Release 3.4.1

Update CHANGELOG
Check for a Hash when using the authentication_keys to generate the FailureApp flash message.
2026-01-11 15:58:12 -05:00 · 2014-10-29 12:59:33 -02:00 · 2014-10-27 22:58:24 -02:00 · 2014-10-27 22:32:19 -02:00 · 2014-10-26 16:36:01 -02:00 · 2014-10-26 18:33:27 +00:00
116 changed files with 2244 additions and 467 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,3 @@ rdoc/*
 pkg
 log
 test/tmp/*
-gemfiles/*.lock
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,16 +1,23 @@
 language: ruby
 script: "bundle exec rake test"
-before_install:
-  - gem install bundler -v '>= 1.5.1'
+install: script/cached-bundle install --deployment --path vendor/bundle
 rvm:
  - 1.9.3
  - 2.0.0
-  - 2.1.0
+  - 2.1.2
 env:
-  - DEVISE_ORM=mongoid
-  - DEVISE_ORM=active_record
+  matrix:
+    - DEVISE_ORM=mongoid
+    - DEVISE_ORM=active_record
+  global:
+    # AMAZON_S3_BUCKET
+    - secure: "qkeYGn2mpgsgU5tKS9GWvFp/utUF/9O8++Shch24DMnq8OB01TrV5QQ2Elj7sSjMWqw2Pbe56nUCA9eOWXhPglGyIq2AI9E0umsEGZxdRlqqobpiMWs5wl8KZ0cFD1rZm6CwfL8atmcNfTt5TnvsaQ2l/k3TerOT2e66R/Mibk8="
+    # AMAZON_ACCESS_KEY_ID
+    - secure: "rTYGUFH9SPN0L7QtdE6Liyy/1z7nGKxqDF9LMRsmNsIfsqxoTPKZ8bCctQ4ksuk9svynGQsLfsda5pA+YvuALzjdWmGcID6ENgOGvoFnhZO5LuJ5f6t0k8gFpV9oBquQgDWzhzrcPYvCUrUYg3GSlHjFSXdPdht3SoYn7PiDaNs="
+    # AMAZON_SECRET_ACCESS_KEY
+    - secure: "VJ4qiWMzoleLojCcluX+w0RtaFVc9ybRNo6NODkGhHSaao8+4EX4rETBQG67tNSInk1iuNqCcZAGwC8V/12RXdao3PguRSLD5IiKeT+D78dqFEoP0+yHg4PbmZ6TJXADW3gUv/IOqkW7f/UYGinRaPu7hloyiC498FpQdmMWSNI="
 gemfile:
-  - gemfiles/Gemfile.rails-head
+  - gemfiles/Gemfile.rails-4.1-stable
  - gemfiles/Gemfile.rails-4.0-stable
  - gemfiles/Gemfile.rails-3.2-stable
  - Gemfile
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,63 @@
 ### Unreleased

+### 3.4.1
+
+* enhancements
+  * Devise default views now have a similar markup to Rails scaffold views. (by @udaysinghcode, @cllns)
+  * Passing `now: true` to the `set_flash_message` helper now sets the message into
+    the `flash.now` Hash. (by @hbriggs)
+* bugfixes
+  * Fixed an regression with translation of flash messages for when the `authentication_keys`
+  config is a Hash. (by @lucasmazza)
+
+### 3.4.0
+
+* enhancements
+  * Support added for Rails 4.2. Devise now depends on the `responders` gem due
+    the extraction of the `respond_with` API from Rails. (by @lucasmazza)
+  * The Simple Form templates follow the same change from 3.3.0 by using `Log in` and adding
+    a hint about the minimum password length when `validatable` is enabled. (by @aried3r)
+  * Controller generator added as `devise:controllers SCOPE`. You can use the `-c` flag
+    to pick which controllers (`unlocks`, `confirmations`, etc) you want to generate. (by @Chun-Yang)
+  * Removed the hardcoded references for "email" in the flash messages. If you are using
+    different attributes as the `authentication_keys` they will be interpolated in the
+    messages instead. (by @timoschilling)
+* bug fix
+  * Fixed a regression where the devise generator would fail with a `ConnectionNotEstablished`
+    exception when executed inside a mountable engine. (by @lucasmazza)
+  * Ensure to return symbols in find_scope! fixing a previous regression from 3.3.0 (by @micat)
+  * Ensure all causes of failed login have the same error message (by @pjungwir)
+  * The `last_attempt_warning` now takes effect when generating the unauthenticated
+    message for your users. To keep the current behavior, this flag is now `true`
+    by default. (by @lucasmazza)
+
+### 3.3.0
+
+* enhancements
+  * Support multiple warden configuration blocks on devise configuration. (by @rossta)
+  * Previously, when a user signed out, all remember me tokens for all sessions/browsers would be
+    invalidated, and this behavior could not be changed. This behavior is now configurable via
+    `expire_all_remember_me_on_sign_out`. The default continues to be true. (by @laurocaetano)
+  * Default email messages was updated with grammar fixes, check the diff on
+    #2906 for the updated copy (by @p-originate)
+  * Allow a resource to be found based on its encrypted password token (by @karlentwistle)
+  * Adds `devise_group`, a macro to define controller helpers for multiple mappings at once. (by @dropletzz)
+  * The default views now use `Log in` instead of `Sign in` and have a hint about the minimum password length if
+    the current scope is using the `validatable` module (by @alexsoble)
+
+* bug fix
+  * Check if there is a signed in user before executing the `SessionsController#destroy`.
+  * `SessionsController#destroy` no longer yields the `resource` to receiving block,
+    since the resource isn't loaded in the action. If you need access to the current
+    resource when overring the action use the scope helper (like `current_user`) before
+    calling `super`
+  * Serialize the `last_request_at` entry as an Integer
+  * Ensure registration controller block yields happen on failure in addition to success (by @dpehrson)
+  * Only valid paths will be stored for redirections (by @parallel588)
+
 ### 3.2.4

-* enchancements
+* enhancements
  * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
  * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)

--- a/8
+++ b/8
@@ -2,16 +2,16 @@ source "https://rubygems.org"

 gemspec

-gem "rails", "~> 4.0.0"
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", "4.2.0.beta2"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
  gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.0.0", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,138 +1,170 @@
 GIT
  remote: git://github.com/mongoid/mongoid.git
-  revision: 346a79a7d01aa194de80e649916239a18d38ce13
+  revision: 5ba2e1fb4cb8189c9890e29c19cf4e16c25e4bc5
  branch: master
  specs:
    mongoid (4.0.0)
-      activemodel (~> 4.0.0)
-      moped (~> 1.5)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)

 PATH
  remote: .
  specs:
-    devise (3.2.4)
+    devise (3.4.1)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 3.2.6, < 5)
+      responders
      thread_safe (~> 0.1)
      warden (~> 1.2.3)

 GEM
  remote: https://rubygems.org/
  specs:
-    actionmailer (4.0.0)
-      actionpack (= 4.0.0)
-      mail (~> 2.5.3)
-    actionpack (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+    actionmailer (4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activejob (= 4.2.0.beta2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+    actionpack (4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      rack (~> 1.6.0.beta)
      rack-test (~> 0.6.2)
-    activemodel (4.0.0)
-      activesupport (= 4.0.0)
-      builder (~> 3.1.0)
-    activerecord (4.0.0)
-      activemodel (= 4.0.0)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.0)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.0)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      globalid (>= 0.3.0)
+    activemodel (4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      builder (~> 3.1)
+    activerecord (4.2.0.beta2)
+      activemodel (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
+      arel (>= 6.0.0.beta1, < 6.1)
+    activesupport (4.2.0.beta2)
+      i18n (>= 0.7.0.beta1, < 0.8)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    arel (4.0.0)
-    atomic (1.1.12)
+      tzinfo (~> 1.1)
+    arel (6.0.0.beta1)
    bcrypt (3.1.7)
-    builder (3.1.4)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
    erubis (2.7.0)
-    faraday (0.8.8)
-      multipart-post (~> 1.2.0)
-    hashie (1.2.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    globalid (0.3.0)
+      activesupport (>= 4.1.0)
+    hashie (3.2.0)
    hike (1.2.3)
-    httpauth (0.2.0)
-    i18n (0.6.5)
-    json (1.8.0)
-    jwt (0.1.8)
-      multi_json (>= 1.5)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
+    i18n (0.7.0.beta1)
+    json (1.8.1)
+    jwt (1.0.0)
+    loofah (2.0.1)
+      nokogiri (>= 1.5.9)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
    metaclass (0.0.4)
-    mime-types (1.23)
-    minitest (4.7.5)
-    mocha (1.0.0)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (5.4.2)
+    mocha (1.1.0)
      metaclass (~> 0.0.1)
-    moped (1.5.1)
-    multi_json (1.7.9)
-    multipart-post (1.2.0)
-    nokogiri (1.5.9)
-    oauth2 (0.8.1)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
      rack (~> 1.2)
-    omniauth (1.0.3)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.4.0)
-      omniauth-oauth2 (~> 1.0.2)
-    omniauth-oauth2 (1.0.3)
-      oauth2 (~> 0.8.0)
-      omniauth (~> 1.0)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
    omniauth-openid (1.0.1)
      omniauth (~> 1.0)
      rack-openid (~> 1.3.1)
-    origin (1.1.0)
+    optionable (0.2.0)
+    origin (2.1.1)
    orm_adapter (0.5.0)
-    polyglot (0.3.3)
-    rack (1.5.2)
+    rack (1.6.0.beta)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
      ruby-openid (>= 2.1.8)
    rack-test (0.6.2)
      rack (>= 1.0)
-    rails (4.0.0)
-      actionmailer (= 4.0.0)
-      actionpack (= 4.0.0)
-      activerecord (= 4.0.0)
-      activesupport (= 4.0.0)
+    rails (4.2.0.beta2)
+      actionmailer (= 4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      actionview (= 4.2.0.beta2)
+      activejob (= 4.2.0.beta2)
+      activemodel (= 4.2.0.beta2)
+      activerecord (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.0)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.0)
-      actionpack (= 4.0.0)
-      activesupport (= 4.0.0)
+      railties (= 4.2.0.beta2)
+      sprockets-rails (~> 3.0.0.beta1)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.3)
+      activesupport
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.1)
+      loofah (~> 2.0)
+    railties (4.2.0.beta2)
+      actionpack (= 4.2.0.beta2)
+      activesupport (= 4.2.0.beta2)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (10.1.0)
-    rdoc (4.0.1)
+    rake (10.3.2)
+    rdoc (4.1.1)
      json (~> 1.4)
-    ruby-openid (2.2.3)
-    sprockets (2.10.0)
+    responders (2.0.0)
+      railties (>= 4.2.0.alpha, < 5)
+    ruby-openid (2.5.0)
+    sprockets (2.12.2)
      hike (~> 1.2)
      multi_json (~> 1.0)
      rack (~> 1.0)
      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
+    sprockets-rails (3.0.0.beta1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
      sprockets (~> 2.8)
-    sqlite3 (1.3.7)
-    thor (0.18.1)
-    thread_safe (0.1.2)
-      atomic
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
    tilt (1.4.1)
-    treetop (1.4.14)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
    warden (1.2.3)
      rack (>= 1.0)
    webrat (0.7.3)
@@ -148,13 +180,13 @@ DEPENDENCIES
  activerecord-jdbcsqlite3-adapter
  devise!
  jruby-openssl
-  mocha (~> 1.0.0)
+  mocha (~> 1.1)
  mongoid!
-  omniauth (~> 1.0.0)
+  omniauth (~> 1.2.0)
  omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
+  omniauth-oauth2 (~> 1.1.0)
  omniauth-openid (~> 1.0.1)
-  rails (~> 4.0.0)
+  rails (= 4.2.0.beta2)
  rdoc
  sqlite3
  webrat (= 0.7.3)
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ By [Plataformatec](http://plataformatec.com.br/).

 [![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise)
 [![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise)
+[![Security](https://hakiri.io/github/plataformatec/devise/master.svg)](https://hakiri.io/github/plataformatec/devise/master)

 This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).

@@ -27,7 +28,7 @@ It's composed of 10 modules:
 * [Validatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable): provides validations of email and password. It's optional and can be customized, so you're able to define your own validations.
 * [Lockable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable): locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.

-Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is on progress.
+Devise is guaranteed to be thread-safe on YARV. Thread-safety support on JRuby is in progress.

 ## Information

@@ -83,7 +84,7 @@ You will usually want to write tests for your changes.  To run the test suite, g

 If you are building your first Rails application, we recommend you to *not* use Devise. Devise requires a good understanding of the Rails Framework. In such cases, we advise you to start a simple authentication system from scratch, today we have two resources:

-* Michael Hartl's online book: http://railstutorial.org/chapters/modeling-and-viewing-users-two#top
+* Michael Hartl's online book: http://www.railstutorial.org/book/demo_app#sec-modeling_demo_users
 * Ryan Bates' Railscast: http://railscasts.com/episodes/250-authentication-from-scratch

 Once you have solidified your understanding of Rails and authentication mechanisms, we assure you Devise will be very pleasant to work with. :)
@@ -110,24 +111,28 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```

-Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller.
+Replace MODEL with the class name used for the application’s users (it’s frequently `User` but could also be `Admin`). This will create a model (if one does not exist) and configure it with default Devise modules. The generator also configures your `config/routes.rb` file to point to the Devise controller.

-Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+Next, check the MODEL for any additional configuration options you might want to add, such as confirmable or lockable. If you add an option, be sure to inspect the migration file (created by the generator if your ORM supports them) and uncomment the appropriate section.  For example, if you add the confirmable option in the model, you'll need to uncomment the Confirmable section in the migration. Then run `rake db:migrate`
+
+Next, you need to set up the default URL options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:

 ```ruby
-config.action_mailer.default_url_options = { host: 'localhost:3000' }
+config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 ```

 You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.

 ### Controller filters and helpers

-Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_filter:
+Devise will create some helpers to use inside your controllers and views. To set up a controller with user authentication, just add this before_action (assuming your devise model is 'User'):

 ```ruby
-before_filter :authenticate_user!
+before_action :authenticate_user!
 ```

+If your devise model is something other than User, replace "_user" with "_yourmodel". The same logic applies to the instructions below.
+
 To verify if a user is signed in, use the following helper:

 ```ruby
@@ -157,7 +162,7 @@ You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to
 Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are:

 ```ruby
-before_filter :authenticate_member!
+before_action :authenticate_member!

 member_signed_in?

@@ -182,7 +187,7 @@ When you customize your own views, you may end up adding new attributes to forms

 There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permitted parameters by default are:

-* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`)
+* `sign_in` (`Devise::SessionsController#create`) - Permits only the authentication keys (like `email`)
 * `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
 * `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`

@@ -190,7 +195,7 @@ In case you want to permit additional parameters (the lazy way™) you can do wi

 ```ruby
 class ApplicationController < ActionController::Base
-  before_filter :configure_permitted_parameters, if: :devise_controller?
+  before_action :configure_permitted_parameters, if: :devise_controller?

  protected

@@ -200,7 +205,7 @@ class ApplicationController < ActionController::Base
 end
 ```

-The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_attributes_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:

 To permit simple scalar values for username and email, use this

@@ -214,7 +219,7 @@ If you have some checkboxes that express the roles a user may take on registrati

 ```ruby
 def configure_permitted_parameters
-  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) }
+  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit({ roles: [] }, :email, :password, :password_confirmation) }
 end
 ```
 For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
@@ -278,29 +283,39 @@ rails generate devise:views -v registrations confirmations

 If the customization at the views level is not enough, you can customize each controller by following these steps:

-1. Create your custom controller, for example a `Admins::SessionsController`:
+1. Create your custom controllers using the generator which requires a scope:

-    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
-    end
+    ```console
+    rails generate devise:controllers [scope]
    ```

-    Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory.
+    If you specify `users` as the scope, controllers will be created in `app/controllers/users/`.
+    And the sessions controller will look like this:
+
+    ```ruby
+    class Users::SessionsController < Devise::SessionsController
+      # GET /resource/sign_in
+      # def new
+      #   super
+      # end
+      ...
+    end
+    ```

 2. Tell the router to use this controller:

    ```ruby
-    devise_for :admins, controllers: { sessions: "admins/sessions" }
+    devise_for :users, controllers: { sessions: "users/sessions" }
    ```

-3. Copy the views from `devise/sessions` to `admins/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.
+3. Copy the views from `devise/sessions` to `users/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.

