devise 3.2.0 → 3.3.0

data/test/integration/registerable_test.rb

@@ -8,16 +8,16 @@ class RegistrationTest < ActionDispatch::IntegrationTest
 
     assert_template 'registrations/new'
 
-    fill_in 'email', :with => 'new_user@test.com'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user123'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
     click_button 'Sign up'
 
     assert_contain 'You have signed up successfully'
     assert warden.authenticated?(:admin)
     assert_current_url "/admin_area/home"
 
-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
     assert_equal admin.email, 'new_user@test.com'
   end
 
@@ -26,9 +26,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     get new_admin_session_path
     click_link 'Sign up'
 
-    fill_in 'email', :with => 'new_user@test.com'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user123'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
     click_button 'Sign up'
 
     assert_contain 'Welcome! You have signed up successfully.'
@@ -36,27 +36,37 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_current_url "/?custom=1"
   end
 
+  test 'a guest admin should not see a warning about minimum password length' do
+    get new_admin_session_path
+    assert_not_contain 'characters minimum'
+  end
+
   def user_sign_up
     ActionMailer::Base.deliveries.clear
 
     get new_user_registration_path
 
-    fill_in 'email', :with => 'new_user@test.com'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user123'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
     click_button 'Sign up'
   end
 
+  test 'a guest user should see a warning about minimum password length' do
+    get new_user_registration_path
+    assert_contain '7 characters minimum'
+  end
+
   test 'a guest user should be able to sign up successfully and be blocked by confirmation' do
     user_sign_up
 
-    assert_contain 'A message with a confirmation link has been sent to your email address. Please open the link to activate your account.'
+    assert_contain 'A message with a confirmation link has been sent to your email address. Please follow the link to activate your account.'
     assert_not_contain 'You have to confirm your account before continuing'
     assert_current_url "/"
 
     assert_not warden.authenticated?(:user)
 
-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
     assert_equal user.email, 'new_user@test.com'
     assert_not user.confirmed?
   end
@@ -76,9 +86,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     Devise::RegistrationsController.any_instance.stubs(:after_inactive_sign_up_path_for).returns("/?custom=1")
     get new_user_registration_path
 
-    fill_in 'email', :with => 'new_user@test.com'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user123'
+    fill_in 'email', with: 'new_user@test.com'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user123'
     click_button 'Sign up'
 
     assert_current_url "/?custom=1"
@@ -92,9 +102,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
 
     get new_user_registration_path
 
-    fill_in 'email', :with => 'invalid_email'
-    fill_in 'password', :with => 'new_user123'
-    fill_in 'password confirmation', :with => 'new_user321'
+    fill_in 'email', with: 'invalid_email'
+    fill_in 'password', with: 'new_user123'
+    fill_in 'password confirmation', with: 'new_user321'
     click_button 'Sign up'
 
     assert_template 'registrations/new'
@@ -103,7 +113,7 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_contain Devise.rails4? ?
       "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
     assert_contain "2 errors prohibited"
-    assert_nil User.first
+    assert_nil User.to_adapter.find_first
 
     assert_not warden.authenticated?(:user)
   end
@@ -116,9 +126,9 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     create_user
     get new_user_registration_path
 
-    fill_in 'email', :with => 'user@test.com'
-    fill_in 'password', :with => '123456'
-    fill_in 'password confirmation', :with => '123456'
+    fill_in 'email', with: 'user@test.com'
+    fill_in 'password', with: '123456'
+    fill_in 'password confirmation', with: '123456'
     click_button 'Sign up'
 
     assert_current_url '/users'
@@ -140,86 +150,86 @@ class RegistrationTest < ActionDispatch::IntegrationTest
     assert_redirected_to root_path
   end
 
-  test 'a signed in user should be able to edit his account' do
+  test 'a signed in user should be able to edit their account' do
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'email', :with => 'user.new@example.com'
-    fill_in 'current password', :with => '12345678'
+    fill_in 'email', with: 'user.new@example.com'
+    fill_in 'current password', with: '12345678'
     click_button 'Update'
 
     assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
 
-    assert_equal "user.new@example.com", User.first.email
+    assert_equal "user.new@example.com", User.to_adapter.find_first.email
   end
 
