Test against JRuby.

2026-01-13 16:57:57 -05:00 · 2016-05-21 12:10:30 -03:00
47 changed files with 710 additions and 503 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,20 +5,23 @@ rvm:
  - 2.2.5
  - 2.3.1
  - ruby-head
+  - jruby-9.0.5.0

 gemfile:
  - Gemfile
+  - gemfiles/Gemfile.rails-5.0
  - gemfiles/Gemfile.rails-4.2-stable
  - gemfiles/Gemfile.rails-4.1-stable

 matrix:
  exclude:
    - rvm: 2.1.9
-      gemfile: Gemfile
+      gemfile: gemfiles/Gemfile.rails-5.0
    - env: DEVISE_ORM=mongoid
-      gemfile: Gemfile
+      gemfile: gemfiles/Gemfile.rails-5.0
  allow_failures:
    - rvm: ruby-head
+  fast_finish: true
 services:
  - mongodb

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,11 +1,5 @@
 ### Unreleased

-* removals
-  * `Devise::Mailer#scope_name` and `Devise::Mailer#resource` are now protected
-    methods instead of public.
-
-### 4.2.0 - 2016-07-01
-
 * removals
  * Remove the deprecated `Devise::ParameterSanitizer` API from Devise 3.
    Please use the `#permit` and `#sanitize` methods over `#for`.
@@ -16,10 +10,6 @@
  * Remove the `Devise::Models::Confirmable#confirm!` method, use `confirm` instead.
  * Remove the `Devise::Models::Recoverable#reset_password!` method, use `reset_password` instead.
  * Remove the `Devise::Models::Recoverable#after_password_reset` method.
-* bug fixes
-  * Fix an `ActionDispatch::IllegalStateError` when testing controllers with Rails 5 rc 2(by @hamadata).
-  * Use `ActiveSupport.on_load` hooks to include Devise on `ActiveRecord` and `Mongoid`,
-    avoiding autoloading these constants too soon (by @lucasmazza, @rafaelfranca).
 * enhancements
  * Display the minimum password length on `registrations/edit` view (by @Yanchek99).
  * You can disable Devise's routes reloading on boot by through the `reload_routes = false` config.
@@ -28,9 +18,6 @@
    Devise mappings be loaded during boot time (by @sidonath).
  * Added `Devise::Test::IntegrationHelpers` to bypass the sign in process using
    Warden test API (by @lucasmazza).
-  * Define `inspect` in `Devise::Models::Authenticatable` to help ensure password hashes
-    aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar).
-  * Add missing support of `Rails.application.config.action_controller.relative_url_root` (by @kosdiamantis).
 * deprecations
  * `Devise::TestHelpers` is deprecated in favor of `Devise::Test::ControllerHelpers`
    (by @lucasmazza).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,79 +1,39 @@
-# How to contribute to Devise
+### Please read before contributing

-Thanks for your interest on contributing to Devise! Here are a few general
-guidelines on contributing and reporting bugs to Devise that we ask you to
-take a look first. Notice that all of your interactions in the project are
-expected to follow our [Code of Conduct](CODE_OF_CONDUCT.md).
+1) Do not post questions in the issues tracker. If you have any questions about
+Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use
+the [Mailing List](https://groups.google.com/group/plataformatec-devise) or
+[Stack Overflow](http://stackoverflow.com/questions/tagged/devise).

-## Reporting Issues
-
-Before reporting a new issue, please be sure that the issue wasn't already
-reported or fixed by searching on GitHub through our [issues](https://github.com/plataformatec/devise/issues).
-
-When creating a new issue, be sure to include a **title and clear description**,
-as much relevant information as possible, and either a test case example or
-even better a **sample Rails app that replicates the issue** - Devise has a lot
-of moving parts and it's functionality can be affected by third party gems, so
-we need as much context and details as possible to identify what might be broken
-for you. We have a [test case template](guides/bug_report_templates/integration_test.rb)
-that can be used to replicate issues with minimal setup.
-
-Please do not attempt to translate Devise built in views. The views are meant
-to be a starting point for fresh apps and not production material - eventually
-all applications will require custom views where you can write your own copy and
-translate it if the application requires it . For historical references, please look into closed
-[Issues/Pull Requests](https://github.com/plataformatec/devise/issues?q=i18n) regarding
-internationalization.
-
-Avoid opening new issues to ask questions in our issues tracker. Please go through
-the project wiki, documentation and source code first, or try to ask your question
-on [Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
-
-**If you find a security bug, do not report it through GitHub. Please send an
+2) If you find a security bug, **DO NOT** submit an issue here. Please send an
 e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br)
-instead.**
+instead.

-## Sending Pull Requests
+3) If possible, replicate your issue with our
+[guides/bug_report_templates/integration_test.rb](test case example), and attach
+it to your issue or Pull Request - this way we have an isolated way to replicate
+your issue and investigate it further.

-Before sending a new Pull Request, take a look on existing Pull Requests and Issues
-to see if the proposed change or fix has been discussed in the past, or if the
-change was already implemented but not yet released.
+4) Otherwise, please provide a fresh new Rails application that replicates your
+issue on a public GitHub repository, as some scenarios might not be possible to
+replicate using the standalone test case example.

-We expect new Pull Requests to include enough tests for new or changed behavior,
-and we aim to maintain everything as most backwards compatible as possible,
-reserving breaking changes to be ship in major releases when necessary - you
-can wrap the new code path with a setting toggle from the `Devise` module defined
-as `false` by default to require developers to opt-in for the new behavior.
+5) Do a small search on the issues tracker before submitting your issue to see
+if it was already reported / fixed. Duplicated issues will be closed to avoid
+too much noise/duplication in the issue tracker.

-If your Pull Request includes new or changed behavior, be sure that the changes
-are beneficial to a wide range of use cases or it's an application specific change
-that might not be so valuable to other applications. Some changes can be introduced
-as a new `devise-something` gem instead of belonging to the main codebase.
+6) When reporting an issue, include Rails, Devise and Warden versions. If you
+are getting exceptions, please include the full backtrace.

-When adding new settings, you can take advantage of the [`Devise::Models.config`](https://github.com/plataformatec/devise/blob/245b1f9de0b3386b7913e14b60ea24f43b77feb0/lib/devise/models.rb#L13-L50) method to add class and instance level fallbacks
-to the new setting.
+7) Please do not attempt to translate Devise built in views. The views are meant
+to be a starting point and not a final version. For historical references,
+please look into closed issues/Pull regarding i18n.

-We also welcome Pull Requests that improve our existing documentation (both our
-`README.md` and the RDoc sections in the source code) or improve existing rough
-edges in our API that might be blocking existing integrations or 3rd party gems.
+8) Notice that all of your interactions in the project are expected to follow
+our [Code of Conduct](CODE_OF_CONDUCT.md)

-## Other ways to contribute
+That's it! The more information you give, the easier it becomes for us to track
+it down and fix it. Ideally, you should provide an application that reproduces
+the error or a test case to Devise's suite.

