Release v3.2.4

Update CHANGELOG.md with missing 2.1.x minor versions

.gitignore

@@ -8,3 +8,4 @@ rdoc/*
 pkg
 log
 test/tmp/*
+gemfiles/*.lock

.travis.yml

@@ -1,14 +1,22 @@
 language: ruby
 script: "bundle exec rake test"
+before_install:
+  - gem install bundler -v '>= 1.5.1'
 rvm:
   - 1.9.3
   - 2.0.0
+  - 2.1.0
 env:
   - DEVISE_ORM=mongoid
   - DEVISE_ORM=active_record
 gemfile:
-  - gemfiles/Gemfile.rails-3.2.x
+  - gemfiles/Gemfile.rails-head
+  - gemfiles/Gemfile.rails-4.0-stable
+  - gemfiles/Gemfile.rails-3.2-stable
   - Gemfile
+matrix:
+  allow_failures:
+    - gemfile: gemfiles/Gemfile.rails-head
 services:
   - mongodb
 notifications:

CHANGELOG.md

@@ -1,3 +1,20 @@
+### Unreleased
+
+### 3.2.4
+
+* enchancements
+  * `bcrypt` dependency updated due https://github.com/codahale/bcrypt-ruby/pull/86.
+  * View generator now can generate specific views with the `-v` flag, like `rails g devise:views -v sessions` (by @kayline)
+
+### 3.2.3
+
+* enhancements
+  * Devise will use the `secret_key_base` on Rails 4+ applications as its `secret_key`.
+    You can change this and use your own secret by changing the `devise.rb` initializer.
+
+* bug fix
+  * Migrations will be properly generated when using rails 4.1.0.
+
 ### 3.2.2
 
 * bug fix
@@ -23,7 +40,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/11/e-mail-enumerati
   * Previously deprecated token authenticatable and insecure lookups have been removed
   * Add a class method so you can encrypt passwords from fixtures (by @tenderlove)
   * Send custom message when user enters invalid password and it has only one attempt
-  to enter correct password before his account will be locked (by @Lightpower)
+  to enter correct password before their account will be locked (by @Lightpower)
   * Prevent mutation of values assigned to case and whitespace santitized members (by @iamvery)
   * Separate redirects and flash messages in `navigational_formats` and `flashing_formats` (by @ssendev)
 
@@ -91,9 +108,6 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
 * bug fix
   * Errors on unlock are now properly reflected on the first `unlock_keys`
 
-* backwards incompatible changes
-  * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
-
 ### 2.2.4
 
 * enhancements
@@ -110,6 +124,9 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat
   * Fix inheriting mailer templates from `Devise::Mailer`
   * Fix a bug when procs are used as default mailer in Devise (by @tomasv)
 
+* backwards incompatible changes
+  * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606
+
 ### 2.2.3
 
 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
@@ -159,6 +176,16 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc
   * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
   * Properly handle namespaced models on Active Record generator (by @nashby)
 
+### 2.1.4
+
+* bugfix
+  * Do not confirm account after reset password
+
+### 2.1.3
+
+* bugfix
+  * Require string conversion for all values
+
 ### 2.1.2
 
 * enhancements
@@ -390,7 +417,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 ### 1.4.0
 
 * enhancements
-  * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26)
+  * Added authenticated and unauthenticated to the router to route the used based on their status (by @sj26)
   * Improve e-mail regexp (by @rodrigoflores)
   * Add strip_whitespace_keys and default to e-mail (by @swrobel)
   * Do not run format and uniqueness validations on e-mail if it hasn't changed (by @Thibaut)
@@ -399,7 +426,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 
 * bug fix
   * password_required? should not affect length validation
-  * User cannot access sign up and similar pages if he is already signed in through a cookie or token
+  * User cannot access sign up and similar pages if they are already signed in through a cookie or token
   * Do not convert booleans to strings on finders (by @xavier)
   * Run validations even if current_password fails (by @crx)
   * Devise now honors routes constraints (by @macmartine)
@@ -507,10 +534,10 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
   * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by @rymai)
   * Extracted encryptors into :encryptable for better bcrypt support
   * :rememberable is now able to use salt as token if no remember_token is provided
-  * Store the salt in session and expire the session if the user changes his password
+  * Store the salt in session and expire the session if the user changes their password
   * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
   * cookie_options uses session_options values by default
-  * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
+  * Sign up now checks if the user is active or not and redirect them accordingly, setting the inactive_signed_up message
   * Use ActiveModel#to_key instead of #id
   * sign_out_all_scopes now destroys the whole session
   * Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by @adahl)
@@ -953,7 +980,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.
 
 * deprecations
   * Renamed confirm_in to confirm_within
-  * Do not send confirmation messages when user changes his e-mail
+  * Do not send confirmation messages when user changes their e-mail
   * Renamed authenticable to authenticatable and added deprecation warnings
 
 ### 0.2.3

CONTRIBUTING.md

@@ -1,8 +1,8 @@
 ### Please read before contributing
 
-1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise). 
+1) Do not post questions in the issues tracker. If you have any questions about Devise, search the [Wiki](https://github.com/plataformatec/devise/wiki) or use the [Mailing List](https://groups.google.com/group/plataformatec-devise) or [Stack Overflow](http://stackoverflow.com/questions/tagged/devise).
 
-2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead.
+2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [opensource@plataformatec.com.br](mailto:opensource@plataformatec.com.br) instead.
 
 3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed.
 

Gemfile

@@ -10,8 +10,8 @@ gem "rdoc"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.0.0", require: false
 end
 
 platforms :jruby do
@@ -24,8 +24,6 @@ platforms :ruby do
   gem "sqlite3"
 end
 
-platforms :mri_19, :mri_20 do
-  group :mongoid do
-    gem "mongoid", github: "mongoid/mongoid", branch: "master"
-  end
+group :mongoid do
+  gem "mongoid", github: "mongoid/mongoid", branch: "master"
 end

Gemfile.lock

@@ -12,8 +12,8 @@ GIT
 PATH
   remote: .
   specs:
-    devise (3.2.2)
-      bcrypt-ruby (~> 3.0)
+    devise (3.2.4)
+      bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
       thread_safe (~> 0.1)
@@ -48,7 +48,7 @@ GEM
       tzinfo (~> 0.3.37)
     arel (4.0.0)
     atomic (1.1.12)
-    bcrypt-ruby (3.1.2)
+    bcrypt (3.1.7)
     builder (3.1.4)
     erubis (2.7.0)
     faraday (0.8.8)
@@ -63,10 +63,10 @@ GEM
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
-    metaclass (0.0.1)
+    metaclass (0.0.4)
     mime-types (1.23)
     minitest (4.7.5)
-    mocha (0.13.3)
+    mocha (1.0.0)
       metaclass (~> 0.0.1)
     moped (1.5.1)
     multi_json (1.7.9)
@@ -90,7 +90,7 @@ GEM
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
     origin (1.1.0)
-    orm_adapter (0.4.0)
+    orm_adapter (0.5.0)
     polyglot (0.3.3)
     rack (1.5.2)
     rack-openid (1.3.1)
@@ -148,7 +148,7 @@ DEPENDENCIES
   activerecord-jdbcsqlite3-adapter
   devise!
   jruby-openssl
-  mocha (~> 0.13.1)
+  mocha (~> 1.0.0)
   mongoid!
   omniauth (~> 1.0.0)
   omniauth-facebook

MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2014 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

README.md

@@ -17,7 +17,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 It's composed of 10 modules:
 
 * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
-* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support;
+* [Omniauthable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Omniauthable): adds Omniauth (https://github.com/intridea/omniauth) support.
 * [Confirmable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Confirmable): sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * [Recoverable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Recoverable): resets the user password and sends reset instructions.
 * [Registerable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Registerable): handles signing up users through a registration process, also allowing them to edit and destroy their account.
@@ -43,7 +43,7 @@ If you discover a problem with Devise, we would like to know about it. However,
 
 https://github.com/plataformatec/devise/wiki/Bug-reports
 
-If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to the maintainers listed at the bottom of the README.
+If you found a security bug, do *NOT* use the GitHub issue tracker. Send an email to opensource@plataformatec.com.br.
 
 ### Mailing list
 
@@ -110,9 +110,15 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```
 
-Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller.
+Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your `config/routes.rb` file to point to the Devise controller.
 
-Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined.
+Next, you need to set up the default url options for the Devise mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:
+
+```ruby
+config.action_mailer.default_url_options = { host: 'localhost:3000' }
+```
+
+You should restart your application after changing Devise's configuration options. Otherwise you'll run into strange errors like users being unable to login and route helpers being undefined.
 
 ### Controller filters and helpers
 
@@ -140,21 +146,15 @@ You can access the session for this scope:
 user_session
 ```
 
-After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes:
+After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. For instance, for a `:user` resource, the `user_root_path` will be used if it exists, otherwise the default `root_path` will be used. This means that you need to set the root inside your routes:
 
 ```ruby
 root to: "home#index"
 ```
 
-You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
+You can also override `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
 
-Finally, you need to set up default url options for the mailer in each environment. Here is the configuration for "config/environments/development.rb":
-
-```ruby
-config.action_mailer.default_url_options = { :host => 'localhost:3000' }
-```
-
-Notice that if your devise model is not called "user" but "member", then the helpers you should use are:
+Notice that if your Devise model is called `Member` instead of `User`, for example, then the helpers available are:
 
 ```ruby
 before_filter :authenticate_member!
@@ -168,13 +168,13 @@ member_session
 
 ### Configuring Models
 
-The devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with:
+The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the encryption algorithm with:
 
 ```ruby
-devise :database_authenticatable, :registerable, :confirmable, :recoverable, :stretches => 20
+devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 20
 ```
 
-Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above.
+Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above.
 
 ### Strong Parameters
 
@@ -200,7 +200,9 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-To completely change Devise defaults or invoke custom behaviour, you can also pass a block:
+The above works for any additional fields where the parameters are simple scalar types. If you have nested attributes (say you're using `accepts_nested_parameters_for`), then you will need to tell devise about those nestings and types. Devise allows you to completely change Devise defaults or invoke custom behaviour by passing a block:
+
+To permit simple scalar values for username and email, use this
 
 ```ruby
 def configure_permitted_parameters
@@ -208,6 +210,17 @@ def configure_permitted_parameters
 end
 ```
 
+If you have some checkboxes that express the roles a user may take on registration, the browser will send those selected checkboxes as an array. An array is not one of Strong Parameters permitted scalars, so we need to configure Devise thusly:
+
+```ruby
+def configure_permitted_parameters
+  devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(roles: [], :email, :password, :password_confirmation) }
+end
+```
+For the list of permitted scalars, and how to declare permitted keys in nested hashes and arrays, see
+
+https://github.com/rails/strong_parameters#nested-parameters
+
 If you have multiple Devise models, you may want to set up different parameter sanitizer per model. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic:
 
 ```ruby
@@ -246,14 +259,21 @@ Since Devise is an engine, all its views are packaged inside the gem. These view
 rails generate devise:views
 ```
 
-If you have more than one Devise model in your application (such as "User" and "Admin"), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set "config.scoped_views = true" inside "config/initializers/devise.rb".
+If you have more than one Devise model in your application (such as `User` and `Admin`), you will notice that Devise uses the same views for all models. Fortunately, Devise offers an easy way to customize views. All you need to do is set `config.scoped_views = true` inside the `config/initializers/devise.rb` file.
 
-After doing so, you will be able to have views based on the role like "users/sessions/new" and "admins/sessions/new". If no view is found within the scope, Devise will use the default view at "devise/sessions/new". You can also use the generator to generate scoped views:
+After doing so, you will be able to have views based on the role like `users/sessions/new` and `admins/sessions/new`. If no view is found within the scope, Devise will use the default view at `devise/sessions/new`. You can also use the generator to generate scoped views:
 
 ```console
 rails generate devise:views users
 ```
 
+If you want to generate only a few set of views, like the ones for the `registrable` and `confirmable` module,
+you can pass a list of modules to the generator with the `-v` flag.
+
+```console
+rails generate devise:views -v registrations confirmations
+```
+
 ### Configuring controllers
 
 If the customization at the views level is not enough, you can customize each controller by following these steps:
@@ -270,19 +290,45 @@ If the customization at the views level is not enough, you can customize each co
 2. Tell the router to use this controller:
 
     ```ruby
-    devise_for :admins, :controllers => { :sessions => "admins/sessions" }
+    devise_for :admins, controllers: { sessions: "admins/sessions" }
     ```
 
-3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admin/sessions"`.
+3. Copy the views from `devise/sessions` to `admins/sessions`. Since the controller was changed, it won't use the default views located in `devise/sessions`.
 
-    Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display.
+4. Finally, change or extend the desired controller actions.
+
+    You can completely override a controller action:
+
+    ```ruby
+    class Admins::SessionsController < Devise::SessionsController
+      def create
+        # custom sign-in code
+      end
+    end
+    ```
+
+    Or you can simply add new behaviour to it:
+
+    ```ruby
+    class Admins::SessionsController < Devise::SessionsController
+      def create
+        super do |resource|
+          BackgroundWorker.trigger(resource)
+        end
+      end
+    end
+    ```
+
+    This is useful for triggering background jobs or logging events during certain actions.
+
+Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `flash[:notice]` and `flash[:alert]` as appropriate. Do not print the entire flash hash, print only specific keys. In some circumstances, Devise adds a `:timedout` key to the flash hash, which is not meant for display. Remove this key from the hash if you intend to print the entire hash.
 
 ### Configuring routes
 
 Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n:
 
 ```ruby
-devise_for :users, :path => "auth", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' }
+devise_for :users, path: "auth", path_names: { sign_in: 'login', sign_out: 'logout', password: 'secret', confirmation: 'verification', unlock: 'unblock', registration: 'register', sign_up: 'cmon_let_me_in' }
 ```
 
 Be sure to check `devise_for` documentation for details.
@@ -291,11 +337,11 @@ If you have the need for more deep customization, for instance to also allow "/s
 
 ```ruby
 devise_scope :user do
-  get "sign_in", :to => "devise/sessions#new"
+  get "sign_in", to: "devise/sessions#new"
 end
 ```
 
-This way you tell devise to use the scope :user when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
+This way you tell Devise to use the scope `:user` when "/sign_in" is accessed. Notice `devise_scope` is also aliased as `as` in your router.
 
