Release v4.9.4

Related: #5668

.github/workflows/test.yml

@@ -8,6 +8,7 @@ jobs:
         gemfile:
           - Gemfile
           - gemfiles/Gemfile-rails-main
+          - gemfiles/Gemfile-rails-7-0
           - gemfiles/Gemfile-rails-6-1
           - gemfiles/Gemfile-rails-6-0
           - gemfiles/Gemfile-rails-5-2
@@ -16,6 +17,7 @@ jobs:
           - gemfiles/Gemfile-rails-4-2
           - gemfiles/Gemfile-rails-4-1
         ruby:
+          - '3.3'
           - '3.2'
           - '3.1'
           - '3.0'
@@ -30,6 +32,10 @@ jobs:
           - DEVISE_ORM=active_record
           - DEVISE_ORM=mongoid
         exclude:
+          - gemfile: gemfiles/Gemfile-rails-main
+            ruby: '2.7' # Rails > 7.1 supports Ruby >= 3.1
+          - gemfile: gemfiles/Gemfile-rails-main
+            ruby: '3.0' # Rails > 7.1 supports Ruby >= 3.1
           - gemfile: Gemfile
             ruby: '2.6'
           - gemfile: Gemfile
@@ -58,6 +64,20 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-main
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.6'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.5'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.4'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.3'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.2'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            ruby: '2.1'
+          - gemfile: gemfiles/Gemfile-rails-7-0
+            env: DEVISE_ORM=mongoid
           - gemfile: gemfiles/Gemfile-rails-6-1
             ruby: '2.4'
           - gemfile: gemfiles/Gemfile-rails-6-1
@@ -68,6 +88,8 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-6-1
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-6-0
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-6-0
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-6-0
@@ -82,6 +104,8 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-6-0
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-5-2
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-5-2
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-5-2
@@ -96,6 +120,8 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-5-2
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-5-1
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-5-1
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-5-1
@@ -108,6 +134,8 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-5-1
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-5-0
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-5-0
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-5-0
@@ -120,6 +148,8 @@ jobs:
             ruby: '2.1'
           - gemfile: gemfiles/Gemfile-rails-5-0
             env: DEVISE_ORM=mongoid
+          - gemfile: gemfiles/Gemfile-rails-4-2
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-4-2
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-4-2
@@ -130,6 +160,8 @@ jobs:
             ruby: '2.7'
           - gemfile: gemfiles/Gemfile-rails-4-2
             ruby: '2.6'
+          - gemfile: gemfiles/Gemfile-rails-4-1
+            ruby: '3.3'
           - gemfile: gemfiles/Gemfile-rails-4-1
             ruby: '3.2'
           - gemfile: gemfiles/Gemfile-rails-4-1
@@ -144,13 +176,15 @@ jobs:
             ruby: '2.5'
           - gemfile: gemfiles/Gemfile-rails-4-1
             ruby: '2.4'
-    runs-on: ubuntu-latest
+    # TODO: lock `ubunty-20.04` due to older Ruby version compatibility, change to `ubuntu-latest` again when dropping older Ruby support.
+    # https://github.com/ruby/setup-ruby/issues/496#issuecomment-1520662740
+    runs-on: ubuntu-20.04
     env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
       BUNDLE_GEMFILE: ${{ matrix.gemfile }}
     steps:
       - uses: actions/checkout@v3
-      - name: Setup Bundler 1.x for Rails 4.x
-        if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' }}
+      - name: Setup Bundler 1.x for Rails 4.x and Ruby <= 2.2
+        if: ${{ matrix.gemfile == 'gemfiles/Gemfile-rails-4-1' || matrix.gemfile == 'gemfiles/Gemfile-rails-4-2' || matrix.ruby <= '2.2' }}
         run: echo "BUNDLER_VERSION=1.17.3" >> $GITHUB_ENV
       - name: Setup Rubygems version as default for Ruby < 2.5
         if: ${{ matrix.ruby < '2.5' }}

CHANGELOG.md

@@ -1,6 +1,21 @@
-### Unreleased
+### 4.9.4 - 2024-04-10
 
+* enhancements
+  * Add support for Ruby 3.3. (no changes needed)
 
+* bug fixes
+  * Respect locale set by controller in failure app. Devise will carry over the current I18n.locale option when triggering authentication, and will wrap the failure app call with it. [#5567](https://github.com/heartcombo/devise/pull/5567)
+
+### 4.9.3 - 2023-10-11
+
+* enhancements
+  * Add support for Rails 7.1.
+  * Add `Devise.deprecator` to integrate with new application deprecators in Rails 7.1. (@soartec-lab, @etiennebarrie)
+
+### 4.9.2 - 2023-04-03
+
+* deprecations
+  * Bring back `Devise.activerecord51?` and deprecate it, in order to avoid breakage with some libraries that apparently relied on it.
 