 4. Finally, change or extend the desired controller actions.

    You can completely override a controller action:

    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
+    class Users::SessionsController < Devise::SessionsController
      def create
        # custom sign-in code
      end
@@ -310,7 +325,7 @@ If the customization at the views level is not enough, you can customize each co
    Or you can simply add new behaviour to it:

    ```ruby
-    class Admins::SessionsController < Devise::SessionsController
+    class Users::SessionsController < Devise::SessionsController
      def create
        super do |resource|
          BackgroundWorker.trigger(resource)
@@ -383,6 +398,8 @@ Take a look at our locale file to check all available messages. You may also be

 https://github.com/plataformatec/devise/wiki/I18n

+Caution: Devise Controllers inherit from ApplicationController. If your app uses multiple locales, you should be sure to set I18n.locale in ApplicationController
+
 ### Test helpers

 Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
@@ -393,7 +410,7 @@ class ActionController::TestCase
 end
 ```

-If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb`:
+If you're using RSpec, you can put the following inside a file named `spec/support/devise.rb` or in your `spec/spec_helper.rb` (or `spec/rails_helper.rb` if you are using rspec-rails):

 ```ruby
 RSpec.configure do |config|
@@ -411,11 +428,11 @@ sign_out :user         # sign_out(scope)
 sign_out @user         # sign_out(resource)
 ```

-There are two things that is important to keep in mind:
+There are two things that are important to keep in mind:

 1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;

-2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
+2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from the router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:

    ```ruby
    @request.env["devise.mapping"] = Devise.mappings[:user]
@@ -463,7 +480,19 @@ admin_session

 Alternatively, you can simply run the Devise generator.

-Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using [CanCan](https://github.com/ryanb/cancan).
+Keep in mind that those models will have completely different routes. They **do not** and **cannot** share the same controller for sign in, sign out and so on. In case you want to have different roles sharing the same actions, we recommend you to use a role-based approach, by either providing a role column or using a dedicated gem for authorization.
+
+### ActiveJob Integration
+
+If you are using Rails 4.2 and ActiveJob to deliver ActionMailer messages in the
+background through a queueing backend, you can send Devise emails through your
+existing queue by overriding the `send_devise_notification` method in your model.
+
+```ruby
+def send_devise_notification(notification, *args)
+  devise_mailer.send(notification, self, *args).deliver_later
+end
+```

 ### Other ORMs

--- a/app/controllers/devise/confirmations_controller.rb
+++ b/app/controllers/devise/confirmations_controller.rb
@@ -33,12 +33,12 @@ class Devise::ConfirmationsController < DeviseController

    # The path used after resending confirmation instructions.
    def after_resending_confirmation_instructions_path_for(resource_name)
-      new_session_path(resource_name) if is_navigational_format?
+      is_navigational_format? ? new_session_path(resource_name) : '/'
    end

    # The path used after confirmation.
    def after_confirmation_path_for(resource_name, resource)
-      if signed_in?
+      if signed_in?(resource_name)
        signed_in_root_path(resource)
      else
        new_session_path(resource_name)
--- a/app/controllers/devise/registrations_controller.rb
+++ b/app/controllers/devise/registrations_controller.rb
@@ -5,6 +5,10 @@ class Devise::RegistrationsController < DeviseController
  # GET /resource/sign_up
  def new
    build_resource({})
+    @validatable = devise_mapping.validatable?
+    if @validatable
+      @minimum_password_length = resource_class.password_length.min
+    end
    respond_with self.resource
  end

@@ -12,8 +16,9 @@ class Devise::RegistrationsController < DeviseController
  def create
    build_resource(sign_up_params)

-    if resource.save
-      yield resource if block_given?
+    resource_saved = resource.save
+    yield resource if block_given?
+    if resource_saved
      if resource.active_for_authentication?
        set_flash_message :notice, :signed_up if is_flashing_format?
        sign_up(resource_name, resource)
@@ -25,6 +30,10 @@ class Devise::RegistrationsController < DeviseController
      end
    else
      clean_up_passwords resource
+      @validatable = devise_mapping.validatable?
+      if @validatable
+        @minimum_password_length = resource_class.password_length.min
+      end
      respond_with resource
    end
  end
@@ -41,8 +50,9 @@ class Devise::RegistrationsController < DeviseController
    self.resource = resource_class.to_adapter.get!(send(:"current_#{resource_name}").to_key)
    prev_unconfirmed_email = resource.unconfirmed_email if resource.respond_to?(:unconfirmed_email)

-    if update_resource(resource, account_update_params)
-      yield resource if block_given?
+    resource_updated = update_resource(resource, account_update_params)
+    yield resource if block_given?
+    if resource_updated
      if is_flashing_format?
        flash_key = update_needs_confirmation?(resource, prev_unconfirmed_email) ?
          :update_needs_confirmation : :updated
@@ -110,7 +120,10 @@ class Devise::RegistrationsController < DeviseController
  # The path used after sign up for inactive accounts. You need to overwrite
  # this method in your own RegistrationsController.
  def after_inactive_sign_up_path_for(resource)
-    respond_to?(:root_path) ? root_path : "/"
+    scope = Devise::Mapping.find_scope!(resource)
+    router_name = Devise.mappings[scope].router_name
+    context = router_name ? send(router_name) : self
+    context.respond_to?(:root_path) ? context.root_path : "/"
  end

  # The default url to be used after updating a resource. You need to overwrite
--- a/app/controllers/devise/sessions_controller.rb
+++ b/app/controllers/devise/sessions_controller.rb
@@ -1,6 +1,7 @@
 class Devise::SessionsController < DeviseController
  prepend_before_filter :require_no_authentication, only: [ :new, :create ]
  prepend_before_filter :allow_params_authentication!, only: :create
+  prepend_before_filter :verify_signed_out_user, only: :destroy
  prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }

  # GET /resource/sign_in
@@ -21,17 +22,10 @@ class Devise::SessionsController < DeviseController

  # DELETE /resource/sign_out
  def destroy
-    redirect_path = after_sign_out_path_for(resource_name)
    signed_out = (Devise.sign_out_all_scopes ? sign_out : sign_out(resource_name))
    set_flash_message :notice, :signed_out if signed_out && is_flashing_format?
-    yield resource if block_given?
-
-    # We actually need to hardcode this as Rails default responder doesn't
-    # support returning empty response on GET request
-    respond_to do |format|
-      format.all { head :no_content }
-      format.any(*navigational_formats) { redirect_to redirect_path }
-    end
+    yield if block_given?
+    respond_to_on_destroy
  end

  protected
@@ -50,4 +44,33 @@ class Devise::SessionsController < DeviseController
  def auth_options
    { scope: resource_name, recall: "#{controller_path}#new" }
  end
+
+  private
+
+  # Check if there is no signed in user before doing the sign out.
+  #
+  # If there is no signed in user, it will set the flash message and redirect
+  # to the after_sign_out path.
+  def verify_signed_out_user
+    if all_signed_out?
+      set_flash_message :notice, :already_signed_out if is_flashing_format?
+
+      respond_to_on_destroy
+    end
+  end
+
+  def all_signed_out?
+    users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
+
+    users.all?(&:blank?)
+  end
+
+  def respond_to_on_destroy
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      format.all { head :no_content }
+      format.any(*navigational_formats) { redirect_to after_sign_out_path_for(resource_name) }
+    end
+  end
 end
--- a/app/controllers/devise_controller.rb
+++ b/app/controllers/devise_controller.rb
@@ -6,8 +6,8 @@ class DeviseController < Devise.parent_controller.constantize

  helpers = %w(resource scope_name resource_name signed_in_resource
               resource_class resource_params devise_mapping)
-  hide_action *helpers
-  helper_method *helpers
+  hide_action(*helpers)
+  helper_method(*helpers)

  prepend_before_filter :assert_is_devise_resource!
  respond_to :html if mimes_for_respond_to.empty?
@@ -44,7 +44,7 @@ class DeviseController < Devise.parent_controller.constantize
  # loaded before even having a request object.
  def _prefixes #:nodoc:
    @_prefixes ||= if self.class.scoped_views? && request && devise_mapping
-      super.unshift("#{devise_mapping.scoped_path}/#{controller_name}")
+      ["#{devise_mapping.scoped_path}/#{controller_name}"] + super
    else
      super
    end
@@ -129,8 +129,11 @@ MESSAGE
  end

  # Sets the flash message with :key, using I18n. By default you are able
-  # to setup your messages using specific resource scope, and if no one is
-  # found we look to default scope.
+  # to setup your messages using specific resource scope, and if no message is
+  # found we look to the default scope. Set the "now" options key to a true
+  # value to populate the flash.now hash in lieu of the default flash hash (so
+  # the flash message will be available to the current action instead of the
+  # next action).
  # Example (i18n locale file):
  #
  #   en:
@@ -144,7 +147,11 @@ MESSAGE
  # available.
  def set_flash_message(key, kind, options = {})
    message = find_message(kind, options)
-    flash[key] = message if message.present?
+    if options[:now]
+      flash.now[key] = message if message.present?
+    else
+      flash[key] = message if message.present?
+    end
  end

  def devise_i18n_options(options)
--- a/app/views/devise/confirmations/new.html.erb
+++ b/app/views/devise/confirmations/new.html.erb
@@ -3,10 +3,14 @@
 <%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Resend confirmation instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Resend confirmation instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/passwords/edit.html.erb
+++ b/app/views/devise/passwords/edit.html.erb
@@ -4,13 +4,19 @@
  <%= devise_error_messages! %>
  <%= f.hidden_field :reset_password_token %>

-  <div><%= f.label :password, "New password" %><br />
-    <%= f.password_field :password, autofocus: true, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password, "New password" %><br />
+    <%= f.password_field :password, autofocus: true, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation, "Confirm new password" %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password_confirmation, "Confirm new password" %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Change my password" %></div>
+  <div class="actions">
+    <%= f.submit "Change my password" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@@ -3,10 +3,14 @@
 <%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Send me reset password instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Send me reset password instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/registrations/edit.html.erb
+++ b/app/views/devise/registrations/edit.html.erb
@@ -3,23 +3,33 @@
 <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

  <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
    <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
  <% end %>

-  <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-    <%= f.password_field :password, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-    <%= f.password_field :current_password, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+    <%= f.password_field :current_password, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Update" %></div>
+  <div class="actions">
+    <%= f.submit "Update" %>
+  </div>
 <% end %>

 <h3>Cancel my account</h3>
--- a/app/views/devise/registrations/new.html.erb
+++ b/app/views/devise/registrations/new.html.erb
@@ -3,16 +3,27 @@
 <%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.label :password %><br />
-    <%= f.password_field :password, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password %>
+    <% if @validatable %>
+    <em>(<%= @minimum_password_length %> characters minimum)</em>
+    <% end %><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

-  <div><%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation, autocomplete: "off" %>
+  </div>

-  <div><%= f.submit "Sign up" %></div>
+  <div class="actions">
+    <%= f.submit "Sign up" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -1,17 +1,26 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>

 <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.label :password %><br />
-    <%= f.password_field :password, autocomplete: "off" %></div>
+  <div class="field">
+    <%= f.label :password %><br />
+    <%= f.password_field :password, autocomplete: "off" %>
+  </div>

  <% if devise_mapping.rememberable? -%>
-    <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
+    <div class="field">
+      <%= f.check_box :remember_me %>
+      <%= f.label :remember_me %>
+    </div>
  <% end -%>

-  <div><%= f.submit "Sign in" %></div>
+  <div class="actions">
+    <%= f.submit "Log in" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/app/views/devise/shared/_links.html.erb
+++ b/app/views/devise/shared/_links.html.erb
@@ -1,5 +1,5 @@
 <%- if controller_name != 'sessions' %>
-  <%= link_to "Sign in", new_session_path(resource_name) %><br />
+  <%= link_to "Log in", new_session_path(resource_name) %><br />
 <% end -%>

 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
--- a/app/views/devise/unlocks/new.html.erb
+++ b/app/views/devise/unlocks/new.html.erb
@@ -3,10 +3,14 @@
 <%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
  <%= devise_error_messages! %>

-  <div><%= f.label :email %><br />
-  <%= f.email_field :email, autofocus: true %></div>
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true %>
+  </div>

-  <div><%= f.submit "Resend unlock instructions" %></div>
+  <div class="actions">
+    <%= f.submit "Resend unlock instructions" %>
+  </div>
 <% end %>

 <%= render "devise/shared/links" %>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -3,26 +3,26 @@
 en:
  devise:
    confirmations:
-      confirmed: "Your account was successfully confirmed."
-      send_instructions: "You will receive an email with instructions about how to confirm your account in a few minutes."
-      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      confirmed: "Your email address has been successfully confirmed."
+      send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes."
+      send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
    failure:
      already_authenticated: "You are already signed in."
      inactive: "Your account is not activated yet."
-      invalid: "Invalid email or password."
+      invalid: "Invalid %{authentication_keys} or password."
      locked: "Your account is locked."
-      last_attempt: "You have one more attempt before your account will be locked."
-      not_found_in_database: "Invalid email or password."
+      last_attempt: "You have one more attempt before your account is locked."
+      not_found_in_database: "Invalid %{authentication_keys} or password."
      timeout: "Your session expired. Please sign in again to continue."
      unauthenticated: "You need to sign in or sign up before continuing."
-      unconfirmed: "You have to confirm your account before continuing."
+      unconfirmed: "You have to confirm your email address before continuing."
    mailer:
      confirmation_instructions:
        subject: "Confirmation instructions"
      reset_password_instructions:
        subject: "Reset password instructions"
      unlock_instructions:
-        subject: "Unlock Instructions"
+        subject: "Unlock instructions"
    omniauth_callbacks:
      failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