 ### I18n
 
@@ -339,7 +385,7 @@ https://github.com/plataformatec/devise/wiki/I18n
 
 ### Test helpers
 
-Devise includes some tests helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
+Devise includes some test helpers for functional specs. In order to use them, you need to include Devise in your functional tests by adding the following to the bottom of your `test/test_helper.rb` file:
 
 ```ruby
 class ActionController::TestCase
@@ -351,7 +397,7 @@ If you're using RSpec, you can put the following inside a file named `spec/suppo
 
 ```ruby
 RSpec.configure do |config|
-  config.include Devise::TestHelpers, :type => :controller
+  config.include Devise::TestHelpers, type: :controller
 end
 ```
 
@@ -381,7 +427,7 @@ There are two things that is important to keep in mind:
 Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`:
 
 ```ruby
-config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 ```
 
 You can read more about Omniauth support in the wiki:
@@ -427,7 +473,7 @@ Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you jus
 
 ### Heroku
 
-Using devise on Heroku with Ruby on Rails 3.1 requires setting:
+Using Devise on Heroku with Ruby on Rails 3.1 requires setting:
 
 ```ruby
 config.assets.initialize_on_precompile = false
@@ -449,6 +495,6 @@ https://github.com/plataformatec/devise/graphs/contributors
 
 ## License
 
-MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2014 Plataformatec. http://plataformatec.com.br
 
 You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo.

Rakefile

@@ -4,7 +4,7 @@ require 'rake/testtask'
 require 'rdoc/task'
 
 desc 'Default: run tests for all ORMs.'
-task :default => :test
+task default: :test
 
 desc 'Run Devise tests for all ORMs.'
 task :pre_commit do

app/controllers/devise/confirmations_controller.rb

@@ -10,7 +10,7 @@ class Devise::ConfirmationsController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_resending_confirmation_instructions_path_for(resource_name))
+      respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
     else
       respond_with(resource)
     end
@@ -25,7 +25,7 @@ class Devise::ConfirmationsController < DeviseController
       set_flash_message(:notice, :confirmed) if is_flashing_format?
       respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
     else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
     end
   end
 

app/controllers/devise/omniauth_callbacks_controller.rb

@@ -2,11 +2,11 @@ class Devise::OmniauthCallbacksController < DeviseController
   prepend_before_filter { request.env["devise.skip_timeout"] = true }
 
   def passthru
-    render :status => 404, :text => "Not found. Authentication passthru."
+    render status: 404, text: "Not found. Authentication passthru."
   end
 
   def failure
-    set_flash_message :alert, :failure, :kind => OmniAuth::Utils.camelize(failed_strategy.name), :reason => failure_message
+    set_flash_message :alert, :failure, kind: OmniAuth::Utils.camelize(failed_strategy.name), reason: failure_message
     redirect_to after_omniauth_failure_path_for(resource_name)
   end
 

app/controllers/devise/passwords_controller.rb

@@ -1,7 +1,7 @@
 class Devise::PasswordsController < DeviseController
   prepend_before_filter :require_no_authentication
   # Render the #edit only if coming from a reset password email link
-  append_before_filter :assert_reset_token_passed, :only => :edit
+  append_before_filter :assert_reset_token_passed, only: :edit
 
   # GET /resource/password/new
   def new
@@ -14,7 +14,7 @@ class Devise::PasswordsController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+      respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
     else
       respond_with(resource)
     end
@@ -36,7 +36,7 @@ class Devise::PasswordsController < DeviseController
       flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
       set_flash_message(:notice, flash_message) if is_flashing_format?
       sign_in(resource_name, resource)
-      respond_with resource, :location => after_resetting_password_path_for(resource)
+      respond_with resource, location: after_resetting_password_path_for(resource)
     else
       respond_with resource
     end

app/controllers/devise/registrations_controller.rb

@@ -1,6 +1,6 @@
 class Devise::RegistrationsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create, :cancel ]
-  prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy]
+  prepend_before_filter :require_no_authentication, only: [ :new, :create, :cancel ]
+  prepend_before_filter :authenticate_scope!, only: [:edit, :update, :destroy]
 
   # GET /resource/sign_up
   def new
@@ -17,11 +17,11 @@ class Devise::RegistrationsController < DeviseController
       if resource.active_for_authentication?
         set_flash_message :notice, :signed_up if is_flashing_format?
         sign_up(resource_name, resource)
-        respond_with resource, :location => after_sign_up_path_for(resource)
+        respond_with resource, location: after_sign_up_path_for(resource)
       else
         set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
         expire_data_after_sign_in!
-        respond_with resource, :location => after_inactive_sign_up_path_for(resource)
+        respond_with resource, location: after_inactive_sign_up_path_for(resource)
       end
     else
       clean_up_passwords resource
@@ -48,8 +48,8 @@ class Devise::RegistrationsController < DeviseController
           :update_needs_confirmation : :updated
         set_flash_message :notice, flash_key
       end
-      sign_in resource_name, resource, :bypass => true
-      respond_with resource, :location => after_update_path_for(resource)
+      sign_in resource_name, resource, bypass: true
+      respond_with resource, location: after_update_path_for(resource)
     else
       clean_up_passwords resource
       respond_with resource
@@ -121,7 +121,7 @@ class Devise::RegistrationsController < DeviseController
 
   # Authenticates the current scope and gets the current resource from the session.
   def authenticate_scope!
-    send(:"authenticate_#{resource_name}!", :force => true)
+    send(:"authenticate_#{resource_name}!", force: true)
     self.resource = send(:"current_#{resource_name}")
   end
 

app/controllers/devise/sessions_controller.rb

@@ -1,7 +1,7 @@
 class Devise::SessionsController < DeviseController
-  prepend_before_filter :require_no_authentication, :only => [ :new, :create ]
-  prepend_before_filter :allow_params_authentication!, :only => :create
-  prepend_before_filter :only => [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
+  prepend_before_filter :require_no_authentication, only: [ :new, :create ]
+  prepend_before_filter :allow_params_authentication!, only: :create
+  prepend_before_filter only: [ :create, :destroy ] { request.env["devise.skip_timeout"] = true }
 
   # GET /resource/sign_in
   def new
@@ -16,7 +16,7 @@ class Devise::SessionsController < DeviseController
     set_flash_message(:notice, :signed_in) if is_flashing_format?
     sign_in(resource_name, resource)
     yield resource if block_given?
-    respond_with resource, :location => after_sign_in_path_for(resource)
+    respond_with resource, location: after_sign_in_path_for(resource)
   end
 
   # DELETE /resource/sign_out
@@ -44,10 +44,10 @@ class Devise::SessionsController < DeviseController
     methods = resource_class.authentication_keys.dup
     methods = methods.keys if methods.is_a?(Hash)
     methods << :password if resource.respond_to?(:password)
-    { :methods => methods, :only => [:password] }
+    { methods: methods, only: [:password] }
   end
 
   def auth_options
-    { :scope => resource_name, :recall => "#{controller_path}#new" }
+    { scope: resource_name, recall: "#{controller_path}#new" }
   end
 end

app/controllers/devise/unlocks_controller.rb

@@ -12,7 +12,7 @@ class Devise::UnlocksController < DeviseController
     yield resource if block_given?
 
     if successfully_sent?(resource)
-      respond_with({}, :location => after_sending_unlock_instructions_path_for(resource))
+      respond_with({}, location: after_sending_unlock_instructions_path_for(resource))
     else
       respond_with(resource)
     end
@@ -27,7 +27,7 @@ class Devise::UnlocksController < DeviseController
       set_flash_message :notice, :unlocked if is_flashing_format?
       respond_with_navigational(resource){ redirect_to after_unlock_path_for(resource) }
     else
-      respond_with_navigational(resource.errors, :status => :unprocessable_entity){ render :new }
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
     end
   end
 

app/controllers/devise_controller.rb

@@ -30,7 +30,7 @@ class DeviseController < Devise.parent_controller.constantize
 
   # Returns a signed in resource from session (if one exists)
   def signed_in_resource
-    warden.authenticate(:scope => resource_name)
+    warden.authenticate(scope: resource_name)
   end
 
   # Attempt to find the mapped route for devise based on request path
@@ -92,14 +92,14 @@ MESSAGE
   # Helper for use in before_filters where no authentication is required.
   #
   # Example:
-  #   before_filter :require_no_authentication, :only => :new
+  #   before_filter :require_no_authentication, only: :new
   def require_no_authentication
     assert_is_devise_resource!
     return unless is_navigational_format?
     no_input = devise_mapping.no_input_strategies
 
     authenticated = if no_input.present?
-      args = no_input.dup.push :scope => resource_name
+      args = no_input.dup.push scope: resource_name
       warden.authenticate?(*args)
     else
       warden.authenticated?(resource_name)

app/helpers/devise_helper.rb

@@ -10,8 +10,8 @@ module DeviseHelper
 
     messages = resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
     sentence = I18n.t("errors.messages.not_saved",
-                      :count => resource.errors.count,
-                      :resource => resource.class.model_name.human.downcase)
+                      count: resource.errors.count,
+                      resource: resource.class.model_name.human.downcase)
 
     html = <<-HTML
     <div id="error_explanation">

app/views/devise/confirmations/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Resend confirmation instructions" %></div>
 <% end %>

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -2,4 +2,4 @@
 
 <p>You can confirm your account email through the link below:</p>
 
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %></p>
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -2,7 +2,7 @@
 
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 
-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %></p>
+<p><%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %></p>
 
 <p>If you didn't request this, please ignore this email.</p>
 <p>Your password won't change until you access the link above and create a new one.</p>

app/views/devise/mailer/unlock_instructions.html.erb

@@ -4,4 +4,4 @@
 
 <p>Click the link below to unlock your account:</p>
 
-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %></p>
+<p><%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %></p>

app/views/devise/passwords/edit.html.erb

@@ -1,14 +1,14 @@
 <h2>Change your password</h2>
 
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
   <%= f.hidden_field :reset_password_token %>
 
   <div><%= f.label :password, "New password" %><br />
-  <%= f.password_field :password, :autofocus => true %></div>
+    <%= f.password_field :password, autofocus: true, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation, "Confirm new password" %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.submit "Change my password" %></div>
 <% end %>

app/views/devise/passwords/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Forgot your password?</h2>
 
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Send me reset password instructions" %></div>
 <% end %>

app/views/devise/registrations/edit.html.erb

@@ -1,29 +1,29 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
     <div>Currently waiting confirmation for: <%= resource.unconfirmed_email %></div>
   <% end %>
 
   <div><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
-  <%= f.password_field :password, :autocomplete => "off" %></div>
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
-  <%= f.password_field :current_password %></div>
+    <%= f.password_field :current_password, autocomplete: "off" %></div>
 
   <div><%= f.submit "Update" %></div>
 <% end %>
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
 
 <%= link_to "Back", :back %>

app/views/devise/registrations/new.html.erb

@@ -1,16 +1,16 @@
 <h2>Sign up</h2>
 
-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <div><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></div>
+    <%= f.password_field :password_confirmation, autocomplete: "off" %></div>
 
   <div><%= f.submit "Sign up" %></div>
 <% end %>

app/views/devise/sessions/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Sign in</h2>
 
-<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.label :password %><br />
-  <%= f.password_field :password %></div>
+    <%= f.password_field :password, autocomplete: "off" %></div>
 
   <% if devise_mapping.rememberable? -%>
     <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>

app/views/devise/unlocks/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Resend unlock instructions</h2>
 
-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
   <%= devise_error_messages! %>
 
   <div><%= f.label :email %><br />
-  <%= f.email_field :email, :autofocus => true %></div>
+  <%= f.email_field :email, autofocus: true %></div>
 
   <div><%= f.submit "Resend unlock instructions" %></div>
 <% end %>

config/locales/en.yml

@@ -28,7 +28,7 @@ en:
       success: "Successfully authenticated from %{kind} account."
     passwords:
       no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-      send_instructions: "You will receive an email with instructions about how to reset your password in a few minutes."
+      send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."
       send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
       updated: "Your password was changed successfully. You are now signed in."
       updated_not_active: "Your password was changed successfully."

devise.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
   s.licenses    = ["MIT"]
   s.summary     = "Flexible authentication solution for Rails with Warden"
   s.email       = "contact@plataformatec.com.br"
-  s.homepage    = "http://github.com/plataformatec/devise"
+  s.homepage    = "https://github.com/plataformatec/devise"
   s.description = "Flexible authentication solution for Rails with Warden"
   s.authors     = ['José Valim', 'Carlos Antônio']
 
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency("warden", "~> 1.2.3")
   s.add_dependency("orm_adapter", "~> 0.1")
-  s.add_dependency("bcrypt-ruby", "~> 3.0")
+  s.add_dependency("bcrypt", "~> 3.0")
   s.add_dependency("thread_safe", "~> 0.1")
   s.add_dependency("railties", ">= 3.2.6", "< 5")
 end

gemfiles/Gemfile.rails-3.2-stable

@@ -1,8 +1,8 @@
 source "https://rubygems.org"
 
-gemspec :path => '..'
+gemspec path: '..'
 
-gem "rails", "~> 3.2.6"
+gem "rails", github: 'rails/rails', branch: '3-2-stable'
 gem "omniauth", "~> 1.0.0"
 gem "omniauth-oauth2", "~> 1.0.0"
 gem "rdoc"
@@ -10,8 +10,8 @@ gem "rdoc"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.3", :require => false
-  gem "mocha", "~> 0.13.1", :require => false
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.0.0", require: false
 end
 
 platforms :jruby do
@@ -24,8 +24,6 @@ platforms :ruby do
   gem "sqlite3"
 end
 
-platforms :mri_19, :mri_20 do
-  group :mongoid do
-    gem "mongoid", "~> 3.0"
-  end
+group :mongoid do
+  gem "mongoid", "~> 3.0"
 end

gemfiles/Gemfile.rails-3.2.x.lock

@@ -1,159 +0,0 @@
-PATH
-  remote: ..
-  specs:
-    devise (3.2.2)
-      bcrypt-ruby (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
-      thread_safe (~> 0.1)
-      warden (~> 1.2.3)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (3.2.14)
-      actionpack (= 3.2.14)
-      mail (~> 2.5.4)
-    actionpack (3.2.14)
-      activemodel (= 3.2.14)
-      activesupport (= 3.2.14)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.14)
-      activesupport (= 3.2.14)
-      builder (~> 3.0.0)
-    activerecord (3.2.14)
-      activemodel (= 3.2.14)
-      activesupport (= 3.2.14)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.14)
-      activemodel (= 3.2.14)
-      activesupport (= 3.2.14)
-    activesupport (3.2.14)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    atomic (1.1.14)
-    bcrypt-ruby (3.1.2)
-    builder (3.0.4)
-    erubis (2.7.0)
-    faraday (0.8.8)
-      multipart-post (~> 1.2.0)
-    hashie (1.2.0)
-    hike (1.2.3)
-    httpauth (0.2.0)
-    i18n (0.6.5)
-    journey (1.0.4)
-    json (1.8.0)
-    jwt (0.1.8)
-      multi_json (>= 1.5)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.1)
-    mime-types (1.23)
-    mocha (0.13.3)
-      metaclass (~> 0.0.1)
-    mongoid (3.1.4)
-      activemodel (~> 3.2)
-      moped (~> 1.4)
-      origin (~> 1.0)
-      tzinfo (~> 0.3.22)
-    moped (1.5.1)
-    multi_json (1.7.9)
-    multipart-post (1.2.0)
-    nokogiri (1.5.9)
-    oauth2 (0.8.1)
-      faraday (~> 0.8)
-      httpauth (~> 0.1)
-      jwt (~> 0.1.4)
-      multi_json (~> 1.0)
-      rack (~> 1.2)
-    omniauth (1.0.3)
-      hashie (~> 1.2)
-      rack
-    omniauth-facebook (1.4.0)
-      omniauth-oauth2 (~> 1.0.2)
-    omniauth-oauth2 (1.0.3)
-      oauth2 (~> 0.8.0)
-      omniauth (~> 1.0)
-    omniauth-openid (1.0.1)
-      omniauth (~> 1.0)
-      rack-openid (~> 1.3.1)
-    origin (1.1.0)
-    orm_adapter (0.4.0)
-    polyglot (0.3.3)
-    rack (1.4.5)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-openid (1.3.1)
-      rack (>= 1.1.0)
-      ruby-openid (>= 2.1.8)
-    rack-ssl (1.3.3)
-      rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    rails (3.2.14)
-      actionmailer (= 3.2.14)
-      actionpack (= 3.2.14)
-      activerecord (= 3.2.14)
-      activeresource (= 3.2.14)
-      activesupport (= 3.2.14)
-      bundler (~> 1.0)
-      railties (= 3.2.14)
-    railties (3.2.14)
-      actionpack (= 3.2.14)
-      activesupport (= 3.2.14)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.1.0)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    ruby-openid (2.2.3)
