devise 4.1.1 → 4.2.0

data/lib/devise/test/integration_helpers.rb

@@ -0,0 +1,61 @@
+module Devise
+  # Devise::Test::IntegrationHelpers is a helper module for facilitating
+  # authentication on Rails integration tests to bypass the required steps for
+  # signin in or signin out a record.
+  #
+  # Examples
+  #
+  #  class PostsTest < ActionDispatch::IntegrationTest
+  #    include Devise::Test::IntegrationHelpers
+  #
+  #    test 'authenticated users can see posts' do
+  #      sign_in users(:bob)
+  #
+  #      get '/posts'
+  #      assert_response :success
+  #    end
+  #  end
+  module Test
+    module IntegrationHelpers
+      def self.included(base)
+        base.class_eval do
+          include Warden::Test::Helpers
+
+          setup :setup_integration_for_devise
+          teardown :teardown_integration_for_devise
+        end
+      end
+
+      # Signs in a specific resource, mimicking a successfull sign in
+      # operation through +Devise::SessionsController#create+.
+      #
+      # * +resource+ - The resource that should be authenticated
+      # * +scope+    - An optional +Symbol+ with the scope where the resource
+      #                should be signed in with.
+      def sign_in(resource, scope: nil)
+        scope ||= Devise::Mapping.find_scope!(resource)
+
+        login_as(resource, scope: scope)
+      end
+
+      # Signs out a specific scope from the session.
+      #
+      # * +resource_or_scope+ - The resource or scope that should be signed out.
+      def sign_out(resource_or_scope)
+        scope = Devise::Mapping.find_scope!(resource_or_scope)
+
+        logout scope
+      end
+
+      protected
+
+      def setup_integration_for_devise
+        Warden.test_mode!
+      end
+
+      def teardown_integration_for_devise
+        Warden.test_reset!
+      end
+    end
+  end
+end

data/lib/devise/test_helpers.rb

@@ -1,137 +1,13 @@
 module Devise
-  # Devise::TestHelpers provides a facility to test controllers in isolation
-  # when using ActionController::TestCase allowing you to quickly sign_in or
-  # sign_out a user. Do not use Devise::TestHelpers in integration tests.
-  #
-  # Notice you should not test Warden specific behavior (like Warden callbacks)
-  # using Devise::TestHelpers since it is a stub of the actual behavior. Such
-  # callbacks should be tested in your integration suite instead.
   module TestHelpers
     def self.included(base)
       base.class_eval do
-        setup :setup_controller_for_warden, :warden if respond_to?(:setup)
+        ActiveSupport::Deprecation.warn <<-DEPRECATION
+          [Devise] including `Devise::TestHelpers` is deprecated and will be removed from Devise.
+          For controller tests, please include `Devise::Test::ControllerHelpers` instead.
+        DEPRECATION
+        include Devise::Test::ControllerHelpers
       end
     end
-
-    # Override process to consider warden.
-    def process(*)
-      # Make sure we always return @response, a la ActionController::TestCase::Behaviour#process, even if warden interrupts
-      _catch_warden { super } # || @response  # _catch_warden will setup the @response object
-
-      # process needs to return the ActionDispath::TestResponse object
-      @response
-    end
-
-    # We need to set up the environment variables and the response in the controller.
-    def setup_controller_for_warden #:nodoc:
-      @request.env['action_controller.instance'] = @controller
-    end
-
-    # Quick access to Warden::Proxy.
-    def warden #:nodoc:
-      @request.env['warden'] ||= begin
-        manager = Warden::Manager.new(nil) do |config|
-          config.merge! Devise.warden_config
-        end
-        Warden::Proxy.new(@request.env, manager)
-      end
-    end
-
-    # sign_in a given resource by storing its keys in the session.
-    # This method bypass any warden authentication callback.
-    #
-    # Examples:
-    #
-    #   sign_in :user, @user   # sign_in(scope, resource)
-    #   sign_in @user          # sign_in(resource)
-    #
-    def sign_in(resource_or_scope, resource=nil)
-      scope    ||= Devise::Mapping.find_scope!(resource_or_scope)
-      resource ||= resource_or_scope
-      warden.instance_variable_get(:@users).delete(scope)
-      warden.session_serializer.store(resource, scope)
-    end
-
-    # Sign out a given resource or scope by calling logout on Warden.
-    # This method bypass any warden logout callback.
-    #
-    # Examples:
-    #
-    #   sign_out :user     # sign_out(scope)
-    #   sign_out @user     # sign_out(resource)
-    #
-    def sign_out(resource_or_scope)
-      scope = Devise::Mapping.find_scope!(resource_or_scope)
-      @controller.instance_variable_set(:"@current_#{scope}", nil)
-      user = warden.instance_variable_get(:@users).delete(scope)
-      warden.session_serializer.delete(scope, user)
-    end
-
-    protected
-
-    # Catch warden continuations and handle like the middleware would.
-    # Returns nil when interrupted, otherwise the normal result of the block.
-    def _catch_warden(&block)
-      result = catch(:warden, &block)
-
-      env = @controller.request.env
-
-      result ||= {}
-
-      # Set the response. In production, the rack result is returned
-      # from Warden::Manager#call, which the following is modelled on.
-      case result
-      when Array
-        if result.first == 401 && intercept_401?(env) # does this happen during testing?
-          _process_unauthenticated(env)
-        else
-          result
-        end
-      when Hash
-        _process_unauthenticated(env, result)
-      else
-        result
-      end
-    end
-
-    def _process_unauthenticated(env, options = {})
-      options[:action] ||= :unauthenticated
-      proxy = env['warden']
-      result = options[:result] || proxy.result
-
-      ret = case result
-      when :redirect
-        body = proxy.message || "You are being redirected to #{proxy.headers['Location']}"
-        [proxy.status, proxy.headers, [body]]
-      when :custom
-        proxy.custom_response
-      else
-        env["PATH_INFO"] = "/#{options[:action]}"
-        env["warden.options"] = options
-        Warden::Manager._run_callbacks(:before_failure, env, options)
-
-        status, headers, response = Devise.warden_config[:failure_app].call(env).to_a
-        @controller.response.headers.merge!(headers)
-        r_opts = { status: status, content_type: headers["Content-Type"], location: headers["Location"] }
-        r_opts[Rails.version.start_with?('5') ? :body : :text] = response.body
-        @controller.send :render, r_opts
-        nil # causes process return @response
-      end
-
-      # ensure that the controller response is set up. In production, this is
-      # not necessary since warden returns the results to rack. However, at
-      # testing time, we want the response to be available to the testing
-      # framework to verify what would be returned to rack.
-      if ret.is_a?(Array)
-        # ensure the controller response is set to our response.
-        @controller.response ||= @response
-        @response.status = ret.first
-        @response.headers.clear
-        ret.second.each { |k,v| @response[k] = v }
-        @response.body = ret.third
-      end
-
-      ret
-    end
   end
 end