      success: "Successfully authenticated from %{kind} account."
@@ -30,22 +30,23 @@ en:
      no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
      send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
-      updated: "Your password was changed successfully. You are now signed in."
-      updated_not_active: "Your password was changed successfully."
+      updated: "Your password has been changed successfully. You are now signed in."
+      updated_not_active: "Your password has been changed successfully."
    registrations:
-      destroyed: "Bye! Your account was successfully cancelled. We hope to see you again soon."
+      destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon."
      signed_up: "Welcome! You have signed up successfully."
      signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated."
      signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked."
-      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please open the link to activate your account."
-      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and click on the confirm link to finalize confirming your new email address."
-      updated: "You updated your account successfully."
+      signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account."
+      update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirm link to confirm your new email address."
+      updated: "Your account has been updated successfully."
    sessions:
      signed_in: "Signed in successfully."
      signed_out: "Signed out successfully."
+      already_signed_out: "Signed out successfully."
    unlocks:
-      send_instructions: "You will receive an email with instructions about how to unlock your account in a few minutes."
-      send_paranoid_instructions: "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes."
+      send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
      unlocked: "Your account has been unlocked successfully. Please sign in to continue."
  errors:
    messages:
--- a/devise.gemspec
+++ b/devise.gemspec
@@ -18,10 +18,12 @@ Gem::Specification.new do |s|
  s.files         = `git ls-files`.split("\n")
  s.test_files    = `git ls-files -- test/*`.split("\n")
  s.require_paths = ["lib"]
+  s.required_ruby_version = '>= 1.9.3'

  s.add_dependency("warden", "~> 1.2.3")
  s.add_dependency("orm_adapter", "~> 0.1")
  s.add_dependency("bcrypt", "~> 3.0")
  s.add_dependency("thread_safe", "~> 0.1")
  s.add_dependency("railties", ">= 3.2.6", "< 5")
+  s.add_dependency("responders")
 end
--- a/gemfiles/Gemfile.rails-3.2-stable
+++ b/gemfiles/Gemfile.rails-3.2-stable
@@ -3,15 +3,15 @@ source "https://rubygems.org"
 gemspec path: '..'

 gem "rails", github: 'rails/rails', branch: '3-2-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
  gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.0.0", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
--- a/gemfiles/Gemfile.rails-3.2-stable.lock
+++ b/gemfiles/Gemfile.rails-3.2-stable.lock
@@ -0,0 +1,169 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 11fd052aa815ae0255ea5b2463e88138fb3fec61
+  branch: 3-2-stable
+  specs:
+    actionmailer (3.2.19)
+      actionpack (= 3.2.19)
+      mail (~> 2.5.4)
+    actionpack (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.19)
+      activesupport (= 3.2.19)
+      builder (~> 3.0.0)
+    activerecord (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.19)
+      activemodel (= 3.2.19)
+      activesupport (= 3.2.19)
+    activesupport (3.2.19)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    rails (3.2.19)
+      actionmailer (= 3.2.19)
+      actionpack (= 3.2.19)
+      activerecord (= 3.2.19)
+      activeresource (= 3.2.19)
+      activesupport (= 3.2.19)
+      bundler (~> 1.0)
+      railties (= 3.2.19)
+    railties (3.2.19)
+      actionpack (= 3.2.19)
+      activesupport (= 3.2.19)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arel (3.0.3)
+    bcrypt (3.1.7)
+    builder (3.0.4)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    journey (1.0.4)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.4)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (3.1.6)
+      activemodel (~> 3.2)
+      moped (~> 1.4)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.29)
+    moped (1.5.2)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    origin (1.1.0)
+    orm_adapter (0.5.0)
+    polyglot (0.3.5)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    treetop (1.4.15)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.41)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 3.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/gemfiles/Gemfile.rails-4.0-stable
+++ b/gemfiles/Gemfile.rails-4.0-stable
@@ -3,15 +3,15 @@ source "https://rubygems.org"
 gemspec path: '..'

 gem "rails", github: 'rails/rails', branch: '4-0-stable'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
  gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.0.0", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end

 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end
--- a/gemfiles/Gemfile.rails-4.0-stable.lock
+++ b/gemfiles/Gemfile.rails-4.0-stable.lock
@@ -0,0 +1,165 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 2d8886e05104316273a0f95dfbcd171d3b12678b
+  branch: 4-0-stable
+  specs:
+    actionmailer (4.0.9)
+      actionpack (= 4.0.9)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.0.9)
+      activesupport (= 4.0.9)
+      builder (~> 3.1.0)
+      erubis (~> 2.7.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.9)
+      activesupport (= 4.0.9)
+      builder (~> 3.1.0)
+    activerecord (4.0.9)
+      activemodel (= 4.0.9)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.9)
+      arel (~> 4.0.0)
+    activesupport (4.0.9)
+      i18n (~> 0.6, >= 0.6.9)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    rails (4.0.9)
+      actionmailer (= 4.0.9)
+      actionpack (= 4.0.9)
+      activerecord (= 4.0.9)
+      activesupport (= 4.0.9)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.9)
+      sprockets-rails (~> 2.0)
+    railties (4.0.9)
+      actionpack (= 4.0.9)
+      activesupport (= 4.0.9)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activerecord-deprecated_finders (1.0.3)
+    arel (4.0.2)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.1.4)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (4.7.5)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack (1.5.2)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (0.3.41)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/gemfiles/Gemfile.rails-4.1-stable
+++ b/gemfiles/Gemfile.rails-4.1-stable
@@ -2,16 +2,16 @@ source "https://rubygems.org"

 gemspec path: '..'

-gem "rails", github: 'rails/rails'
-gem "omniauth", "~> 1.0.0"
-gem "omniauth-oauth2", "~> 1.0.0"
+gem "rails", github: 'rails/rails', branch: '4-1-stable'
+gem "omniauth", "~> 1.2.0"
+gem "omniauth-oauth2", "~> 1.1.0"
 gem "rdoc"

 group :test do
  gem "omniauth-facebook"
  gem "omniauth-openid", "~> 1.0.1"
  gem "webrat", "0.7.3", require: false
-  gem "mocha", "~> 1.0.0", require: false
+  gem "mocha", "~> 1.1", require: false
 end

 platforms :jruby do
@@ -25,5 +25,5 @@ platforms :ruby do
 end

 group :mongoid do
-  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+  gem "mongoid", "~> 4.0.0"
 end
--- a/gemfiles/Gemfile.rails-4.1-stable.lock
+++ b/gemfiles/Gemfile.rails-4.1-stable.lock
@@ -0,0 +1,170 @@
+GIT
+  remote: git://github.com/rails/rails.git
+  revision: 90b70cd453e6b88b2ad484861ad9913f70bd15c9
+  branch: 4-1-stable
+  specs:
+    actionmailer (4.1.5)
+      actionpack (= 4.1.5)
+      actionview (= 4.1.5)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.1.5)
+      actionview (= 4.1.5)
+      activesupport (= 4.1.5)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.5)
+      activesupport (= 4.1.5)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.5)
+      activesupport (= 4.1.5)
+      builder (~> 3.1)
+    activerecord (4.1.5)
+      activemodel (= 4.1.5)
+      activesupport (= 4.1.5)
+      arel (~> 5.0.0)
+    activesupport (4.1.5)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    rails (4.1.5)
+      actionmailer (= 4.1.5)
+      actionpack (= 4.1.5)
+      actionview (= 4.1.5)
+      activemodel (= 4.1.5)
+      activerecord (= 4.1.5)
+      activesupport (= 4.1.5)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.1.5)
+      sprockets-rails (~> 2.0)
+    railties (4.1.5)
+      actionpack (= 4.1.5)
+      activesupport (= 4.1.5)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+
+PATH
+  remote: ..
+  specs:
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    arel (5.0.1.20140414130214)
+    bcrypt (3.1.7)
+    bson (2.3.0)
+    builder (3.2.2)
+    connection_pool (2.0.0)
+    erubis (2.7.0)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    hashie (3.2.0)
+    hike (1.2.3)
+    i18n (0.6.11)
+    json (1.8.1)
+    jwt (1.0.0)
+    mail (2.6.1)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    minitest (5.4.0)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    mongoid (4.0.0)
+      activemodel (~> 4.0)
+      moped (~> 2.0.0)
+      origin (~> 2.1)
+      tzinfo (>= 0.3.37)
+    moped (2.0.0)
+      bson (~> 2.2)
+      connection_pool (~> 2.0)
+      optionable (~> 0.2.0)
+    multi_json (1.10.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (0.9.4)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
+    omniauth-facebook (1.6.0)
+      omniauth-oauth2 (~> 1.1)
+    omniauth-oauth2 (1.1.2)
+      faraday (>= 0.8, < 0.10)
+      multi_json (~> 1.3)
+      oauth2 (~> 0.9.3)
+      omniauth (~> 1.2)
+    omniauth-openid (1.0.1)
+      omniauth (~> 1.0)
+      rack-openid (~> 1.3.1)
+    optionable (0.2.0)
+    origin (2.1.1)
+    orm_adapter (0.5.0)
+    rack (1.5.2)
+    rack-openid (1.3.1)
+      rack (>= 1.1.0)
+      ruby-openid (>= 2.1.8)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rake (10.3.2)
+    rdoc (4.1.1)
+      json (~> 1.4)
+    responders (1.1.1)
+      railties (>= 3.2, < 4.2)
+    ruby-openid (2.5.0)
+    sprockets (2.12.1)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.1.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.9)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    warden (1.2.3)
+      rack (>= 1.0)
+    webrat (0.7.3)
+      nokogiri (>= 1.2.0)
+      rack (>= 1.0)
+      rack-test (>= 0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbc-adapter
+  activerecord-jdbcsqlite3-adapter
+  devise!
+  jruby-openssl
+  mocha (~> 1.1)
+  mongoid (~> 4.0.0)
+  omniauth (~> 1.2.0)
+  omniauth-facebook
+  omniauth-oauth2 (~> 1.1.0)
+  omniauth-openid (~> 1.0.1)
+  rails!
+  rdoc
+  sqlite3
+  webrat (= 0.7.3)
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -4,6 +4,7 @@ require 'active_support/dependencies'
 require 'orm_adapter'
 require 'set'
 require 'securerandom'
+require 'responders'

 module Devise
  autoload :Delegator,          'devise/delegator'
@@ -134,6 +135,10 @@ module Devise
  mattr_accessor :extend_remember_period
  @@extend_remember_period = false

+  # If true, all the remember me tokens are going to be invalidated when the user signs out.
+  mattr_accessor :expire_all_remember_me_on_sign_out
+  @@expire_all_remember_me_on_sign_out = true
+
  # Time interval you can access your account before confirming your account.
  # nil - allows unconfirmed access for unlimited time
  mattr_accessor :allow_unconfirmed_access_for
@@ -268,7 +273,7 @@ module Devise
  # Private methods to interface with Warden.
  mattr_accessor :warden_config
  @@warden_config = nil
-  @@warden_config_block = nil
+  @@warden_config_blocks = []

  # When true, enter in paranoid mode to avoid user enumeration.
  mattr_accessor :paranoid
@@ -276,7 +281,7 @@ module Devise

  # When true, warn user if they just used next-to-last attempt of authentication
  mattr_accessor :last_attempt_warning
-  @@last_attempt_warning = false
+  @@last_attempt_warning = true

  # Stores the token generator
  mattr_accessor :token_generator
@@ -400,7 +405,7 @@ module Devise
  # Sets warden configuration using a block that will be invoked on warden
  # initialization.
  #
-  #  Devise.initialize do |config|
+  #  Devise.setup do |config|
  #    config.allow_unconfirmed_access_for = 2.days
  #
  #    config.warden do |manager|
@@ -409,7 +414,7 @@ module Devise
  #    end
  #  end
  def self.warden(&block)
-    @@warden_config_block = block
+    @@warden_config_blocks << block
  end

  # Specify an omniauth provider.
@@ -463,7 +468,7 @@ module Devise
        end
      end

-      @@warden_config_block.try :call, Devise.warden_config
+      @@warden_config_blocks.map { |block| block.call Devise.warden_config }
      true
    end
  end
--- a/lib/devise/controllers/helpers.rb
+++ b/lib/devise/controllers/helpers.rb
@@ -11,6 +11,68 @@ module Devise
      end

      module ClassMethods
+        # Define authentication filters and accessor helpers for a group of mappings.
+        # These methods are useful when you are working with multiple mappings that
+        # share some functionality. They are pretty much the same as the ones
+        # defined for normal mappings.
+        #
+        # Example:
+        #
+        #   inside BlogsController (or any other controller, it doesn't matter which):
+        #     devise_group :blogger, contains: [:user, :admin]
+        #
+        #   Generated methods:
+        #     authenticate_blogger!  # Redirects unless user or admin are signed in
+        #     blogger_signed_in?     # Checks whether there is either a user or an admin signed in
+        #     current_blogger        # Currently signed in user or admin
+        #     current_bloggers       # Currently signed in user and admin
+        #
+        #   Use:
+        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     current_blogger :user                             # Preferably returns a User if one is signed in
+        #
+        def devise_group(group_name, opts={})
+          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+
+          class_eval <<-METHODS, __FILE__, __LINE__ + 1
+            def authenticate_#{group_name}!(favourite=nil, opts={})
+              unless #{group_name}_signed_in?
+                mappings = #{mappings}
+                mappings.unshift mappings.delete(favourite.to_sym) if favourite
+                mappings.each do |mapping|
+                  opts[:scope] = mapping
+                  warden.authenticate!(opts) if !devise_controller? || opts.delete(:force)
+                end
+              end
+            end
+
+            def #{group_name}_signed_in?
+              #{mappings}.any? do |mapping|
+                warden.authenticate?(scope: mapping)
+              end
+            end
+
+            def current_#{group_name}(favourite=nil)
+              mappings = #{mappings}
+              mappings.unshift mappings.delete(favourite.to_sym) if favourite
+              mappings.each do |mapping|
+                current = warden.authenticate(scope: mapping)
+                return current if current
+              end
+              nil
+            end
+
+            def current_#{group_name.to_s.pluralize}
+              #{mappings}.map do |mapping|
+                warden.authenticate(scope: mapping)
+              end.compact
+            end
+
+            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+          METHODS
+        end
+
        def log_process_action(payload)
          payload[:status] ||= 401 unless payload[:exception]
          super
@@ -102,9 +164,16 @@ module Devise
      # tries to find a resource_root_path, otherwise it uses the root_path.
      def signed_in_root_path(resource_or_scope)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+
        home_path = "#{scope}_root_path"
-        if respond_to?(home_path, true)
-          send(home_path)
+
+        context = router_name ? send(router_name) : self
+
+        if context.respond_to?(home_path, true)
+          context.send(home_path)
+        elsif context.respond_to?(:root_path)
+          context.root_path
        elsif respond_to?(:root_path)
          root_path
        else
@@ -150,7 +219,10 @@ module Devise
      #
      # By default it is the root_path.
      def after_sign_out_path_for(resource_or_scope)
