiveSupport::TestCase
     "test#{@@email_count}@example.com"
   end
 
-  def valid_attributes(attributes={})
+  def valid_attributes(attributes = {})
     { username: "usertest",
       email: generate_unique_email,
       password: '12345678',
       password_confirmation: '12345678' }.update(attributes)
   end
 
-  def new_user(attributes={})
+  def new_user(attributes = {})
     User.new(valid_attributes(attributes))
   end
 
-  def create_user(attributes={})
+  def create_user(attributes = {})
     User.create!(valid_attributes(attributes))
   end
 
-  def create_admin(attributes={})
+  def create_admin(attributes = {})
     valid_attributes = valid_attributes(attributes)
     valid_attributes.delete(:username)
     Admin.create!(valid_attributes)
   end
 
-  def create_user_without_email(attributes={})
+  def create_user_without_email(attributes = {})
     UserWithoutEmail.create!(valid_attributes(attributes))
   end
 
-  def create_user_with_validations(attributes={})
+  def create_user_with_validations(attributes = {})
     UserWithValidations.create!(valid_attributes(attributes))
   end
 

test/support/integration.rb

@@ -7,7 +7,7 @@ class ActionDispatch::IntegrationTest
     request.env['warden']
   end
 
-  def create_user(options={})
+  def create_user(options = {})
     @user ||= begin
       user = User.create!(
         username: 'usertest',
@@ -24,7 +24,7 @@ class ActionDispatch::IntegrationTest
     end
   end
 
-  def create_admin(options={})
+  def create_admin(options = {})
     @admin ||= begin
       admin = Admin.create!(
         email: options[:email] || 'admin@test.com',
@@ -36,7 +36,7 @@ class ActionDispatch::IntegrationTest
     end
   end
 
-  def sign_in_as_user(options={}, &block)
+  def sign_in_as_user(options = {}, &block)
     user = create_user(options)
     visit_with_option options[:visit], new_user_session_path
     fill_in 'email', with: options[:email] || 'user@test.com'
@@ -47,7 +47,7 @@ class ActionDispatch::IntegrationTest
     user
   end
 
-  def sign_in_as_admin(options={}, &block)
+  def sign_in_as_admin(options = {}, &block)
     admin = create_admin(options)
     visit_with_option options[:visit], new_admin_session_path
     fill_in 'email', with: 'admin@test.com'
@@ -61,7 +61,7 @@ class ActionDispatch::IntegrationTest
   # account Middleware redirects.
   #
   def assert_redirected_to(url)
-    assert [301, 302].include?(@integration_session.status),
+    assert_includes [301, 302], @integration_session.status,
            "Expected status to be 301 or 302, got #{@integration_session.status}"
 
     assert_url url, @integration_session.headers["Location"]

test/test/controller_helpers_test.rb

@@ -97,16 +97,16 @@ class TestControllerHelpersTest < Devise::ControllerTestCase
 
   test "returns the body of a failure app" do
     get :index
-    assert_equal response.body, "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>"
+    assert_equal "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>", response.body
   end
 
   test "returns the content type of a failure app" do
-    get :index, params: { format: :xml }
+    get :index, params: { format: :json }
 
-    if Devise::Test.rails6?
-      assert response.media_type.include?('application/xml')
+    if Devise::Test.rails6_and_up?
+      assert_includes response.media_type, 'application/json'
     else
-      assert response.content_type.include?('application/xml')
+      assert_includes response.content_type, 'application/json'
     end
   end
 
@@ -196,3 +196,13 @@ class TestControllerHelpersTest < Devise::ControllerTestCase
     assert_equal old_warden_proxy, new_warden_proxy
   end
 end
+
+class TestControllerHelpersForStreamingControllerTest < Devise::ControllerTestCase
+  tests StreamingController
+  include Devise::Test::ControllerHelpers
+
+  test "doesn't hang when sending an authentication error response body" do
+    get :index
+    assert_equal "<html><body>You are being <a href=\"http://test.host/users/sign_in\">redirected</a>.</body></html>", response.body
+  end
+end