-  test 'a signed in user should still be able to use the website after changing his password' do
+  test 'a signed in user should still be able to use the website after changing their password' do
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'password', :with => '1234567890'
-    fill_in 'password confirmation', :with => '1234567890'
-    fill_in 'current password', :with => '12345678'
+    fill_in 'password', with: '1234567890'
+    fill_in 'password confirmation', with: '1234567890'
+    fill_in 'current password', with: '12345678'
     click_button 'Update'
 
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
     get users_path
     assert warden.authenticated?(:user)
   end
 
-  test 'a signed in user should not change his current user with invalid password' do
+  test 'a signed in user should not change their current user with invalid password' do
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'email', :with => 'user.new@example.com'
-    fill_in 'current password', :with => 'invalid'
+    fill_in 'email', with: 'user.new@example.com'
+    fill_in 'current password', with: 'invalid'
     click_button 'Update'
 
     assert_template 'registrations/edit'
     assert_contain 'user@test.com'
     assert_have_selector 'form input[value="user.new@example.com"]'
 
-    assert_equal "user@test.com", User.first.email
+    assert_equal "user@test.com", User.to_adapter.find_first.email
   end
 
-  test 'a signed in user should be able to edit his password' do
+  test 'a signed in user should be able to edit their password' do
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'password', :with => 'pass1234'
-    fill_in 'password confirmation', :with => 'pass1234'
-    fill_in 'current password', :with => '12345678'
+    fill_in 'password', with: 'pass1234'
+    fill_in 'password confirmation', with: 'pass1234'
+    fill_in 'current password', with: '12345678'
     click_button 'Update'
 
     assert_current_url '/'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
 
-    assert User.first.valid_password?('pass1234')
+    assert User.to_adapter.find_first.valid_password?('pass1234')
   end
 
-  test 'a signed in user should not be able to edit his password with invalid confirmation' do
+  test 'a signed in user should not be able to edit their password with invalid confirmation' do
     sign_in_as_user
     get edit_user_registration_path
 
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => ''
-    fill_in 'current password', :with => '12345678'
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: ''
+    fill_in 'current password', with: '12345678'
     click_button 'Update'
 
     assert_contain Devise.rails4? ?
       "Password confirmation doesn't match Password" : "Password doesn't match confirmation"
-    assert_not User.first.valid_password?('pas123')
+    assert_not User.to_adapter.find_first.valid_password?('pas123')
   end
 
-  test 'a signed in user should be able to cancel his account' do
+  test 'a signed in user should be able to cancel their account' do
     sign_in_as_user
     get edit_user_registration_path
 
     click_button "Cancel my account"
-    assert_contain "Bye! Your account was successfully cancelled. We hope to see you again soon."
+    assert_contain "Bye! Your account has been successfully cancelled. We hope to see you again soon."
 
-    assert User.all.empty?
+    assert User.to_adapter.find_all.empty?
   end
 
   test 'a user should be able to cancel sign up by deleting data in the session' do
@@ -235,77 +245,77 @@ class RegistrationTest < ActionDispatch::IntegrationTest
   end
 
   test 'a user with XML sign up stub' do
-    get new_user_registration_path(:format => 'xml')
+    get new_user_registration_path(format: 'xml')
     assert_response :success
     assert_match %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>), response.body
     assert_no_match(/<confirmation-token/, response.body)
   end
 
   test 'a user with JSON sign up stub' do
-    get new_user_registration_path(:format => 'json')
+    get new_user_registration_path(format: 'json')
     assert_response :success
     assert_match %({"user":), response.body
     assert_no_match(/"confirmation_token"/, response.body)
   end
 
   test 'an admin sign up with valid information in XML format should return valid response' do
-    post admin_registration_path(:format => 'xml'), :admin => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    post admin_registration_path(format: 'xml'), admin: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<admin>)
 
-    admin = Admin.order(:id).last
+    admin = Admin.to_adapter.find_first(order: [:id, :desc])
     assert_equal admin.email, 'new_user@test.com'
   end
 
   test 'a user sign up with valid information in XML format should return valid response' do
-    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'new_user123' }
+    post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'new_user123' }
     assert_response :success
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<user>)
 