-        respond_to?(:root_path) ? root_path : "/"
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+        router_name = Devise.mappings[scope].router_name
+        context = router_name ? send(router_name) : self
+        context.respond_to?(:root_path) ? context.root_path : "/"
      end

      # Sign in a user and tries to redirect first to the stored location and
@@ -176,10 +248,9 @@ module Devise
      # Overwrite Rails' handle unverified request to sign out all scopes,
      # clear run strategies and remove cached variables.
      def handle_unverified_request
-        sign_out_all_scopes(false)
+        super # call the default behaviour which resets/nullifies/raises
        request.env["devise.skip_storage"] = true
-        expire_data_after_sign_out!
-        super # call the default behaviour which resets the session
+        sign_out_all_scopes(false)
      end

      def request_format
--- a/lib/devise/controllers/sign_in_out.rb
+++ b/lib/devise/controllers/sign_in_out.rb
@@ -72,7 +72,6 @@ module Devise
      def sign_out_all_scopes(lock=true)
        users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }

-        warden.raw_session.inspect
        warden.logout
        expire_data_after_sign_out!
        warden.clear_strategies_cache!
--- a/lib/devise/controllers/store_location.rb
+++ b/lib/devise/controllers/store_location.rb
@@ -33,14 +33,20 @@ module Devise
      #
      def store_location_for(resource_or_scope, location)
        session_key = stored_location_key_for(resource_or_scope)
-        if location
-          uri = URI.parse(location)
+        uri = parse_uri(location)
+        if uri
          session[session_key] = [uri.path.sub(/\A\/+/, '/'), uri.query].compact.join('?')
        end
      end

      private

+      def parse_uri(location)
+        location && URI.parse(location)
+      rescue URI::InvalidURIError
+        nil
+      end
+
      def stored_location_key_for(resource_or_scope)
        scope = Devise::Mapping.find_scope!(resource_or_scope)
        "#{scope}_return_to"
--- a/lib/devise/controllers/url_helpers.rb
+++ b/lib/devise/controllers/url_helpers.rb
@@ -47,7 +47,9 @@ module Devise
              class_eval <<-URL_HELPERS, __FILE__, __LINE__ + 1
                def #{method}(resource_or_scope, *args)
                  scope = Devise::Mapping.find_scope!(resource_or_scope)
-                  _devise_route_context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
+                  router_name = Devise.mappings[scope].router_name
+                  context = router_name ? send(router_name) : _devise_route_context
+                  context.send("#{action}\#{scope}_#{module_name}_#{path_or_url}", *args)
                end
              URL_HELPERS
            end
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@@ -78,6 +78,9 @@ module Devise
        options[:resource_name] = scope
        options[:scope] = "devise.failure"
        options[:default] = [message]
+        auth_keys = scope_class.authentication_keys
+        keys = auth_keys.respond_to?(:keys) ? auth_keys.keys : auth_keys
+        options[:authentication_keys] = keys.join(I18n.translate(:"support.array.words_connector"))
        options = i18n_options(options)

        I18n.t(:"#{scope}.#{message}", options)
@@ -96,15 +99,15 @@ module Devise
          request.referrer
        end

-        path || scope_path
+        path || scope_url
      else
-        scope_path
+        scope_url
      end
    end

-    def scope_path
+    def scope_url
      opts  = {}
-      route = :"new_#{scope}_session_path"
+      route = :"new_#{scope}_session_url"
      opts[:format] = request_format unless skip_format?

      config = Rails.application.config
@@ -114,8 +117,8 @@ module Devise

      if context.respond_to?(route)
        context.send(route, opts)
-      elsif respond_to?(:root_path)
-        root_path(opts)
+      elsif respond_to?(:root_url)
+        root_url(opts)
      else
        "/"
      end
@@ -144,7 +147,7 @@ module Devise
    # It does not make sense to send authenticate headers in ajax requests
    # or if the user disabled them.
    def http_auth_header?
-      Devise.mappings[scope].to.http_authenticatable && !request.xhr?
+      scope_class.http_authenticatable && !request.xhr?
    end

    def http_auth_body
@@ -182,6 +185,10 @@ module Devise
      @scope ||= warden_options[:scope] || Devise.default_scope
    end

+    def scope_class
+      @scope_class ||= Devise.mappings[scope].to
+    end
+
    def attempted_path
      warden_options[:attempted_path]
    end
--- a/lib/devise/hooks/activatable.rb
+++ b/lib/devise/hooks/activatable.rb
@@ -1,7 +1,6 @@
-# Deny user access whenever their account is not active yet. All strategies that inherits from
-# Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
-# before actively signing them in. However, we need this as hook to validate the user activity
-# in each request and in case the user is using other strategies beside Devise ones.
+# Deny user access whenever their account is not active yet.
+# We need this as hook to validate the user activity on each request
+# and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
  if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
    scope = options[:scope]
--- a/lib/devise/hooks/csrf_cleaner.rb
+++ b/lib/devise/hooks/csrf_cleaner.rb
@@ -1,5 +1,7 @@
 Warden::Manager.after_authentication do |record, warden, options|
-  if Devise.clean_up_csrf_token_on_authentication
+  clean_up_for_winning_strategy = !warden.winning_strategy.respond_to?(:clean_up_csrf?) ||
+    warden.winning_strategy.clean_up_csrf?
+  if Devise.clean_up_csrf_token_on_authentication && clean_up_for_winning_strategy
    warden.request.session.try(:delete, :_csrf_token)
  end
 end
--- a/lib/devise/hooks/timeoutable.rb
+++ b/lib/devise/hooks/timeoutable.rb
@@ -9,6 +9,13 @@ Warden::Manager.after_set_user do |record, warden, options|

  if record && record.respond_to?(:timedout?) && warden.authenticated?(scope) && options[:store] != false
    last_request_at = warden.session(scope)['last_request_at']
+
+    if last_request_at.is_a? Integer
+      last_request_at = Time.at(last_request_at).utc
+    elsif last_request_at.is_a? String
+      last_request_at = Time.parse(last_request_at)
+    end
+
    proxy = Devise::Hooks::Proxy.new(warden)

    if record.timedout?(last_request_at) && !env['devise.skip_timeout']
@@ -22,7 +29,7 @@ Warden::Manager.after_set_user do |record, warden, options|
    end

    unless env['devise.skip_trackable']
-      warden.session(scope)['last_request_at'] = Time.now.utc
+      warden.session(scope)['last_request_at'] = Time.now.utc.to_i
    end
  end
 end
--- a/lib/devise/mapping.rb
+++ b/lib/devise/mapping.rb
@@ -23,7 +23,8 @@ module Devise
  #
  class Mapping #:nodoc:
    attr_reader :singular, :scoped_path, :path, :controllers, :path_names,
-                :class_name, :sign_out_via, :format, :used_routes, :used_helpers, :failure_app
+                :class_name, :sign_out_via, :format, :used_routes, :used_helpers,
+                :failure_app, :router_name

    alias :name :singular

@@ -32,7 +33,7 @@ module Devise
    def self.find_scope!(obj)
      case obj
      when String, Symbol
-        return obj
+        return obj.to_sym
      when Class
        Devise.mappings.each_value { |m| return m.name if obj <= m.to }
      else
@@ -60,6 +61,8 @@ module Devise
      @sign_out_via = options[:sign_out_via] || Devise.sign_out_via
      @format = options[:format]

+      @router_name = options[:router_name]
+
      default_failure_app(options)
      default_controllers(options)
      default_path_names(options)
--- a/lib/devise/models/authenticatable.rb
+++ b/lib/devise/models/authenticatable.rb
@@ -170,7 +170,13 @@ module Devise
      #     end
      #
      def send_devise_notification(notification, *args)
-        devise_mailer.send(notification, self, *args).deliver
+        message = devise_mailer.send(notification, self, *args)
+        # Remove once we move to Rails 4.2+ only.
+        if message.respond_to?(:deliver_now)
+          message.deliver_now
+        else
+          message.deliver
+        end
      end

      def downcase_keys
@@ -253,7 +259,7 @@ module Devise

        # Find an initialize a group of attributes based on a list of required attributes.
        def find_or_initialize_with_errors(required_attributes, attributes, error=:invalid) #:nodoc:
-          attributes = attributes.slice(*required_attributes)
+          attributes = attributes.slice(*required_attributes).with_indifferent_access
          attributes.delete_if { |key, value| value.blank? }

          if attributes.size == required_attributes.size
--- a/lib/devise/models/confirmable.rb
+++ b/lib/devise/models/confirmable.rb
@@ -236,17 +236,17 @@ module Devise
        end

        def postpone_email_change?
-          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && !self.email.blank?
+          postpone = self.class.reconfirmable && email_changed? && !@bypass_confirmation_postpone && self.email.present?
          @bypass_confirmation_postpone = false
          postpone
        end

        def reconfirmation_required?
-          self.class.reconfirmable && @reconfirmation_required && !self.email.blank?
+          self.class.reconfirmable && @reconfirmation_required && self.email.present?
        end

        def send_confirmation_notification?
-          confirmation_required? && !@skip_confirmation_notification && !self.email.blank?
+          confirmation_required? && !@skip_confirmation_notification && self.email.present?
        end

        def after_confirmation
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -55,9 +55,13 @@ module Devise
        self.password = self.password_confirmation = nil
      end

-      # Update record attributes when :current_password matches, otherwise returns
-      # error on :current_password. It also automatically rejects :password and
-      # :password_confirmation if they are blank.
+      # Update record attributes when :current_password matches, otherwise
+      # returns error on :current_password.
+      #
+      # This method also rejects the password field if it is blank (allowing
+      # users to change relevant information like the e-mail without changing
+      # their password). In case the password field is rejected, the confirmation
+      # is also rejected as long as it is also blank.
      def update_with_password(params, *options)
        current_password = params.delete(:current_password)

--- a/lib/devise/models/lockable.rb
+++ b/lib/devise/models/lockable.rb
@@ -115,10 +115,10 @@ module Devise
        # leaks the existence of an account.
        if Devise.paranoid
          super
-        elsif lock_strategy_enabled?(:failed_attempts) && last_attempt?
-          :last_attempt
-        elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
+        elsif access_locked? || (lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?)
          :locked
+        elsif lock_strategy_enabled?(:failed_attempts) && last_attempt? && self.class.last_attempt_warning
+          :last_attempt
        else
          super
        end
@@ -189,7 +189,7 @@ module Devise
          self.lock_strategy == strategy
        end

-        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys)
+        Devise::Models.config(self, :maximum_attempts, :lock_strategy, :unlock_strategy, :unlock_in, :unlock_keys, :last_attempt_warning)
      end
    end
  end
--- a/lib/devise/models/recoverable.rb
+++ b/lib/devise/models/recoverable.rb
@@ -45,14 +45,10 @@ module Devise
      # Resets reset password token and send reset password instructions by email.
      # Returns the token sent in the e-mail.
      def send_reset_password_instructions
-        raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+        token = set_reset_password_token
+        send_reset_password_instructions_notification(token)

-        self.reset_password_token   = enc
-        self.reset_password_sent_at = Time.now.utc
-        self.save(validate: false)
-
-        send_devise_notification(:reset_password_instructions, raw, {})
-        raw
+        token
      end

      # Checks if the reset password token sent is within the limit time.
@@ -90,7 +86,27 @@ module Devise
        def after_password_reset
        end

+        def set_reset_password_token
+          raw, enc = Devise.token_generator.generate(self.class, :reset_password_token)
+
+          self.reset_password_token   = enc
+          self.reset_password_sent_at = Time.now.utc
+          self.save(validate: false)
+          raw
+        end
+
+        def send_reset_password_instructions_notification(token)
+          send_devise_notification(:reset_password_instructions, token, {})
+        end
+
      module ClassMethods
+        # Attempt to find a user by password reset token. If a user is found, return it
+        # If a user is not found, return nil
+        def with_reset_password_token(token)
+          reset_password_token = Devise.token_generator.digest(self, :reset_password_token, token)
+          to_adapter.find_first(reset_password_token: reset_password_token)
+        end
+
        # Attempt to find a user by its email. If a record is found, send new
        # password instructions to it. If user is not found, returns a new user
        # with an email not found error.
--- a/lib/devise/models/rememberable.rb
+++ b/lib/devise/models/rememberable.rb
@@ -58,7 +58,7 @@ module Devise
      def forget_me!
        return unless persisted?
        self.remember_token = nil if respond_to?(:remember_token=)
-        self.remember_created_at = nil
+        self.remember_created_at = nil if self.class.expire_all_remember_me_on_sign_out
        save(validate: false)
      end

@@ -122,7 +122,7 @@ module Devise
          end
        end

-        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options)
+        Devise::Models.config(self, :remember_for, :extend_remember_period, :rememberable_options, :expire_all_remember_me_on_sign_out)
      end
    end
  end
--- a/lib/devise/models/trackable.rb
+++ b/lib/devise/models/trackable.rb
@@ -15,7 +15,7 @@ module Devise
        [:current_sign_in_at, :current_sign_in_ip, :last_sign_in_at, :last_sign_in_ip, :sign_in_count]
      end

-      def update_tracked_fields!(request)
+      def update_tracked_fields(request)
        old_current, new_current = self.current_sign_in_at, Time.now.utc
        self.last_sign_in_at     = old_current || new_current
        self.current_sign_in_at  = new_current
@@ -26,7 +26,10 @@ module Devise

        self.sign_in_count ||= 0
        self.sign_in_count += 1
+      end

+      def update_tracked_fields!(request)
+        update_tracked_fields(request)
        save(validate: false) or raise "Devise trackable could not save #{inspect}." \
          "Please make sure a model using trackable can be saved at sign in."
      end
--- a/lib/devise/rails/routes.rb
+++ b/lib/devise/rails/routes.rb
@@ -129,7 +129,8 @@ module ActionDispatch::Routing
    #
    #      devise_for :users, module: "users"
    #
-    #  * skip: tell which controller you want to skip routes from being created:
+    #  * skip: tell which controller you want to skip routes from being created.
+    #    It accepts :all as an option, meaning it will not generate any route at all:
    #
    #      devise_for :users, skip: :sessions
    #
@@ -153,6 +154,8 @@ module ActionDispatch::Routing
    #
    #  * defaults: works the same as Rails' defaults
    #
+    #  * router_name: allows application level router name to be overwritten for the current scope
+    #
    # ==== Scoping
    #
    # Following Rails 3 routes DSL, you can nest devise_for calls inside a scope:
@@ -224,7 +227,7 @@ module ActionDispatch::Routing
          raise_no_devise_method_error!(mapping.class_name) unless mapping.to.respond_to?(:devise)
        rescue NameError => e
          raise unless mapping.class_name == resource.to_s.classify
-          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " <<
+          warn "[WARNING] You provided devise_for #{resource.inspect} but there is " \
            "no model #{mapping.class_name} defined in your application"
          next