 ### 4.9.1 - 2023-03-31
 

Gemfile

@@ -4,7 +4,7 @@ source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 7.0.0"
+gem "rails", "~> 7.1.0"
 gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"
@@ -19,7 +19,7 @@ group :test do
   gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do

Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/rails/rails-controller-testing.git
-  revision: 351c0162df0771c0c48e6a5a886c4c2f0a5d1a74
+  revision: c203673f8011a7cdc2a8edf995ae6b3eec3417ca
   specs:
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -10,7 +10,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise (4.9.1)
+    devise (4.9.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -20,114 +20,133 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actioncable (7.1.0)
+      actionpack (= 7.1.0)
+      activesupport (= 7.1.0)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.0)
+      actionpack (= 7.1.0)
+      activejob (= 7.1.0)
+      activerecord (= 7.1.0)
+      activestorage (= 7.1.0)
+      activesupport (= 7.1.0)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionmailer (7.1.0)
+      actionpack (= 7.1.0)
+      actionview (= 7.1.0)
+      activejob (= 7.1.0)
+      activesupport (= 7.1.0)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.0)
-    actionpack (7.0.4.3)
-      actionview (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.2.0)
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.0)
+      actionview (= 7.1.0)
+      activesupport (= 7.1.0)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.0)
+      actionpack (= 7.1.0)
+      activerecord (= 7.1.0)
+      activestorage (= 7.1.0)
+      activesupport (= 7.1.0)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionview (7.1.0)
+      activesupport (= 7.1.0)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.4.3)
-      activesupport (= 7.0.4.3)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.0)
+      activesupport (= 7.1.0)
       globalid (>= 0.3.6)
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activerecord (7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activestorage (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    activemodel (7.1.0)
+      activesupport (= 7.1.0)
+    activerecord (7.1.0)
+      activemodel (= 7.1.0)
+      activesupport (= 7.1.0)
+      timeout (>= 0.4.0)
+    activestorage (7.1.0)
+      actionpack (= 7.1.0)
+      activejob (= 7.1.0)
+      activerecord (= 7.1.0)
+      activesupport (= 7.1.0)
       marcel (~> 1.0)
-      mini_mime (>= 1.1.0)
-    activesupport (7.0.4.3)
+    activesupport (7.1.0)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
-    bcrypt (3.1.18)
+    base64 (0.1.1)
+    bcrypt (3.1.19)
+    bigdecimal (3.1.4)
     builder (3.2.4)
     concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
     crass (1.0.6)
     date (3.3.3)
+    drb (2.1.1)
+      ruby2_keywords
     erubi (1.12.0)
-    faraday (2.7.4)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
-    globalid (1.1.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     hashie (5.0.0)
-    i18n (1.12.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    jwt (2.7.0)
-    loofah (2.19.1)
+    io-console (0.6.0)
+    irb (1.8.1)
+      rdoc
+      reline (>= 0.3.8)
+    jwt (2.7.1)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
       net-pop
       net-smtp
     marcel (1.0.2)
-    method_source (1.0.0)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.1)
-    minitest (5.18.0)
-    mocha (1.16.1)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.4)
+    minitest (5.20.0)
+    mocha (2.1.0)
+      ruby2_keywords (>= 0.0.5)
     multi_xml (0.6.0)
-    net-imap (0.3.4)
+    mutex_m (0.1.2)
+    net-imap (0.4.1)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0)
       net-protocol
-    nio4r (2.5.8)
-    nokogiri (1.14.2)
-      mini_portile2 (~> 2.8.0)
+    nio4r (2.5.9)
+    nokogiri (1.15.4)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
@@ -151,84 +170,95 @@ GEM
     orm_adapter (0.5.0)
     psych (5.1.0)
       stringio
-    racc (1.6.2)
-    rack (2.2.6.4)
+    racc (1.7.1)
+    rack (2.2.8)
     rack-openid (1.4.2)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-protection (3.0.5)
-      rack
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    rack-session (1.0.1)
+      rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.4.3)
-      actioncable (= 7.0.4.3)
-      actionmailbox (= 7.0.4.3)
-      actionmailer (= 7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actiontext (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    rackup (1.0.0)
+      rack (< 3)
+      webrick
+    rails (7.1.0)
+      actioncable (= 7.1.0)
+      actionmailbox (= 7.1.0)
+      actionmailer (= 7.1.0)
+      actionpack (= 7.1.0)
+      actiontext (= 7.1.0)
+      actionview (= 7.1.0)
+      activejob (= 7.1.0)
+      activemodel (= 7.1.0)
+      activerecord (= 7.1.0)
+      activestorage (= 7.1.0)
+      activesupport (= 7.1.0)
       bundler (>= 1.15.0)
-      railties (= 7.0.4.3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+      railties (= 7.1.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
-    railties (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      method_source
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (7.1.0)
+      actionpack (= 7.1.0)
+      activesupport (= 7.1.0)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rake (13.0.6)
     rdoc (6.5.0)
       psych (>= 4.0.0)
+    reline (0.3.9)
+      io-console (~> 0.5)
     responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     ruby-openid (2.9.2)
     ruby2_keywords (0.0.5)
     snaky_hash (2.0.1)
       hashie
       version_gem (~> 1.1, >= 1.1.1)
-    sqlite3 (1.6.1)
+    sqlite3 (1.6.6)
       mini_portile2 (~> 2.8.0)
-    stringio (3.0.5)
-    thor (1.2.1)
-    timecop (0.9.6)
-    timeout (0.3.2)
+    stringio (3.0.8)
+    thor (1.2.2)
+    timecop (0.9.8)
+    timeout (0.4.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    version_gem (1.1.2)
+    version_gem (1.1.3)
     warden (1.2.9)
       rack (>= 2.0.9)
     webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
-    websocket-driver (0.7.5)
+    webrick (1.8.1)
+    websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.7)
+    zeitwerk (2.6.12)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   devise!
-  mocha (~> 1.1)
+  mocha (~> 2.1)
   omniauth
   omniauth-facebook
   omniauth-oauth2
   omniauth-openid
-  rails (~> 7.0.0)
+  rails (~> 7.1.0)
   rails-controller-testing!
   rdoc
   responders (~> 3.1)

MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva.
+Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva.
 Copyright 2009-2019 Plataformatec.
 
 Permission is hereby granted, free of charge, to any person obtaining

README.md

@@ -46,7 +46,7 @@ It's composed of 10 modules:
 	- [Integration tests](#integration-tests)
 	- [OmniAuth](#omniauth)
 	- [Configuring multiple models](#configuring-multiple-models)
-	- [ActiveJob Integration](#activejob-integration)
+	- [Active Job Integration](#active-job-integration)
 	- [Password reset tokens and Rails logs](#password-reset-tokens-and-rails-logs)
 	- [Other ORMs](#other-orms)
 	- [Rails API mode](#rails-api-mode)
@@ -483,7 +483,7 @@ Devise.setup do |config|
   # ...
   # When using Devise with Hotwire/Turbo, the http status for error responses
   # and some redirects must match the following. The default in Devise for existing
-  # apps is `200 OK` and `302 Found respectively`, but new apps are generated with
+  # apps is `200 OK` and `302 Found` respectively, but new apps are generated with
   # these new defaults that match Hotwire/Turbo behavior.
   # Note: These might become the new default in future versions of Devise.
   config.responder.error_status = :unprocessable_entity
@@ -767,6 +767,6 @@ https://github.com/heartcombo/devise/graphs/contributors
 
 ## License
 
-MIT License. Copyright 2020-2023 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
+MIT License. Copyright 2020-2024 Rafael França, Leonardo Tegon, Carlos Antônio da Silva. Copyright 2009-2019 Plataformatec.
 