-We welcome anyone that wants to contribute to Devise to triage and reply to
-open issues to help troubleshoot and fix existing bugs on Devise. Here is what
-you can do:
-
-* Help ensure that existing issues follows the recommendations from the
-_[Reporting Issues](#reporting-issues)_ section, providing feeback to the issue's
-author on what might be missing.
-* Review and update the existing content of our [Wiki](https://github.com/plataformatec/devise/wiki)
-with up to date instructions and code samples - the wiki was grown with several
-different tutorials and references that we can't keep track of everything, so if
-there is a page that showcases an integration or customization that you are
-familiar with feel free to update it as necessary.
-* Review existing Pull Requests, and testing patches against real existing
-applications that use Devise.
-
-Thanks again for your interest on contributing to the project!
-
-:heart:
+Thanks!
--- a/19
+++ b/19
@@ -2,23 +2,17 @@ source "https://rubygems.org"

 gemspec

-gem "rails", "~> 5.0.0"
-gem "omniauth", "~> 1.3"
-gem "oauth2"
+gem "rails", "~> 4.2.6"
+gem "omniauth"
 gem "omniauth-oauth2"
 gem "rdoc"

-gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
-
-gem "rails-controller-testing"
-
-gem "responders", "~> 2.1"
-
 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid"
  gem "webrat", "0.7.3", require: false
  gem "mocha", "~> 1.1", require: false
+  gem 'test_after_commit', require: false
 end

 platforms :jruby do
@@ -31,7 +25,6 @@ platforms :ruby do
  gem "sqlite3"
 end

-# TODO:
-# group :mongoid do
-#   gem "mongoid", "~> 4.0.0"
-# end
+group :mongoid do
+  gem "mongoid", "~> 5.0"
+end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,17 +1,7 @@
-GIT
-  remote: git://github.com/rails/activemodel-serializers-xml.git
-  revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf
-  specs:
-    activemodel-serializers-xml (1.0.1)
-      activemodel (> 5.x)
-      activerecord (> 5.x)
-      activesupport (> 5.x)
-      builder (~> 3.1)
-
 PATH
  remote: .
  specs:
-    devise (4.2.0)
+    devise (4.1.0)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0, < 5.1)
@@ -21,45 +11,44 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (5.0.0)
-      actionpack (= 5.0.0)
-      nio4r (~> 1.2)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.0)
-      actionpack (= 5.0.0)
-      actionview (= 5.0.0)
-      activejob (= 5.0.0)
+    actionmailer (4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.0.0)
-      actionview (= 5.0.0)
-      activesupport (= 5.0.0)
-      rack (~> 2.0)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.6)
+      actionview (= 4.2.6)
+      activesupport (= 4.2.6)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.0.0)
-      activesupport (= 5.0.0)
+    actionview (4.2.6)
+      activesupport (= 4.2.6)
      builder (~> 3.1)
      erubis (~> 2.7.0)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (5.0.0)
-      activesupport (= 5.0.0)
-      globalid (>= 0.3.6)
-    activemodel (5.0.0)
-      activesupport (= 5.0.0)
-    activerecord (5.0.0)
-      activemodel (= 5.0.0)
-      activesupport (= 5.0.0)
-      arel (~> 7.0)
-    activesupport (5.0.0)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+    activejob (4.2.6)
+      activesupport (= 4.2.6)
+      globalid (>= 0.3.0)
+    activemodel (4.2.6)
+      activesupport (= 4.2.6)
+      builder (~> 3.1)
+    activerecord (4.2.6)
+      activemodel (= 4.2.6)
+      activesupport (= 4.2.6)
+      arel (~> 6.0)
+    activesupport (4.2.6)
      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    arel (7.0.0)
+    arel (6.0.3)
    bcrypt (3.1.11)
+    bson (4.1.1)
    builder (3.2.2)
    concurrent-ruby (1.0.2)
    erubis (2.7.0)
@@ -70,30 +59,34 @@ GEM
    hashie (3.4.4)
    i18n (0.7.0)
    json (1.8.3)
-    jwt (1.5.4)
+    jwt (1.5.1)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    metaclass (0.0.4)
-    method_source (0.8.2)
-    mime-types (3.1)
+    mime-types (3.0)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
+    mime-types-data (3.2016.0221)
+    mini_portile2 (2.0.0)
    minitest (5.9.0)
    mocha (1.1.0)
      metaclass (~> 0.0.1)
-    multi_json (1.12.1)
+    mongo (2.2.5)
+      bson (~> 4.0)
+    mongoid (5.1.3)
+      activemodel (~> 4.0)
+      mongo (~> 2.1)
+      origin (~> 2.2)
+      tzinfo (>= 0.3.37)
+    multi_json (1.12.0)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
-    nio4r (1.2.1)
-    nokogiri (1.6.8)
-      mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    oauth2 (1.2.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
@@ -108,55 +101,54 @@ GEM
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
+    origin (2.2.0)
    orm_adapter (0.5.0)
-    pkg-config (1.1.7)
-    rack (2.0.1)
+    rack (1.6.4)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
      ruby-openid (>= 2.1.8)
    rack-test (0.6.3)
      rack (>= 1.0)
-    rails (5.0.0)
-      actioncable (= 5.0.0)
-      actionmailer (= 5.0.0)
-      actionpack (= 5.0.0)
-      actionview (= 5.0.0)
-      activejob (= 5.0.0)
-      activemodel (= 5.0.0)
-      activerecord (= 5.0.0)
-      activesupport (= 5.0.0)
+    rails (4.2.6)
+      actionmailer (= 4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
+      activemodel (= 4.2.6)
+      activerecord (= 4.2.6)
+      activesupport (= 4.2.6)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 5.0.0)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (0.1.1)
-      actionpack (~> 5.x)
-      actionview (~> 5.x)
-      activesupport (~> 5.x)
-    rails-dom-testing (2.0.1)
-      activesupport (>= 4.2.0, < 6.0)
+      railties (= 4.2.6)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (5.0.0)
-      actionpack (= 5.0.0)
-      activesupport (= 5.0.0)
-      method_source
+    railties (4.2.6)
+      actionpack (= 4.2.6)
+      activesupport (= 4.2.6)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (11.2.2)
+    rake (11.1.2)
    rdoc (4.2.2)
      json (~> 1.4)
    responders (2.2.0)
      railties (>= 4.2.0, < 5.1)
    ruby-openid (2.7.0)
-    sprockets (3.6.2)
+    sprockets (3.6.0)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (3.1.1)
+    sprockets-rails (3.0.4)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    sqlite3 (1.3.11)
+    test_after_commit (1.0.0)
+      activerecord (>= 3.2)
    thor (0.19.1)
    thread_safe (0.3.5)
    tzinfo (1.2.2)
@@ -167,31 +159,26 @@ GEM
      nokogiri (>= 1.2.0)
      rack (>= 1.0)
      rack-test (>= 0.5.3)
-    websocket-driver (0.6.4)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.2)

 PLATFORMS
  ruby

 DEPENDENCIES
-  activemodel-serializers-xml!
  activerecord-jdbc-adapter
  activerecord-jdbcsqlite3-adapter
  devise!
  jruby-openssl
  mocha (~> 1.1)
-  oauth2
-  omniauth (~> 1.3)
+  mongoid (~> 5.0)
+  omniauth
  omniauth-facebook
  omniauth-oauth2
  omniauth-openid
-  rails (~> 5.0.0)
-  rails-controller-testing
+  rails (~> 4.2.6)
  rdoc
-  responders (~> 2.1)
  sqlite3
+  test_after_commit
  webrat (= 0.7.3)

 BUNDLED WITH
-   1.12.5
+   1.11.2
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 It's composed of 10 modules:

 * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
-* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/omniauth/omniauth) support.
+* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds OmniAuth (https://github.com/intridea/omniauth) support.
 * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
 * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
@@ -97,30 +97,27 @@ gem 'devise'

 Run the bundle command to install it.