-    user = User.order(:id).last
+    user = User.to_adapter.find_first(order: [:id, :desc])
     assert_equal user.email, 'new_user@test.com'
   end
 
   test 'a user sign up with invalid information in XML format should return invalid response' do
-    post user_registration_path(:format => 'xml'), :user => { :email => 'new_user@test.com', :password => 'new_user123', :password_confirmation => 'invalid' }
+    post user_registration_path(format: 'xml'), user: { email: 'new_user@test.com', password: 'new_user123', password_confirmation: 'invalid' }
     assert_response :unprocessable_entity
     assert response.body.include? %(<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<errors>)
   end
 
   test 'a user update information with valid data in XML format should return valid response' do
     user = sign_in_as_user
-    put user_registration_path(:format => 'xml'), :user => { :current_password => '12345678', :email => 'user.new@test.com' }
+    put user_registration_path(format: 'xml'), user: { current_password: '12345678', email: 'user.new@test.com' }
     assert_response :success
     assert_equal user.reload.email, 'user.new@test.com'
   end
 
   test 'a user update information with invalid data in XML format should return invalid response' do
     user = sign_in_as_user
-    put user_registration_path(:format => 'xml'), :user => { :current_password => 'invalid', :email => 'user.new@test.com' }
+    put user_registration_path(format: 'xml'), user: { current_password: 'invalid', email: 'user.new@test.com' }
     assert_response :unprocessable_entity
     assert_equal user.reload.email, 'user@test.com'
   end
 
-  test 'a user cancel his account in XML format should return valid response' do
+  test 'a user cancel their account in XML format should return valid response' do
     sign_in_as_user
-    delete user_registration_path(:format => 'xml')
+    delete user_registration_path(format: 'xml')
     assert_response :success
-    assert_equal User.count, 0
+    assert_equal User.to_adapter.find_all.size, 0
   end
 end
 
 class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
-  test 'a signed in admin should see a more appropriate flash message when editing his account if reconfirmable is enabled' do
+  test 'a signed in admin should see a more appropriate flash message when editing their account if reconfirmable is enabled' do
     sign_in_as_admin
     get edit_admin_registration_path
 
-    fill_in 'email', :with => 'admin.new@example.com'
-    fill_in 'current password', :with => '123456'
+    fill_in 'email', with: 'admin.new@example.com'
+    fill_in 'current password', with: '123456'
     click_button 'Update'
 
     assert_current_url '/admin_area/home'
     assert_contain 'but we need to verify your new email address'
-    assert_equal 'admin.new@example.com', Admin.first.unconfirmed_email
+    assert_equal 'admin.new@example.com', Admin.to_adapter.find_first.unconfirmed_email
 
     get edit_admin_registration_path
     assert_contain 'Currently waiting confirmation for: admin.new@example.com'
@@ -315,35 +325,35 @@ class ReconfirmableRegistrationTest < ActionDispatch::IntegrationTest
     sign_in_as_admin
     get edit_admin_registration_path
 
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => 'pas123'
-    fill_in 'current password', :with => '123456'
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: 'pas123'
+    fill_in 'current password', with: '123456'
     click_button 'Update'
 
     assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
 
-    assert Admin.first.valid_password?('pas123')
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
   end
 
-  test 'a signed in admin should not see a reconfirmation message if he did not change his email, despite having an unconfirmed email' do
+  test 'a signed in admin should not see a reconfirmation message if they did not change their email, despite having an unconfirmed email' do
     sign_in_as_admin
 
     get edit_admin_registration_path
-    fill_in 'email', :with => 'admin.new@example.com'
-    fill_in 'current password', :with => '123456'
+    fill_in 'email', with: 'admin.new@example.com'
+    fill_in 'current password', with: '123456'
     click_button 'Update'
 
     get edit_admin_registration_path
-    fill_in 'password', :with => 'pas123'
-    fill_in 'password confirmation', :with => 'pas123'
-    fill_in 'current password', :with => '123456'
+    fill_in 'password', with: 'pas123'
+    fill_in 'password confirmation', with: 'pas123'
+    fill_in 'current password', with: '123456'
     click_button 'Update'
 
     assert_current_url '/admin_area/home'
-    assert_contain 'You updated your account successfully.'
+    assert_contain 'Your account has been updated successfully.'
 