 The Devise logo is licensed under [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License](https://creativecommons.org/licenses/by-nc-nd/4.0/).

app/controllers/devise/sessions_controller.rb

@@ -45,7 +45,7 @@ class Devise::SessionsController < DeviseController
   end
 
   def auth_options
-    { scope: resource_name, recall: "#{controller_path}#new" }
+    { scope: resource_name, recall: "#{controller_path}#new", locale: I18n.locale }
   end
 
   def translation_scope

app/controllers/devise_controller.rb

@@ -33,6 +33,19 @@ class DeviseController < Devise.parent_controller.constantize
     end
   end
 
+  # Override internal methods to exclude `_prefixes` from action methods since
+  # we override it above.
+  #
+  # There was an intentional change in Rails 7.1 that will allow it to become
+  # an action method because it's a public method of a non-abstract controller,
+  # but we also can't make this abstract because it can affect potential actions
+  # defined in the parent controller, so instead we ensure `_prefixes` is going
+  # to be considered internal. (and thus, won't become an action method.)
+  # Ref: https://github.com/rails/rails/pull/48699
+  def self.internal_methods #:nodoc:
+    super << :_prefixes
+  end
+
   protected
 
   # Gets the actual resource stored in the instance variable

app/helpers/devise_helper.rb

@@ -4,7 +4,7 @@ module DeviseHelper
   # Retain this method for backwards compatibility, deprecated in favor of modifying the
   # devise/shared/error_messages partial.
   def devise_error_messages!
-    ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+    Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
       [Devise] `DeviseHelper#devise_error_messages!` is deprecated and will be
       removed in the next major version.
 

gemfiles/Gemfile-rails-4-1

@@ -21,7 +21,7 @@ group :test do
   gem "omniauth-openid"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
   gem 'test_after_commit', require: false
 end
 
@@ -44,3 +44,6 @@ if RUBY_VERSION < "2.3.0"
   # `Object.deprecate_constant` which isn't available.
   gem "multipart-post", "2.1.1"
 end
+
+# There's a build incompatibility issue with nokogiri and loofah
+gem "loofah", "~> 2.20.0"

gemfiles/Gemfile-rails-4-2

@@ -20,7 +20,7 @@ group :test do
   gem "omniauth-openid"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
   gem 'test_after_commit', require: false
 end
 
@@ -43,3 +43,6 @@ if RUBY_VERSION < "2.3.0"
   # `Object.deprecate_constant` which isn't available.
   gem "multipart-post", "2.1.1"
 end
+
+# There's a build incompatibility issue with nokogiri and loofah
+gem "loofah", "~> 2.20.0"

gemfiles/Gemfile-rails-5-0

@@ -18,7 +18,7 @@ group :test do
   gem "omniauth-openid"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do
@@ -35,3 +35,6 @@ if RUBY_VERSION < "2.3.0"
   # `Object.deprecate_constant` which isn't available.
   gem "multipart-post", "2.1.1"
 end
+
+# There's a build incompatibility issue with nokogiri and loofah
+gem "loofah", "~> 2.20.0"

gemfiles/Gemfile-rails-5-1

@@ -16,7 +16,7 @@ group :test do
   gem "omniauth-openid"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do
@@ -28,3 +28,6 @@ if RUBY_VERSION < "2.3.0"
   # `Object.deprecate_constant` which isn't available.
   gem "multipart-post", "2.1.1"
 end
+
+# There's a build incompatibility issue with nokogiri and loofah
+gem "loofah", "~> 2.20.0"

gemfiles/Gemfile-rails-5-2

@@ -16,9 +16,12 @@ group :test do
   gem "omniauth-openid"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do
   gem "sqlite3", "~> 1.3.6"
 end
+
+# There's a build incompatibility issue with nokogiri and loofah
+gem "loofah", "~> 2.20.0"

gemfiles/Gemfile-rails-6-0

@@ -17,7 +17,7 @@ group :test do
   gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do

gemfiles/Gemfile-rails-6-1

@@ -23,7 +23,7 @@ group :test do
   gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do

gemfiles/Gemfile-rails-7-0

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gemspec path: ".."
+
+gem "rails", "~> 7.0.0"
+gem "omniauth"
+gem "omniauth-oauth2"
+gem "rdoc"
+
+gem "rails-controller-testing", github: "rails/rails-controller-testing"
+
+gem "responders", "~> 3.1"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid"
+  gem "rexml"
+  gem "timecop"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 2.1", require: false
+end
+
+platforms :ruby do
+  gem "sqlite3", "~> 1.4"
+end
+
+# platforms :jruby do
+#   gem "activerecord-jdbc-adapter"
+#   gem "activerecord-jdbcsqlite3-adapter"
+#   gem "jruby-openssl"
+# end
+
+# TODO:
+# group :mongoid do
+#   gem "mongoid", "~> 4.0.0"
+# end

gemfiles/Gemfile-rails-main

@@ -17,7 +17,7 @@ group :test do
   gem "rexml"
   gem "timecop"
   gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.1", require: false
+  gem "mocha", "~> 2.1", require: false
 end
 