-Next, you need to run the generator:
+After you install Devise and add it to your Gemfile, you need to run the generator:

 ```console
 $ rails generate devise:install
 ```

-At this point, a number of instructions will appear in the console. Among these instructions, you'll need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
-
-```ruby
-config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
-```
-
-The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator.
-
-
-In the following command you will replace `MODEL` with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.
+The generator will install an initializer which describes ALL of Devise's configuration options. It is *imperative* that you take a look at it. When you are done, you are ready to add Devise to any of your models using the generator:

 ```console
 $ rails generate devise MODEL
 ```

-Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. 
+Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with the default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.

-Then run `rake db:migrate`
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
+
+Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+
+```ruby
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+```

 You should restart your application after changing Devise's configuration options. Otherwise, you will run into strange errors, for example, users being unable to login and route helpers being undefined.

@@ -447,7 +444,7 @@ tests:

 ```ruby
 sign_in @user
-sign_in @user, scope: :admin
+sign_in @user, scope: admin
 ```

 If you are testing Devise internal controllers or a controller that inherits
--- a/app/controllers/devise/omniauth_callbacks_controller.rb
+++ b/app/controllers/devise/omniauth_callbacks_controller.rb
@@ -13,14 +13,14 @@ class Devise::OmniauthCallbacksController < DeviseController
  protected

  def failed_strategy
-    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : request.env["omniauth.error.strategy"]
+    request.respond_to?(:get_header) ? request.get_header("omniauth.error.strategy") : env["omniauth.error.strategy"]
  end

  def failure_message
-    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : request.env["omniauth.error"]
+    exception = request.respond_to?(:get_header) ? request.get_header("omniauth.error") : env["omniauth.error"]
    error   = exception.error_reason if exception.respond_to?(:error_reason)
    error ||= exception.error        if exception.respond_to?(:error)
-    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : request.env["omniauth.error.type"]).to_s
+    error ||= (request.respond_to?(:get_header) ? request.get_header("omniauth.error.type") : env["omniauth.error.type"]).to_s
    error.to_s.humanize if error
  end

--- a/app/controllers/devise/passwords_controller.rb
+++ b/app/controllers/devise/passwords_controller.rb
@@ -24,13 +24,7 @@ class Devise::PasswordsController < DeviseController
  def edit
    self.resource = resource_class.new
    set_minimum_password_length
-
-    if params[:reset_password_token]
-      session[:reset_password_token] = params[:reset_password_token]
-      redirect_to edit_user_password_url
-    end
-
-    resource.reset_password_token = session[:reset_password_token]
+    resource.reset_password_token = params[:reset_password_token]
  end

  # PUT /resource/password
@@ -47,7 +41,6 @@ class Devise::PasswordsController < DeviseController
      else
        set_flash_message!(:notice, :updated_not_active)
      end
-      session[:reset_password_token] = nil
      respond_with resource, location: after_resetting_password_path_for(resource)
    else
      set_minimum_password_length
@@ -67,9 +60,7 @@ class Devise::PasswordsController < DeviseController

    # Check if a reset_password_token is provided in the request
    def assert_reset_token_passed
-      reset_token = session[:reset_password_token] || params[:reset_password_token]
-
-      if reset_token.blank?
+      if params[:reset_password_token].blank?
        set_flash_message(:alert, :no_token)
        redirect_to new_session_path(resource_name)
      end
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -7,7 +7,7 @@ class Devise::RegistrationsController < DeviseController
  def new
    build_resource({})
    yield resource if block_given?
-    respond_with resource
+    respond_with self.resource
  end

  # POST /resource
--- a/gemfiles/Gemfile.rails-4.1-stable.lock
+++ b/gemfiles/Gemfile.rails-4.1-stable.lock
@@ -1,6 +1,6 @@
 GIT
  remote: git://github.com/rails/rails.git
-  revision: 9f5cbe613c8a80282970c73b0f00095788d54e34
+  revision: 41b4d81b4fd14cbf43060c223bea0f461256d099
  branch: 4-1-stable
  specs:
    actionmailer (4.1.15)
@@ -48,7 +48,7 @@ GIT
 PATH
  remote: ..
  specs:
-    devise (4.2.0)
+    devise (4.1.0)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0, < 5.1)
@@ -70,14 +70,14 @@ GEM
    hashie (3.4.4)
    i18n (0.7.0)
    json (1.8.3)
-    jwt (1.5.4)
+    jwt (1.5.1)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    metaclass (0.0.4)
-    mime-types (3.1)
+    mime-types (3.0)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
+    mime-types-data (3.2016.0221)
+    mini_portile2 (2.0.0)
    minitest (5.9.0)
    mocha (1.1.0)
      metaclass (~> 0.0.1)
@@ -90,15 +90,14 @@ GEM
      bson (~> 3.0)
      connection_pool (~> 2.0)
      optionable (~> 0.2.0)
-    multi_json (1.12.1)
+    multi_json (1.12.0)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
-    nokogiri (1.6.8)
-      mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    oauth2 (1.2.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
@@ -116,20 +115,19 @@ GEM
    optionable (0.2.0)
    origin (2.2.0)
    orm_adapter (0.5.0)
-    pkg-config (1.1.7)
    rack (1.5.5)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
      ruby-openid (>= 2.1.8)
    rack-test (0.6.3)
      rack (>= 1.0)
-    rake (11.2.2)
+    rake (11.1.2)
    rdoc (4.2.2)
      json (~> 1.4)
    responders (1.1.2)
      railties (>= 3.2, < 4.2)
    ruby-openid (2.7.0)
-    sprockets (3.6.2)
+    sprockets (3.6.0)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (2.3.3)
@@ -137,7 +135,7 @@ GEM
      activesupport (>= 3.0)
      sprockets (>= 2.8, < 4.0)
    sqlite3 (1.3.11)
-    test_after_commit (1.1.0)
+    test_after_commit (1.0.0)
      activerecord (>= 3.2)
    thor (0.19.1)
    thread_safe (0.3.5)
@@ -171,4 +169,4 @@ DEPENDENCIES
  webrat (= 0.7.3)