-    sprockets (2.2.2)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.7)
-    thor (0.18.1)
-    thread_safe (0.1.3)
-      atomic
-    tilt (1.4.1)
-    treetop (1.4.14)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
-    warden (1.2.3)
-      rack (>= 1.0)
-    webrat (0.7.3)
-      nokogiri (>= 1.2.0)
-      rack (>= 1.0)
-      rack-test (>= 0.5.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  activerecord-jdbc-adapter
-  activerecord-jdbcsqlite3-adapter
-  devise!
-  jruby-openssl
-  mocha (~> 0.13.1)
-  mongoid (~> 3.0)
-  omniauth (~> 1.0.0)
-  omniauth-facebook
-  omniauth-oauth2 (~> 1.0.0)
-  omniauth-openid (~> 1.0.1)
-  rails (~> 3.2.6)
-  rdoc
-  sqlite3
-  webrat (= 0.7.3)

gemfiles/Gemfile.rails-4.0-stable

@@ -0,0 +1,29 @@
+source "https://rubygems.org"
+
+gemspec path: '..'
+
+gem "rails", github: 'rails/rails', branch: '4-0-stable'
+gem "omniauth", "~> 1.0.0"
+gem "omniauth-oauth2", "~> 1.0.0"
+gem "rdoc"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid", "~> 1.0.1"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.0.0", require: false
+end
+
+platforms :jruby do
+  gem "activerecord-jdbc-adapter"
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jruby-openssl"
+end
+
+platforms :ruby do
+  gem "sqlite3"
+end
+
+group :mongoid do
+  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+end

gemfiles/Gemfile.rails-head

@@ -0,0 +1,29 @@
+source "https://rubygems.org"
+
+gemspec path: '..'
+
+gem "rails", github: 'rails/rails'
+gem "omniauth", "~> 1.0.0"
+gem "omniauth-oauth2", "~> 1.0.0"
+gem "rdoc"
+
+group :test do
+  gem "omniauth-facebook"
+  gem "omniauth-openid", "~> 1.0.1"
+  gem "webrat", "0.7.3", require: false
+  gem "mocha", "~> 1.0.0", require: false
+end
+
+platforms :jruby do
+  gem "activerecord-jdbc-adapter"
+  gem "activerecord-jdbcsqlite3-adapter"
+  gem "jruby-openssl"
+end
+
+platforms :ruby do
+  gem "sqlite3"
+end
+
+group :mongoid do
+  gem "mongoid", github: "mongoid/mongoid", branch: "master"
+end

lib/devise.rb

@@ -236,12 +236,12 @@ module Devise
   @@parent_mailer = "ActionMailer::Base"
 
   # The router Devise should use to generate routes. Defaults
-  # to :main_app. Should be overriden by engines in order
+  # to :main_app. Should be overridden by engines in order
   # to provide custom routes.
   mattr_accessor :router_name
   @@router_name = nil
 
-  # Set the omniauth path prefix so it can be overriden when
+  # Set the omniauth path prefix so it can be overridden when
   # Devise is used in a mountable engine
   mattr_accessor :omniauth_path_prefix
   @@omniauth_path_prefix = nil
@@ -274,7 +274,7 @@ module Devise
   mattr_accessor :paranoid
   @@paranoid = false
 
-  # When true, warn user if he just used next-to-last attempt of authentication
+  # When true, warn user if they just used next-to-last attempt of authentication
   mattr_accessor :last_attempt_warning
   @@last_attempt_warning = false
 
@@ -350,8 +350,8 @@ module Devise
   # == Examples:
   #
   #   Devise.add_module(:party_module)
-  #   Devise.add_module(:party_module, :strategy => true, :controller => :sessions)
-  #   Devise.add_module(:party_module, :model => 'party_module/model')
+  #   Devise.add_module(:party_module, strategy: true, controller: :sessions)
+  #   Devise.add_module(:party_module, model: 'party_module/model')
   #
   def self.add_module(module_name, options = {})
     ALL << module_name
@@ -449,7 +449,7 @@ module Devise
       warden_config.intercept_401 = false
 
       Devise.mappings.each_value do |mapping|
-        warden_config.scope_defaults mapping.name, :strategies => mapping.strategies
+        warden_config.scope_defaults mapping.name, strategies: mapping.strategies
 
         warden_config.serialize_into_session(mapping.name) do |record|
           mapping.to.serialize_into_session(record)

lib/devise/controllers/helpers.rb

@@ -55,7 +55,7 @@ module Devise
           end
 
           def current_#{mapping}
-            @current_#{mapping} ||= warden.authenticate(:scope => :#{mapping})
+            @current_#{mapping} ||= warden.authenticate(scope: :#{mapping})
           end
 
           def #{mapping}_session
@@ -77,9 +77,9 @@ module Devise
       # the controllers defined inside devise. Useful if you want to apply a before
       # filter to all controllers, except the ones in devise:
       #
-      #   before_filter :my_filter, :unless => :devise_controller?
+      #   before_filter :my_filter, unless: :devise_controller?
       def devise_controller?
-        is_a?(DeviseController)
+        is_a?(::DeviseController)
       end
 
       # Setup a param sanitizer to filter parameters using strong_parameters. See
@@ -98,7 +98,7 @@ module Devise
         request.env["devise.allow_params_authentication"] = true
       end
 
-      # The scope root url to be used when he's signed in. By default, it first
+      # The scope root url to be used when they're signed in. By default, it first
       # tries to find a resource_root_path, otherwise it uses the root_path.
       def signed_in_root_path(resource_or_scope)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
@@ -121,10 +121,10 @@ module Devise
       # root path. For a user scope, you can define the default url in
       # the following way:
       #
-      #   map.user_root '/users', :controller => 'users' # creates user_root_path
+      #   map.user_root '/users', controller: 'users' # creates user_root_path
       #
       #   map.namespace :user do |user|
-      #     user.root :controller => 'users' # creates user_root_path
+      #     user.root controller: 'users' # creates user_root_path
       #   end
       #
       # If the resource root path is not defined, root_path is used. However,

lib/devise/controllers/rememberable.rb

@@ -31,11 +31,11 @@ module Devise
       end
 
       def remember_cookie_values(resource)
-        options = { :httponly => true }
+        options = { httponly: true }
         options.merge!(forget_cookie_values(resource))
         options.merge!(
-          :value => resource.class.serialize_into_cookie(resource),
-          :expires => resource.remember_expires_at
+          value: resource.class.serialize_into_cookie(resource),
+          expires: resource.remember_expires_at
         )
       end
 

lib/devise/controllers/scoped_views.rb

@@ -14,4 +14,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/controllers/sign_in_out.rb

@@ -7,7 +7,7 @@ module Devise
       # true if any scope is signed in. Does not run authentication hooks.
       def signed_in?(scope=nil)
         [ scope || Devise.mappings.keys ].flatten.any? do |_scope|
-          warden.authenticate?(:scope => _scope)
+          warden.authenticate?(scope: _scope)
         end
       end
 
@@ -23,9 +23,9 @@ module Devise
       #
       #   sign_in :user, @user                      # sign_in(scope, resource)
       #   sign_in @user                             # sign_in(resource)
-      #   sign_in @user, :event => :authentication  # sign_in(resource, options)
-      #   sign_in @user, :store => false            # sign_in(resource, options)
-      #   sign_in @user, :bypass => true            # sign_in(resource, options)
+      #   sign_in @user, event: :authentication  # sign_in(resource, options)
+      #   sign_in @user, store: false            # sign_in(resource, options)
+      #   sign_in @user, bypass: true            # sign_in(resource, options)
       #
       def sign_in(resource_or_scope, *args)
         options  = args.extract_options!
@@ -40,7 +40,7 @@ module Devise
           # Do nothing. User already signed in and we are not forcing it.
           true
         else
-          warden.set_user(resource, options.merge!(:scope => scope))
+          warden.set_user(resource, options.merge!(scope: scope))
         end
       end
 
@@ -56,11 +56,11 @@ module Devise
       def sign_out(resource_or_scope=nil)
         return sign_out_all_scopes unless resource_or_scope
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        user = warden.user(:scope => scope, :run_callbacks => false) # If there is no user
+        user = warden.user(scope: scope, run_callbacks: false) # If there is no user
 
         warden.raw_session.inspect # Without this inspect here. The session does not clear.
         warden.logout(scope)
-        warden.clear_strategies_cache!(:scope => scope)
+        warden.clear_strategies_cache!(scope: scope)
         instance_variable_set(:"@current_#{scope}", nil)
 
         !!user
@@ -70,7 +70,7 @@ module Devise
       # in one click. This signs out ALL scopes in warden. Returns true if there was at least one logout
       # and false if there was no user logged in on all scopes.
       def sign_out_all_scopes(lock=true)
-        users = Devise.mappings.keys.map { |s| warden.user(:scope => s, :run_callbacks => false) }
+        users = Devise.mappings.keys.map { |s| warden.user(scope: s, run_callbacks: false) }
 
         warden.raw_session.inspect
         warden.logout
@@ -100,4 +100,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/failure_app.rb

@@ -15,7 +15,7 @@ module Devise
 
     include Devise::Controllers::StoreLocation
 
-    delegate :flash, :to => :request
+    delegate :flash, to: :request
 
     def self.call(env)
       @respond ||= action(:respond)
@@ -151,9 +151,9 @@ module Devise
       return i18n_message unless request_format
       method = "to_#{request_format}"
       if method == "to_xml"
-        { :error => i18n_message }.to_xml(:root => "errors")
+        { error: i18n_message }.to_xml(root: "errors")
       elsif {}.respond_to?(method)
-        { :error => i18n_message }.send(method)
+        { error: i18n_message }.send(method)
       else
         i18n_message
       end

lib/devise/hooks/activatable.rb

@@ -1,11 +1,11 @@
-# Deny user access whenever his account is not active yet. All strategies that inherits from
+# Deny user access whenever their account is not active yet. All strategies that inherits from
 # Devise::Strategies::Authenticatable and uses the validate already check if the user is active_for_authentication?
-# before actively signing him in. However, we need this as hook to validate the user activity
+# before actively signing them in. However, we need this as hook to validate the user activity
 # in each request and in case the user is using other strategies beside Devise ones.
 Warden::Manager.after_set_user do |record, warden, options|
   if record && record.respond_to?(:active_for_authentication?) && !record.active_for_authentication?
     scope = options[:scope]
     warden.logout(scope)
-    throw :warden, :scope => scope, :message => record.inactive_message
+    throw :warden, scope: scope, message: record.inactive_message
   end
-end
+end

lib/devise/hooks/lockable.rb

@@ -1,6 +1,6 @@
 # After each sign in, if resource responds to failed_attempts, sets it to 0
 # This is only triggered when the user is explicitly set (with set_user)
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   if record.respond_to?(:failed_attempts) && warden.authenticated?(options[:scope])
     record.update_attribute(:failed_attempts, 0) unless record.failed_attempts.to_i.zero?
   end

lib/devise/hooks/proxy.rb

@@ -7,7 +7,7 @@ module Devise
       include Devise::Controllers::SignInOut
 
       attr_reader :warden
-      delegate :cookies, :env, :to => :warden
+      delegate :cookies, :env, to: :warden
 
       def initialize(warden)
         @warden = warden
@@ -18,4 +18,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/hooks/rememberable.rb

@@ -1,7 +1,7 @@
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   scope = options[:scope]
   if record.respond_to?(:remember_me) && options[:store] != false &&
      record.remember_me && warden.authenticated?(scope)
     Devise::Hooks::Proxy.new(warden).remember_me(record)
   end
-end
+end

lib/devise/hooks/timeoutable.rb

@@ -18,7 +18,7 @@ Warden::Manager.after_set_user do |record, warden, options|
         record.reset_authentication_token!
       end
 
-      throw :warden, :scope => scope, :message => :timeout
+      throw :warden, scope: scope, message: :timeout
     end
 
     unless env['devise.skip_trackable']

lib/devise/hooks/trackable.rb

@@ -2,7 +2,7 @@
 # This is only triggered when the user is explicitly set (with set_user)
 # and on authentication. Retrieving the user from session (:fetch) does
 # not trigger it.
-Warden::Manager.after_set_user :except => :fetch do |record, warden, options|
+Warden::Manager.after_set_user except: :fetch do |record, warden, options|
   if record.respond_to?(:update_tracked_fields!) && warden.authenticated?(options[:scope]) && !warden.request.env['devise.skip_trackable']
     record.update_tracked_fields!(warden.request)
   end

lib/devise/mailers/helpers.rb

@@ -27,12 +27,12 @@ module Devise
 
       def headers_for(action, opts)
         headers = {
-          :subject       => subject_for(action),
-          :to            => resource.email,
-          :from          => mailer_sender(devise_mapping),
-          :reply_to      => mailer_reply_to(devise_mapping),
-          :template_path => template_paths,
-          :template_name => action
+          subject: subject_for(action),
+          to: resource.email,
+          from: mailer_sender(devise_mapping),
+          reply_to: mailer_reply_to(devise_mapping),
+          template_path: template_paths,
+          template_name: action
         }.merge(opts)
 
         @email = headers[:to]
@@ -82,8 +82,8 @@ module Devise
       #           subject: '...'
       #
       def subject_for(key)
-        I18n.t(:"#{devise_mapping.name}_subject", :scope => [:devise, :mailer, key],
-          :default => [:subject, key.to_s.humanize])
+        I18n.t(:"#{devise_mapping.name}_subject", scope: [:devise, :mailer, key],
+          default: [:subject, key.to_s.humanize])
       end
     end
   end

lib/devise/models/authenticatable.rb

@@ -29,7 +29,7 @@ module Devise
     #     It also accepts an array specifying the strategies that should allow params authentication.
     #
     #   * +skip_session_storage+: By default Devise will store the user in session.
-    #     By default is set to :skip_session_storage => [:http_auth].
+    #     By default is set to skip_session_storage: [:http_auth].
     #
     # == active_for_authentication?
     #
@@ -56,10 +56,10 @@ module Devise
       BLACKLIST_FOR_SERIALIZATION = [:encrypted_password, :reset_password_token, :reset_password_sent_at,
         :remember_created_at, :sign_in_count, :current_sign_in_at, :last_sign_in_at, :current_sign_in_ip,
         :last_sign_in_ip, :password_salt, :confirmation_token, :confirmed_at, :confirmation_sent_at,
-        :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at, :authentication_token]
+        :remember_token, :unconfirmed_email, :failed_attempts, :unlock_token, :locked_at]
 
       included do
-        class_attribute :devise_modules, :instance_writer => false
+        class_attribute :devise_modules, instance_writer: false
         self.devise_modules ||= []
 
         before_validation :downcase_keys
@@ -127,7 +127,7 @@ module Devise
       end
 
       # This is an internal method called every time Devise needs
-      # to send a notification/mail. This can be overriden if you
+      # to send a notification/mail. This can be overridden if you
       # need to customize the e-mail delivery logic. For instance,
       # if you are using a queue to deliver e-mails (delayed job,
       # sidekiq, resque, etc), you must add the delivery to the queue
@@ -231,7 +231,7 @@ module Devise
         # Example:
         #
         #   def self.find_for_authentication(tainted_conditions)
-        #     find_first_by_auth_conditions(tainted_conditions, :active => true)
+        #     find_first_by_auth_conditions(tainted_conditions, active: true)
         #   end
         #
         # Finally, notice that Devise also queries for users in other scenarios

lib/devise/models/confirmable.rb

@@ -9,7 +9,7 @@ module Devise
     #
     # Confirmable adds the following options to +devise+:
     #
-    #   * +allow_unconfirmed_access_for+: the time you want to allow the user to access his account
+    #   * +allow_unconfirmed_access_for+: the time you want to allow the user to access their account
     #     before confirming it. After this period, the user access is denied. You can
     #     use this to let your user access some features of your application without
     #     confirming the account, but blocking it after a certain period (ie 7 days).
@@ -33,10 +33,10 @@ module Devise
       include ActionView::Helpers::DateHelper
 
       included do
-        before_create :generate_confirmation_token, :if => :confirmation_required?
-        after_create  :send_on_create_confirmation_instructions, :if => :send_confirmation_notification?
-        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, :if => :postpone_email_change?
-        after_update  :send_reconfirmation_instructions,  :if => :reconfirmation_required?
+        before_create :generate_confirmation_token, if: :confirmation_required?
+        after_create  :send_on_create_confirmation_instructions, if: :send_confirmation_notification?
+        before_update :postpone_email_change_until_confirmation_and_regenerate_confirmation_token, if: :postpone_email_change?
+        after_update  :send_reconfirmation_instructions,  if: :reconfirmation_required?
       end
 
       def initialize(*args, &block)
@@ -60,7 +60,7 @@ module Devise
         pending_any_confirmation do
           if confirmation_period_expired?
             self.errors.add(:email, :confirmation_period_expired,
-              :period => Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
+              period: Devise::TimeInflector.time_ago_in_words(self.class.confirm_within.ago))
             return false
           end
 
@@ -73,9 +73,9 @@ module Devise
             self.unconfirmed_email = nil
 
             # We need to validate in such cases to enforce e-mail uniqueness
-            save(:validate => true)
+            save(validate: true)
           else
-            save(:validate => false)
+            save(validate: false)
           end
 
           after_confirmation if saved
@@ -98,7 +98,7 @@ module Devise
           generate_confirmation_token!
         end
 
-        opts = pending_reconfirmation? ? { :to => unconfirmed_email } : { }
+        opts = pending_reconfirmation? ? { to: unconfirmed_email } : { }