        rescue NoMethodError => e
@@ -234,13 +237,12 @@ module ActionDispatch::Routing

        if options[:controllers] && options[:controllers][:omniauth_callbacks]
          unless mapping.omniauthable?
-            msg =  "Mapping omniauth_callbacks on a resource that is not omniauthable\n"
-            msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
-            raise msg
+            raise ArgumentError, "Mapping omniauth_callbacks on a resource that is not omniauthable\n" \
+              "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
          end
        end

-        routes  = mapping.used_routes
+        routes = mapping.used_routes

        devise_scope mapping.name do
          with_devise_exclusive_scope mapping.fullpath, mapping.name, options do
@@ -433,26 +435,23 @@ ERROR

        match "#{path_prefix}/:action/callback",
          constraints: { action: providers },
-          to: controllers[:omniauth_callbacks],
+          to: "#{controllers[:omniauth_callbacks]}#:action",
          as: :omniauth_callback,
          via: [:get, :post]
      ensure
        @scope[:path] = path
      end

-      DEVISE_SCOPE_KEYS = [:as, :path, :module, :constraints, :defaults, :options]
-
      def with_devise_exclusive_scope(new_path, new_as, options) #:nodoc:
-        old = {}
-        DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] }
+        current_scope = @scope.dup

-        new = { as: new_as, path: new_path, module: nil }
-        new.merge!(options.slice(:constraints, :defaults, :options))
+        exclusive = { as: new_as, path: new_path, module: nil }
+        exclusive.merge!(options.slice(:constraints, :defaults, :options))

-        @scope.merge!(new)
+        exclusive.each_pair { |key, value| @scope[key] = value }
        yield
      ensure
-        @scope.merge!(old)
+        @scope = current_scope
      end

      def constraints_for(method_to_apply, scope=nil, block=nil)
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -16,6 +16,13 @@ module Devise
        valid_for_params_auth? || valid_for_http_auth?
      end

+      # Override and set to false for things like OmniAuth that technically
+      # run through Authentication (user_set) very often, which would normally
+      # reset CSRF data in the session
+      def clean_up_csrf?
+        true
+      end
+
    private

      # Receives a resource and check if it is valid by calling valid_for_authentication?
@@ -29,7 +36,6 @@ module Devise
        result = resource && resource.valid_for_authentication?(&block)

        if result
-          decorate(resource)
          true
        else
          if resource
@@ -40,7 +46,7 @@ module Devise
      end

      # Get values from params and set in the resource.
-      def decorate(resource)
+      def remember_me(resource)
        resource.remember_me = remember_me? if resource.respond_to?(:remember_me=)
      end

--- a/lib/devise/strategies/database_authenticatable.rb
+++ b/lib/devise/strategies/database_authenticatable.rb
@@ -9,6 +9,7 @@ module Devise
        encrypted = false

        if validate(resource){ encrypted = true; resource.valid_password?(password) }
+          remember_me(resource)
          resource.after_database_authentication
          success!(resource)
        end
--- a/lib/devise/strategies/rememberable.rb
+++ b/lib/devise/strategies/rememberable.rb
@@ -25,15 +25,18 @@ module Devise
        end

        if validate(resource)
+          remember_me(resource)
+          extend_remember_me_period(resource)
          success!(resource)
        end
      end

    private

-      def decorate(resource)
-        super
-        resource.extend_remember_period = mapping.to.extend_remember_period if resource.respond_to?(:extend_remember_period=)
+      def extend_remember_me_period(resource)
+        if resource.respond_to?(:extend_remember_period=)
+          resource.extend_remember_period = mapping.to.extend_remember_period
+        end
      end

      def remember_me?
--- a/lib/devise/version.rb
+++ b/lib/devise/version.rb
@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.2.4".freeze
+  VERSION = "3.4.1".freeze
 end
--- a/lib/generators/active_record/devise_generator.rb
+++ b/lib/generators/active_record/devise_generator.rb
@@ -53,8 +53,8 @@ module ActiveRecord
      t.integer  :sign_in_count, default: 0, null: false
      t.datetime :current_sign_in_at
      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
+      t.#{ip_column} :current_sign_in_ip
+      t.#{ip_column} :last_sign_in_ip

      ## Confirmable
      # t.string   :confirmation_token
@@ -68,6 +68,24 @@ module ActiveRecord
      # t.datetime :locked_at
 RUBY
      end
+
+      def ip_column
+        # Padded with spaces so it aligns nicely with the rest of the columns.
+        "%-8s" % (inet? ? "inet" : "string")
+      end
+
+      def inet?
+        rails4? && postgresql?
+      end
+
+      def rails4?
+        Rails.version.start_with? '4'
+      end
+
+      def postgresql?
+        config = ActiveRecord::Base.configurations[Rails.env]
+        config && config['adapter'] == 'postgresql'
+      end
    end
  end
 end
--- a/lib/generators/devise/controllers_generator.rb
+++ b/lib/generators/devise/controllers_generator.rb
@@ -0,0 +1,44 @@
+require 'rails/generators/base'
+
+module Devise
+  module Generators
+    class ControllersGenerator < Rails::Generators::Base
+      CONTROLLERS = %w(confirmations passwords registrations sessions unlocks omniauth_callbacks).freeze
+
+      desc <<-DESC.strip_heredoc
+        Create inherited Devise controllers in your app/controllers folder.
+
+        Use -c to specify which controller you want to overwrite.
+        If you do no specify a controller, all controllers will be created.
+        For example:
+
+          rails generate devise:controllers users -c=sessions
+
+        This will create a controller class at app/controllers/users/sessions_controller.rb like this:
+
+          class Users::ConfirmationsController < Devise::ConfirmationsController
+            content...
+          end
+      DESC
+
+      source_root File.expand_path("../../templates/controllers", __FILE__)
+      argument :scope, required: true,
+        desc: "The scope to create controllers in, e.g. users, admins"
+      class_option :controllers, aliases: "-c", type: :array,
+        desc: "Select specific controllers to generate (#{CONTROLLERS.join(', ')})"
+
+      def create_controllers
+        @scope_prefix = scope.blank? ? '' : (scope.camelize + '::')
+        controllers = options[:controllers] || CONTROLLERS
+        controllers.each do |name|
+          template "#{name}_controller.rb",
+                   "app/controllers/#{scope}/#{name}_controller.rb"
+        end
+      end
+
+      def show_readme
+        readme "README" if behavior == :invoke
+      end
+    end
+  end
+end
--- a/lib/generators/templates/README
+++ b/lib/generators/templates/README
@@ -6,7 +6,7 @@ Some setup you must do manually if you haven't yet:
     is an example of default_url_options appropriate for a development environment
     in config/environments/development.rb:

-       config.action_mailer.default_url_options = { host: 'localhost:3000' }
+       config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }

     In production, :host should be set to the actual host of your application.

--- a/lib/generators/templates/controllers/README
+++ b/lib/generators/templates/controllers/README
@@ -0,0 +1,14 @@
+===============================================================================
+
+Some setup you must do manually if you haven't yet:
+
+  Ensure you have overridden routes for generated controllers in your route.rb.
+  For example:
+
+    Rails.application.routes.draw do
+      devise_for :users, controllers: {
+        sessions: 'sessions'
+      }
+    end
+
+===============================================================================
--- a/lib/generators/templates/controllers/confirmations_controller.rb
+++ b/lib/generators/templates/controllers/confirmations_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/confirmation
+  # def create
+  #   super
+  # end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after resending confirmation instructions.
+  # def after_resending_confirmation_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+
+  # The path used after confirmation.
+  # def after_confirmation_path_for(resource_name, resource)
+  #   super(resource_name, resource)
+  # end
+end
--- a/lib/generators/templates/controllers/omniauth_callbacks_controller.rb
+++ b/lib/generators/templates/controllers/omniauth_callbacks_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  # You should configure your model like this:
+  # devise :omniauthable, omniauth_providers: [:twitter]
+
+  # You should also create an action method in this controller like this:
+  # def twitter
+  # end
+
+  # More info at:
+  # https://github.com/plataformatec/devise#omniauth
+
+  # GET|POST /resource/auth/twitter
+  # def passthru
+  #   super
+  # end
+
+  # GET|POST /users/auth/twitter/callback
+  # def failure
+  #   super
+  # end
+
+  # protected
+
+  # The path used when omniauth fails
+  # def after_omniauth_failure_path_for(scope)
+  #   super(scope)
+  # end
+end
--- a/lib/generators/templates/controllers/passwords_controller.rb
+++ b/lib/generators/templates/controllers/passwords_controller.rb
@@ -0,0 +1,32 @@
+class <%= @scope_prefix %>PasswordsController < Devise::PasswordsController
+  # GET /resource/password/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/password
+  # def create
+  #   super
+  # end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource/password
+  # def update
+  #   super
+  # end
+
+  # protected
+
+  # def after_resetting_password_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sending reset password instructions
+  # def after_sending_reset_password_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+end
--- a/lib/generators/templates/controllers/registrations_controller.rb
+++ b/lib/generators/templates/controllers/registrations_controller.rb
@@ -0,0 +1,60 @@
+class <%= @scope_prefix %>RegistrationsController < Devise::RegistrationsController
+# before_filter :configure_sign_up_params, only: [:create]
+# before_filter :configure_account_update_params, only: [:update]
+
+  # GET /resource/sign_up
+  # def new
+  #   super
+  # end
+
+  # POST /resource
+  # def create
+  #   super
+  # end
+
+  # GET /resource/edit
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource
+  # def update
+  #   super
+  # end
+
+  # DELETE /resource
+  # def destroy
+  #   super
+  # end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  # def cancel
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.for(:sign_up) << :attribute
+  # end
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.for(:account_update) << :attribute
+  # end
+
+  # The path used after sign up.
+  # def after_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end
--- a/lib/generators/templates/controllers/sessions_controller.rb
+++ b/lib/generators/templates/controllers/sessions_controller.rb
@@ -0,0 +1,25 @@
+class <%= @scope_prefix %>SessionsController < Devise::SessionsController
+# before_filter :configure_sign_in_params, only: [:create]
+
+  # GET /resource/sign_in
+  # def new
+  #   super
+  # end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # protected
+
+  # You can put the params you want to permit in the empty array.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.for(:sign_in) << :attribute
+  # end
+end
--- a/lib/generators/templates/controllers/unlocks_controller.rb
+++ b/lib/generators/templates/controllers/unlocks_controller.rb
@@ -0,0 +1,28 @@
+class <%= @scope_prefix %>UnlocksController < Devise::UnlocksController
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end
--- a/lib/generators/templates/devise.rb
+++ b/lib/generators/templates/devise.rb
@@ -65,7 +65,7 @@ Devise.setup do |config|
  # :database      = Support basic authentication with authentication key + password
  # config.http_authenticatable = false

-  # If http headers should be returned for AJAX requests. True by default.
+  # If 401 status code should be returned for AJAX requests. True by default.
  # config.http_authenticatable_on_xhr = true

  # The realm used in Http Basic Authentication. 'Application' by default.
@@ -132,6 +132,9 @@ Devise.setup do |config|
  # The time the user will be remembered without asking for credentials again.
  # config.remember_for = 2.weeks

+  # Invalidates all the remember me tokens when the user signs out.
+  config.expire_all_remember_me_on_sign_out = true
+
  # If true, extends the user's remember period when remembered via cookie.
  # config.extend_remember_period = false

@@ -180,7 +183,7 @@ Devise.setup do |config|
  # config.unlock_in = 1.hour

  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = false
+  # config.last_attempt_warning = true

  # ==> Configuration for :recoverable
  #
--- a/lib/generators/templates/simple_form_for/registrations/new.html.erb
+++ b/lib/generators/templates/simple_form_for/registrations/new.html.erb
@@ -5,7 +5,7 @@

  <div class="form-inputs">
    <%= f.input :email, required: true, autofocus: true %>
-    <%= f.input :password, required: true %>
+    <%= f.input :password, required: true, hint: ("#{@minimum_password_length} characters minimum" if @validatable) %>
    <%= f.input :password_confirmation, required: true %>
  </div>

--- a/lib/generators/templates/simple_form_for/sessions/new.html.erb
+++ b/lib/generators/templates/simple_form_for/sessions/new.html.erb
@@ -1,4 +1,4 @@
-<h2>Sign in</h2>
+<h2>Log in</h2>

 <%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
  <div class="form-inputs">
@@ -8,7 +8,7 @@
  </div>

  <div class="form-actions">
-    <%= f.button :submit, "Sign in" %>
+    <%= f.button :submit, "Log in" %>
  </div>
 <% end %>

--- a/script/cached-bundle
+++ b/script/cached-bundle
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+# Usage: cached-bundle install --deployment
+#
+# After running `bundle`, caches the `vendor/bundle` directory to S3.
+# On the next run, restores the cached directory before running `bundle`.
+# When `Gemfile.lock` changes, the cache gets rebuilt.
+#
+# Requirements:
+# - Gemfile.lock
+# - TRAVIS_REPO_SLUG
+# - TRAVIS_RUBY_VERSION
+# - AMAZON_S3_BUCKET
+# - script/s3-put
+# - bundle
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+compute_md5() {
+  local output="$(openssl md5)"
+  echo "${output##* }"
+}
+
+download() {
+  curl --tcp-nodelay -qsfL "$1" -o "$2"
+}
+
+
+gemfile="${BUNDLE_GEMFILE:-Gemfile}"
+bundle_fullpath="$(dirname $gemfile)/vendor/bundle"
+bundle_path=${bundle_fullpath#$PWD/}
+gemfile_hash="$(compute_md5 <"${gemfile}.lock")"
+cache_name="${TRAVIS_RUBY_VERSION}-${gemfile_hash}.tgz"
+fetch_url="http://${AMAZON_S3_BUCKET}.s3.amazonaws.com/${TRAVIS_REPO_SLUG}/${cache_name}"
+
+if download "$fetch_url" "$cache_name"; then
+  echo "Reusing cached bundle ${cache_name}"
+  tar xzf "$cache_name"
+fi
+
+bundle "$@"
+
+if [ ! -f "$cache_name" ] && [ -n "$AMAZON_SECRET_ACCESS_KEY" ]; then
+  echo "Caching \`${bundle_path}' to S3"
+  tar czf "$cache_name" "$bundle_path"
+  script/s3-put "$cache_name" "${AMAZON_S3_BUCKET}:${TRAVIS_REPO_SLUG}/${cache_name}"
+fi
--- a/script/s3-put
+++ b/script/s3-put
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# Usage: s3-put <FILE> <S3_BUCKET>[:<PATH>] [<CONTENT_TYPE>]
+#
+# Uploads a file to the Amazon S3 service.
+# Outputs the URL for the newly uploaded file.
+#
+# Requirements:
+# - AMAZON_ACCESS_KEY_ID
+# - AMAZON_SECRET_ACCESS_KEY
+# - openssl
+# - curl
+#
+# Author: Mislav Marohnić
+
+set -e
+
+authorization() {
+  local signature="$(string_to_sign | hmac_sha1 | base64)"
+  echo "AWS ${AMAZON_ACCESS_KEY_ID?}:${signature}"
+}
+
+hmac_sha1() {
+  openssl dgst -binary -sha1 -hmac "${AMAZON_SECRET_ACCESS_KEY?}"
+}
+
+base64() {
+  openssl enc -base64
+}
+
+bin_md5() {
+  openssl dgst -binary -md5
+}
+
+string_to_sign() {
+  echo "$http_method"
+  echo "$content_md5"
+  echo "$content_type"
+  echo "$date"
+  echo "x-amz-acl:$acl"
+  printf "/$bucket/$remote_path"
+}
+
+date_string() {
+  LC_TIME=C date "+%a, %d %h %Y %T %z"
+}
+
+file="$1"
+bucket="${2%%:*}"