-    assert_equal "admin.new@example.com", Admin.first.unconfirmed_email
-    assert Admin.first.valid_password?('pas123')
+    assert_equal "admin.new@example.com", Admin.to_adapter.find_first.unconfirmed_email
+    assert Admin.to_adapter.find_first.valid_password?('pas123')
   end
 end

data/test/integration/rememberable_test.rb

@@ -25,13 +25,13 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     Time.parse(expires).utc
   end
 
-  test 'do not remember the user if he has not checked remember me option' do
+  test 'do not remember the user if they have not checked remember me option' do
     sign_in_as_user
     assert_nil request.cookies["remember_user_cookie"]
   end
 
   test 'handle unverified requests gets rid of caches' do
-    swap ApplicationController, :allow_forgery_protection => true do
+    swap ApplicationController, allow_forgery_protection: true do
       post exhibit_user_url(1)
       assert_not warden.authenticated?(:user)
 
@@ -43,19 +43,19 @@ class RememberMeTest < ActionDispatch::IntegrationTest
   end
 
   test 'handle unverified requests does not create cookies on sign in' do
-    swap ApplicationController, :allow_forgery_protection => true do
+    swap ApplicationController, allow_forgery_protection: true do
       get new_user_session_path
       assert request.session[:_csrf_token]
 
-      post user_session_path, :authenticity_token => "oops", :user =>
-           { email: "jose.valim@gmail.com", password: "123456", :remember_me => "1" }
+      post user_session_path, authenticity_token: "oops", user:
+           { email: "jose.valim@gmail.com", password: "123456", remember_me: "1" }
       assert_not warden.authenticated?(:user)
       assert_not request.cookies['remember_user_token']
     end
   end
 
   test 'generate remember token after sign in' do
-    sign_in_as_user :remember_me => true
+    sign_in_as_user remember_me: true
     assert request.cookies['remember_user_token']
   end
 
@@ -63,15 +63,15 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     # We test this by asserting the cookie is not sent after the redirect
     # since we changed the domain. This is the only difference with the
     # previous test.
-    swap Devise, :rememberable_options => { :domain => "omg.somewhere.com" } do
-      sign_in_as_user :remember_me => true
+    swap Devise, rememberable_options: { domain: "omg.somewhere.com" } do
+      sign_in_as_user remember_me: true
       assert_nil request.cookies["remember_user_token"]
     end
   end
 
   test 'generate remember token with a custom key' do
-    swap Devise, :rememberable_options => { :key => "v1lat_token" } do
-      sign_in_as_user :remember_me => true
+    swap Devise, rememberable_options: { key: "v1lat_token" } do
+      sign_in_as_user remember_me: true
       assert request.cookies["v1lat_token"]
     end
   end
@@ -79,7 +79,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
   test 'generate remember token after sign in setting session options' do
     begin
       Rails.configuration.session_options[:domain] = "omg.somewhere.com"
-      sign_in_as_user :remember_me => true
+      sign_in_as_user remember_me: true
       assert_nil request.cookies["remember_user_token"]
     ensure
       Rails.configuration.session_options.delete(:domain)
@@ -95,7 +95,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
     assert_match /remember_user_token[^\n]*HttpOnly/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
   end
 
-  test 'remember the user before sign up and redirect him to his home' do
+  test 'remember the user before sign up and redirect them to their home' do
     create_user_and_remember
     get new_user_registration_path
     assert warden.authenticated?(:user)
@@ -103,14 +103,14 @@ class RememberMeTest < ActionDispatch::IntegrationTest
   end
 
   test 'does not extend remember period through sign in' do
-    swap Devise, :extend_remember_period => true, :remember_for => 1.year do
+    swap Devise, extend_remember_period: true, remember_for: 1.year do
       user = create_user
       user.remember_me!
 