 platforms :ruby do

lib/devise.rb

@@ -520,6 +520,18 @@ module Devise
     b.each_byte { |byte| res |= byte ^ l.shift }
     res == 0
   end
+
+  def self.deprecator
+    @deprecator ||= ActiveSupport::Deprecation.new("5.0", "Devise")
+  end
+
+  def self.activerecord51? # :nodoc:
+    deprecator.warn <<-DEPRECATION.strip_heredoc
+      [Devise] `Devise.activerecord51?` is deprecated and will be removed in the next major version.
+      It is a non-public method that's no longer used internally, but that other libraries have been relying on.
+    DEPRECATION
+    defined?(ActiveRecord) && ActiveRecord.gem_version >= Gem::Version.new("5.1.x")
+  end
 end
 
 require 'warden'

lib/devise/controllers/helpers.rb

@@ -46,6 +46,7 @@ module Devise
                 mappings.unshift mappings.delete(favorite.to_sym) if favorite
                 mappings.each do |mapping|
                   opts[:scope] = mapping
+                  opts[:locale] = I18n.locale
                   warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
                 end
               end
@@ -115,6 +116,7 @@ module Devise
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
           def authenticate_#{mapping}!(opts = {})
             opts[:scope] = :#{mapping}
+            opts[:locale] = I18n.locale
             warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
           end
 

lib/devise/controllers/sign_in_out.rb

@@ -38,7 +38,7 @@ module Devise
         expire_data_after_sign_in!
 
         if options[:bypass]
-          ActiveSupport::Deprecation.warn(<<-DEPRECATION.strip_heredoc, caller)
+          Devise.deprecator.warn(<<-DEPRECATION.strip_heredoc, caller)
           [Devise] bypass option is deprecated and it will be removed in future version of Devise.
           Please use bypass_sign_in method instead.
           Example:

lib/devise/failure_app.rb

@@ -18,6 +18,11 @@ module Devise
 
     delegate :flash, to: :request
 
+    include AbstractController::Callbacks
+    around_action do |failure_app, action|
+      I18n.with_locale(failure_app.i18n_locale, &action)
+    end
+
     def self.call(env)
       @respond ||= action(:respond)
       @respond.call(env)
@@ -107,7 +112,7 @@ module Devise
         options[:default] = [message]
         auth_keys = scope_class.authentication_keys
         keys = (auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys).map { |key| scope_class.human_attribute_name(key) }
-        options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
+        options[:authentication_keys] = keys.join(I18n.t(:"support.array.words_connector"))
         options = i18n_options(options)
 
         I18n.t(:"#{scope}.#{message}", **options)
@@ -116,6 +121,10 @@ module Devise
       end
     end
 
+    def i18n_locale
+      warden_options[:locale]
+    end
+
     def redirect_url
       if warden_message == :timeout
         flash[:timedout] = true if is_flashing_format?

lib/devise/models/authenticatable.rb

@@ -62,7 +62,7 @@ module Devise
         :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
 
       include Devise::DeprecatedConstantAccessor
-      deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION"
+      deprecate_constant "BLACKLIST_FOR_SERIALIZATION", "Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", deprecator: Devise.deprecator
 
       included do
         class_attribute :devise_modules, instance_writer: false

lib/devise/models/database_authenticatable.rb

@@ -86,7 +86,7 @@ module Devise
       # is also rejected as long as it is also blank.
       def update_with_password(params, *options)
         if options.present?
-          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
             [Devise] The second argument of `DatabaseAuthenticatable#update_with_password`
             (`options`) is deprecated and it will be removed in the next major version.
             It was added to support a feature deprecated in Rails 4, so you can safely remove it
@@ -128,7 +128,7 @@ module Devise
       #
       def update_without_password(params, *options)
         if options.present?
-          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
             [Devise] The second argument of `DatabaseAuthenticatable#update_without_password`
             (`options`) is deprecated and it will be removed in the next major version.
             It was added to support a feature deprecated in Rails 4, so you can safely remove it

lib/devise/rails.rb

@@ -17,6 +17,10 @@ module Devise
       app.reload_routes! if Devise.reload_routes
     end
 