+remote_path="${2#*:}"
+content_type="$3"
+
+if [ -z "$remote_path" ] || [ "$remote_path" = "$bucket" ]; then
+  remote_path="${file##*/}"
+fi
+
+http_method=PUT
+acl="public-read"
+content_md5="$(bin_md5 < "$file" | base64)"
+date="$(date_string)"
+
+url="https://$bucket.s3.amazonaws.com/$remote_path"
+
+curl -qsSf -T "$file" \
+  -H "Authorization: $(authorization)" \
+  -H "x-amz-acl: $acl" \
+  -H "Date: $date" \
+  -H "Content-MD5: $content_md5" \
+  -H "Content-Type: $content_type" \
+  "$url"
+
+echo "$url"
--- a/test/controllers/custom_registrations_controller_test.rb
+++ b/test/controllers/custom_registrations_controller_test.rb
@@ -0,0 +1,35 @@
+require 'test_helper'
+
+class CustomRegistrationsControllerTest < ActionController::TestCase
+  tests Custom::RegistrationsController
+
+  include Devise::TestHelpers
+
+  setup do
+    request.env["devise.mapping"] = Devise.mappings[:user]
+    @password = 'password'
+    @user = create_user(password: @password, password_confirmation: @password).tap(&:confirm!)
+  end
+
+  test "yield resource to block on create success" do
+    post :create, { user: { email: "user@example.org", password: "password", password_confirmation: "password" } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on create failure" do
+    post :create, { user: { } }
+    assert @controller.create_block_called?, "create failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update success" do
+    sign_in @user
+    put :update, { user: { current_password: @password } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+
+  test "yield resource to block on update failure" do
+    sign_in @user
+    put :update, { user: { } }
+    assert @controller.update_block_called?, "update failed to yield resource to provided block"
+  end
+end
--- a/test/controllers/helpers_test.rb
+++ b/test/controllers/helpers_test.rb
@@ -25,6 +25,13 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.signed_in?
  end

+  test 'proxy [group]_signed_in? to authenticate? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.commenter_signed_in?
+  end
+
  test 'proxy current_user to authenticate with user scope' do
    @mock_warden.expects(:authenticate).with(scope: :user)
    @controller.current_user
@@ -35,6 +42,20 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.current_admin
  end

+  test 'proxy current_[group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope).returns(nil)
+    end
+    @controller.current_commenter
+  end
+
+  test 'proxy current_[plural_group] to authenticate with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate).with(scope: scope)
+    end
+    @controller.current_commenters
+  end
+
  test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
    @controller.current_publisher_account
@@ -55,6 +76,14 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    @controller.authenticate_admin!
  end

+  test 'proxy authenticate_[group]! to authenticate!? with each scope' do
+    [:user, :admin].each do |scope|
+      @mock_warden.expects(:authenticate!).with(scope: scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope).returns(false)
+    end
+    @controller.authenticate_commenter!
+  end
+
  test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
    @controller.authenticate_publisher_account!
@@ -193,6 +222,12 @@ class ControllerAuthenticatableTest < ActionController::TestCase
    assert_equal "/foo.bar", @controller.stored_location_for(:user)
  end

+  test 'store bad location for stores a location to redirect back to' do
+    assert_nil @controller.stored_location_for(:user)
+    @controller.store_location_for(:user, "/foo.bar\">Carry")
+    assert_nil @controller.stored_location_for(:user)
+  end
+
  test 'store location for accepts a resource as argument' do
    @controller.store_location_for(User.new, "/foo.bar")
    assert_equal "/foo.bar", @controller.stored_location_for(User.new)
--- a/test/controllers/internal_helpers_test.rb
+++ b/test/controllers/internal_helpers_test.rb
@@ -51,7 +51,7 @@ class HelpersTest < ActionController::TestCase
  end

  test 'resources methods are not controller actions' do
-    assert @controller.class.action_methods.empty?
+    assert @controller.class.action_methods.delete_if { |m| m.include? 'commenter' }.empty?
  end

  test 'require no authentication tests current mapping' do
@@ -99,6 +99,12 @@ class HelpersTest < ActionController::TestCase
    assert_equal 'non-blank', flash[:notice]
  end

+  test 'issues non-blank flash.now messages normally' do
+    I18n.stubs(:t).returns('non-blank')
+    @controller.send :set_flash_message, :notice, :send_instructions, { now: true }
+    assert_equal 'non-blank', flash.now[:notice]
+  end
+
  test 'uses custom i18n options' do
    @controller.stubs(:devise_i18n_options).returns(default: "devise custom options")
    @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
--- a/test/controllers/passwords_controller_test.rb
+++ b/test/controllers/passwords_controller_test.rb
@@ -12,7 +12,7 @@ class PasswordsControllerTest < ActionController::TestCase

  def put_update_with_params
    put :update, "user" => {
-      "reset_password_token" => @raw, "password" => "123456", "password_confirmation" => "123456"
+      "reset_password_token" => @raw, "password" => "1234567", "password_confirmation" => "1234567"
    }
  end

--- a/test/controllers/url_helpers_test.rb
+++ b/test/controllers/url_helpers_test.rb
@@ -13,6 +13,12 @@ class RoutesTest < ActionController::TestCase
    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user),
                 send(:"#{prepend_path}user_#{name}_url")

+    # With string
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", "user"),
+                 send(:"#{prepend_path}user_#{name}_path")
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", "user"),
+                 send(:"#{prepend_path}user_#{name}_url")
+
    # Default url params
    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123),
                 send(:"#{prepend_path}user_#{name}_path", param: 123)
--- a/test/devise_test.rb
+++ b/test/devise_test.rb
@@ -3,10 +3,10 @@ require 'test_helper'
 module Devise
  def self.yield_and_restore
    @@warden_configured = nil
-    c, b = @@warden_config, @@warden_config_block
+    c, b = @@warden_config, @@warden_config_blocks
    yield
  ensure
-    @@warden_config, @@warden_config_block = c, b
+    @@warden_config, @@warden_config_blocks = c, b
  end
 end

@@ -42,14 +42,27 @@ class DeviseTest < ActiveSupport::TestCase

  test 'warden manager user configuration through a block' do
    Devise.yield_and_restore do
-      @executed = false
+      executed = false
      Devise.warden do |config|
-        @executed = true
+        executed = true
        assert_kind_of Warden::Config, config
      end

      Devise.configure_warden!
-      assert @executed
+      assert executed
+    end
+  end
+
+  test 'warden manager user configuration through multiple blocks' do
+    Devise.yield_and_restore do
+      executed = 0
+
+      3.times do
+        Devise.warden { |config| executed += 1 }
+      end
+
+      Devise.configure_warden!
+      assert_equal 3, executed
    end
  end

--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@@ -8,6 +8,18 @@ class FailureTest < ActiveSupport::TestCase
    end
  end

+  class FailureWithSubdomain < RootFailureApp
+    routes = ActionDispatch::Routing::RouteSet.new
+
+    routes.draw do
+      scope subdomain: 'sub' do
+        root to: 'foo#bar'
+      end
+    end
+
+    include routes.url_helpers
+  end
+
  class FailureWithI18nOptions < Devise::FailureApp
    def i18n_options(options)
      options.merge(name: 'Steve')
@@ -42,6 +54,13 @@ class FailureTest < ActiveSupport::TestCase
      assert_equal 'http://test.host/users/sign_in', @response.second['Location']
    end

+    test 'returns to the default redirect location considering subdomain' do
+      call_failure('warden.options' => { scope: :subdomain_user })
+      assert_equal 302, @response.first
+      assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+      assert_equal 'http://sub.test.host/subdomain_users/sign_in', @response.second['Location']
+    end
+
    test 'returns to the default redirect location for wildcard requests' do
      call_failure 'action_dispatch.request.formats' => nil, 'HTTP_ACCEPT' => '*/*'
      assert_equal 302, @response.first
@@ -57,6 +76,15 @@ class FailureTest < ActiveSupport::TestCase
      end
    end

+    test 'returns to the root path considering subdomain if no session path is available' do
+      swap Devise, router_name: :fake_app do
+        call_failure app: FailureWithSubdomain
+        assert_equal 302, @response.first
+        assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
+        assert_equal 'http://sub.test.host/', @response.second['Location']
+      end
+    end
+
    if Rails.application.config.respond_to?(:relative_url_root)
      test 'returns to the default redirect location considering the relative url root' do
        swap Rails.application.config, relative_url_root: "/sample" do
@@ -65,6 +93,14 @@ class FailureTest < ActiveSupport::TestCase
          assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
        end
      end
+
+      test 'returns to the default redirect location considering the relative url root and subdomain' do
+        swap Rails.application.config, relative_url_root: "/sample" do
+          call_failure('warden.options' => { scope: :subdomain_user })
+          assert_equal 302, @response.first
+          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
+        end
+      end
    end

    test 'uses the proxy failure message as symbol' do
@@ -73,6 +109,13 @@ class FailureTest < ActiveSupport::TestCase
      assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
    end

+    test 'supports authentication_keys as a Hash for the flash message' do
+      swap Devise, authentication_keys: { email: true, login: true } do
+        call_failure('warden' => OpenStruct.new(message: :invalid))
+        assert_equal 'Invalid email, login or password.', @request.flash[:alert]
+      end
+    end
+
    test 'uses custom i18n options' do
      call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions)
      assert_equal 'User Steve does not exist', @request.flash[:alert]
@@ -203,7 +246,7 @@ class FailureTest < ActiveSupport::TestCase
        "warden" => stub_everything
      }
      call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('<h2>Log in</h2>')
      assert @response.third.body.include?('Invalid email or password.')
    end

@@ -214,8 +257,8 @@ class FailureTest < ActiveSupport::TestCase
        "warden" => stub_everything
      }
      call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
-      assert @response.third.body.include?('You have to confirm your account before continuing.')
+      assert @response.third.body.include?('<h2>Log in</h2>')
+      assert @response.third.body.include?('You have to confirm your email address before continuing.')
    end

    test 'calls the original controller if inactive account' do
@@ -225,7 +268,7 @@ class FailureTest < ActiveSupport::TestCase
        "warden" => stub_everything
      }
      call_failure(env)
-      assert @response.third.body.include?('<h2>Sign in</h2>')
+      assert @response.third.body.include?('<h2>Log in</h2>')
      assert @response.third.body.include?('Your account is not activated yet.')
    end
  end
--- a/test/generators/active_record_generator_test.rb
+++ b/test/generators/active_record_generator_test.rb
@@ -37,6 +37,12 @@ if DEVISE_ORM == :active_record
      assert_no_file "app/models/monster.rb"
      assert_no_migration "db/migrate/devise_create_monsters.rb"
    end
+
+    test "use string column type for ip addresses" do
+      run_generator %w(monster)
+      assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :current_sign_in_ip/
+      assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :last_sign_in_ip/
+    end
  end

  module RailsEngine
--- a/test/generators/controllers_generator_test.rb
+++ b/test/generators/controllers_generator_test.rb
@@ -0,0 +1,48 @@
+require "test_helper"
+
+class ControllersGeneratorTest < Rails::Generators::TestCase
+  tests Devise::Generators::ControllersGenerator
+  destination File.expand_path("../../tmp", __FILE__)
+  setup :prepare_destination
+
+  test "Assert no controllers are created with no params" do
+    capture(:stderr) { run_generator }
+    assert_no_file "app/controllers/sessions_controller.rb"
+    assert_no_file "app/controllers/registrations_controller.rb"
+    assert_no_file "app/controllers/confirmations_controller.rb"
+    assert_no_file "app/controllers/passwords_controller.rb"
+    assert_no_file "app/controllers/unlocks_controller.rb"
+    assert_no_file "app/controllers/omniauth_callbacks_controller.rb"
+  end
+
+  test "Assert all controllers are properly created with scope param" do
+    run_generator %w(users)
+    assert_class_names 'users'
+
+    run_generator %w(admins)
+    assert_class_names 'admins'
+  end
+
+  test "Assert specified controllers with scope" do
+    run_generator %w(users -c sessions)
+    assert_file "app/controllers/users/sessions_controller.rb"
+    assert_no_file "app/controllers/users/registrations_controller.rb"
+    assert_no_file "app/controllers/users/confirmations_controller.rb"
+    assert_no_file "app/controllers/users/passwords_controller.rb"
+    assert_no_file "app/controllers/users/unlocks_controller.rb"
+    assert_no_file "app/controllers/users/omniauth_callbacks_controller.rb"
+  end
+
+  private
+
+    def assert_class_names(scope, options = {})
+      base_dir = "app/controllers#{scope.blank? ? '' : ('/' + scope)}"
+      scope_prefix = scope.blank? ? '' : (scope.camelize + '::')
+      controllers = options[:controllers] ||
+        %w(confirmations passwords registrations sessions unlocks omniauth_callbacks)
+
+      controllers.each do |c|
+        assert_file "#{base_dir}/#{c}_controller.rb", /#{scope_prefix + c.camelize}/
+      end
+    end
+end
--- a/test/generators/views_generator_test.rb
+++ b/test/generators/views_generator_test.rb
@@ -78,7 +78,7 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
    assert_file "app/views/#{scope}/registrations/new.html.erb"
    assert_file "app/views/#{scope}/registrations/edit.html.erb"
    assert_file "app/views/#{scope}/sessions/new.html.erb"
-    assert_file "app/views/#{scope}/shared/_links.erb"
+    assert_file "app/views/#{scope}/shared/_links.html.erb"
    assert_file "app/views/#{scope}/unlocks/new.html.erb"
  end

--- a/test/helpers/devise_helper_test.rb
+++ b/test/helpers/devise_helper_test.rb
@@ -2,23 +2,22 @@ require 'test_helper'

 class DeviseHelperTest < ActionDispatch::IntegrationTest
  setup do
-    model_labels = { models: { user: "utilisateur" } }
-
-    I18n.backend.store_translations :fr,
-    {
+    model_labels = { models: { user: "the user" } }
+    translations = {
      errors: { messages: { not_saved: {
-        one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
-        other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
+        one: "Can't save %{resource} because of 1 error",
+        other: "Can't save %{resource} because of %{count} errors",
      } } },
      activerecord: model_labels,
      mongoid: model_labels
    }

-    I18n.locale = 'fr'
+    I18n.available_locales
+    I18n.backend.store_translations(:en, translations)
  end

  teardown do
-    I18n.locale = 'en'
+    I18n.reload!
  end

  test 'test errors.messages.not_saved with single error from i18n' do
@@ -29,7 +28,7 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
    click_button 'Sign up'

    assert_have_selector '#error_explanation'
-    assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 1 erreur"
+    assert_contain "Can't save the user because of 1 error"
  end

  test 'test errors.messages.not_saved with multiple errors from i18n' do
@@ -45,7 +44,6 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
    click_button 'Sign up'

    assert_have_selector '#error_explanation'
-    assert_contain "Erreur lors de l'enregistrement de 'utilisateur': 2 erreurs"
+    assert_contain "Can't save the user because of 2 errors"
  end
 end
-
--- a/test/integration/authenticatable_test.rb