         send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
       end
 
@@ -152,7 +152,7 @@ module Devise
       protected
 
         # A callback method used to deliver confirmation
-        # instructions on creation. This can be overriden
+        # instructions on creation. This can be overridden
         # in models to map to a nice sign up e-mail.
         def send_on_create_confirmation_instructions
           send_confirmation_instructions
@@ -225,7 +225,7 @@ module Devise
         end
 
         def generate_confirmation_token!
-          generate_confirmation_token && save(:validate => false)
+          generate_confirmation_token && save(validate: false)
         end
 
         def postpone_email_change_until_confirmation_and_regenerate_confirmation_token

lib/devise/models/database_authenticatable.rb

@@ -4,7 +4,7 @@ require 'bcrypt'
 module Devise
   # Digests the password using bcrypt.
   def self.bcrypt(klass, password)
-    ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s
+    ::BCrypt::Password.create("#{password}#{klass.pepper}", cost: klass.stretches).to_s
   end
 
   module Models

lib/devise/models/lockable.rb

@@ -22,7 +22,7 @@ module Devise
     module Lockable
       extend  ActiveSupport::Concern
 
-      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, :to => "self.class"
+      delegate :lock_strategy_enabled?, :unlock_strategy_enabled?, to: "self.class"
 
       def self.required_fields(klass)
         attributes = []
@@ -34,13 +34,16 @@ module Devise
       end
 
       # Lock a user setting its locked_at to actual time.
-      def lock_access!
+      # * +opts+: Hash options if you don't want to send email
+      #   when you lock access, you could pass the next hash
+      #   `{ send_instructions: false } as option`.
+      def lock_access!(opts = { })
         self.locked_at = Time.now.utc
 
-        if unlock_strategy_enabled?(:email)
+        if unlock_strategy_enabled?(:email) && opts.fetch(:send_instructions, true)
           send_unlock_instructions
         else
-          save(:validate => false)
+          save(validate: false)
         end
       end
 
@@ -49,7 +52,7 @@ module Devise
         self.locked_at = nil
         self.failed_attempts = 0 if respond_to?(:failed_attempts=)
         self.unlock_token = nil  if respond_to?(:unlock_token=)
-        save(:validate => false)
+        save(validate: false)
       end
 
       # Verifies whether a user is locked or not.
@@ -61,7 +64,7 @@ module Devise
       def send_unlock_instructions
         raw, enc = Devise.token_generator.generate(self.class, :unlock_token)
         self.unlock_token = enc
-        self.save(:validate => false)
+        self.save(validate: false)
         send_devise_notification(:unlock_instructions, raw, {})
         raw
       end
@@ -101,7 +104,7 @@ module Devise
           if attempts_exceeded?
             lock_access! unless access_locked?
           else
-            save(:validate => false)
+            save(validate: false)
           end
           false
         end
@@ -124,11 +127,11 @@ module Devise
       protected
 
         def attempts_exceeded?
-          self.failed_attempts > self.class.maximum_attempts
+          self.failed_attempts >= self.class.maximum_attempts
         end
 
         def last_attempt?
-          self.failed_attempts == self.class.maximum_attempts
+          self.failed_attempts == self.class.maximum_attempts - 1
         end
 
         # Tells if the lock is expired if :time unlock strategy is active

lib/devise/models/omniauthable.rb

@@ -10,7 +10,7 @@ module Devise
     #
     #   * +omniauth_providers+: Which providers are available to this model. It expects an array:
     #
-    #       devise_for :database_authenticatable, :omniauthable, :omniauth_providers => [:twitter]
+    #       devise_for :database_authenticatable, :omniauthable, omniauth_providers: [:twitter]
     #
     module Omniauthable
       extend ActiveSupport::Concern

lib/devise/models/recoverable.rb

@@ -49,7 +49,7 @@ module Devise
 
         self.reset_password_token   = enc
         self.reset_password_sent_at = Time.now.utc
-        self.save(:validate => false)
+        self.save(validate: false)
 
         send_devise_notification(:reset_password_instructions, raw, {})
         raw

lib/devise/models/rememberable.rb

@@ -17,7 +17,7 @@ module Devise
     #
     #   * +remember_for+: the time you want the user will be remembered without
     #     asking for credentials. After this time the user will be blocked and
-    #     will have to enter his credentials again. This configuration is also
+    #     will have to enter their credentials again. This configuration is also
     #     used to calculate the expires time for the cookie created to remember
     #     the user. By default remember_for is 2.weeks.
     #
@@ -50,7 +50,7 @@ module Devise
       def remember_me!(extend_period=false)
         self.remember_token = self.class.remember_token if generate_remember_token?
         self.remember_created_at = Time.now.utc if generate_remember_timestamp?(extend_period)
-        save(:validate => false) if self.changed?
+        save(validate: false) if self.changed?
       end
 
       # If the record is persisted, remove the remember token (but only if
@@ -59,7 +59,7 @@ module Devise
         return unless persisted?
         self.remember_token = nil if respond_to?(:remember_token=)
         self.remember_created_at = nil
-        save(:validate => false)
+        save(validate: false)
       end
 
       # Remember token should be expired if expiration time not overpass now.
@@ -118,7 +118,7 @@ module Devise
         def remember_token #:nodoc:
           loop do
             token = Devise.friendly_token
-            break token unless to_adapter.find_first({ :remember_token => token })
+            break token unless to_adapter.find_first({ remember_token: token })
           end
         end
 

lib/devise/models/timeoutable.rb

@@ -2,9 +2,9 @@ require 'devise/hooks/timeoutable'
 
 module Devise
   module Models
-    # Timeoutable takes care of verifyng whether a user session has already
+    # Timeoutable takes care of verifying whether a user session has already
     # expired or not. When a session expires after the configured time, the user
-    # will be asked for credentials again, it means, he/she will be redirected
+    # will be asked for credentials again, it means, they will be redirected
     # to the sign in page.
     #
     # == Options

lib/devise/models/trackable.rb

@@ -27,7 +27,7 @@ module Devise
         self.sign_in_count ||= 0
         self.sign_in_count += 1
 
-        save(:validate => false) or raise "Devise trackable could not save #{inspect}." \
+        save(validate: false) or raise "Devise trackable could not save #{inspect}." \
           "Please make sure a model using trackable can be saved at sign in."
       end
     end

lib/devise/models/validatable.rb

@@ -26,13 +26,13 @@ module Devise
         assert_validations_api!(base)
 
         base.class_eval do
-          validates_presence_of   :email, :if => :email_required?
-          validates_uniqueness_of :email, :allow_blank => true, :if => :email_changed?
-          validates_format_of     :email, :with  => email_regexp, :allow_blank => true, :if => :email_changed?
+          validates_presence_of   :email, if: :email_required?
+          validates_uniqueness_of :email, allow_blank: true, if: :email_changed?
+          validates_format_of     :email, with: email_regexp, allow_blank: true, if: :email_changed?
 
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
-          validates_length_of       :password, :within => password_length, :allow_blank => true
+          validates_presence_of     :password, if: :password_required?
+          validates_confirmation_of :password, if: :password_required?
+          validates_length_of       :password, within: password_length, allow_blank: true
         end
       end
 

lib/devise/modules.rb

@@ -1,28 +1,28 @@
 require 'active_support/core_ext/object/with_options'
 
-Devise.with_options :model => true do |d|
+Devise.with_options model: true do |d|
   # Strategies first
-  d.with_options :strategy => true do |s|
+  d.with_options strategy: true do |s|
     routes = [nil, :new, :destroy]
-    s.add_module :database_authenticatable, :controller => :sessions, :route => { :session => routes }
-    s.add_module :rememberable, :no_input => true
+    s.add_module :database_authenticatable, controller: :sessions, route: { session: routes }
+    s.add_module :rememberable, no_input: true
   end
 
   # Other authentications
-  d.add_module :omniauthable, :controller => :omniauth_callbacks,  :route => :omniauth_callback
+  d.add_module :omniauthable, controller: :omniauth_callbacks,  route: :omniauth_callback
 
   # Misc after
   routes = [nil, :new, :edit]
-  d.add_module :recoverable,  :controller => :passwords,     :route => { :password => routes }
-  d.add_module :registerable, :controller => :registrations, :route => { :registration => (routes << :cancel) }
+  d.add_module :recoverable,  controller: :passwords,     route: { password: routes }
+  d.add_module :registerable, controller: :registrations, route: { registration: (routes << :cancel) }
   d.add_module :validatable
 
   # The ones which can sign out after
   routes = [nil, :new]
-  d.add_module :confirmable,  :controller => :confirmations, :route => { :confirmation => routes }
-  d.add_module :lockable,     :controller => :unlocks,       :route => { :unlock => routes }
+  d.add_module :confirmable,  controller: :confirmations, route: { confirmation: routes }
+  d.add_module :lockable,     controller: :unlocks,       route: { unlock: routes }
   d.add_module :timeoutable
 
   # Stats for last, so we make sure the user is really signed in
   d.add_module :trackable
-end
+end

lib/devise/omniauth/url_helpers.rb

@@ -6,12 +6,12 @@ module Devise
 
       def omniauth_authorize_path(resource_or_scope, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_authorize_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_authorize_path", *args)
       end
 
       def omniauth_callback_path(resource_or_scope, *args)
         scope = Devise::Mapping.find_scope!(resource_or_scope)
-        send("#{scope}_omniauth_callback_path", *args)
+        _devise_route_context.send("#{scope}_omniauth_callback_path", *args)
       end
     end
   end

lib/devise/orm/active_record.rb

@@ -1,3 +1,3 @@
 require 'orm_adapter/adapters/active_record'
 
-ActiveRecord::Base.extend Devise::Models
+ActiveRecord::Base.extend Devise::Models

lib/devise/orm/mongoid.rb

@@ -1,3 +1,3 @@
 require 'orm_adapter/adapters/mongoid'
 
-Mongoid::Document::ClassMethods.send :include, Devise::Models
+Mongoid::Document::ClassMethods.send :include, Devise::Models

lib/devise/rails.rb

@@ -29,7 +29,13 @@ module Devise
       end
     end
 
-    initializer "devise.secret_key" do
+    initializer "devise.secret_key" do |app|
+      if app.respond_to?(:secrets)
+        Devise.secret_key ||= app.secrets.secret_key_base
+      elsif app.config.respond_to?(:secret_key_base)
+        Devise.secret_key ||= app.config.secret_key_base
+      end
+
       Devise.token_generator ||=
         if secret_key = Devise.secret_key
           Devise::TokenGenerator.new(

lib/devise/rails/routes.rb

@@ -43,20 +43,20 @@ module ActionDispatch::Routing
     # needed routes:
     #
     #  # Session routes for Authenticatable (default)
-    #       new_user_session GET    /users/sign_in                    {:controller=>"devise/sessions", :action=>"new"}
-    #           user_session POST   /users/sign_in                    {:controller=>"devise/sessions", :action=>"create"}
-    #   destroy_user_session DELETE /users/sign_out                   {:controller=>"devise/sessions", :action=>"destroy"}
+    #       new_user_session GET    /users/sign_in                    {controller:"devise/sessions", action:"new"}
+    #           user_session POST   /users/sign_in                    {controller:"devise/sessions", action:"create"}
+    #   destroy_user_session DELETE /users/sign_out                   {controller:"devise/sessions", action:"destroy"}
     #
     #  # Password routes for Recoverable, if User model has :recoverable configured
-    #      new_user_password GET    /users/password/new(.:format)     {:controller=>"devise/passwords", :action=>"new"}
-    #     edit_user_password GET    /users/password/edit(.:format)    {:controller=>"devise/passwords", :action=>"edit"}
-    #          user_password PUT    /users/password(.:format)         {:controller=>"devise/passwords", :action=>"update"}
-    #                        POST   /users/password(.:format)         {:controller=>"devise/passwords", :action=>"create"}
+    #      new_user_password GET    /users/password/new(.:format)     {controller:"devise/passwords", action:"new"}
+    #     edit_user_password GET    /users/password/edit(.:format)    {controller:"devise/passwords", action:"edit"}
+    #          user_password PUT    /users/password(.:format)         {controller:"devise/passwords", action:"update"}
+    #                        POST   /users/password(.:format)         {controller:"devise/passwords", action:"create"}
     #
     #  # Confirmation routes for Confirmable, if User model has :confirmable configured
-    #  new_user_confirmation GET    /users/confirmation/new(.:format) {:controller=>"devise/confirmations", :action=>"new"}
-    #      user_confirmation GET    /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"show"}
-    #                        POST   /users/confirmation(.:format)     {:controller=>"devise/confirmations", :action=>"create"}
+    #  new_user_confirmation GET    /users/confirmation/new(.:format) {controller:"devise/confirmations", action:"new"}
+    #      user_confirmation GET    /users/confirmation(.:format)     {controller:"devise/confirmations", action:"show"}
+    #                        POST   /users/confirmation(.:format)     {controller:"devise/confirmations", action:"create"}
     #
     # ==== Routes integration
     #
@@ -84,71 +84,74 @@ module ActionDispatch::Routing
     #
     # You can configure your routes with some options:
     #
-    #  * :class_name => setup a different class to be looked up by devise, if it cannot be
+    #  * class_name: setup a different class to be looked up by devise, if it cannot be
     #    properly found by the route name.
     #
-    #      devise_for :users, :class_name => 'Account'
+    #      devise_for :users, class_name: 'Account'
     #
-    #  * :path => allows you to setup path name that will be used, as rails routes does.
+    #  * path: allows you to setup path name that will be used, as rails routes does.
     #    The following route configuration would setup your route as /accounts instead of /users:
     #
-    #      devise_for :users, :path => 'accounts'
+    #      devise_for :users, path: 'accounts'
     #
-    #  * :singular => setup the singular name for the given resource. This is used as the instance variable
+    #  * singular: setup the singular name for the given resource. This is used as the instance variable
     #    name in controller, as the name in routes and the scope given to warden.
     #
-    #      devise_for :users, :singular => :user
+    #      devise_for :users, singular: :user
     #
-    #  * :path_names => configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
+    #  * path_names: configure different path names to overwrite defaults :sign_in, :sign_out, :sign_up,
     #    :password, :confirmation, :unlock.
     #
-    #      devise_for :users, :path_names => { :sign_in => 'login', :sign_out => 'logout',
-    #        :password => 'secret', :confirmation => 'verification', registration: 'register }
+    #      devise_for :users, path_names: {
+    #        sign_in: 'login', sign_out: 'logout',
+    #        password: 'secret', confirmation: 'verification',
+    #        registration: 'register', edit: 'edit/profile'
+    #      }
     #
-    #  * :controllers => the controller which should be used. All routes by default points to Devise controllers.
+    #  * controllers: the controller which should be used. All routes by default points to Devise controllers.
     #    However, if you want them to point to custom controller, you should do:
     #
-    #      devise_for :users, :controllers => { :sessions => "users/sessions" }
+    #      devise_for :users, controllers: { sessions: "users/sessions" }
     #
-    #  * :failure_app => a rack app which is invoked whenever there is a failure. Strings representing a given
+    #  * failure_app: a rack app which is invoked whenever there is a failure. Strings representing a given
     #    are also allowed as parameter.
     #
-    #  * :sign_out_via => the HTTP method(s) accepted for the :sign_out action (default: :get),
+    #  * sign_out_via: the HTTP method(s) accepted for the :sign_out action (default: :get),
     #    if you wish to restrict this to accept only :post or :delete requests you should do:
     #
-    #      devise_for :users, :sign_out_via => [ :post, :delete ]
+    #      devise_for :users, sign_out_via: [ :post, :delete ]
     #
     #    You need to make sure that your sign_out controls trigger a request with a matching HTTP method.
     #
-    #  * :module => the namespace to find controllers (default: "devise", thus
+    #  * module: the namespace to find controllers (default: "devise", thus
     #    accessing devise/sessions, devise/registrations, and so on). If you want
     #    to namespace all at once, use module:
     #
-    #      devise_for :users, :module => "users"
+    #      devise_for :users, module: "users"
     #
-    #  * :skip => tell which controller you want to skip routes from being created:
+    #  * skip: tell which controller you want to skip routes from being created:
     #
-    #      devise_for :users, :skip => :sessions
+    #      devise_for :users, skip: :sessions
     #
-    #  * :only => the opposite of :skip, tell which controllers only to generate routes to:
+    #  * only: the opposite of :skip, tell which controllers only to generate routes to:
     #
-    #      devise_for :users, :only => :sessions
+    #      devise_for :users, only: :sessions
     #
-    #  * :skip_helpers => skip generating Devise url helpers like new_session_path(@user).