+    initializer "devise.deprecator" do |app|
+      app.deprecators[:devise] = Devise.deprecator if app.respond_to?(:deprecators)
+    end
+
     initializer "devise.url_helpers" do
       Devise.include_helpers(Devise::Controllers)
     end

lib/devise/rails/deprecated_constant_accessor.rb

@@ -26,7 +26,7 @@ rescue LoadError
             super
           end
 
-          def deprecate_constant(const_name, new_constant, message: nil, deprecator: ActiveSupport::Deprecation.instance)
+          def deprecate_constant(const_name, new_constant, message: nil, deprecator: Devise.deprecator)
             class_variable_set(:@@_deprecated_constants, {}) unless class_variable_defined?(:@@_deprecated_constants)
             class_variable_get(:@@_deprecated_constants)[const_name.to_s] = { new: new_constant, message: message, deprecator: deprecator }
           end

lib/devise/test/controller_helpers.rb

@@ -69,7 +69,7 @@ module Devise
           scope = resource
           resource = deprecated
 
-          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
             [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise.
             Please use sign_in(resource, scope: :#{scope}) instead.
           DEPRECATION

lib/devise/test_helpers.rb

@@ -4,7 +4,7 @@ module Devise
   module TestHelpers
     def self.included(base)
       base.class_eval do
-        ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+        Devise.deprecator.warn <<-DEPRECATION.strip_heredoc
           [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
           For controller tests, please include `Devise::Test::ControllerHelpers` instead.
         DEPRECATION

lib/devise/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Devise
-  VERSION = "4.9.1".freeze
+  VERSION = "4.9.4".freeze
 end

lib/generators/templates/devise.rb

@@ -299,7 +299,7 @@ Devise.setup do |config|
   # ==> Hotwire/Turbo configuration
   # When using Devise with Hotwire/Turbo, the http status for error responses
   # and some redirects must match the following. The default in Devise for existing
-  # apps is `200 OK` and `302 Found respectively`, but new apps are generated with
+  # apps is `200 OK` and `302 Found` respectively, but new apps are generated with
   # these new defaults that match Hotwire/Turbo behavior.
   # Note: These might become the new default in future versions of Devise.
   config.responder.error_status = :unprocessable_entity

test/controllers/helpers_test.rb

@@ -64,30 +64,30 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
   end
 
   test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :user)
+    @mock_warden.expects(:authenticate!).with({ scope: :user, locale: :en })
     @controller.authenticate_user!
   end
 
   test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo")
+    @mock_warden.expects(:authenticate!).with({ scope: :user, recall: "foo", locale: :en })
     @controller.authenticate_user!(recall: "foo")
   end
 
   test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :admin)
+    @mock_warden.expects(:authenticate!).with({ scope: :admin, locale: :en })
     @controller.authenticate_admin!
   end
 
   test 'proxy authenticate_[group]! to authenticate!? with each scope' do
     [:user, :admin].each do |scope|
-      @mock_warden.expects(:authenticate!).with(scope: scope)
+      @mock_warden.expects(:authenticate!).with({ scope: scope, locale: :en })
       @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
     end
     @controller.authenticate_commenter!
   end
 
   test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
+    @mock_warden.expects(:authenticate!).with({ scope: :publisher_account, locale: :en })
     @controller.authenticate_publisher_account!
   end
 
@@ -127,14 +127,14 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
   test 'sign in proxy to set_user on warden' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true)
     @controller.sign_in(:user, user)
   end
 
   test 'sign in accepts a resource as argument' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true)
     @controller.sign_in(user)
   end
 
@@ -148,7 +148,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
   test 'sign in again when the user is already in only if force is given' do
     user = User.new
     @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true)
     @controller.sign_in(user, force: true)
   end
 
@@ -269,7 +269,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
     user = User.new
     @controller.session[:user_return_to] = "/foo.bar"
     @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, { scope: :user }).returns(true)
     @controller.expects(:redirect_to).with("/foo.bar")
     @controller.sign_in_and_redirect(user)
   end
@@ -277,7 +277,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
   test 'sign in and redirect uses the configured after sign in path' do
     admin = Admin.new
     @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true)
+    @mock_warden.expects(:set_user).with(admin, { scope: :admin }).returns(true)
     @controller.expects(:redirect_to).with(admin_root_path)
     @controller.sign_in_and_redirect(admin)
   end

test/controllers/internal_helpers_test.rb

@@ -55,7 +55,7 @@ class HelpersTest < Devise::ControllerTestCase
   end
 
   test 'require no authentication tests current mapping' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication
@@ -71,7 +71,7 @@ class HelpersTest < Devise::ControllerTestCase
   end
 
   test 'require no authentication sets a flash message' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, { scope: :user }).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication

test/devise_test.rb

@@ -106,4 +106,10 @@ class DeviseTest < ActiveSupport::TestCase
       assert_no_match Devise.email_regexp, email
     end
   end
+
+  test 'Devise.activerecord51? deprecation' do
+    assert_deprecated("`Devise.activerecord51?` is deprecated", Devise.deprecator) do
+      Devise.activerecord51?
+    end
+  end
 end

test/failure_app_test.rb

@@ -200,6 +200,13 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal 'User Steve does not exist', @request.flash[:alert]
     end
 