+++ b/test/integration/authenticatable_test.rb
@@ -118,13 +118,13 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
    assert_not warden.authenticated?(:admin)
  end

-  test 'unauthenticated admin does not set message on sign out' do
+  test 'unauthenticated admin set message on sign out' do
    get destroy_admin_session_path
    assert_response :redirect
    assert_redirected_to root_path

    get root_path
-    assert_not_contain 'Signed out successfully'
+    assert_contain 'Signed out successfully'
  end

  test 'scope uses custom failure app' do
@@ -448,7 +448,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest

  test 'uses the custom controller with the custom controller view' do
    get '/admin_area/sign_in'
-    assert_contain 'Sign in'
+    assert_contain 'Log in'
    assert_contain 'Welcome to "admins/sessions" controller!'
    assert_contain 'Welcome to "sessions/new" view!'
  end
@@ -580,7 +580,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest
  test 'missing authentication keys cause authentication to abort' do
    swap Devise, authentication_keys: [:subdomain] do
      sign_in_as_user
-      assert_contain "Invalid email or password."
+      assert_contain "Invalid subdomain or password."
      assert_not warden.authenticated?(:user)
    end
  end
@@ -711,3 +711,19 @@ class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
    assert_redirected_to '/admin_area/home'
  end
 end
+
+class DoubleSignOutRedirectTest < ActionDispatch::IntegrationTest
+  test 'sign out after already having signed out redirects to sign in' do
+    sign_in_as_user
+
+    post destroy_sign_out_via_delete_or_post_session_path
+
+    get root_path
+    assert_contain 'Signed out successfully.'
+
+    post destroy_sign_out_via_delete_or_post_session_path
+
+    get root_path
+    assert_contain 'Signed out successfully.'
+  end
+end
--- a/test/integration/confirmable_test.rb
+++ b/test/integration/confirmable_test.rb
@@ -21,7 +21,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
    resend_confirmation

    assert_current_url '/users/sign_in'
-    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
+    assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
    assert_equal 1, ActionMailer::Base.deliveries.size
    assert_equal ['please-change-me@config-initializers-devise.com'], ActionMailer::Base.deliveries.first.from
  end
@@ -47,6 +47,37 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
      assert_have_selector '#error_explanation'
      assert_contain /needs to be confirmed within 3 days/
      assert_not user.reload.confirmed?
+      assert_current_url "/users/confirmation?confirmation_token=#{user.raw_confirmation_token}"
+    end
+  end
+
+  test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine it should raise an error' do
+    user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
+
+    swap Devise, confirm_within: 3.days, router_name: :fake_engine do
+      assert_raise ActionView::Template::Error do
+        visit_user_confirmation_with_token(user.raw_confirmation_token)
+      end
+    end
+  end
+
+  test 'user with valid confirmation token where the token has expired and with application router_name set to a different engine and route overrides back to main it shows the path' do
+    user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
+
+    swap Devise, confirm_within: 3.days, router_name: :fake_engine do
+      visit user_on_main_app_confirmation_path(confirmation_token: user.raw_confirmation_token)
+
+      assert_current_url "/user_on_main_apps/confirmation?confirmation_token=#{user.raw_confirmation_token}"
+    end
+  end
+
+  test 'user with valid confirmation token where the token has expired with router overrides different engine it shows the path' do
+    user = create_user(confirm: false, confirmation_sent_at: 4.days.ago)
+
+    swap Devise, confirm_within: 3.days do
+      visit user_on_engine_confirmation_path(confirmation_token: user.raw_confirmation_token)
+
+      assert_current_url "/user_on_engines/confirmation?confirmation_token=#{user.raw_confirmation_token}"
    end
  end

@@ -56,7 +87,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
      assert_not user.confirmed?
      visit_user_confirmation_with_token(user.raw_confirmation_token)

-      assert_contain 'Your account was successfully confirmed.'
+      assert_contain 'Your email address has been successfully confirmed.'
      assert_current_url '/users/sign_in'
      assert user.reload.confirmed?
    end
@@ -98,7 +129,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
    swap Devise, allow_unconfirmed_access_for: 0.days do
      sign_in_as_user(confirm: false)

-      assert_contain 'You have to confirm your account before continuing'
+      assert_contain 'You have to confirm your email address before continuing'
      assert_not warden.authenticated?(:user)
    end
  end
@@ -128,11 +159,20 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
      user = sign_in_as_user(confirm: false)

      visit_user_confirmation_with_token(user.raw_confirmation_token)
-      assert_contain 'Your account was successfully confirmed.'
+      assert_contain 'Your email address has been successfully confirmed.'
      assert_current_url '/'
    end
  end

+  test 'user should be redirected to sign in page whenever signed in as another resource at same session already' do
+    sign_in_as_admin
+
+    user = create_user(confirm: false)
+    visit_user_confirmation_with_token(user.raw_confirmation_token)
+
+    assert_current_url '/users/sign_in'
+  end
+
  test 'error message is configurable by resource name' do
    store_translations :en, devise: {
      failure: { user: { unconfirmed: "Not confirmed user" } }
@@ -187,7 +227,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
      fill_in 'email', with: user.email
      click_button 'Resend confirmation instructions'

-      assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
      assert_current_url "/users/sign_in"
    end
  end
@@ -203,7 +243,7 @@ class ConfirmationTest < ActionDispatch::IntegrationTest
      assert_not_contain "1 error prohibited this user from being saved:"
      assert_not_contain "Email not found"

-      assert_contain "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes."
+      assert_contain "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
      assert_current_url "/users/sign_in"
    end
  end
@@ -232,7 +272,7 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
    end

    assert_current_url '/admin_area/sign_in'
-    assert_contain 'You will receive an email with instructions about how to confirm your account in a few minutes'
+    assert_contain 'You will receive an email with instructions for how to confirm your email address in a few minutes'
  end

  test 'admin with valid confirmation token should be able to confirm email after email changed' do
@@ -241,7 +281,7 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
    assert_equal 'new_test@example.com', admin.unconfirmed_email
    visit_admin_confirmation_with_token(admin.raw_confirmation_token)

-    assert_contain 'Your account was successfully confirmed.'
+    assert_contain 'Your email address has been successfully confirmed.'
    assert_current_url '/admin_area/sign_in'
    assert admin.reload.confirmed?
    assert_not admin.reload.pending_reconfirmation?
@@ -263,7 +303,7 @@ class ConfirmationOnChangeTest < ActionDispatch::IntegrationTest
    assert_contain(/Confirmation token(.*)invalid/)

    visit_admin_confirmation_with_token(admin.raw_confirmation_token)
-    assert_contain 'Your account was successfully confirmed.'
+    assert_contain 'Your email address has been successfully confirmed.'
    assert_current_url '/admin_area/sign_in'
    assert admin.reload.confirmed?
    assert_not admin.reload.pending_reconfirmation?
--- a/test/integration/lockable_test.rb
+++ b/test/integration/lockable_test.rb
@@ -22,7 +22,7 @@ class LockTest < ActionDispatch::IntegrationTest
    send_unlock_request

    assert_template 'sessions/new'
-    assert_contain 'You will receive an email with instructions about how to unlock your account in a few minutes'
+    assert_contain 'You will receive an email with instructions for how to unlock your account in a few minutes'

    mail = ActionMailer::Base.deliveries.last
    assert_equal 1, ActionMailer::Base.deliveries.size
@@ -182,7 +182,7 @@ class LockTest < ActionDispatch::IntegrationTest
      click_button 'Resend unlock instructions'

      assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
    end
  end

@@ -197,7 +197,7 @@ class LockTest < ActionDispatch::IntegrationTest
      click_button 'Resend unlock instructions'

      assert_current_url "/users/sign_in"
-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
    end
  end

@@ -213,7 +213,7 @@ class LockTest < ActionDispatch::IntegrationTest
      assert_not_contain "Email not found"
      assert_current_url "/users/sign_in"

-      assert_contain "If your account exists, you will receive an email with instructions about how to unlock it in a few minutes."
+      assert_contain "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."

    end
  end
@@ -225,11 +225,11 @@ class LockTest < ActionDispatch::IntegrationTest
      visit new_user_session_path
      fill_in 'email', with: user.email
      fill_in 'password', with: "abadpassword"
-      click_button 'Sign in'
+      click_button 'Log in'

      fill_in 'email', with: user.email
      fill_in 'password', with: "abadpassword"
-      click_button 'Sign in'
+      click_button 'Log in'

      assert_current_url "/users/sign_in"
      assert_not_contain "locked"
--- a/test/integration/recoverable_test.rb
+++ b/test/integration/recoverable_test.rb
@@ -171,7 +171,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
    reset_password

    assert_current_url '/'
-    assert_contain 'Your password was changed successfully. You are now signed in.'
+    assert_contain 'Your password has been changed successfully. You are now signed in.'
    assert user.reload.valid_password?('987654321')
  end

@@ -185,7 +185,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
    assert_not user.reload.valid_password?('987654321')

    reset_password visit: false
-    assert_contain 'Your password was changed successfully.'
+    assert_contain 'Your password has been changed successfully.'
    assert user.reload.valid_password?('987654321')
  end

@@ -204,7 +204,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
        request_forgot_password
        reset_password

-        assert_contain 'Your password was changed successfully.'
+        assert_contain 'Your password has been changed successfully.'
        assert_not_contain 'You are now signed in.'
        assert_equal new_user_session_path, @request.path
        assert !warden.authenticated?(:user)
@@ -218,7 +218,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
      request_forgot_password
      reset_password

-      assert_contain 'Your password was changed successfully.'
+      assert_contain 'Your password has been changed successfully.'
      assert !user.reload.access_locked?
      assert warden.authenticated?(:user)
    end
@@ -230,7 +230,7 @@ class PasswordTest < ActionDispatch::IntegrationTest
      request_forgot_password
      reset_password

-      assert_contain 'Your password was changed successfully.'
+      assert_contain 'Your password has been changed successfully.'
      assert !user.reload.access_locked?
      assert warden.authenticated?(:user)
    end
--- a/test/integration/registerable_test.rb
+++ b/test/integration/registerable_test.rb
@@ -17,7 +17,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert warden.authenticated?(:admin)
    assert_current_url "/admin_area/home"

-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
    assert_equal admin.email, 'new_user@test.com'
  end

@@ -36,6 +36,11 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert_current_url "/?custom=1"
  end

+  test 'a guest admin should not see a warning about minimum password length' do
+    get new_admin_session_path
+    assert_not_contain 'characters minimum'
+  end
+
  def user_sign_up
    ActionMailer::Base.deliveries.clear

@@ -47,16 +52,21 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    click_button 'Sign up'
  end

+  test 'a guest user should see a warning about minimum password length' do
+    get new_user_registration_path
+    assert_contain '7 characters minimum'
+  end
+
  test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
    user_sign_up

-    assert_contain 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+    assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.'
    assert_not_contain 'You have to confirm your account before continuing'
    assert_current_url "/"

    assert_not warden.authenticated?(:user)

-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
    assert_equal user.email, 'new_user@test.com'
    assert_not user.confirmed?
  end
@@ -103,7 +113,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert_contain Devise.rails4? ?
      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
    assert_contain "2 errors prohibited"
-    assert_nil User.first
+    assert_nil User.to_adapter.find_first

    assert_not warden.authenticated?(:user)
  end
@@ -149,9 +159,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    click_button 'Update'

    assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'

-    assert_equal "user.new@example.com", User.first.email
+    assert_equal "user.new@example.com", User.to_adapter.find_first.email
  end

  test 'a signed in user should still be able to use the website after changing their password' do
@@ -163,7 +173,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    fill_in 'current password', with: '12345678'
    click_button 'Update'

-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
    get users_path
    assert warden.authenticated?(:user)
  end
@@ -180,7 +190,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert_contain 'user@test.com'
    assert_have_selector 'form input[value="user.new@example.com"]'

-    assert_equal "user@test.com", User.first.email
+    assert_equal "user@test.com", User.to_adapter.find_first.email
  end

  test 'a signed in user should be able to edit their password' do
@@ -193,9 +203,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    click_button 'Update'

    assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'

-    assert User.first.valid_password?('pass1234')
+    assert User.to_adapter.find_first.valid_password?('pass1234')
  end

  test 'a signed in user should not be able to edit their password with invalid confirmation' do
@@ -209,7 +219,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest

    assert_contain Devise.rails4? ?
      "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
-    assert_not User.first.valid_password?('pas123')
+    assert_not User.to_adapter.find_first.valid_password?('pas123')
  end

  test 'a signed in user should be able to cancel their account' do
@@ -217,9 +227,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    get edit_user_registration_path

    click_button "Cancel my account"
-    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+    assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."

-    assert User.all.empty?
+    assert User.to_adapter.find_all.empty?
  end

  test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -253,7 +263,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert_response :success
    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)

-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
    assert_equal admin.email, 'new_user@test.com'
  end

@@ -262,7 +272,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    assert_response :success
    assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)

-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
    assert_equal user.email, 'new_user@test.com'
  end

@@ -290,7 +300,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
    sign_in_as_user
    delete user_registration_path(format: 'xml')
    assert_response :success
-    assert_equal User.count, 0
+    assert_equal User.to_adapter.find_all.size, 0
  end
 end