+    #  * skip_helpers: skip generating Devise url helpers like new_session_path(@user).
     #    This is useful to avoid conflicts with previous routes and is false by default.
     #    It accepts true as option, meaning it will skip all the helpers for the controllers
     #    given in :skip but it also accepts specific helpers to be skipped:
     #
-    #      devise_for :users, :skip => [:registrations, :confirmations], :skip_helpers => true
-    #      devise_for :users, :skip_helpers => [:registrations, :confirmations]
+    #      devise_for :users, skip: [:registrations, :confirmations], skip_helpers: true
+    #      devise_for :users, skip_helpers: [:registrations, :confirmations]
     #
-    #  * :format => include "(.:format)" in the generated routes? true by default, set to false to disable:
+    #  * format: include "(.:format)" in the generated routes? true by default, set to false to disable:
     #
-    #      devise_for :users, :format => false
+    #      devise_for :users, format: false
     #
-    #  * :constraints => works the same as Rails' constraints
+    #  * constraints: works the same as Rails' constraints
     #
-    #  * :defaults => works the same as Rails' defaults
+    #  * defaults: works the same as Rails' defaults
     #
     # ==== Scoping
     #
@@ -170,7 +173,7 @@ module ActionDispatch::Routing
     #
     #   class ApplicationController < ActionController::Base
     #     def self.default_url_options
-    #       { :locale => I18n.locale }
+    #       { locale: I18n.locale }
     #     end
     #   end
     #
@@ -195,7 +198,7 @@ module ActionDispatch::Routing
     # In order to get Devise to recognize the deactivate action, your devise_scope entry should look like this:
     #
     #     devise_scope :owner do
-    #       post "deactivate", :to => "registrations#deactivate", :as => "deactivate_registration"
+    #       post "deactivate", to: "registrations#deactivate", as: "deactivate_registration"
     #     end
     #
     def devise_for(*resources)
@@ -229,6 +232,14 @@ module ActionDispatch::Routing
           raise_no_devise_method_error!(mapping.class_name)
         end
 
+        if options[:controllers] && options[:controllers][:omniauth_callbacks]
+          unless mapping.omniauthable?
+            msg =  "Mapping omniauth_callbacks on a resource that is not omniauthable\n"
+            msg << "Please add `devise :omniauthable` to the `#{mapping.class_name}` model"
+            raise msg
+          end
+        end
+
         routes  = mapping.used_routes
 
         devise_scope mapping.name do
@@ -252,7 +263,7 @@ module ActionDispatch::Routing
     #   end
     #
     #   authenticate :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
     def authenticate(scope=nil, block=nil)
@@ -266,18 +277,18 @@ module ActionDispatch::Routing
     # a model and allows extra constraints to be done on the instance.
     #
     #   authenticated :admin do
-    #     root :to => 'admin/dashboard#show', :as => :admin_root
+    #     root to: 'admin/dashboard#show', as: :admin_root
     #   end
     #
     #   authenticated do
-    #     root :to => 'dashboard#show', :as => :authenticated_root
+    #     root to: 'dashboard#show', as: :authenticated_root
     #   end
     #
     #   authenticated :user, lambda {|u| u.role == "admin"} do
-    #     root :to => "admin/dashboard#show", :as => :user_root
+    #     root to: "admin/dashboard#show", as: :user_root
     #   end
     #
-    #   root :to => 'landing#show'
+    #   root to: 'landing#show'
     #
     def authenticated(scope=nil, block=nil)
       constraints_for(:authenticate?, scope, block) do
@@ -290,15 +301,15 @@ module ActionDispatch::Routing
     #
     #   unauthenticated do
     #     as :user do
-    #       root :to => 'devise/registrations#new'
+    #       root to: 'devise/registrations#new'
     #     end
     #   end
     #
-    #   root :to => 'dashboard#show'
+    #   root to: 'dashboard#show'
     #
     def unauthenticated(scope=nil)
       constraint = lambda do |request|
-        not request.env["warden"].authenticate? :scope => scope
+        not request.env["warden"].authenticate? scope: scope
       end
 
       constraints(constraint) do
@@ -311,7 +322,7 @@ module ActionDispatch::Routing
     # to which controller it is targetted.
     #
     #   as :user do
-    #     get "sign_in", :to => "devise/sessions#new"
+    #     get "sign_in", to: "devise/sessions#new"
     #   end
     #
     # Notice you cannot have two scopes mapping to the same URL. And remember, if
@@ -343,41 +354,42 @@ module ActionDispatch::Routing
     protected
 
       def devise_session(mapping, controllers) #:nodoc:
-        resource :session, :only => [], :controller => controllers[:sessions], :path => "" do
-          get   :new,     :path => mapping.path_names[:sign_in],  :as => "new"
-          post  :create,  :path => mapping.path_names[:sign_in]
-          match :destroy, :path => mapping.path_names[:sign_out], :as => "destroy", :via => mapping.sign_out_via
+        resource :session, only: [], controller: controllers[:sessions], path: "" do
+          get   :new,     path: mapping.path_names[:sign_in],  as: "new"
+          post  :create,  path: mapping.path_names[:sign_in]
+          match :destroy, path: mapping.path_names[:sign_out], as: "destroy", via: mapping.sign_out_via
         end
       end
 
       def devise_password(mapping, controllers) #:nodoc:
-        resource :password, :only => [:new, :create, :edit, :update],
-          :path => mapping.path_names[:password], :controller => controllers[:passwords]
+        resource :password, only: [:new, :create, :edit, :update],
+          path: mapping.path_names[:password], controller: controllers[:passwords]
       end
 
       def devise_confirmation(mapping, controllers) #:nodoc:
-        resource :confirmation, :only => [:new, :create, :show],
-          :path => mapping.path_names[:confirmation], :controller => controllers[:confirmations]
+        resource :confirmation, only: [:new, :create, :show],
+          path: mapping.path_names[:confirmation], controller: controllers[:confirmations]
       end
 
       def devise_unlock(mapping, controllers) #:nodoc:
         if mapping.to.unlock_strategy_enabled?(:email)
-          resource :unlock, :only => [:new, :create, :show],
-            :path => mapping.path_names[:unlock], :controller => controllers[:unlocks]
+          resource :unlock, only: [:new, :create, :show],
+            path: mapping.path_names[:unlock], controller: controllers[:unlocks]
         end
       end
 
       def devise_registration(mapping, controllers) #:nodoc:
         path_names = {
-          :new => mapping.path_names[:sign_up],
-          :cancel => mapping.path_names[:cancel]
+          new: mapping.path_names[:sign_up],
+          edit: mapping.path_names[:edit],
+          cancel: mapping.path_names[:cancel]
         }
 
         options = {
-          :only => [:new, :create, :edit, :update, :destroy],
-          :path => mapping.path_names[:registration],
-          :path_names => path_names,
-          :controller => controllers[:registrations]
+          only: [:new, :create, :edit, :update, :destroy],
+          path: mapping.path_names[:registration],
+          path_names: path_names,
+          controller: controllers[:registrations]
         }
 
         resource :registration, options do
@@ -393,16 +405,16 @@ and you have set #{mapping.fullpath.inspect}. You can work around by passing
 `skip: :omniauth_callbacks` and manually defining the routes. Here is an example:
 
     match "/users/auth/:provider",
-      :constraints => { :provider => /\A(google|facebook)\z/ },
-      :to => "devise/omniauth_callbacks#passthru",
-      :as => :omniauth_authorize,
-      :via => [:get, :post]
+      constraints: { provider: /google|facebook/ },
+      to: "devise/omniauth_callbacks#passthru",
+      as: :omniauth_authorize,
+      via: [:get, :post]
 
     match "/users/auth/:action/callback",
-      :constraints => { :action => /\A(google|facebook)\z/ },
-      :to => "devise/omniauth_callbacks",
-      :as => :omniauth_callback,
-      :via => [:get, :post]
+      constraints: { action: /google|facebook/ },
+      to: "devise/omniauth_callbacks",
+      as: :omniauth_callback,
+      via: [:get, :post]
 ERROR
         end
 
@@ -414,16 +426,16 @@ ERROR
         providers = Regexp.union(mapping.to.omniauth_providers.map(&:to_s))
 
         match "#{path_prefix}/:provider",
-          :constraints => { :provider => providers },
-          :to => "#{controllers[:omniauth_callbacks]}#passthru",
-          :as => :omniauth_authorize,
-          :via => [:get, :post]
+          constraints: { provider: providers },
+          to: "#{controllers[:omniauth_callbacks]}#passthru",
+          as: :omniauth_authorize,
+          via: [:get, :post]
 
         match "#{path_prefix}/:action/callback",
-          :constraints => { :action => providers },
-          :to => controllers[:omniauth_callbacks],
-          :as => :omniauth_callback,
-          :via => [:get, :post]
+          constraints: { action: providers },
+          to: controllers[:omniauth_callbacks],
+          as: :omniauth_callback,
+          via: [:get, :post]
       ensure
         @scope[:path] = path
       end
@@ -434,7 +446,7 @@ ERROR
         old = {}
         DEVISE_SCOPE_KEYS.each { |k| old[k] = @scope[k] }
 
-        new = { :as => new_as, :path => new_path, :module => nil }
+        new = { as: new_as, path: new_path, module: nil }
         new.merge!(options.slice(:constraints, :defaults, :options))
 
         @scope.merge!(new)
@@ -445,7 +457,7 @@ ERROR
 
       def constraints_for(method_to_apply, scope=nil, block=nil)
         constraint = lambda do |request|
-          request.env['warden'].send(method_to_apply, :scope => scope) &&
+          request.env['warden'].send(method_to_apply, scope: scope) &&
             (block.nil? || block.call(request.env["warden"].user(scope)))
         end
 

lib/devise/strategies/authenticatable.rb

@@ -49,7 +49,7 @@ module Devise
         valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
       end
 
-      # Check if this is strategy is valid for http authentication by:
+      # Check if this is a valid strategy for http authentication by:
       #
       #   * Validating if the model allows params authentication;
       #   * If any of the authorization headers were sent;
@@ -59,7 +59,7 @@ module Devise
         http_authenticatable? && request.authorization && with_authentication_hash(:http_auth, http_auth_hash)
       end
 
-      # Check if this is strategy is valid for params authentication by:
+      # Check if this is a valid strategy for params authentication by:
       #
       #   * Validating if the model allows params authentication;
       #   * If the request hits the sessions controller through POST;
@@ -102,9 +102,9 @@ module Devise
         params_auth_hash.is_a?(Hash)
       end
 
-      # Check if password is present and is not equal to "X" (default value for token).
+      # Check if password is present.
       def valid_password?
-        password.present? && password != "X"
+        password.present?
       end
 
       # Helper to decode credentials from HTTP.

lib/devise/strategies/base.rb

@@ -17,4 +17,4 @@ module Devise
       end
     end
   end
-end
+end

lib/devise/strategies/database_authenticatable.rb

@@ -2,7 +2,7 @@ require 'devise/strategies/authenticatable'
 
 module Devise
   module Strategies
-    # Default strategy for signing in a user, based on his email and password in the database.
+    # Default strategy for signing in a user, based on their email and password in the database.
     class DatabaseAuthenticatable < Authenticatable
       def authenticate!
         resource  = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)

lib/devise/test_helpers.rb

@@ -109,8 +109,8 @@ module Devise
 
         status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
         @controller.response.headers.merge!(headers)
-        @controller.send :render, :status => status, :text => response.body,
-          :content_type => headers["Content-Type"], :location => headers["Location"]
+        @controller.send :render, status: status, text: response.body,
+          content_type: headers["Content-Type"], location: headers["Location"]
         nil # causes process return @response
       end
 

lib/devise/time_inflector.rb

@@ -6,9 +6,9 @@ module Devise
 
     class << self
       attr_reader :instance
-      delegate :time_ago_in_words, :to => :instance
+      delegate :time_ago_in_words, to: :instance
     end
 
     @instance = new
   end
-end
+end

lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "3.2.2".freeze
+  VERSION = "3.2.4".freeze
 end

lib/generators/active_record/devise_generator.rb

@@ -4,21 +4,21 @@ require 'generators/devise/orm_helpers'
 module ActiveRecord
   module Generators
     class DeviseGenerator < ActiveRecord::Generators::Base
-      argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+      argument :attributes, type: :array, default: [], banner: "field:type field:type"
 
       include Devise::Generators::OrmHelpers
       source_root File.expand_path("../templates", __FILE__)
 
       def copy_devise_migration
         if (behavior == :invoke && model_exists?) || (behavior == :revoke && migration_exists?(table_name))
-          migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}"
+          migration_template "migration_existing.rb", "db/migrate/add_devise_to_#{table_name}.rb"
         else
-          migration_template "migration.rb", "db/migrate/devise_create_#{table_name}"
+          migration_template "migration.rb", "db/migrate/devise_create_#{table_name}.rb"
         end
       end
 
       def generate_model
-        invoke "active_record:model", [name], :migration => false unless model_exists? && behavior == :invoke
+        invoke "active_record:model", [name], migration: false unless model_exists? && behavior == :invoke
       end
 
       def inject_devise_content
@@ -39,8 +39,8 @@ module ActiveRecord
       def migration_data
 <<RUBY
       ## Database authenticatable
-      t.string :email,              :null => false, :default => ""
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
 
       ## Recoverable
       t.string   :reset_password_token
@@ -50,7 +50,7 @@ module ActiveRecord
       t.datetime :remember_created_at
 
       ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
+      t.integer  :sign_in_count, default: 0, null: false
       t.datetime :current_sign_in_at
       t.datetime :last_sign_in_at
       t.string   :current_sign_in_ip
@@ -63,7 +63,7 @@ module ActiveRecord
       # t.string   :unconfirmed_email # Only if using reconfirmable
 
       ## Lockable
-      # t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      # t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
       # t.string   :unlock_token # Only if unlock strategy is :email or :both
       # t.datetime :locked_at
 RUBY

lib/generators/active_record/templates/migration.rb

@@ -10,9 +10,9 @@ class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
       t.timestamps
     end
 
-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
   end
 end

lib/generators/active_record/templates/migration_existing.rb

@@ -11,10 +11,10 @@ class AddDeviseTo<%= table_name.camelize %> < ActiveRecord::Migration
       # t.timestamps
     end
 
-    add_index :<%= table_name %>, :email,                :unique => true
-    add_index :<%= table_name %>, :reset_password_token, :unique => true
-    # add_index :<%= table_name %>, :confirmation_token,   :unique => true
-    # add_index :<%= table_name %>, :unlock_token,         :unique => true
+    add_index :<%= table_name %>, :email,                unique: true
+    add_index :<%= table_name %>, :reset_password_token, unique: true
+    # add_index :<%= table_name %>, :confirmation_token,   unique: true
+    # add_index :<%= table_name %>, :unlock_token,         unique: true
   end
 
   def self.down

lib/generators/devise/devise_generator.rb

@@ -13,12 +13,12 @@ module Devise
 
       hook_for :orm
 
-      class_option :routes, :desc => "Generate routes", :type => :boolean, :default => true
+      class_option :routes, desc: "Generate routes", type: :boolean, default: true
 
       def add_devise_routes
         devise_route  = "devise_for :#{plural_name}"
-        devise_route << %Q(, :class_name => "#{class_name}") if class_name.include?("::")
-        devise_route << %Q(, :skip => :all) unless options.routes?
+        devise_route << %Q(, class_name: "#{class_name}") if class_name.include?("::")
+        devise_route << %Q(, skip: :all) unless options.routes?
         route devise_route
       end
     end

lib/generators/devise/install_generator.rb

@@ -20,6 +20,10 @@ module Devise
       def show_readme
         readme "README" if behavior == :invoke
       end
+
+      def rails_4?
+        Rails::VERSION::MAJOR == 4
+      end
     end
   end
 end

lib/generators/devise/views_generator.rb

@@ -9,13 +9,14 @@ module Devise
       extend ActiveSupport::Concern
 
       included do
-        argument :scope, :required => false, :default => nil,
-                         :desc => "The scope to copy views to"
+        argument :scope, required: false, default: nil,
+                         desc: "The scope to copy views to"
 
         # Le sigh, ensure Thor won't handle opts as args
         # It should be fixed in future Rails releases
-        class_option :form_builder, :aliases => "-b"
+        class_option :form_builder, aliases: "-b"
         class_option :markerb
+        class_option :views, aliases: "-v", type: :array, desc: "Select specific view directories to generate (confirmations, passwords, registrations, sessions, unlocks, mailer)"
 
         public_task :copy_views
       end
@@ -28,11 +29,17 @@ module Devise
       end
 
       def copy_views
-        view_directory :confirmations
-        view_directory :passwords
-        view_directory :registrations
-        view_directory :sessions
-        view_directory :unlocks
+        if options[:views]
+          options[:views].each do |directory|
+            view_directory directory.to_sym
+          end
+        else
+          view_directory :confirmations
+          view_directory :passwords
+          view_directory :registrations
+          view_directory :sessions