+    test 'respects the i18n locale passed via warden options when redirecting' do
+      call_failure('warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" })
+
+      assert_equal 'Email ou senha inválidos.', @request.flash[:alert]
+      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
+    end
+
     test 'uses the proxy failure message as string' do
       call_failure('warden' => OpenStruct.new(message: 'Hello world'))
       assert_equal 'Hello world', @request.flash[:alert]
@@ -284,6 +291,12 @@ class FailureTest < ActiveSupport::TestCase
       assert_match '<error>Invalid Email or password.</error>', @response.third.body
     end
 
+    test 'respects the i18n locale passed via warden options when responding to HTTP request' do
+      call_failure('formats' => Mime[:json], 'warden' => OpenStruct.new(message: :invalid), 'warden.options' => { locale: :"pt-BR" })
+
+      assert_equal %({"error":"Email ou senha inválidos."}), @response.third.body
+    end
+
     context 'on ajax call' do
       context 'when http_authenticatable_on_xhr is false' do
         test 'dont return 401 with navigational formats' do
@@ -372,6 +385,18 @@ class FailureTest < ActiveSupport::TestCase
       end
     end
 
+    test 'respects the i18n locale passed via warden options when recalling original controller' do
+      env = {
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", locale: :"pt-BR" },
+        "devise.mapping" => Devise.mappings[:user],
+        "warden" => stub_everything
+      }
+      call_failure(env)
+
+      assert_includes @response.third.body, '<h2>Log in</h2>'
+      assert_includes @response.third.body, 'Email ou senha inválidos.'
+    end
+
     # TODO: remove conditional/else when supporting only responders 3.1+
     if ActionController::Responder.respond_to?(:error_status=)
       test 'respects the configured responder `error_status` for the status code' do
@@ -431,6 +456,7 @@ class FailureTest < ActiveSupport::TestCase
       assert_equal "yes it does", Devise::FailureApp.new.lazy_loading_works?
     end
   end
+
   context "Without Flash Support" do
     test "returns to the default redirect location without a flash message" do
       call_failure request_klass: RequestWithoutFlashSupport

test/integration/authenticatable_test.rb

@@ -273,6 +273,15 @@ class AuthenticationRedirectTest < Devise::IntegrationTest
     assert_contain 'You need to sign in or sign up before continuing.'
   end
 
+  test 'redirect from warden respects i18n locale set at the controller' do
+    get admins_path(locale: "pt-BR")
+
+    assert_redirected_to new_admin_session_path
+    follow_redirect!
+
+    assert_contain 'Para continuar, faça login ou registre-se.'
+  end
+
   test 'redirect to default url if no other was configured' do
     sign_in_as_user
     assert_template 'home/index'
@@ -572,7 +581,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
     host! 'foo.bar.baz'
 
     swap Devise, request_keys: [:subdomain] do
-      User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user)
+      User.expects(:find_for_authentication).with({ subdomain: 'foo', email: 'user@test.com' }).returns(create_user)
       sign_in_as_user
       assert warden.authenticated?(:user)
     end

test/models/authenticatable_test.rb

@@ -43,7 +43,7 @@ class AuthenticatableTest < ActiveSupport::TestCase
       user = create_user(email: 'example@example.com')
       attributes = ActionController::Parameters.new(email: 'example@example.com')
 