 BUNDLED WITH
-   1.12.5
+   1.11.2
--- a/gemfiles/Gemfile.rails-4.2-stable.lock
+++ b/gemfiles/Gemfile.rails-4.2-stable.lock
@@ -1,64 +1,64 @@
 GIT
  remote: git://github.com/rails/rails.git
-  revision: 5a85938418285ab81e3db52ea102d19f95ed7a94
+  revision: 5be7cfa46e055148c8b74ac5d48982a3435f477c
  branch: 4-2-stable
  specs:
-    actionmailer (4.2.7.rc1)
-      actionpack (= 4.2.7.rc1)
-      actionview (= 4.2.7.rc1)
-      activejob (= 4.2.7.rc1)
+    actionmailer (4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.7.rc1)
-      actionview (= 4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    actionpack (4.2.6)
+      actionview (= 4.2.6)
+      activesupport (= 4.2.6)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    actionview (4.2.6)
+      activesupport (= 4.2.6)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activejob (4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    activejob (4.2.6)
+      activesupport (= 4.2.6)
      globalid (>= 0.3.0)
-    activemodel (4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    activemodel (4.2.6)
+      activesupport (= 4.2.6)
      builder (~> 3.1)
-    activerecord (4.2.7.rc1)
-      activemodel (= 4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    activerecord (4.2.6)
+      activemodel (= 4.2.6)
+      activesupport (= 4.2.6)
      arel (~> 6.0)
-    activesupport (4.2.7.rc1)
+    activesupport (4.2.6)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    rails (4.2.7.rc1)
-      actionmailer (= 4.2.7.rc1)
-      actionpack (= 4.2.7.rc1)
-      actionview (= 4.2.7.rc1)
-      activejob (= 4.2.7.rc1)
-      activemodel (= 4.2.7.rc1)
-      activerecord (= 4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    rails (4.2.6)
+      actionmailer (= 4.2.6)
+      actionpack (= 4.2.6)
+      actionview (= 4.2.6)
+      activejob (= 4.2.6)
+      activemodel (= 4.2.6)
+      activerecord (= 4.2.6)
+      activesupport (= 4.2.6)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.7.rc1)
+      railties (= 4.2.6)
      sprockets-rails
-    railties (4.2.7.rc1)
-      actionpack (= 4.2.7.rc1)
-      activesupport (= 4.2.7.rc1)
+    railties (4.2.6)
+      actionpack (= 4.2.6)
+      activesupport (= 4.2.6)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)

 PATH
  remote: ..
  specs:
-    devise (4.2.0)
+    devise (4.1.0)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0, < 5.1)
@@ -82,16 +82,16 @@ GEM
    hashie (3.4.4)
    i18n (0.7.0)
    json (1.8.3)
-    jwt (1.5.4)
+    jwt (1.5.1)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    metaclass (0.0.4)
-    mime-types (3.1)
+    mime-types (3.0)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_portile2 (2.1.0)
+    mime-types-data (3.2016.0221)
+    mini_portile2 (2.0.0)
    minitest (5.9.0)
    mocha (1.1.0)
      metaclass (~> 0.0.1)
@@ -104,15 +104,14 @@ GEM
      bson (~> 3.0)
      connection_pool (~> 2.0)
      optionable (~> 0.2.0)
-    multi_json (1.12.1)
+    multi_json (1.12.0)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
-    nokogiri (1.6.8)
-      mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
-    oauth2 (1.2.0)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
@@ -130,7 +129,6 @@ GEM
    optionable (0.2.0)
    origin (2.2.0)
    orm_adapter (0.5.0)
-    pkg-config (1.1.7)
    rack (1.6.4)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
@@ -145,21 +143,21 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    rake (11.2.2)
+    rake (11.1.2)
    rdoc (4.2.2)
      json (~> 1.4)
    responders (2.2.0)
      railties (>= 4.2.0, < 5.1)
    ruby-openid (2.7.0)
-    sprockets (3.6.2)
+    sprockets (3.6.0)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
-    sprockets-rails (3.1.1)
+    sprockets-rails (3.0.4)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    sqlite3 (1.3.11)
-    test_after_commit (1.1.0)
+    test_after_commit (1.0.0)
      activerecord (>= 3.2)
    thor (0.19.1)
    thread_safe (0.3.5)
@@ -193,4 +191,4 @@ DEPENDENCIES
  webrat (= 0.7.3)