+          view_directory :unlocks
+        end
       end
 
       protected
@@ -85,7 +92,9 @@ module Devise
       hide!
 
       def copy_views
-        view_directory :mailer
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :mailer
+        end
       end
     end
 
@@ -96,7 +105,9 @@ module Devise
       hide!
 
       def copy_views
-        view_directory :markerb, target_path
+        if !options[:views] || options[:views].include?('mailer')
+          view_directory :markerb, target_path
+        end
       end
 
       def target_path
@@ -107,18 +118,18 @@ module Devise
     class ViewsGenerator < Rails::Generators::Base
       desc "Copies Devise views to your application."
 
-      argument :scope, :required => false, :default => nil,
-                       :desc => "The scope to copy views to"
+      argument :scope, required: false, default: nil,
+                       desc: "The scope to copy views to"
 
       invoke SharedViewsGenerator
 
-      hook_for :form_builder, :aliases => "-b",
-                              :desc => "Form builder to be used",
-                              :default => defined?(SimpleForm) ? "simple_form_for" : "form_for"
+      hook_for :form_builder, aliases: "-b",
+                              desc: "Form builder to be used",
+                              default: defined?(SimpleForm) ? "simple_form_for" : "form_for"
 
-      hook_for :markerb,  :desc => "Generate markerb instead of erb mail views",
-                          :default => defined?(Markerb) ? :markerb : :erb,
-                          :type => :boolean
+      hook_for :markerb,  desc: "Generate markerb instead of erb mail views",
+                          default: defined?(Markerb) ? :markerb : :erb,
+                          type: :boolean
     end
   end
 end

lib/generators/mongoid/devise_generator.rb

@@ -11,43 +11,43 @@ module Mongoid
       end
 
       def inject_field_types
-        inject_into_file model_path, migration_data, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, migration_data, after: "include Mongoid::Document\n" if model_exists?
       end
 
       def inject_devise_content
-        inject_into_file model_path, model_contents, :after => "include Mongoid::Document\n" if model_exists?
+        inject_into_file model_path, model_contents, after: "include Mongoid::Document\n" if model_exists?
       end
 
       def migration_data
 <<RUBY
   ## Database authenticatable
-  field :email,              :type => String, :default => ""
-  field :encrypted_password, :type => String, :default => ""
+  field :email,              type: String, default: ""
+  field :encrypted_password, type: String, default: ""
 
   ## Recoverable
-  field :reset_password_token,   :type => String
-  field :reset_password_sent_at, :type => Time
+  field :reset_password_token,   type: String
+  field :reset_password_sent_at, type: Time
 
   ## Rememberable
-  field :remember_created_at, :type => Time
+  field :remember_created_at, type: Time
 
   ## Trackable
-  field :sign_in_count,      :type => Integer, :default => 0
-  field :current_sign_in_at, :type => Time
-  field :last_sign_in_at,    :type => Time
-  field :current_sign_in_ip, :type => String
-  field :last_sign_in_ip,    :type => String
+  field :sign_in_count,      type: Integer, default: 0
+  field :current_sign_in_at, type: Time
+  field :last_sign_in_at,    type: Time
+  field :current_sign_in_ip, type: String
+  field :last_sign_in_ip,    type: String
 
   ## Confirmable
-  # field :confirmation_token,   :type => String
-  # field :confirmed_at,         :type => Time
-  # field :confirmation_sent_at, :type => Time
-  # field :unconfirmed_email,    :type => String # Only if using reconfirmable
+  # field :confirmation_token,   type: String
+  # field :confirmed_at,         type: Time
+  # field :confirmation_sent_at, type: Time
+  # field :unconfirmed_email,    type: String # Only if using reconfirmable
 
   ## Lockable
-  # field :failed_attempts, :type => Integer, :default => 0 # Only if lock strategy is :failed_attempts
-  # field :unlock_token,    :type => String # Only if unlock strategy is :email or :both
-  # field :locked_at,       :type => Time
+  # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  # field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  # field :locked_at,       type: Time
 RUBY
       end
     end

lib/generators/templates/README

@@ -2,18 +2,18 @@
 
 Some setup you must do manually if you haven't yet:
 
-  1. Ensure you have defined default url options in your environments files. Here 
-     is an example of default_url_options appropriate for a development environment 
+  1. Ensure you have defined default url options in your environments files. Here
+     is an example of default_url_options appropriate for a development environment
      in config/environments/development.rb:
 
-       config.action_mailer.default_url_options = { :host => 'localhost:3000' }
+       config.action_mailer.default_url_options = { host: 'localhost:3000' }
 
      In production, :host should be set to the actual host of your application.
 
   2. Ensure you have defined root_url to *something* in your config/routes.rb.
      For example:
 
-       root :to => "home#index"
+       root to: "home#index"
 
   3. Ensure you have flash messages in app/views/layouts/application.html.erb.
      For example:

lib/generators/templates/devise.rb

@@ -4,7 +4,11 @@ Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
+<% if  rails_4? -%>
+  # config.secret_key = '<%= SecureRandom.hex(64) %>'
+<% else -%>
   config.secret_key = '<%= SecureRandom.hex(64) %>'
+<% end -%>
 
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -76,7 +80,7 @@ Devise.setup do |config|
   # particular strategies by setting this option.
   # Notice that if you are skipping storage for all authentication paths, you
   # may want to disable generating routes to Devise's sessions controller by
-  # passing :skip => :sessions to `devise_for` in your config/routes.rb
+  # passing skip: :sessions to `devise_for` in your config/routes.rb
   config.skip_session_storage = [:http_auth]
 
   # By default, Devise cleans up the CSRF token on authentication to
@@ -91,7 +95,9 @@ Devise.setup do |config|
   #
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments.
+  # a value less than 10 in other environments. Note that, for bcrypt (the default
+  # encryptor), the cost increases exponentially with the number of stretches (e.g.
+  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Setup a pepper to generate the encrypted password.
@@ -99,10 +105,10 @@ Devise.setup do |config|
 
   # ==> Configuration for :confirmable
   # A period that the user is allowed to access the website even without
-  # confirming his account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming his account,
+  # confirming their account. For instance, if set to 2.days, the user will be
+  # able to access the website for two days without confirming their account,
   # access will be blocked just in the third day. Default is 0.days, meaning
-  # the user cannot access the website without confirming his account.
+  # the user cannot access the website without confirming their account.
   # config.allow_unconfirmed_access_for = 2.days
 
   # A period that the user is allowed to confirm their account before their
@@ -115,8 +121,8 @@ Devise.setup do |config|
 
   # If true, requires any email changes to be confirmed (exactly the same way as
   # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed new email is stored in
-  # unconfirmed email column, and copied to email column on successful confirmation.
+  # db field (see migrations). Until confirmed, new email is stored in
+  # unconfirmed_email column, and copied to email column on successful confirmation.
   config.reconfirmable = true
 
   # Defines which key will be used when confirming an account
@@ -130,11 +136,11 @@ Devise.setup do |config|
   # config.extend_remember_period = false
 
   # Options to be passed to the created cookie. For instance, you can set
-  # :secure => true in order to force SSL only cookies.
+  # secure: true in order to force SSL only cookies.
   # config.rememberable_options = {}
 
   # ==> Configuration for :validatable
-  # Range for password length. Default is 8..128.
+  # Range for password length.
   config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
@@ -227,7 +233,7 @@ Devise.setup do |config|
   # ==> OmniAuth
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
@@ -235,7 +241,7 @@ Devise.setup do |config|
   #
   # config.warden do |manager|
   #   manager.intercept_401 = false
-  #   manager.default_strategies(:scope => :user).unshift :some_external_strategy
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
   # end
 
   # ==> Mountable engine configurations

lib/generators/templates/markerb/confirmation_instructions.markerb

@@ -2,4 +2,4 @@ Welcome <%= @email %>!
 
 You can confirm your account through the link below:
 
-<%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token) %>
+<%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %>

lib/generators/templates/markerb/reset_password_instructions.markerb

@@ -2,7 +2,7 @@ Hello <%= @resource.email %>!
 
 Someone has requested a link to change your password, and you can do this through the link below.
 
-<%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token) %>
+<%= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token) %>
 
 If you didn't request this, please ignore this email.
 Your password won't change until you access the link above and create a new one.

lib/generators/templates/markerb/unlock_instructions.markerb

@@ -4,4 +4,4 @@ Your account has been locked due to an excessive number of unsuccessful sign in
 
 Click the link below to unlock your account:
 
-<%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token) %>
+<%= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token) %>

lib/generators/templates/simple_form_for/confirmations/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Resend confirmation instructions</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
   <%= f.full_error :confirmation_token %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/passwords/edit.html.erb

@@ -1,14 +1,14 @@
 <h2>Change your password</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f| %>
   <%= f.error_notification %>
 
-  <%= f.input :reset_password_token, :as => :hidden %>
+  <%= f.input :reset_password_token, as: :hidden %>
   <%= f.full_error :reset_password_token %>
 
   <div class="form-inputs">
-    <%= f.input :password, :label => "New password", :required => true, :autofocus => true %>
-    <%= f.input :password_confirmation, :label => "Confirm your new password", :required => true %>
+    <%= f.input :password, label: "New password", required: true, autofocus: true %>
+    <%= f.input :password_confirmation, label: "Confirm your new password", required: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/passwords/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Forgot your password?</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/registrations/edit.html.erb

@@ -1,18 +1,18 @@
 <h2>Edit <%= resource_name.to_s.humanize %></h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
 
     <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
       <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
     <% end %>
 
-    <%= f.input :password, :autocomplete => "off", :hint => "leave it blank if you don't want to change it", :required => false %>
-    <%= f.input :password_confirmation, :required => false %>
-    <%= f.input :current_password, :hint => "we need your current password to confirm your changes", :required => true %>
+    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+    <%= f.input :password_confirmation, required: false %>
+    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
   </div>
 
   <div class="form-actions">
@@ -22,6 +22,6 @@
 
 <h3>Cancel my account</h3>
 
-<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete %></p>
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
 
 <%= link_to "Back", :back %>

lib/generators/templates/simple_form_for/registrations/new.html.erb

@@ -1,12 +1,12 @@
 <h2>Sign up</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f| %>
   <%= f.error_notification %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
-    <%= f.input :password, :required => true %>
-    <%= f.input :password_confirmation, :required => true %>
+    <%= f.input :email, required: true, autofocus: true %>
+    <%= f.input :password, required: true %>
+    <%= f.input :password_confirmation, required: true %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/sessions/new.html.erb

@@ -1,10 +1,10 @@
 <h2>Sign in</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
   <div class="form-inputs">
-    <%= f.input :email, :required => false, :autofocus => true %>
-    <%= f.input :password, :required => false %>
-    <%= f.input :remember_me, :as => :boolean if devise_mapping.rememberable? %>
+    <%= f.input :email, required: false, autofocus: true %>
+    <%= f.input :password, required: false %>
+    <%= f.input :remember_me, as: :boolean if devise_mapping.rememberable? %>
   </div>
 
   <div class="form-actions">

lib/generators/templates/simple_form_for/unlocks/new.html.erb

@@ -1,11 +1,11 @@
 <h2>Resend unlock instructions</h2>
 
-<%= simple_form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+<%= simple_form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f| %>
   <%= f.error_notification %>
   <%= f.full_error :unlock_token %>
 
   <div class="form-inputs">
-    <%= f.input :email, :required => true, :autofocus => true %>
+    <%= f.input :email, required: true, autofocus: true %>
   </div>
 
   <div class="form-actions">

test/controllers/helpers_test.rb

@@ -14,81 +14,81 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'proxy signed_in?(scope) to authenticate?' do
-    @mock_warden.expects(:authenticate?).with(:scope => :my_scope)
+    @mock_warden.expects(:authenticate?).with(scope: :my_scope)
     @controller.signed_in?(:my_scope)
   end
 
   test 'proxy signed_in?(nil) to authenticate?' do
     Devise.mappings.keys.each do |scope| # :user, :admin, :manager
-      @mock_warden.expects(:authenticate?).with(:scope => scope)
+      @mock_warden.expects(:authenticate?).with(scope: scope)
     end
     @controller.signed_in?
   end
 
   test 'proxy current_user to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user)
+    @mock_warden.expects(:authenticate).with(scope: :user)
     @controller.current_user
   end
 
   test 'proxy current_admin to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
     @controller.current_admin
   end
 
   test 'proxy current_publisher_account to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
     @controller.current_publisher_account
   end
 
   test 'proxy authenticate_user! to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user)
+    @mock_warden.expects(:authenticate!).with(scope: :user)
     @controller.authenticate_user!
   end
 
   test 'proxy authenticate_user! options to authenticate with user scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :user, :recall => "foo")
-    @controller.authenticate_user!(:recall => "foo")
+    @mock_warden.expects(:authenticate!).with(scope: :user, recall: "foo")
+    @controller.authenticate_user!(recall: "foo")
   end
 
   test 'proxy authenticate_admin! to authenticate with admin scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :admin)
+    @mock_warden.expects(:authenticate!).with(scope: :admin)
     @controller.authenticate_admin!
   end
 
   test 'proxy authenticate_publisher_account! to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate!).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate!).with(scope: :publisher_account)
     @controller.authenticate_publisher_account!
   end
 
   test 'proxy user_signed_in? to authenticate with user scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns("user")
+    @mock_warden.expects(:authenticate).with(scope: :user).returns("user")
     assert @controller.user_signed_in?
   end
 
   test 'proxy admin_signed_in? to authenticatewith admin scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin)
+    @mock_warden.expects(:authenticate).with(scope: :admin)
     assert_not @controller.admin_signed_in?
   end
 
   test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account)
     @controller.publisher_account_signed_in?
   end
 
   test 'proxy user_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(true)
     @mock_warden.expects(:session).with(:user).returns({})
     @controller.user_session
   end
 
   test 'proxy admin_session to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :admin).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :admin).returns(true)
     @mock_warden.expects(:session).with(:admin).returns({})
     @controller.admin_session
   end
 
   test 'proxy publisher_account_session from namespaced scope to session scope in warden' do
-    @mock_warden.expects(:authenticate).with(:scope => :publisher_account).returns(true)
+    @mock_warden.expects(:authenticate).with(scope: :publisher_account).returns(true)
     @mock_warden.expects(:session).with(:publisher_account).returns({})
     @controller.publisher_account_session
   end
@@ -96,14 +96,14 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in proxy to set_user on warden' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.sign_in(:user, user)
   end
 
   test 'sign in accepts a resource as argument' do
     user = User.new
     @mock_warden.expects(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.sign_in(user)
   end
 
@@ -117,15 +117,15 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in again when the user is already in only if force is given' do
     user = User.new
     @mock_warden.expects(:user).returns(user)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
-    @controller.sign_in(user, :force => true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
+    @controller.sign_in(user, force: true)
   end
 
   test 'sign in accepts bypass as option' do
     user = User.new
     @mock_warden.expects(:session_serializer).returns(serializer = mock())
     serializer.expects(:store).with(user, :user)
-    @controller.sign_in(user, :bypass => true)
+    @controller.sign_in(user, bypass: true)
   end
 