data/lib/devise/version.rb

@@ -1,3 +1,3 @@
 module Devise
-  VERSION = "4.1.1".freeze
+  VERSION = "4.2.0".freeze
 end

data/lib/generators/templates/README

@@ -21,14 +21,7 @@ Some setup you must do manually if you haven't yet:
        <p class="notice"><%= notice %></p>
        <p class="alert"><%= alert %></p>
 
-  4. If you are deploying on Heroku with Rails 3.2 only, you may want to set:
-
-       config.assets.initialize_on_precompile = false
-
-     On config/application.rb forcing your application to not access the DB
-     or load models when precompiling your assets.
-
-  5. You can copy Devise views (for customization) to your app by running:
+  4. You can copy Devise views (for customization) to your app by running:
 
        rails g devise:views
 

data/lib/generators/templates/devise.rb

@@ -90,6 +90,12 @@ Devise.setup do |config|
   # from the server. You can disable this option at your own risk.
   # config.clean_up_csrf_token_on_authentication = true
 
+  # When false, Devise will not attempt to reload routes on eager load.
+  # This can reduce the time taken to boot the app but if your application
+  # requires the Devise mappings to be loaded during boot time the application
+  # won't boot properly.
+  # config.reload_routes = true
+
   # ==> Configuration for :database_authenticatable
   # For bcrypt, this is the cost for hashing the password and defaults to 11. If
   # using other algorithms, it sets how many times you want the password to be hashed.

data/test/controllers/custom_registrations_controller_test.rb

@@ -3,7 +3,7 @@ require 'test_helper'
 class CustomRegistrationsControllerTest < Devise::ControllerTestCase
   tests Custom::RegistrationsController
 
-  include Devise::TestHelpers
+  include Devise::Test::ControllerHelpers
 
   setup do
     request.env["devise.mapping"] = Devise.mappings[:user]

data/test/controllers/custom_strategy_test.rb

@@ -27,7 +27,7 @@ end
 class CustomStrategyTest < Devise::ControllerTestCase
   tests CustomStrategyController
 
-  include Devise::TestHelpers
+  include Devise::Test::ControllerHelpers
 
   setup do
     Warden::Strategies.add(:custom_strategy, CustomStrategy)

data/test/controllers/helpers_test.rb

@@ -96,7 +96,7 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
 
   test 'proxy admin_signed_in? to authenticatewith admin scope' do
     @mock_warden.expects(:authenticate).with(scope: :admin)
-    assert_not @controller.admin_signed_in?
+    refute @controller.admin_signed_in?
   end
 
   test 'proxy publisher_account_signed_in? to authenticate with namespaced publisher account scope' do
@@ -150,11 +150,11 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
     @controller.sign_in(user, force: true)
   end
 