 BUNDLED WITH
-   1.12.5
+   1.11.2
--- a/gemfiles/Gemfile.rails-5.0
+++ b/gemfiles/Gemfile.rails-5.0
@@ -0,0 +1,37 @@
+source "https://rubygems.org"
+
+gemspec path: ".."
+
+gem "rails", "5.0.0.rc1"
+gem "omniauth", " ~> 1.3"
+gem "oauth2"
+gem "omniauth-oauth2"
+gem "rdoc"
+
+gem "activemodel-serializers-xml", github: "rails/activemodel-serializers-xml"
+
+gem "rails-controller-testing"
+
+gem "responders", "~> 2.1"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.1", require: false
+end
+
+platforms :jruby do
+  gem "activerecord-jdbc-adapter"
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jruby-openssl"
+end
+
+platforms :ruby do
+  gem "sqlite3"
+end
+
+# TODO:
+# group :mongoid do
+#   gem "mongoid", "~> 4.0.0"
+# end
--- a/gemfiles/Gemfile.rails-5.0-beta.lock
+++ b/gemfiles/Gemfile.rails-5.0-beta.lock
@@ -0,0 +1,199 @@
+GIT
+  remote: git://github.com/rails/activemodel-serializers-xml.git
+  revision: f380ea5ddefcb9a37f4fbc47606ed6fbecdb2b2a
+  specs:
+    activemodel-serializers-xml (1.0.0)
+      activemodel (> 5.x)
+      activerecord (> 5.x)
+      activesupport (> 5.x)
+      builder (~> 3.1)
+
+PATH
+  remote: ..
+  specs:
+    devise (4.0.0.rc2)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 5.1)
+      responders
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      nio4r (~> 1.2)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activejob (= 5.0.0.beta3)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      rack (~> 2.x)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      globalid (>= 0.3.6)
+    activemodel (5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+    activerecord (5.0.0.beta3)
+      activemodel (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      arel (~> 7.0)
+    activesupport (5.0.0.beta3)
+      concurrent-ruby (~> 1.0)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (7.0.0)
+    bcrypt (3.1.11)
+    builder (3.2.2)
+    concurrent-ruby (1.0.1)
+    erubis (2.7.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
+    hashie (3.4.3)
+    i18n (0.7.0)
+    json (1.8.3)
+    jwt (1.5.1)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
+    metaclass (0.0.4)
+    method_source (0.8.2)
+    mime-types (3.0)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0221)
+    mini_portile2 (2.0.0)
+    minitest (5.8.4)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.11.2)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nio4r (1.2.1)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0, < 1.5.2)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
+      hashie (>= 1.2, < 4)
+      rack (>= 1.0, < 3)
+    omniauth-facebook (3.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    orm_adapter (0.5.0)
+    rack (2.0.0.alpha)
+      json
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (5.0.0.beta3)
+      actioncable (= 5.0.0.beta3)
+      actionmailer (= 5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      actionview (= 5.0.0.beta3)
+      activejob (= 5.0.0.beta3)
+      activemodel (= 5.0.0.beta3)
+      activerecord (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 5.0.0.beta3)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (0.1.1)
+      actionpack (~> 5.x)
+      actionview (~> 5.x)
+      activesupport (~> 5.x)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (5.0.0.beta3)
+      actionpack (= 5.0.0.beta3)
+      activesupport (= 5.0.0.beta3)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.1.2)
+      railties (>= 4.2.0, < 5.1)
+    ruby-openid (2.7.0)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.4)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.11)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    warden (1.2.6)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+    websocket-driver (0.6.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activemodel-serializers-xml!
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  oauth2
+  omniauth (~> 1.3)
+  omniauth-facebook
+  omniauth-oauth2 (>= 1.2.0, < 1.5.0)
+  omniauth-openid (~> 1.0.1)
+  rails (= 5.0.0.beta3)
+  rails-controller-testing
+  rdoc
+  responders (~> 2.1.1)
+  sqlite3
+  webrat (= 0.7.3)
+
+BUNDLED WITH
+   1.11.2
--- a/gemfiles/Gemfile.rails-5.0.lock
+++ b/gemfiles/Gemfile.rails-5.0.lock
@@ -0,0 +1,199 @@
+GIT
+  remote: git://github.com/rails/activemodel-serializers-xml.git
+  revision: 570ee7ed33d60e44ca1f3ccbec3d1fbf61d52cbf
+  specs:
+    activemodel-serializers-xml (1.0.1)
+      activemodel (> 5.x)
+      activerecord (> 5.x)
+      activesupport (> 5.x)
+      builder (~> 3.1)
+
+PATH
+  remote: ..
+  specs:
+    devise (4.1.0)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0, < 5.1)
+      responders
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.0.0.rc1)
+      actionpack (= 5.0.0.rc1)
+      nio4r (~> 1.2)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.0.rc1)
+      actionpack (= 5.0.0.rc1)
+      actionview (= 5.0.0.rc1)
+      activejob (= 5.0.0.rc1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (5.0.0.rc1)
+      actionview (= 5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      rack (~> 2.x)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      globalid (>= 0.3.6)
+    activemodel (5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+    activerecord (5.0.0.rc1)
+      activemodel (= 5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      arel (~> 7.0)
+    activesupport (5.0.0.rc1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (7.0.0)
+    bcrypt (3.1.11)
+    builder (3.2.2)
+    concurrent-ruby (1.0.2)
+    erubis (2.7.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
+    hashie (3.4.4)
+    i18n (0.7.0)
+    json (1.8.3)
+    jwt (1.5.1)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.4)
+      mime-types (>= 1.16, < 4)
+    metaclass (0.0.4)
+    method_source (0.8.2)
+    mime-types (3.0)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0221)
+    mini_portile2 (2.0.0)
+    minitest (5.9.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.12.0)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nio4r (1.2.1)
+    nokogiri (1.6.7.2)
+      mini_portile2 (~> 2.0.0.rc2)
+    oauth2 (1.1.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0, < 1.5.2)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
+      hashie (>= 1.2, < 4)
+      rack (>= 1.0, < 3)
+    omniauth-facebook (3.0.0)
+      omniauth-oauth2 (~> 1.2)
+    omniauth-oauth2 (1.4.0)
+      oauth2 (~> 1.0)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    orm_adapter (0.5.0)
+    rack (2.0.0.rc1)
+      json
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (5.0.0.rc1)
+      actioncable (= 5.0.0.rc1)
+      actionmailer (= 5.0.0.rc1)
+      actionpack (= 5.0.0.rc1)
+      actionview (= 5.0.0.rc1)
+      activejob (= 5.0.0.rc1)
+      activemodel (= 5.0.0.rc1)
+      activerecord (= 5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 5.0.0.rc1)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (0.1.1)
+      actionpack (~> 5.x)
+      actionview (~> 5.x)
+      activesupport (~> 5.x)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.3)
+      loofah (~> 2.0)
+    railties (5.0.0.rc1)
+      actionpack (= 5.0.0.rc1)
+      activesupport (= 5.0.0.rc1)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (11.1.2)
+    rdoc (4.2.2)
+      json (~> 1.4)
+    responders (2.2.0)
+      railties (>= 4.2.0, < 5.1)
+    ruby-openid (2.7.0)
+    sprockets (3.6.0)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.0.4)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.3.11)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    warden (1.2.6)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+    websocket-driver (0.6.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activemodel-serializers-xml!
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  oauth2
+  omniauth (~> 1.3)
+  omniauth-facebook
+  omniauth-oauth2
+  omniauth-openid
+  rails (= 5.0.0.rc1)
+  rails-controller-testing
+  rdoc
+  responders (~> 2.1)
+  sqlite3
+  webrat (= 0.7.3)
+
+BUNDLED WITH
+   1.11.2
--- a/lib/devise/controllers/rememberable.rb
+++ b/lib/devise/controllers/rememberable.rb
@@ -18,7 +18,7 @@ module Devise

      # Remembers the given resource by setting up a cookie
      def remember_me(resource)
-        return if request.env["devise.skip_storage"]
+        return if env["devise.skip_storage"]
        scope = Devise::Mapping.find_scope!(resource)
        resource.remember_me!
        cookies.signed[remember_key(resource, scope)] = remember_cookie_values(resource)
--- a/lib/devise/controllers/sign_in_out.rb
+++ b/lib/devise/controllers/sign_in_out.rb
@@ -74,6 +74,7 @@ module Devise
        scope = Devise::Mapping.find_scope!(resource_or_scope)
        user = warden.user(scope: scope, run_callbacks: false) # If there is no user

+        warden.raw_session.inspect # Without this inspect here. The session does not clear.
        warden.logout(scope)
        warden.clear_strategies_cache!(scope: scope)
        instance_variable_set(:"@current_#{scope}", nil)
--- a/lib/devise/controllers/store_location.rb
+++ b/lib/devise/controllers/store_location.rb
@@ -29,7 +29,7 @@ module Devise
      # Example:
      #
      #   store_location_for(:user, dashboard_path)
-      #   redirect_to user_facebook_omniauth_authorize_path
+      #   redirect_to user_omniauth_authorize_path(:facebook)
      #
      def store_location_for(resource_or_scope, location)
        session_key = stored_location_key_for(resource_or_scope)
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -2,9 +2,9 @@ require "action_controller/metal"

 module Devise
  # Failure application that will be called every time :warden is thrown from
-  # any strategy or hook. It is responsible for redirecting the user to the sign
-  # in page based on current scope and mapping. If no scope is given, it
-  # redirects to the default_url.
+  # any strategy or hook. Responsible for redirect the user to the sign in
+  # page based on current scope and mapping. If no scope is given, redirect
+  # to the default_url.
  class FailureApp < ActionController::Metal
    include ActionController::UrlFor
    include ActionController::Redirecting
@@ -50,11 +50,13 @@ module Devise
    end

    def recall
-      header_info = if relative_url_root?
-        base_path = Pathname.new(relative_url_root)
+      config = Rails.application.config
+
+      header_info = if config.try(:relative_url_root)
+        base_path = Pathname.new(config.relative_url_root)
        full_path = Pathname.new(attempted_path)

-        { "SCRIPT_NAME" => relative_url_root,
+        { "SCRIPT_NAME" => config.relative_url_root,
          "PATH_INFO" => '/' + full_path.relative_path_from(base_path).to_s }
      else
        { "PATH_INFO" => attempted_path }
@@ -64,7 +66,7 @@ module Devise
        if request.respond_to?(:set_header)
          request.set_header(var, value)
        else
-          request.env[var]  = value
+          env[var]  = value
        end
      end

@@ -133,16 +135,18 @@ module Devise

    def scope_url
      opts  = {}
-
-      # Initialize script_name with nil to prevent infinite loops in
-      # authenticated mounted engines in rails 4.2 and 5.0
-      opts[:script_name] = nil
-
      route = route(scope)
-
      opts[:format] = request_format unless skip_format?