       user.remember_created_at = old = 10.days.ago
       user.save
 
-      sign_in_as_user :remember_me => true
+      sign_in_as_user remember_me: true
       user.reload
 
       assert warden.user(:user) == user
@@ -135,7 +135,7 @@ class RememberMeTest < ActionDispatch::IntegrationTest
 
   test 'do not remember with expired token' do
     create_user_and_remember
-    swap Devise, :remember_for => 0 do
+    swap Devise, remember_for: 0 do
       get users_path
       assert_not warden.authenticated?(:user)
       assert_redirected_to new_user_session_path

data/test/integration/timeoutable_test.rb

@@ -8,12 +8,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
 
   test 'set last request at in user session after each request' do
     sign_in_as_user
-    old_last_request = last_request_at
     assert_not_nil last_request_at
 
+    @controller.user_session.delete('last_request_at')
     get users_path
     assert_not_nil last_request_at
-    assert_not_equal old_last_request, last_request_at
   end
 
   test 'set last request at in user session after each request is skipped if tracking is disabled' do
@@ -35,14 +34,19 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
     assert warden.authenticated?(:user)
   end
 
-  test 'time out user session after default limit time' do
-    user = sign_in_as_user
-    get expire_user_path(user)
-    assert_not_nil last_request_at
+  test 'time out user session after default limit time when sign_out_all_scopes is false' do
+    swap Devise, sign_out_all_scopes: false do
+      sign_in_as_admin
 
-    get users_path
-    assert_redirected_to users_path
-    assert_not warden.authenticated?(:user)
+      user = sign_in_as_user
+      get expire_user_path(user)
+      assert_not_nil last_request_at
+
+      get users_path
+      assert_redirected_to users_path
+      assert_not warden.authenticated?(:user)
+      assert warden.authenticated?(:admin)
+    end
   end
 
   test 'time out all sessions after default limit time when sign_out_all_scopes is true' do
@@ -99,7 +103,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
     user = sign_in_as_user
     get expire_user_path(user)
 
-    post "/users/sign_in", :email => user.email, :password => "123456"
+    post "/users/sign_in", email: user.email, password: "123456"
 
     assert_response :redirect
     follow_redirect!
@@ -124,7 +128,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
   end
 
   test 'user configured timeout limit' do
-    swap Devise, :timeout_in => 8.minutes do
+    swap Devise, timeout_in: 8.minutes do
       user = sign_in_as_user
 
       get users_path
@@ -140,8 +144,8 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
   end
 
   test 'error message with i18n' do
-    store_translations :en, :devise => {
-      :failure => { :user => { :timeout => 'Session expired!' } }
+    store_translations :en, devise: {
+      failure: { user: { timeout: 'Session expired!' } }
     } do
       user = sign_in_as_user
 
@@ -153,8 +157,8 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
   end
 
   test 'error message with i18n with double redirect' do
-    store_translations :en, :devise => {
-      :failure => { :user => { :timeout => 'Session expired!' } }
+    store_translations :en, devise: {
+      failure: { user: { timeout: 'Session expired!' } }
     } do
       user = sign_in_as_user
 
@@ -167,7 +171,7 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
   end
 
   test 'time out not triggered if remembered' do
-    user = sign_in_as_user :remember_me => true
+    user = sign_in_as_user remember_me: true
     get expire_user_path(user)
     assert_not_nil last_request_at
 
@@ -175,4 +179,11 @@ class SessionTimeoutTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
   end
+
+  test 'does not crashes when the last_request_at is a String' do
+    user = sign_in_as_user
+
+    get edit_form_user_path(user, last_request_at: Time.now.utc.to_s)
+    get users_path
+  end
 end

data/test/integration/trackable_test.rb

@@ -10,8 +10,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
     sign_in_as_user
     user.reload
 
-    assert_kind_of Time, user.current_sign_in_at
-    assert_kind_of Time, user.last_sign_in_at
+    assert user.current_sign_in_at.acts_like?(:time)
+    assert user.last_sign_in_at.acts_like?(:time)
 
     assert_equal user.current_sign_in_at, user.last_sign_in_at
     assert user.current_sign_in_at >= user.created_at
@@ -63,8 +63,8 @@ class TrackableHooksTest < ActionDispatch::IntegrationTest
   end
 
   test "does not update anything if user has signed out along the way" do
-    swap Devise, :allow_unconfirmed_access_for => 0 do
-      user = create_user(:confirm => false)
+    swap Devise, allow_unconfirmed_access_for: 0.days do
+      user = create_user(confirm: false)
       sign_in_as_user
 
       user.reload