-      User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user)
+      User.expects(:find_first_by_auth_conditions).with({ 'email' => 'example@example.com' }).returns(user)
       User.find_or_initialize_with_errors([:email], attributes)
     end
   end

test/models/serializable_test.rb

@@ -32,7 +32,9 @@ class SerializableTest < ActiveSupport::TestCase
   end
 
   test 'constant `BLACKLIST_FOR_SERIALIZATION` is deprecated' do
-    assert_deprecated { Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION }
+    assert_deprecated("Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION", Devise.deprecator) do
+      Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION
+    end
   end
 
   def assert_key(key, subject)

test/orm/active_record.rb

@@ -5,7 +5,9 @@ ActiveRecord::Base.logger = Logger.new(nil)
 ActiveRecord::Base.include_root_in_json = true
 
 migrate_path = File.expand_path("../../rails_app/db/migrate/", __FILE__)
-if Devise::Test.rails6_and_up?
+if Devise::Test.rails71_and_up?
+  ActiveRecord::MigrationContext.new(migrate_path).migrate
+elsif Devise::Test.rails6_and_up?
   ActiveRecord::MigrationContext.new(migrate_path, ActiveRecord::SchemaMigration).migrate
 elsif Devise::Test.rails52_and_up?
   ActiveRecord::MigrationContext.new(migrate_path).migrate

test/rails_app/app/controllers/admins_controller.rb

@@ -1,8 +1,15 @@
 # frozen_string_literal: true
 
 class AdminsController < ApplicationController
+  around_action :set_locale
   before_action :authenticate_admin!
 
   def index
   end
+
+  private
+
+  def set_locale
+    I18n.with_locale(params[:locale] || I18n.default_locale) { yield }
+  end
 end

test/rails_app/config/application.rb

@@ -53,5 +53,9 @@ module RailsApp
     if Devise::Test.rails70?
       config.active_record.legacy_connection_handling = false
     end
+
+    if Devise::Test.rails70_and_up?
+      config.active_support.cache_format_version = 7.0
+    end
   end
 end

test/rails_app/config/boot.rb

@@ -12,6 +12,10 @@ module Devise
       !rails70? && Rails::VERSION::MAJOR >= 7
     end
 
+    def self.rails70_and_up?
+      Rails::VERSION::MAJOR >= 7
+    end
+
     def self.rails70?
       Rails.version.start_with? '7.0'
     end

test/rails_app/config/environments/test.rb

@@ -32,7 +32,11 @@ RailsApp::Application.configure do
   config.action_controller.perform_caching = false
 
   # Raise exceptions instead of rendering exception templates.
-  config.action_dispatch.show_exceptions = false
+  if Devise::Test.rails71_and_up?
+    config.action_dispatch.show_exceptions = :none
+  else
+    config.action_dispatch.show_exceptions = false
+  end
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false

test/rails_test.rb

@@ -8,4 +8,10 @@ class RailsTest < ActiveSupport::TestCase
     assert_equal :load_config_initializers, initializer.after
     assert_equal :build_middleware_stack, initializer.before
   end
+
+  if Devise::Test.rails71_and_up?
+    test 'deprecator is added to application deprecators' do
+      assert_not_nil Rails.application.deprecators[:devise]
+    end
+  end
 end

test/routes_test.rb

@@ -2,7 +2,7 @@
 
 require 'test_helper'
 
-ExpectedRoutingError = MiniTest::Assertion
+ExpectedRoutingError = Minitest::Assertion
 
 class DefaultRoutingTest < ActionController::TestCase
   test 'map new user session' do

test/support/locale/pt-BR.yml

@@ -0,0 +1,5 @@
+pt-BR:
+  devise:
+    failure:
+      invalid: "%{authentication_keys} ou senha inválidos."
+      unauthenticated: "Para continuar, faça login ou registre-se."

test/test_helper.rb

@@ -10,7 +10,7 @@ require "rails_app/config/environment"
 require "rails/test_help"
 require "orm/#{DEVISE_ORM}"
 
-I18n.load_path << File.expand_path("../support/locale/en.yml", __FILE__)
+I18n.load_path.concat Dir["#{File.dirname(__FILE__)}/support/locale/*.yml"]
 
 require 'mocha/minitest'
 require 'timecop'
@@ -23,6 +23,22 @@ end
 if ActiveSupport.respond_to?(:test_order)
   ActiveSupport.test_order = :random
 end
+class ActiveSupport::TestCase
+  if ActiveSupport.version < Gem::Version.new("5.0")
+    def assert_deprecated(match, deprecator)
+      super(match) do
+        # TODO: remove extra begin..end when dropping support for Ruby <= 2.4
+        begin
+          behavior = deprecator.behavior
+          deprecator.behavior = ActiveSupport::Deprecation.behavior
+          yield
+        ensure
+          deprecator.behavior = behavior
+        end
+      end
+    end
+  end
+end
 
 OmniAuth.config.logger = Logger.new('/dev/null')