-      opts[:script_name] = relative_url_root if relative_url_root?
+      config = Rails.application.config
+
+      if config.respond_to?(:relative_url_root)
+        # Rails 4.2 goes into an infinite loop if opts[:script_name] is unset
+        rails_4_2 = (Rails::VERSION::MAJOR >= 4) && (Rails::VERSION::MINOR >= 2)
+        if config.relative_url_root.present? || rails_4_2
+          opts[:script_name] = config.relative_url_root
+        end
+      end

      router_name = Devise.mappings[scope].router_name || Devise.available_router_name
      context = send(router_name)
@@ -160,12 +164,12 @@ module Devise
      %w(html */*).include? request_format.to_s
    end

-    # Choose whether we should respond in an HTTP authentication fashion,
+    # Choose whether we should respond in a http authentication fashion,
    # including 401 and optional headers.
    #
-    # This method allows the user to explicitly disable HTTP authentication
-    # on AJAX requests in case they want to redirect on failures instead of
-    # handling the errors on their own. This is useful in case your AJAX API
+    # This method allows the user to explicitly disable http authentication
+    # on ajax requests in case they want to redirect on failures instead of
+    # handling the errors on their own. This is useful in case your ajax API
    # is the same as your public API and uses a format like JSON (so you
    # cannot mark JSON as a navigational format).
    def http_auth?
@@ -176,7 +180,7 @@ module Devise
      end
    end

-    # It doesn't make sense to send authenticate headers in AJAX requests
+    # It does not make sense to send authenticate headers in ajax requests
    # or if the user disabled them.
    def http_auth_header?
      scope_class.http_authenticatable && !request.xhr?
@@ -202,11 +206,11 @@ module Devise
    end

    def warden
-      request.respond_to?(:get_header) ? request.get_header("warden") : request.env["warden"]
+      request.respond_to?(:get_header) ? request.get_header("warden") : env["warden"]
    end

    def warden_options
-      request.respond_to?(:get_header) ? request.get_header("warden.options") : request.env["warden.options"]
+      request.respond_to?(:get_header) ? request.get_header("warden.options") : env["warden.options"]
    end

    def warden_message
@@ -225,10 +229,10 @@ module Devise
      warden_options[:attempted_path]
    end

-    # Stores requested URI to redirect the user after signing in. We can't use
-    # the scoped session provided by warden here, since the user is not
-    # authenticated yet, but we still need to store the URI based on scope, so
-    # different scopes would never use the same URI to redirect.
+    # Stores requested uri to redirect the user after signing in. We cannot use
+    # scoped session provided by warden here, since the user is not authenticated
+    # yet, but we still need to store the uri based on scope, so different scopes
+    # would never use the same uri to redirect.
    def store_location!
      store_location_for(scope, attempted_path) if request.get? && !http_auth?
    end
@@ -246,17 +250,5 @@ module Devise
    def request_format
      @request_format ||= request.format.try(:ref)
    end
-
-    def relative_url_root
-      @relative_url_root ||= begin
-        config = Rails.application.config
-
-        config.try(:relative_url_root) || config.action_controller.try(:relative_url_root)
-      end
-    end
-
-    def relative_url_root?
-      relative_url_root.present?
-    end
  end
 end
--- a/lib/devise/hooks/lockable.rb
+++ b/lib/devise/hooks/lockable.rb
@@ -2,9 +2,6 @@
 # This is only triggered when the user is explicitly set (with set_user)
 Warden::Manager.after_set_user except: :fetch do |record, warden, options|
  if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
-    unless record.failed_attempts.to_i.zero?
-      record.failed_attempts = 0
-      record.save(validate: false)
-    end
+    record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero?
  end
 end
--- a/lib/devise/hooks/proxy.rb
+++ b/lib/devise/hooks/proxy.rb
@@ -7,7 +7,7 @@ module Devise
      include Devise::Controllers::SignInOut

      attr_reader :warden
-      delegate :cookies, :request, to: :warden
+      delegate :cookies, :env, to: :warden

      def initialize(warden)
        @warden = warden
--- a/lib/devise/mailers/helpers.rb
+++ b/lib/devise/mailers/helpers.rb
@@ -5,16 +5,15 @@ module Devise

      included do
        include Devise::Controllers::ScopedViews
+        attr_reader :scope_name, :resource
      end

      protected

-      attr_reader :scope_name, :resource
-
      # Configure default email options
-      def devise_mail(record, action, opts = {}, &block)
+      def devise_mail(record, action, opts={})
        initialize_from_record(record)
-        mail headers_for(action, opts), &block
+        mail headers_for(action, opts)
      end

      def initialize_from_record(record)
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -114,15 +114,6 @@ module Devise
        super(options)
      end

-      # Redefine inspect using serializable_hash, to ensure we don't accidentally
-      # leak passwords into exceptions.
-      def inspect
-        inspection = serializable_hash.collect do |k,v|
-          "#{k}: #{respond_to?(:attribute_for_inspect) ? attribute_for_inspect(k) : v.inspect}"
-        end
-        "#<#{self.class} #{inspection.join(", ")}>"
-      end
-
      protected

      def devise_mailer
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -43,7 +43,7 @@ module Devise

      included do
        before_create :generate_confirmation_token, if: :confirmation_required?
-        after_create :skip_reconfirmation_in_callback!, if: :send_confirmation_notification?
+        after_create :skip_reconfirmation!, if: :send_confirmation_notification?
        if respond_to?(:after_commit) # ActiveRecord
          after_commit :send_on_create_confirmation_instructions, on: :create, if: :send_confirmation_notification?
          after_commit :send_reconfirmation_instructions, on: :update, if: :reconfirmation_required?
@@ -56,7 +56,6 @@ module Devise

      def initialize(*args, &block)
        @bypass_confirmation_postpone = false
-        @skip_reconfirmation_in_callback = false
        @reconfirmation_required = false
        @skip_confirmation_notification = false
        @raw_confirmation_token = nil
@@ -166,12 +165,6 @@ module Devise

      protected

-        # To not require reconfirmation after creating with #save called in a
-        # callback call skip_create_confirmation!
-        def skip_reconfirmation_in_callback!
-          @skip_reconfirmation_in_callback = true
-        end
-
        # A callback method used to deliver confirmation
        # instructions on creation. This can be overridden
        # in models to map to a nice sign up e-mail.
@@ -260,11 +253,7 @@ module Devise
        end

        def postpone_email_change?
-          postpone = self.class.reconfirmable &&
-            email_changed? &&
-            !@bypass_confirmation_postpone &&
-            self.email.present? &&
-            (!@skip_reconfirmation_in_callback || !self.email_was.nil?)
+          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
          @bypass_confirmation_postpone = false
          postpone
        end
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -27,7 +27,11 @@ module Devise
      end

      included do
-        before_update :clear_reset_password_token, if: :clear_reset_password_token?
+        before_update do
+          if (respond_to?(:email_changed?) && email_changed?) || encrypted_password_changed?
+            clear_reset_password_token
+          end
+        end
      end

      # Update password saving the record and clearing token. Returns true if
@@ -93,15 +97,6 @@ module Devise
          send_devise_notification(:reset_password_instructions, token, {})
        end