   test 'sign out clears up any signed in user from all scopes' do
@@ -141,18 +141,18 @@ class ControllerAuthenticatableTest < ActionController::TestCase
 
   test 'sign out logs out and clears up any signed in user by scope' do
     user = User.new
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(user)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(user)
     @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
     @controller.instance_variable_set(:@current_user, user)
     @controller.sign_out(:user)
     assert_equal nil, @controller.instance_variable_get(:@current_user)
   end
 
   test 'sign out accepts a resource as argument' do
-    @mock_warden.expects(:user).with(:scope => :user, :run_callbacks => false).returns(true)
+    @mock_warden.expects(:user).with(scope: :user, run_callbacks: false).returns(true)
     @mock_warden.expects(:logout).with(:user).returns(true)
-    @mock_warden.expects(:clear_strategies_cache!).with(:scope => :user).returns(true)
+    @mock_warden.expects(:clear_strategies_cache!).with(scope: :user).returns(true)
     @controller.sign_out(User.new)
   end
 
@@ -227,7 +227,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
     user = User.new
     @controller.session[:user_return_to] = "/foo.bar"
     @mock_warden.expects(:user).with(:user).returns(nil)
-    @mock_warden.expects(:set_user).with(user, :scope => :user).returns(true)
+    @mock_warden.expects(:set_user).with(user, scope: :user).returns(true)
     @controller.expects(:redirect_to).with("/foo.bar")
     @controller.sign_in_and_redirect(user)
   end
@@ -235,7 +235,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   test 'sign in and redirect uses the configured after sign in path' do
     admin = Admin.new
     @mock_warden.expects(:user).with(:admin).returns(nil)
-    @mock_warden.expects(:set_user).with(admin, :scope => :admin).returns(true)
+    @mock_warden.expects(:set_user).with(admin, scope: :admin).returns(true)
     @controller.expects(:redirect_to).with(admin_root_path)
     @controller.sign_in_and_redirect(admin)
   end
@@ -249,10 +249,10 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'sign out and redirect uses the configured after sign out path when signing out only the current scope' do
-    swap Devise, :sign_out_all_scopes => false do
-      @mock_warden.expects(:user).with(:scope => :admin, :run_callbacks => false).returns(true)
+    swap Devise, sign_out_all_scopes: false do
+      @mock_warden.expects(:user).with(scope: :admin, run_callbacks: false).returns(true)
       @mock_warden.expects(:logout).with(:admin).returns(true)
-      @mock_warden.expects(:clear_strategies_cache!).with(:scope => :admin).returns(true)
+      @mock_warden.expects(:clear_strategies_cache!).with(scope: :admin).returns(true)
       @controller.expects(:redirect_to).with(admin_root_path)
       @controller.instance_eval "def after_sign_out_path_for(resource); admin_root_path; end"
       @controller.sign_out_and_redirect(:admin)
@@ -260,7 +260,7 @@ class ControllerAuthenticatableTest < ActionController::TestCase
   end
 
   test 'sign out and redirect uses the configured after sign out path when signing out all scopes' do
-    swap Devise, :sign_out_all_scopes => true do
+    swap Devise, sign_out_all_scopes: true do
       @mock_warden.expects(:user).times(Devise.mappings.size)
       @mock_warden.expects(:logout).with().returns(true)
       @mock_warden.expects(:clear_strategies_cache!).with().returns(true)

test/controllers/internal_helpers_test.rb

@@ -55,7 +55,7 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'require no authentication tests current mapping' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication
@@ -71,7 +71,7 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'require no authentication sets a flash message' do
-    @mock_warden.expects(:authenticate?).with(:rememberable, :scope => :user).returns(true)
+    @mock_warden.expects(:authenticate?).with(:rememberable, scope: :user).returns(true)
     @mock_warden.expects(:user).with(:user).returns(User.new)
     @controller.expects(:redirect_to).with(root_path)
     @controller.send :require_no_authentication
@@ -79,7 +79,7 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'signed in resource returns signed in resource for current scope' do
-    @mock_warden.expects(:authenticate).with(:scope => :user).returns(User.new)
+    @mock_warden.expects(:authenticate).with(scope: :user).returns(User.new)
     assert_kind_of User, @controller.signed_in_resource
   end
 
@@ -100,21 +100,24 @@ class HelpersTest < ActionController::TestCase
   end
 
   test 'uses custom i18n options' do
-    @controller.stubs(:devise_i18n_options).returns(:default => "devise custom options")
+    @controller.stubs(:devise_i18n_options).returns(default: "devise custom options")
     @controller.send :set_flash_message, :notice, :invalid_i18n_messagesend_instructions
     assert_equal 'devise custom options', flash[:notice]
   end
 
   test 'allows custom i18n options to override resource_name' do
     I18n.expects(:t).with("custom_resource_name.confirmed", anything)
-    @controller.stubs(:devise_i18n_options).returns(:resource_name => "custom_resource_name")
+    @controller.stubs(:devise_i18n_options).returns(resource_name: "custom_resource_name")
     @controller.send :set_flash_message, :notice, :confirmed
   end
 
   test 'navigational_formats not returning a wild card' do
     MyController.send(:public, :navigational_formats)
-    Devise.navigational_formats = [:"*/*", :html]
-    assert_not @controller.navigational_formats.include?(:"*/*")
+
+    swap Devise, navigational_formats: ['*/*', :html] do
+      assert_not @controller.navigational_formats.include?("*/*")
+    end
+
     MyController.send(:protected, :navigational_formats)
   end
 end

test/controllers/sessions_controller_test.rb

@@ -5,21 +5,25 @@ class SessionsControllerTest < ActionController::TestCase
   include Devise::TestHelpers
 
   test "#create doesn't raise unpermitted params when sign in fails" do
-    ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload|
-      flunk "Unpermitted params: #{payload}"
+    begin
+      subscriber = ActiveSupport::Notifications.subscribe /unpermitted_parameters/ do |name, start, finish, id, payload|
+        flunk "Unpermitted params: #{payload}"
+      end
+      request.env["devise.mapping"] = Devise.mappings[:user]
+      request.session["user_return_to"] = 'foo.bar'
+      create_user
+      post :create, user: {
+        email: "wrong@email.com",
+        password: "wrongpassword"
+      }
+      assert_equal 200, @response.status
+    ensure
+      ActiveSupport::Notifications.unsubscribe(subscriber)
     end
-    request.env["devise.mapping"] = Devise.mappings[:user]
-    request.session["user_return_to"] = 'foo.bar'
-    create_user
-    post :create, :user => {
-      :email => "wrong@email.com",
-      :password => "wrongpassword"
-    }
-    assert_equal 200, @response.status
   end
 
   test "#create works even with scoped views" do
-    swap Devise, :scoped_views => true do
+    swap Devise, scoped_views: true do
       request.env["devise.mapping"] = Devise.mappings[:user]
       post :create
       assert_equal 200, @response.status
@@ -33,9 +37,9 @@ class SessionsControllerTest < ActionController::TestCase
 
     user = create_user
     user.confirm!
-    post :create, :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, user: {
+      email: user.email,
+      password: user.password
     }
 
     assert_nil request.session["user_return_to"]
@@ -47,9 +51,9 @@ class SessionsControllerTest < ActionController::TestCase
 
     user = create_user
     user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
     }
 
     assert_equal 'foo.bar', request.session["user_return_to"]
@@ -57,9 +61,9 @@ class SessionsControllerTest < ActionController::TestCase
 
   test "#create doesn't raise exception after Warden authentication fails when TestHelpers included" do
     request.env["devise.mapping"] = Devise.mappings[:user]
-    post :create, :user => {
-      :email => "nosuchuser@example.com",
-      :password => "wevdude"
+    post :create, user: {
+      email: "nosuchuser@example.com",
+      password: "wevdude"
     }
     assert_equal 200, @response.status
     assert_template "devise/sessions/new"
@@ -69,12 +73,12 @@ class SessionsControllerTest < ActionController::TestCase
     request.env["devise.mapping"] = Devise.mappings[:user]
     user = create_user
     user.confirm!
-    post :create, :format => 'json', :user => {
-      :email => user.email,
-      :password => user.password
+    post :create, format: 'json', user: {
+      email: user.email,
+      password: user.password
     }
 
-    delete :destroy, :format => 'json'
+    delete :destroy, format: 'json'
     assert flash[:notice].blank?, "flash[:notice] should be blank, not #{flash[:notice].inspect}"
     assert_equal 204, @response.status
   end
@@ -88,7 +92,7 @@ class SessionsControllerTest < ActionController::TestCase
 
       begin
         assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
-          get :new, :user => { :email => "allez viens!" }
+          get :new, user: { email: "allez viens!" }
         end
       ensure
         ActiveRecord::Base.mass_assignment_sanitizer = :logger

test/controllers/url_helpers_test.rb

@@ -14,10 +14,10 @@ class RoutesTest < ActionController::TestCase
                  send(:"#{prepend_path}user_#{name}_url")
 
     # Default url params
-    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_path", :param => 123)
-    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, :param => 123),
-                 send(:"#{prepend_path}user_#{name}_url", :param => 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_path", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_path", param: 123)
+    assert_equal @controller.send(:"#{prepend_path}#{name}_url", :user, param: 123),
+                 send(:"#{prepend_path}user_#{name}_url", param: 123)
 
     @request.path = nil
     # With an object

test/delegator_test.rb

@@ -14,6 +14,6 @@ class DelegatorTest < ActiveSupport::TestCase
   end
 
   test 'failure_app returns associated failure app by scope in the given environment' do
-    assert_kind_of Proc, delegator.failure_app({"warden.options" => {:scope => "manager"}})
+    assert_kind_of Proc, delegator.failure_app({"warden.options" => {scope: "manager"}})
   end
 end

test/devise_test.rb

@@ -23,7 +23,7 @@ class DeviseTest < ActiveSupport::TestCase
   end
 
   test 'model options can be configured through Devise' do
-    swap Devise, :allow_unconfirmed_access_for => 113, :pepper => "foo" do
+    swap Devise, allow_unconfirmed_access_for: 113, pepper: "foo" do
       assert_equal 113, Devise.allow_unconfirmed_access_for
       assert_equal "foo", Devise.pepper
     end
@@ -60,12 +60,12 @@ class DeviseTest < ActiveSupport::TestCase
     assert_not defined?(Devise::Models::Coconut)
     Devise::ALL.delete(:coconut)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:banana, :strategy => :fruits) }
+    assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) }
     assert_equal :fruits, Devise::STRATEGIES[:banana]
     Devise::ALL.delete(:banana)
     Devise::STRATEGIES.delete(:banana)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:kivi, :controller => :fruits) }
+    assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) }
     assert_equal :fruits, Devise::CONTROLLERS[:kivi]
     Devise::ALL.delete(:kivi)
     Devise::CONTROLLERS.delete(:kivi)

test/failure_app_test.rb

@@ -10,7 +10,7 @@ class FailureTest < ActiveSupport::TestCase
 
   class FailureWithI18nOptions < Devise::FailureApp
     def i18n_options(options)
-      options.merge(:name => 'Steve')
+      options.merge(name: 'Steve')
     end
   end
 
@@ -23,11 +23,11 @@ class FailureTest < ActiveSupport::TestCase
       'REQUEST_URI' => 'http://test.host/',
       'HTTP_HOST' => 'test.host',
       'REQUEST_METHOD' => 'GET',
-      'warden.options' => { :scope => :user },
+      'warden.options' => { scope: :user },
       'rack.session' => {},
       'action_dispatch.request.formats' => Array(env_params.delete('formats') || Mime::HTML),
       'rack.input' => "",
-      'warden' => OpenStruct.new(:message => nil)
+      'warden' => OpenStruct.new(message: nil)
     }.merge!(env_params)
 
     @response = (env.delete(:app) || Devise::FailureApp).call(env).to_a
@@ -49,8 +49,8 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'returns to the root path if no session path is available' do
-      swap Devise, :router_name => :fake_app do
-        call_failure :app => RootFailureApp
+      swap Devise, router_name: :fake_app do
+        call_failure app: RootFailureApp
         assert_equal 302, @response.first
         assert_equal 'You need to sign in or sign up before continuing.', @request.flash[:alert]
         assert_equal 'http://test.host/', @response.second['Location']
@@ -59,7 +59,7 @@ class FailureTest < ActiveSupport::TestCase
 
     if Rails.application.config.respond_to?(:relative_url_root)
       test 'returns to the default redirect location considering the relative url root' do
-        swap Rails.application.config, :relative_url_root => "/sample" do
+        swap Rails.application.config, relative_url_root: "/sample" do
           call_failure
           assert_equal 302, @response.first
           assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
@@ -68,18 +68,18 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'uses the proxy failure message as symbol' do
-      call_failure('warden' => OpenStruct.new(:message => :invalid))
+      call_failure('warden' => OpenStruct.new(message: :invalid))
       assert_equal 'Invalid email or password.', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
     end
 
     test 'uses custom i18n options' do
-      call_failure('warden' => OpenStruct.new(:message => :does_not_exist), :app => FailureWithI18nOptions)
+      call_failure('warden' => OpenStruct.new(message: :does_not_exist), app: FailureWithI18nOptions)
       assert_equal 'User Steve does not exist', @request.flash[:alert]
     end
 
     test 'uses the proxy failure message as string' do
-      call_failure('warden' => OpenStruct.new(:message => 'Hello world'))
+      call_failure('warden' => OpenStruct.new(message: 'Hello world'))
       assert_equal 'Hello world', @request.flash[:alert]
       assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
     end
@@ -97,14 +97,14 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'works for any navigational format' do
-      swap Devise, :navigational_formats => [:xml] do
+      swap Devise, navigational_formats: [:xml] do
         call_failure('formats' => Mime::XML)
         assert_equal 302, @response.first
       end
     end
 
     test 'redirects the correct format if it is a non-html format request' do
-      swap Devise, :navigational_formats => [:js] do
+      swap Devise, navigational_formats: [:js] do
         call_failure('formats' => Mime::JS)
         assert_equal 'http://test.host/users/sign_in.js', @response.second["Location"]
       end
@@ -140,28 +140,28 @@ class FailureTest < ActiveSupport::TestCase
     end
 
     test 'does not return WWW-authenticate headers if model does not allow' do
-      swap Devise, :http_authenticatable => false do
+      swap Devise, http_authenticatable: false do
         call_failure('formats' => Mime::XML)
         assert_nil @response.second["WWW-Authenticate"]
       end
     end
 
     test 'works for any non navigational format' do
-      swap Devise, :navigational_formats => [] do
+      swap Devise, navigational_formats: [] do
         call_failure('formats' => Mime::HTML)
         assert_equal 401, @response.first
       end
     end
 
     test 'uses the failure message as response body' do
-      call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(:message => :invalid))
+      call_failure('formats' => Mime::XML, 'warden' => OpenStruct.new(message: :invalid))
       assert_match '<error>Invalid email or password.</error>', @response.third.body
     end
 
     context 'on ajax call' do
       context 'when http_authenticatable_on_xhr is false' do
         test 'dont return 401 with navigational formats' do
-          swap Devise, :http_authenticatable_on_xhr => false do
+          swap Devise, http_authenticatable_on_xhr: false do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in', @response.second["Location"]
@@ -169,7 +169,7 @@ class FailureTest < ActiveSupport::TestCase
         end
 
         test 'dont return 401 with non navigational formats' do
-          swap Devise, :http_authenticatable_on_xhr => false do
+          swap Devise, http_authenticatable_on_xhr: false do
             call_failure('formats' => Mime::JSON, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 302, @response.first
             assert_equal 'http://test.host/users/sign_in.json', @response.second["Location"]
@@ -179,14 +179,14 @@ class FailureTest < ActiveSupport::TestCase
 
       context 'when http_authenticatable_on_xhr is true' do
         test 'return 401' do
-          swap Devise, :http_authenticatable_on_xhr => true do
+          swap Devise, http_authenticatable_on_xhr: true do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_equal 401, @response.first
           end
         end
 
         test 'skip WWW-Authenticate header' do
-          swap Devise, :http_authenticatable_on_xhr => true do
+          swap Devise, http_authenticatable_on_xhr: true do
             call_failure('formats' => Mime::HTML, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
             assert_nil @response.second['WWW-Authenticate']
           end
@@ -198,7 +198,7 @@ class FailureTest < ActiveSupport::TestCase
   context 'With recall' do
     test 'calls the original controller if invalid email or password' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in" },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in" },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
@@ -209,7 +209,7 @@ class FailureTest < ActiveSupport::TestCase
 
     test 'calls the original controller if not confirmed email' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :unconfirmed },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :unconfirmed },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }
@@ -220,7 +220,7 @@ class FailureTest < ActiveSupport::TestCase
 