@@ -305,7 +315,7 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest

    assert_current_url '/admin_area/home'
    assert_contain 'but we need to verify your new email address'
-    assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email
+    assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email

    get edit_admin_registration_path
    assert_contain 'Currently waiting confirmation for: admin.new@example.com'
@@ -321,9 +331,9 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
    click_button 'Update'

    assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'

-    assert Admin.first.valid_password?('pas123')
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
  end

  test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do
@@ -341,9 +351,9 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
    click_button 'Update'

    assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'

-    assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
-    assert Admin.first.valid_password?('pas123')
+    assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
  end
 end
--- a/test/integration/timeoutable_test.rb
+++ b/test/integration/timeoutable_test.rb
@@ -8,12 +8,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest

  test 'set last request at in user session after each request' do
    sign_in_as_user
-    old_last_request = last_request_at
    assert_not_nil last_request_at

+    @controller.user_session.delete('last_request_at')
    get users_path
    assert_not_nil last_request_at
-    assert_not_equal old_last_request, last_request_at
  end

  test 'set last request at in user session after each request is skipped if tracking is disabled' do
@@ -180,4 +179,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
    assert_response :success
    assert warden.authenticated?(:user)
  end
+
+  test 'does not crashes when the last_request_at is a String' do
+    user = sign_in_as_user
+
+    get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)
+    get users_path
+  end
 end
--- a/test/integration/trackable_test.rb
+++ b/test/integration/trackable_test.rb
@@ -10,8 +10,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
    sign_in_as_user
    user.reload

-    assert_kind_of Time, user.current_sign_in_at
-    assert_kind_of Time, user.last_sign_in_at
+    assert user.current_sign_in_at.acts_like?(:time)
+    assert user.last_sign_in_at.acts_like?(:time)

    assert_equal user.current_sign_in_at, user.last_sign_in_at
    assert user.current_sign_in_at >= user.created_at
--- a/test/mailers/confirmation_instructions_test.rb
+++ b/test/mailers/confirmation_instructions_test.rb
@@ -53,7 +53,7 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase

  test 'custom mailer renders parent mailer template' do
    Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
  end

  test 'setup reply to as copy from sender' do
@@ -83,9 +83,9 @@ class ConfirmationInstructionsTest < ActionMailer::TestCase
  end

  test 'body should have link to confirm the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port

-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/confirmation\?confirmation_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/confirmation\?confirmation_token=([^"]+)">}
      assert_equal Devise.token_generator.digest(user.class, :confirmation_token, $1), user.confirmation_token
    else
      flunk "expected confirmation url regex to match"
--- a/test/mailers/reset_password_instructions_test.rb
+++ b/test/mailers/reset_password_instructions_test.rb
@@ -55,7 +55,7 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase

  test 'custom mailer renders parent mailer template' do
    Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
  end

  test 'setup reply to as copy from sender' do
@@ -79,9 +79,9 @@ class ResetPasswordInstructionsTest < ActionMailer::TestCase
  end

  test 'body should have link to confirm the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port

-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/password/edit\?reset_password_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/password/edit\?reset_password_token=([^"]+)">}
      assert_equal Devise.token_generator.digest(user.class, :reset_password_token, $1), user.reset_password_token
    else
      flunk "expected reset password url regex to match"
--- a/test/mailers/unlock_instructions_test.rb
+++ b/test/mailers/unlock_instructions_test.rb
@@ -56,7 +56,7 @@ class UnlockInstructionsTest < ActionMailer::TestCase

  test 'custom mailer renders parent mailer template' do
    Devise.mailer = 'Users::Mailer'
-    assert_not_blank mail.body.encoded
+    assert_present mail.body.encoded
  end

  test 'setup reply to as copy from sender' do
@@ -80,9 +80,9 @@ class UnlockInstructionsTest < ActionMailer::TestCase
  end

  test 'body should have link to unlock the account' do
-    host = ActionMailer::Base.default_url_options[:host]
+    host, port = ActionMailer::Base.default_url_options.values_at :host, :port

-    if mail.body.encoded =~ %r{<a href=\"http://#{host}/users/unlock\?unlock_token=([^"]+)">}
+    if mail.body.encoded =~ %r{<a href=\"http://#{host}:#{port}/users/unlock\?unlock_token=([^"]+)">}
      assert_equal Devise.token_generator.digest(user.class, :unlock_token, $1), user.unlock_token
    else
      flunk "expected unlock url regex to match"
--- a/test/mapping_test.rb
+++ b/test/mapping_test.rb
@@ -62,6 +62,7 @@ class MappingTest < ActiveSupport::TestCase
  test 'find scope for a given object' do
    assert_equal :user, Devise::Mapping.find_scope!(User)
    assert_equal :user, Devise::Mapping.find_scope!(:user)
+    assert_equal :user, Devise::Mapping.find_scope!("user")
    assert_equal :user, Devise::Mapping.find_scope!(User.new)
  end

--- a/test/models/authenticatable_test.rb
+++ b/test/models/authenticatable_test.rb
@@ -6,8 +6,18 @@ class AuthenticatableTest < ActiveSupport::TestCase
  end

  test 'find_first_by_auth_conditions allows custom filtering parameters' do
-    user = User.create!(email: "example@example.com", password: "123456")
+    user = User.create!(email: "example@example.com", password: "1234567")
    assert_equal User.find_first_by_auth_conditions({ email: "example@example.com" }), user
    assert_nil User.find_first_by_auth_conditions({ email: "example@example.com" }, id: user.id.to_s.next)
  end
+
+  if defined?(ActionController::Parameters)
+    test 'does not passes an ActionController::Parameters to find_first_by_auth_conditions through find_or_initialize_with_errors' do
+      user = create_user(email: 'example@example.com')
+      attributes = ActionController::Parameters.new(email: 'example@example.com')
+
+      User.expects(:find_first_by_auth_conditions).with('email' => 'example@example.com').returns(user)
+      User.find_or_initialize_with_errors([:email], attributes)
+    end
+  end
 end
--- a/test/models/confirmable_test.rb
+++ b/test/models/confirmable_test.rb
@@ -219,15 +219,16 @@ class ConfirmableTest < ActiveSupport::TestCase
  test 'should not be active when confirm in is zero' do
    Devise.allow_unconfirmed_access_for = 0.days
    user = create_user
-    user.confirmation_sent_at = Date.today
+    user.confirmation_sent_at = Time.zone.today
    assert_not user.active_for_authentication?
  end

  test 'should be active when we set allow_unconfirmed_access_for to nil' do
-    Devise.allow_unconfirmed_access_for = nil
-    user = create_user
-    user.confirmation_sent_at = Date.today
-    assert user.active_for_authentication?
+    swap Devise, allow_unconfirmed_access_for: nil do
+      user = create_user
+      user.confirmation_sent_at = Time.zone.today
+      assert user.active_for_authentication?
+    end
  end

  test 'should not be active without confirmation' do
--- a/test/models/lockable_test.rb
+++ b/test/models/lockable_test.rb
@@ -299,18 +299,30 @@ class LockableTest < ActiveSupport::TestCase
  end

  test 'should return last attempt message if user made next-to-last attempt of password entering' do
-    swap Devise, last_attempt_warning: :true do
-      swap Devise, lock_strategy: :failed_attempts do
-        user = create_user
-        user.failed_attempts = Devise.maximum_attempts - 2
-        assert_equal :invalid, user.unauthenticated_message
+    swap Devise, last_attempt_warning: true, lock_strategy: :failed_attempts do
+      user = create_user
+      user.failed_attempts = Devise.maximum_attempts - 2
+      assert_equal :invalid, user.unauthenticated_message

-        user.failed_attempts = Devise.maximum_attempts - 1
-        assert_equal :last_attempt, user.unauthenticated_message
+      user.failed_attempts = Devise.maximum_attempts - 1
+      assert_equal :last_attempt, user.unauthenticated_message

-        user.failed_attempts = Devise.maximum_attempts
-        assert_equal :locked, user.unauthenticated_message
-      end
+      user.failed_attempts = Devise.maximum_attempts
+      assert_equal :locked, user.unauthenticated_message
    end
  end
+
+  test 'should not return last attempt message if last_attempt_warning is disabled' do
+    swap Devise, last_attempt_warning: false, lock_strategy: :failed_attempts do
+      user = create_user
+      user.failed_attempts = Devise.maximum_attempts - 1
+      assert_equal :invalid, user.unauthenticated_message
+    end
+  end
+
+  test 'should return locked message if user was programatically locked' do
+    user = create_user
+    user.lock_access!
+    assert_equal :locked, user.unauthenticated_message
+  end
 end
--- a/test/models/recoverable_test.rb
+++ b/test/models/recoverable_test.rb
@@ -181,4 +181,16 @@ class RecoverableTest < ActiveSupport::TestCase
      :reset_password_token
    ]
  end
+
+  test 'should return a user based on the raw token' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+
+    assert_equal User.with_reset_password_token(raw), user
+  end
+
+  test 'should return nil if a user based on the raw token is not found' do
+    assert_equal User.with_reset_password_token('random-token'), nil
+  end
+
 end
--- a/test/models/rememberable_test.rb
+++ b/test/models/rememberable_test.rb
@@ -55,12 +55,27 @@ class RememberableTest < ActiveSupport::TestCase
    assert resource_class.new.respond_to?(:remember_me=)
  end

-  test 'forget_me should clear remember_created_at' do
-    resource = create_resource
-    resource.remember_me!
-    assert_not resource.remember_created_at.nil?
-    resource.forget_me!
-    assert resource.remember_created_at.nil?
+  test 'forget_me should clear remember_created_at if expire_all_remember_me_on_sign_out is true' do
+    swap Devise, expire_all_remember_me_on_sign_out: true do
+      resource = create_resource
+      resource.remember_me!
+      assert_not_nil resource.remember_created_at
+
+      resource.forget_me!
+      assert_nil resource.remember_created_at
+    end
+  end
+
+  test 'forget_me should not clear remember_created_at if expire_all_remember_me_on_sign_out is false' do
+    swap Devise, expire_all_remember_me_on_sign_out: false do
+      resource = create_resource
+      resource.remember_me!
+
+      assert_not_nil resource.remember_created_at
+
+      resource.forget_me!
+      assert_not_nil resource.remember_created_at
+    end
  end

  test 'forget_me should not try to update resource if it has been destroyed' do
--- a/test/models/trackable_test.rb
+++ b/test/models/trackable_test.rb
@@ -10,4 +10,32 @@ class TrackableTest < ActiveSupport::TestCase
      :sign_in_count
    ]
  end
+
+  test 'update_tracked_fields should only set attributes but not save the record' do
+    user = create_user
+    request = mock
+    request.stubs(:remote_ip).returns("127.0.0.1")
+
+    assert_nil user.current_sign_in_ip
+    assert_nil user.last_sign_in_ip
+    assert_nil user.current_sign_in_at
+    assert_nil user.last_sign_in_at
+    assert_equal 0, user.sign_in_count
+
+    user.update_tracked_fields(request)
+
+    assert_equal "127.0.0.1", user.current_sign_in_ip
+    assert_equal "127.0.0.1", user.last_sign_in_ip
+    assert_not_nil user.current_sign_in_at
+    assert_not_nil user.last_sign_in_at
+    assert_equal 1, user.sign_in_count
+
+    user.reload
+
+    assert_nil user.current_sign_in_ip
+    assert_nil user.last_sign_in_ip
+    assert_nil user.current_sign_in_at
+    assert_nil user.last_sign_in_at
+    assert_equal 0, user.sign_in_count
+  end
 end
--- a/test/models/validatable_test.rb
+++ b/test/models/validatable_test.rb
@@ -86,10 +86,10 @@ class ValidatableTest < ActiveSupport::TestCase
    end
  end

-  test 'should require a password with minimum of 6 characters' do
+  test 'should require a password with minimum of 7 characters' do
    user = new_user(password: '12345', password_confirmation: '12345')
    assert user.invalid?
-    assert_equal 'is too short (minimum is 6 characters)', user.errors[:password].join
+    assert_equal 'is too short (minimum is 7 characters)', user.errors[:password].join
  end

  test 'should require a password with maximum of 128 characters long' do
--- a/test/rails_app/app/active_record/user_on_engine.rb
+++ b/test/rails_app/app/active_record/user_on_engine.rb
@@ -0,0 +1,7 @@
+require 'shared_user_without_omniauth'
+
+class UserOnEngine < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUserWithoutOmniauth
+end
--- a/test/rails_app/app/active_record/user_on_main_app.rb
+++ b/test/rails_app/app/active_record/user_on_main_app.rb
@@ -0,0 +1,7 @@
+require 'shared_user_without_omniauth'
+
+class UserOnMainApp < ActiveRecord::Base
+  self.table_name = 'users'
+  include Shim
+  include SharedUserWithoutOmniauth
+end
--- a/test/rails_app/app/controllers/application_controller.rb
+++ b/test/rails_app/app/controllers/application_controller.rb
@@ -6,4 +6,7 @@ class ApplicationController < ActionController::Base
  before_filter :current_user, unless: :devise_controller?
  before_filter :authenticate_user!, if: :devise_controller?
  respond_to *Mime::SET.map(&:to_sym)
+
+  devise_group :commenter, contains: [:user, :admin]
 end
+
--- a/test/rails_app/app/controllers/application_with_fake_engine.rb
+++ b/test/rails_app/app/controllers/application_with_fake_engine.rb
@@ -0,0 +1,30 @@
+class ApplicationWithFakeEngine < ApplicationController
+  private
+
+  helper_method :fake_engine
+  def fake_engine
+    @fake_engine ||= FakeEngine.new
+  end
+end
+
+class FakeEngine
+  def user_on_engine_confirmation_path
+    '/user_on_engine/confirmation'
+  end
+
+  def new_user_on_engine_session_path
+    '/user_on_engine/confirmation/new'
+  end
+
+  def new_user_on_engine_registration_path
+    '/user_on_engine/registration/new'
+  end
+
+  def new_user_on_engine_password_path
+    '/user_on_engine/password/new'
+  end
+
+  def new_user_on_engine_unlock_path
+    '/user_on_engine/unlock/new'
+  end
+end
--- a/test/rails_app/app/controllers/custom/registrations_controller.rb
+++ b/test/rails_app/app/controllers/custom/registrations_controller.rb
@@ -0,0 +1,21 @@
+class Custom::RegistrationsController < Devise::RegistrationsController
+  def create
+    super do |resource|
+      @create_block_called = true
+    end
+  end
+
+  def update
+    super do |resource|
+      @update_block_called = true
+    end
+  end
+
+  def create_block_called?
+    @create_block_called == true
+  end
+
+  def update_block_called?
+    @update_block_called == true
+  end
+end
--- a/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb
@@ -6,7 +6,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  end

  def sign_in_facebook
-    user = User.find_by_email('user@test.com')
+    user = User.to_adapter.find_first(email: 'user@test.com')
    user.remember_me = true
    sign_in user
    render text: ""
--- a/test/rails_app/app/controllers/users_controller.rb
+++ b/test/rails_app/app/controllers/users_controller.rb
@@ -9,7 +9,7 @@ class UsersController < ApplicationController
  end

  def edit_form
-    user_session['last_request_at'] = 31.minutes.ago.utc
+    user_session['last_request_at'] = params.fetch(:last_request_at, 31.minutes.ago.utc)
  end

  def update_form
--- a/test/rails_app/app/mailers/users/from_proc_mailer.rb
+++ b/test/rails_app/app/mailers/users/from_proc_mailer.rb
@@ -0,0 +1,3 @@
+class Users::FromProcMailer < Devise::Mailer
+  default from: proc { 'custom@example.com' }
+end
--- a/Show More
+++ b/Show More