-        def clear_reset_password_token?
-          encrypted_password_changed = respond_to?(:encrypted_password_changed?) && encrypted_password_changed?
-          authentication_keys_changed = self.class.authentication_keys.any? do |attribute|
-            respond_to?("#{attribute}_changed?") && send("#{attribute}_changed?")
-          end
-
-          authentication_keys_changed || encrypted_password_changed
-        end
-
      module ClassMethods
        # Attempt to find a user by password reset token. If a user is found, return it
        # If a user is not found, return nil
--- a/lib/devise/orm/active_record.rb
+++ b/lib/devise/orm/active_record.rb
@@ -1,5 +1,3 @@
 require 'orm_adapter/adapters/active_record'

-ActiveSupport.on_load(:active_record) do
-  extend Devise::Models
-end
+ActiveRecord::Base.extend Devise::Models
--- a/lib/devise/orm/mongoid.rb
+++ b/lib/devise/orm/mongoid.rb
@@ -1,5 +1,3 @@
-ActiveSupport.on_load(:mongoid) do
-  require 'orm_adapter/adapters/mongoid'
+require 'orm_adapter/adapters/mongoid'

-  Mongoid::Document::ClassMethods.send :include, Devise::Models
-end
+Mongoid::Document::ClassMethods.send :include, Devise::Models
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -338,7 +338,7 @@ module ActionDispatch::Routing

    # Sets the devise scope to be used in the controller. If you have custom routes,
    # you are required to call this method (also aliased as :as) in order to specify
-    # to which controller it is targeted.
+    # to which controller it is targetted.
    #
    #   as :user do
    #     get "sign_in", to: "devise/sessions#new"
--- a/lib/devise/test/controller_helpers.rb
+++ b/lib/devise/test/controller_helpers.rb
@@ -65,7 +65,7 @@ module Devise
          scope = resource
          resource = deprecated

-          ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+          ActiveSupport::Deprecation.warn <<-DEPRECATION
            [Devise] sign_in(:#{scope}, resource) on controller tests is deprecated and will be removed from Devise.
            Please use sign_in(resource, scope: :#{scope}) instead.
          DEPRECATION
@@ -121,7 +121,7 @@ module Devise

      def _process_unauthenticated(env, options = {})
        options[:action] ||= :unauthenticated
-        proxy = request.env['warden']
+        proxy = env['warden']
        result = options[:result] || proxy.result

        ret = case result
@@ -131,14 +131,15 @@ module Devise
        when :custom
          proxy.custom_response
        else
-          request.env["PATH_INFO"] = "/#{options[:action]}"
-          request.env["warden.options"] = options
+          env["PATH_INFO"] = "/#{options[:action]}"
+          env["warden.options"] = options
          Warden::Manager._run_callbacks(:before_failure, env, options)

          status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
          @controller.response.headers.merge!(headers)
-          @controller.status = status
-          @controller.response.body = response.body
+          r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
+          r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
+          @controller.send :render, r_opts
          nil # causes process return @response
        end

@@ -147,12 +148,12 @@ module Devise
        # testing time, we want the response to be available to the testing
        # framework to verify what would be returned to rack.
        if ret.is_a?(Array)
-          status, headers, body = *ret
          # ensure the controller response is set to our response.
          @controller.response ||= @response
-          @response.status = status
-          @response.headers.merge!(headers)
-          @response.body = body
+          @response.status = ret.first
+          @response.headers.clear
+          ret.second.each { |k,v| @response[k] = v }
+          @response.body = ret.third
        end

        ret
--- a/lib/devise/test_helpers.rb
+++ b/lib/devise/test_helpers.rb
@@ -2,7 +2,7 @@ module Devise
  module TestHelpers
    def self.included(base)
      base.class_eval do
-        ActiveSupport::Deprecation.warn <<-DEPRECATION.strip_heredoc
+        ActiveSupport::Deprecation.warn <<-DEPRECATION
          [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
          For controller tests, please include `Devise::Test::ControllerHelpers` instead.
        DEPRECATION
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "4.2.0".freeze
+  VERSION = "4.1.0".freeze
 end
--- a/lib/generators/templates/controllers/registrations_controller.rb
+++ b/lib/generators/templates/controllers/registrations_controller.rb
@@ -1,6 +1,6 @@
 class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
-  # before_action :configure_sign_up_params, only: [:create]
-  # before_action :configure_account_update_params, only: [:update]
+# before_action :configure_sign_up_params, only: [:create]
+# before_action :configure_account_update_params, only: [:update]

  # GET /resource/sign_up
  # def new
--- a/lib/generators/templates/controllers/sessions_controller.rb
+++ b/lib/generators/templates/controllers/sessions_controller.rb
@@ -1,5 +1,5 @@
 class <%= @scope_prefix %>SessionsController < Devise::SessionsController
-  # before_action :configure_sign_in_params, only: [:create]
+# before_action :configure_sign_in_params, only: [:create]

  # GET /resource/sign_in
  # def new
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@@ -94,7 +94,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
      User.class_eval { attr_protected :email }

      begin
-        assert_nothing_raised do
+        assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
          get :new, user: { email: "allez viens!" }
        end
      ensure
--- a/test/devise_test.rb
+++ b/test/devise_test.rb
@@ -67,18 +67,18 @@ class DeviseTest < ActiveSupport::TestCase
  end

  test 'add new module using the helper method' do
-    Devise.add_module(:coconut)
+    assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
    assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
    refute Devise::STRATEGIES.include?(:coconut)
    refute defined?(Devise::Models::Coconut)
    Devise::ALL.delete(:coconut)

-    Devise.add_module(:banana, strategy: :fruits)
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) }
    assert_equal :fruits, Devise::STRATEGIES[:banana]
    Devise::ALL.delete(:banana)
    Devise::STRATEGIES.delete(:banana)

-    Devise.add_module(:kivi, controller: :fruits)
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) }
    assert_equal :fruits, Devise::CONTROLLERS[:kivi]
    Devise::ALL.delete(:kivi)
    Devise::CONTROLLERS.delete(:kivi)
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -131,24 +131,6 @@ class FailureTest < ActiveSupport::TestCase
      end
    end

-    if Rails.application.config.action_controller.respond_to?(:relative_url_root)
-      test "returns to the default redirect location considering action_controller's relative url root" do
-        swap Rails.application.config.action_controller, relative_url_root: "/sample" do
-          call_failure
-          assert_equal 302, @response.first
-          assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
-        end
-      end
-
-      test "returns to the default redirect location considering action_controller's relative url root and subdomain" do
-        swap Rails.application.config.action_controller, relative_url_root: "/sample" do
-          call_failure('warden.options' => { scope: :subdomain_user })
-          assert_equal 302, @response.first
-          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
-        end
-      end
-    end
-
    test 'uses the proxy failure message as symbol' do
      call_failure('warden' => OpenStruct.new(message: :invalid))
      assert_equal 'Invalid Email or password.', @request.flash[:alert]
--- a/test/integration/authenticatable_test.rb
+++ b/test/integration/authenticatable_test.rb
@@ -245,7 +245,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
    end
  end