     test 'calls the original controller if inactive account' do
       env = {
-        "warden.options" => { :recall => "devise/sessions#new", :attempted_path => "/users/sign_in", :message => :inactive },
+        "warden.options" => { recall: "devise/sessions#new", attempted_path: "/users/sign_in", message: :inactive },
         "devise.mapping" => Devise.mappings[:user],
         "warden" => stub_everything
       }

test/generators/active_record_generator_test.rb

@@ -30,10 +30,10 @@ if DEVISE_ORM == :active_record
       run_generator %w(monster)
       assert_migration "db/migrate/devise_create_monsters.rb"
       assert_migration "db/migrate/add_devise_to_monsters.rb"
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_migration "db/migrate/add_devise_to_monsters.rb"
       assert_migration "db/migrate/devise_create_monsters.rb"
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_file "app/models/monster.rb"
       assert_no_migration "db/migrate/devise_create_monsters.rb"
     end
@@ -47,11 +47,11 @@ if DEVISE_ORM == :active_record
 
   def simulate_inside_engine(engine, namespace)
     if Rails::Generators.respond_to?(:namespace=)
-      swap Rails::Generators, :namespace => namespace do
+      swap Rails::Generators, namespace: namespace do
         yield
       end
     else
-      swap Rails, :application => engine.instance do
+      swap Rails, application: engine.instance do
         yield
       end
     end

test/generators/devise_generator_test.rb

@@ -18,13 +18,13 @@ class DeviseGeneratorTest < Rails::Generators::TestCase
 
   test "route generation for namespaced model names" do
     run_generator %w(monster/goblin name:string)
-    match = /devise_for :goblins, :class_name => "Monster::Goblin"/
+    match = /devise_for :goblins, class_name: "Monster::Goblin"/
     assert_file "config/routes.rb", match
   end
 
   test "route generation with skip routes" do
     run_generator %w(monster name:string --skip-routes)
-    match = /devise_for :monsters, :skip => :all/
+    match = /devise_for :monsters, skip: :all/
     assert_file "config/routes.rb", match
   end
 

test/generators/mongoid_generator_test.rb

@@ -7,15 +7,15 @@ if DEVISE_ORM == :mongoid
     tests Mongoid::Generators::DeviseGenerator
     destination File.expand_path("../../tmp", __FILE__)
     setup :prepare_destination
-  
+
     test "all files are properly created" do
       run_generator %w(monster)
       assert_file "app/models/monster.rb", /devise/
     end
-  
+
     test "all files are properly deleted" do
       run_generator %w(monster)
-      run_generator %w(monster), :behavior => :revoke
+      run_generator %w(monster), behavior: :revoke
       assert_no_file "app/models/monster.rb"
     end
   end

test/generators/views_generator_test.rb

@@ -33,7 +33,36 @@ class ViewsGeneratorTest < Rails::Generators::TestCase
 
   test "Assert views with markerb" do
     run_generator %w(--markerb)
-    assert_files nil, :mail_template_engine => "markerb"
+    assert_files nil, mail_template_engine: "markerb"
+  end
+
+
+  test "Assert only views within specified directories" do
+    run_generator %w(-v sessions registrations)
+    assert_file "app/views/devise/sessions/new.html.erb"
+    assert_file "app/views/devise/registrations/new.html.erb"
+    assert_file "app/views/devise/registrations/edit.html.erb"
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    assert_no_file "app/views/devise/mailer/confirmation_instructions.html.erb"
+  end
+
+  test "Assert specified directories with scope" do
+    run_generator %w(users -v sessions)
+    assert_file "app/views/users/sessions/new.html.erb"
+    assert_no_file "app/views/users/confirmations/new.html.erb"
+  end
+
+  test "Assert specified directories with simple form" do
+    run_generator %w(-v registrations -b simple_form_for)
+    assert_file "app/views/devise/registrations/new.html.erb", /simple_form_for/
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    end
+
+  test "Assert specified directories with markerb" do
+    run_generator %w(--markerb -v passwords mailer)
+    assert_file "app/views/devise/passwords/new.html.erb"
+    assert_no_file "app/views/devise/confirmations/new.html.erb"
+    assert_file "app/views/devise/mailer/reset_password_instructions.markerb"
   end
 
   def assert_files(scope = nil, options={})

test/helpers/devise_helper_test.rb

@@ -2,16 +2,16 @@ require 'test_helper'
 
 class DeviseHelperTest < ActionDispatch::IntegrationTest
   setup do
-    model_labels = { :models => { :user => "utilisateur" } }
+    model_labels = { models: { user: "utilisateur" } }
 
     I18n.backend.store_translations :fr,
     {
-      :errors => { :messages => { :not_saved => {
-        :one => "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
-        :other => "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
+      errors: { messages: { not_saved: {
+        one: "Erreur lors de l'enregistrement de '%{resource}': 1 erreur.",
+        other: "Erreur lors de l'enregistrement de '%{resource}': %{count} erreurs."
       } } },
-      :activerecord => model_labels,
-      :mongoid => model_labels
+      activerecord: model_labels,
+      mongoid: model_labels
     }
 
     I18n.locale = 'fr'
@@ -24,8 +24,8 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
   test 'test errors.messages.not_saved with single error from i18n' do
     get new_user_registration_path
 
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user123'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
     click_button 'Sign up'
 
     assert_have_selector '#error_explanation'
@@ -39,9 +39,9 @@ class DeviseHelperTest < ActionDispatch::IntegrationTest
 
     get new_user_registration_path
 
-    fill_in 'email', :with => 'invalid_email'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user321'
+    fill_in 'email', with: 'invalid_email'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user321'
     click_button 'Sign up'
 
     assert_have_selector '#error_explanation'

test/integration/authenticatable_test.rb

@@ -27,7 +27,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign out as user should not touch admin authentication if sign_out_all_scopes is false' do
-    swap Devise, :sign_out_all_scopes => false do
+    swap Devise, sign_out_all_scopes: false do
       sign_in_as_user
       sign_in_as_admin
       get destroy_user_session_path
@@ -37,7 +37,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign out as admin should not touch user authentication if sign_out_all_scopes is false' do
-    swap Devise, :sign_out_all_scopes => false do
+    swap Devise, sign_out_all_scopes: false do
       sign_in_as_user
       sign_in_as_admin
 
@@ -48,7 +48,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign out as user should also sign out admin if sign_out_all_scopes is true' do
-    swap Devise, :sign_out_all_scopes => true do
+    swap Devise, sign_out_all_scopes: true do
       sign_in_as_user
       sign_in_as_admin
 
@@ -59,7 +59,7 @@ class AuthenticationSanityTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign out as admin should also sign out user if sign_out_all_scopes is true' do
-    swap Devise, :sign_out_all_scopes => true do
+    swap Devise, sign_out_all_scopes: true do
       sign_in_as_user
       sign_in_as_admin
 
@@ -162,7 +162,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
   end
 
   test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do
-    sign_in_as_admin(:active => false)
+    sign_in_as_admin(active: false)
     assert warden.authenticated?(:admin)
     assert_not warden.authenticated?(:user)
 
@@ -172,7 +172,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
   end
 
   test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do
-    sign_in_as_admin(:active => true)
+    sign_in_as_admin(active: true)
     assert warden.authenticated?(:admin)
     assert_not warden.authenticated?(:user)
 
@@ -214,7 +214,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
   end
 
   test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do
-    sign_in_as_admin(:active => false)
+    sign_in_as_admin(active: false)
     assert warden.authenticated?(:admin)
     assert_not warden.authenticated?(:user)
 
@@ -224,7 +224,7 @@ class AuthenticationRoutesRestrictions < ActionDispatch::IntegrationTest
   end
 
   test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do
-    sign_in_as_admin(:active => true)
+    sign_in_as_admin(active: true)
     assert warden.authenticated?(:admin)
     assert_not warden.authenticated?(:user)
 
@@ -277,7 +277,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
     assert_equal users_path, session[:"user_return_to"]
 
     follow_redirect!
-    sign_in_as_user :visit => false
+    sign_in_as_user visit: false
 
     assert_current_url '/users'
     assert_nil session[:"user_return_to"]
@@ -293,7 +293,7 @@ class AuthenticationRedirectTest < ActionDispatch::IntegrationTest
     assert_equal users_path, session[:"user_return_to"]
 
     follow_redirect!
-    sign_in_as_user :visit => false
+    sign_in_as_user visit: false
 
     assert_current_url '/users'
     assert_nil session[:"user_return_to"]
@@ -392,7 +392,7 @@ end
 
 class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
   test 'renders the scoped view if turned on and view is available' do
-    swap Devise, :scoped_views => true do
+    swap Devise, scoped_views: true do
       assert_raise Webrat::NotFoundError do
         sign_in_as_user
       end
@@ -415,7 +415,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
   end
 
   test 'does not render the scoped view if turned off' do
-    swap Devise, :scoped_views => false do
+    swap Devise, scoped_views: false do
       assert_nothing_raised do
         sign_in_as_user
       end
@@ -423,7 +423,7 @@ class AuthenticationWithScopedViewsTest < ActionDispatch::IntegrationTest
   end
 
   test 'does not render the scoped view if not available' do
-    swap Devise, :scoped_views => true do
+    swap Devise, scoped_views: true do
       assert_nothing_raised do
         sign_in_as_admin
       end
@@ -433,7 +433,7 @@ end
 
 class AuthenticationOthersTest < ActionDispatch::IntegrationTest
   test 'handles unverified requests gets rid of caches' do
-    swap ApplicationController, :allow_forgery_protection => true do
+    swap ApplicationController, allow_forgery_protection: true do
       post exhibit_user_url(1)
       assert_not warden.authenticated?(:user)
 
@@ -473,12 +473,12 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
   test 'sign in with script name' do
     assert_nothing_raised do
       get new_user_session_path, {}, "SCRIPT_NAME" => "/omg"
-      fill_in "email", :with => "user@test.com"
+      fill_in "email", with: "user@test.com"
     end
   end
 
   test 'sign in stub in xml format' do
-    get new_user_session_path(:format => 'xml')
+    get new_user_session_path(format: 'xml')
     assert_match '<?xml version="1.0" encoding="UTF-8"?>', response.body
     assert_match /<user>.*<\/user>/m, response.body
     assert_match '<email></email>', response.body
@@ -486,15 +486,15 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
   end
 
   test 'sign in stub in json format' do
-    get new_user_session_path(:format => 'json')
+    get new_user_session_path(format: 'json')
     assert_match '{"user":{', response.body
     assert_match '"email":""', response.body
     assert_match '"password":null', response.body
   end
 
   test 'sign in stub in json with non attribute key' do
-    swap Devise, :authentication_keys => [:other_key] do
-      get new_user_session_path(:format => 'json')
+    swap Devise, authentication_keys: [:other_key] do
+      get new_user_session_path(format: 'json')
       assert_match '{"user":{', response.body
       assert_match '"other_key":null', response.body
       assert_match '"password":null', response.body
@@ -502,30 +502,30 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
   end
 
   test 'uses the mapping from router' do
-    sign_in_as_user :visit => "/as/sign_in"
+    sign_in_as_user visit: "/as/sign_in"
     assert warden.authenticated?(:user)
     assert_not warden.authenticated?(:admin)
   end
 
   test 'sign in with xml format returns xml response' do
     create_user
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
+    post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
 
   test 'sign in with xml format is idempotent' do
-    get new_user_session_path(:format => 'xml')
+    get new_user_session_path(format: 'xml')
     assert_response :success
 
     create_user
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
+    post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
     assert_response :success
 
-    get new_user_session_path(:format => 'xml')
+    get new_user_session_path(format: 'xml')
     assert_response :success
 
-    post user_session_path(:format => 'xml'), :user => {:email => "user@test.com", :password => '12345678'}
+    post user_session_path(format: 'xml'), user: {email: "user@test.com", password: '12345678'}
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
   end
@@ -537,27 +537,27 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
     assert_current_url '/'
 
     sign_in_as_user
-    get destroy_user_session_path(:format => 'html')
+    get destroy_user_session_path(format: 'html')
     assert_response :redirect
     assert_current_url '/'
   end
 
   test 'sign out with xml format returns no content' do
     sign_in_as_user
-    get destroy_user_session_path(:format => 'xml')
+    get destroy_user_session_path(format: 'xml')
     assert_response :no_content
     assert_not warden.authenticated?(:user)
   end
 
   test 'sign out with json format returns no content' do
     sign_in_as_user
-    get destroy_user_session_path(:format => 'json')
+    get destroy_user_session_path(format: 'json')
     assert_response :no_content
     assert_not warden.authenticated?(:user)
   end
 
   test 'sign out with non-navigational format via XHR does not redirect' do
-    swap Devise, :navigational_formats => ['*/*', :html] do
+    swap Devise, navigational_formats: ['*/*', :html] do
       sign_in_as_user
       xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
       assert_response :no_content
@@ -567,7 +567,7 @@ class AuthenticationOthersTest < ActionDispatch::IntegrationTest
 
   # Belt and braces ... Perhaps this test is not necessary?
   test 'sign out with navigational format via XHR does redirect' do
-    swap Devise, :navigational_formats => ['*/*', :html] do
+    swap Devise, navigational_formats: ['*/*', :html] do
       sign_in_as_user
       xml_http_request :get, destroy_user_session_path, {}, { "HTTP_ACCEPT" => "text/html,*/*" }
       assert_response :redirect
@@ -578,7 +578,7 @@ end
 
 class AuthenticationKeysTest < ActionDispatch::IntegrationTest
   test 'missing authentication keys cause authentication to abort' do
-    swap Devise, :authentication_keys => [:subdomain] do
+    swap Devise, authentication_keys: [:subdomain] do
       sign_in_as_user
       assert_contain "Invalid email or password."
       assert_not warden.authenticated?(:user)
@@ -586,7 +586,7 @@ class AuthenticationKeysTest < ActionDispatch::IntegrationTest
   end
 
   test 'missing authentication keys cause authentication to abort unless marked as not required' do
-    swap Devise, :authentication_keys => { :email => true, :subdomain => false } do
+    swap Devise, authentication_keys: { email: true, subdomain: false } do
       sign_in_as_user
       assert warden.authenticated?(:user)
     end
@@ -597,15 +597,15 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
   test 'request keys are used on authentication' do
     host! 'foo.bar.baz'
 
-    swap Devise, :request_keys => [:subdomain] do
-      User.expects(:find_for_authentication).with(:subdomain => 'foo', :email => 'user@test.com').returns(create_user)
+    swap Devise, request_keys: [:subdomain] do
+      User.expects(:find_for_authentication).with(subdomain: 'foo', email: 'user@test.com').returns(create_user)
       sign_in_as_user
       assert warden.authenticated?(:user)
     end
   end
 
   test 'invalid request keys raises NoMethodError' do
-    swap Devise, :request_keys => [:unknown_method] do
+    swap Devise, request_keys: [:unknown_method] do
       assert_raise NoMethodError do
         sign_in_as_user
       end
@@ -617,7 +617,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
   test 'blank request keys cause authentication to abort' do
     host! 'test.com'
 
-    swap Devise, :request_keys => [:subdomain] do
+    swap Devise, request_keys: [:subdomain] do
       sign_in_as_user
       assert_contain "Invalid email or password."
       assert_not warden.authenticated?(:user)
@@ -627,7 +627,7 @@ class AuthenticationRequestKeysTest < ActionDispatch::IntegrationTest
   test 'blank request keys cause authentication to abort unless if marked as not required' do
     host! 'test.com'
 
-    swap Devise, :request_keys => { :subdomain => false } do
+    swap Devise, request_keys: { subdomain: false } do
       sign_in_as_user
       assert warden.authenticated?(:user)
     end
@@ -636,7 +636,7 @@ end
 
 class AuthenticationSignOutViaTest < ActionDispatch::IntegrationTest
   def sign_in!(scope)
-    sign_in_as_admin(:visit => send("new_#{scope}_session_path"))
+    sign_in_as_admin(visit: send("new_#{scope}_session_path"))
     assert warden.authenticated?(scope)
   end
 
@@ -692,22 +692,22 @@ end
 class DoubleAuthenticationRedirectTest < ActionDispatch::IntegrationTest
   test 'signed in as user redirects when visiting user sign in page' do
     sign_in_as_user
-    get new_user_session_path(:format => :html)
+    get new_user_session_path(format: :html)
     assert_redirected_to '/'
   end
 
   test 'signed in as admin redirects when visiting admin sign in page' do
     sign_in_as_admin
-    get new_admin_session_path(:format => :html)
+    get new_admin_session_path(format: :html)
     assert_redirected_to '/admin_area/home'
   end
 
   test 'signed in as both user and admin redirects when visiting admin sign in page' do
     sign_in_as_user
     sign_in_as_admin
-    get new_user_session_path(:format => :html)
+    get new_user_session_path(format: :html)
     assert_redirected_to '/'
-    get new_admin_session_path(:format => :html)
+    get new_admin_session_path(format: :html)
     assert_redirected_to '/admin_area/home'
   end
 end