-  test 'not signed in users should see unauthenticated page (unauthenticated accepted)' do
+  test 'not signed in users should see unautheticated page (unauthenticated accepted)' do
    get join_path

    assert_response :success
--- a/test/integration/mounted_engine_test.rb
+++ b/test/integration/mounted_engine_test.rb
@@ -1,36 +0,0 @@
-require 'test_helper'
-
-class MyMountableEngine
-  def self.call(env)
-    ['200', { 'Content-Type' => 'text/html' }, ['Rendered content of MyMountableEngine']]
-  end
-end
-
-# If disable_clear_and_finalize is set to true, Rails will not clear other routes when calling
-# again the draw method. Look at the source code at:
-# http://www.rubydoc.info/docs/rails/ActionDispatch/Routing/RouteSet:draw
-Rails.application.routes.disable_clear_and_finalize = true
-
-Rails.application.routes.draw do
-  authenticate(:user) do
-    mount MyMountableEngine, at: '/mountable_engine'
-  end
-end
-
-class AuthenticatedMountedEngineTest < Devise::IntegrationTest
-  test 'redirects to the sign in page when not authenticated' do
-    get '/mountable_engine'
-    follow_redirect!
-
-    assert_response :ok
-    assert_contain 'You need to sign in or sign up before continuing.'
-  end
-
-  test 'renders the mounted engine when authenticated' do
-    sign_in_as_user
-    get '/mountable_engine'
-
-    assert_response :success
-    assert_contain 'Rendered content of MyMountableEngine'
-  end
-end
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -22,7 +22,7 @@ class PasswordTest < Devise::IntegrationTest
  def reset_password(options={}, &block)
    unless options[:visit] == false
      visit edit_user_password_path(reset_password_token: options[:reset_password_token] || "abcdef")
-      assert_current_url '/users/password/edit'
+      assert_response :success
    end

    fill_in 'New password', with: '987654321'
--- a/test/mailers/mailer_test.rb
+++ b/test/mailers/mailer_test.rb
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class MailerTest < ActionMailer::TestCase
-  test "pass given block to #mail call" do
-    class TestMailer < Devise::Mailer
-      def confirmation_instructions(record, token, opts = {})
-        @token = token
-        devise_mail(record, :confirmation_instructions, opts) do |format|
-          format.html(content_transfer_encoding: "7bit")
-        end
-      end
-    end
-
-    mail = TestMailer.confirmation_instructions(create_user, "confirmation-token")
-
-    assert mail.content_transfer_encoding, "7bit"
-  end
-end
--- a/test/models/confirmable_test.rb
+++ b/test/models/confirmable_test.rb
@@ -508,12 +508,4 @@ class ReconfirmableTest < ActiveSupport::TestCase
    admin = Admin::WithSaveInCallback.create(valid_attributes.except(:username))
    assert !admin.pending_reconfirmation?
  end
-
-  test 'should require reconfirmation after creating a record and updating the email' do
-    admin = create_admin
-    assert !admin.instance_variable_get(:@bypass_confirmation_postpone)
-    admin.email = "new_test@email.com"
-    admin.save
-    assert admin.pending_reconfirmation?
-  end
 end
--- a/test/models/rememberable_test.rb
+++ b/test/models/rememberable_test.rb
@@ -99,28 +99,15 @@ class RememberableTest < ActiveSupport::TestCase
    assert_nil User.serialize_from_cookie(user.to_key, "123", Time.now.utc)
  end

-  test 'raises a RuntimeError if the user does not implements a rememberable value' do
-    user = User.new
-    assert_raise(RuntimeError) { user.rememberable_value }
-
-    user_with_remember_token = User.new
-    def user_with_remember_token.remember_token; '123-token'; end
-    assert_equal '123-token', user_with_remember_token.rememberable_value
-
-    user_with_salt = User.new
-    def user_with_salt.authenticatable_salt; '123-salt'; end
-    assert_equal '123-salt', user_with_salt.rememberable_value
-  end
-
  test 'raises a RuntimeError if authenticatable_salt is nil or empty' do
    user = User.new
-    def user.authenticatable_salt; nil; end
+    def user.authenticable_salt; nil; end
    assert_raise RuntimeError do
      user.rememberable_value
    end

    user = User.new
-    def user.authenticatable_salt; ""; end
+    def user.authenticable_salt; ""; end
    assert_raise RuntimeError do
      user.rememberable_value
    end
--- a/test/models/serializable_test.rb
+++ b/test/models/serializable_test.rb
@@ -35,11 +35,6 @@ class SerializableTest < ActiveSupport::TestCase
    assert_key "confirmation_token", from_json(force_except: :email)
  end

-  test 'should not include unsafe keys in inspect' do
-    assert_match(/email/, @user.inspect)
-    assert_no_match(/confirmation_token/, @user.inspect)
-  end
-
  def assert_key(key, subject)
    assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
  end
--- a/test/models_test.rb
+++ b/test/models_test.rb
@@ -112,7 +112,7 @@ class CheckFieldsTest < ActiveSupport::TestCase
      attr_accessor :encrypted_password, :email
    end

-    assert_nothing_raised do
+    assert_nothing_raised Devise::Models::MissingAttribute do
      Devise::Models.check_fields!(Player)
    end
  end
--- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb
@@ -1,6 +1,6 @@
 class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def facebook
-    data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : request.env["omniauth.auth"]
+    data = request.respond_to?(:get_header) ? request.get_header("omniauth.auth") : env["omniauth.auth"]
    session["devise.facebook_data"] = data["extra"]["user_hash"]
    render json: data
  end
--- a/test/rails_app/config/environments/production.rb
+++ b/test/rails_app/config/environments/production.rb
@@ -20,9 +20,7 @@ RailsApp::Application.configure do
  # config.action_dispatch.rack_cache = true

  # Disable Rails's static asset server (Apache or nginx will already do this).
-  if Rails.version >= "5.0.0"
-    config.public_file_server.enabled = false
-  elsif Rails.version >= "4.2.0"
+  if Rails.version >= "4.2.0"
    config.serve_static_files = false
  else
    config.serve_static_assets = false
--- a/test/rails_app/config/environments/test.rb
+++ b/test/rails_app/config/environments/test.rb
@@ -14,14 +14,15 @@ RailsApp::Application.configure do

  # Disable serving static files from the `/public` folder by default since
  # Apache or NGINX already handles this.
-  if Rails.version >= "5.0.0"
-    config.public_file_server.enabled = true
-    config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
-  elsif Rails.version >= "4.2.0"
+  if Rails.version >= "4.2.0"
    config.serve_static_files = true
-    config.static_cache_control = "public, max-age=3600"
  else
    config.serve_static_assets = true
+  end
+
+  if Rails.version >= "5.0.0"
+    config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
+  else
    config.static_cache_control = "public, max-age=3600"
  end

--- a/test/rails_app/db/migrate/20100401102949_create_tables.rb
+++ b/test/rails_app/db/migrate/20100401102949_create_tables.rb
@@ -1,8 +1,4 @@
-superclass = ActiveRecord::Migration
-# TODO: Inherit from the 5.0 Migration class directly when we drop support for Rails 4.
-superclass = ActiveRecord::Migration[5.0] if superclass.respond_to?(:[])
-
-class CreateTables < superclass
+class CreateTables < ActiveRecord::Migration
  def self.up
    create_table :users do |t|
      t.string :username