-  test 'sign in accepts bypass as option' do
+  test 'bypass the sign in' do
     user = User.new
     @mock_warden.expects(:session_serializer).returns(serializer = mock())
     serializer.expects(:store).with(user, :user)
-    @controller.sign_in(user, bypass: true)
+    @controller.bypass_sign_in(user)
   end
 
   test 'sign out clears up any signed in user from all scopes' do
@@ -311,6 +311,6 @@ class ControllerAuthenticatableTest < Devise::ControllerTestCase
   end
 
   test 'is not a devise controller' do
-    assert_not @controller.devise_controller?
+    refute @controller.devise_controller?
   end
 end

data/test/controllers/internal_helpers_test.rb

@@ -119,7 +119,7 @@ class HelpersTest < Devise::ControllerTestCase
     MyController.send(:public, :navigational_formats)
 
     swap Devise, navigational_formats: ['*/*', :html] do
-      assert_not @controller.navigational_formats.include?("*/*")
+      refute @controller.navigational_formats.include?("*/*")
     end
 
     MyController.send(:protected, :navigational_formats)

data/test/controllers/passwords_controller_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class PasswordsControllerTest < Devise::ControllerTestCase
   tests Devise::PasswordsController
-  include Devise::TestHelpers
+  include Devise::Test::ControllerHelpers
 
   setup do
     request.env["devise.mapping"] = Devise.mappings[:user]

data/test/controllers/sessions_controller_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class SessionsControllerTest < Devise::ControllerTestCase
   tests Devise::SessionsController
-  include Devise::TestHelpers
+  include Devise::Test::ControllerHelpers
 
   test "#create doesn't raise unpermitted params when sign in fails" do
     begin
@@ -94,7 +94,7 @@ class SessionsControllerTest < Devise::ControllerTestCase
       User.class_eval { attr_protected :email }
 
       begin
-        assert_nothing_raised ActiveModel::MassAssignmentSecurity::Error do
+        assert_nothing_raised do
           get :new, user: { email: "allez viens!" }
         end
       ensure

data/test/devise_test.rb

@@ -67,18 +67,18 @@ class DeviseTest < ActiveSupport::TestCase
   end
 
   test 'add new module using the helper method' do
-    assert_nothing_raised(Exception) { Devise.add_module(:coconut) }
+    Devise.add_module(:coconut)
     assert_equal 1, Devise::ALL.select { |v| v == :coconut }.size
-    assert_not Devise::STRATEGIES.include?(:coconut)
-    assert_not defined?(Devise::Models::Coconut)
+    refute Devise::STRATEGIES.include?(:coconut)
+    refute defined?(Devise::Models::Coconut)
     Devise::ALL.delete(:coconut)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:banana, strategy: :fruits) }
+    Devise.add_module(:banana, strategy: :fruits)
     assert_equal :fruits, Devise::STRATEGIES[:banana]
     Devise::ALL.delete(:banana)
     Devise::STRATEGIES.delete(:banana)
 
-    assert_nothing_raised(Exception) { Devise.add_module(:kivi, controller: :fruits) }
+    Devise.add_module(:kivi, controller: :fruits)
     assert_equal :fruits, Devise::CONTROLLERS[:kivi]
     Devise::ALL.delete(:kivi)
     Devise::CONTROLLERS.delete(:kivi)
@@ -86,11 +86,11 @@ class DeviseTest < ActiveSupport::TestCase
 
   test 'should complain when comparing empty or different sized passes' do
     [nil, ""].each do |empty|
-      assert_not Devise.secure_compare(empty, "something")
-      assert_not Devise.secure_compare("something", empty)
-      assert_not Devise.secure_compare(empty, empty)
+      refute Devise.secure_compare(empty, "something")
+      refute Devise.secure_compare("something", empty)
+      refute Devise.secure_compare(empty, empty)
     end
-    assert_not Devise.secure_compare("size_1", "size_four")
+    refute Devise.secure_compare("size_1", "size_four")
   end
 
   test 'Devise.email_regexp should match valid email addresses' do

data/test/failure_app_test.rb

@@ -131,6 +131,24 @@ class FailureTest < ActiveSupport::TestCase
       end
     end
 
+    if Rails.application.config.action_controller.respond_to?(:relative_url_root)
+      test "returns to the default redirect location considering action_controller's relative url root" do
+        swap Rails.application.config.action_controller, relative_url_root: "/sample" do
+          call_failure
+          assert_equal 302, @response.first
+          assert_equal 'http://test.host/sample/users/sign_in', @response.second['Location']
+        end
+      end
+
+      test "returns to the default redirect location considering action_controller's relative url root and subdomain" do
+        swap Rails.application.config.action_controller, relative_url_root: "/sample" do
+          call_failure('warden.options' => { scope: :subdomain_user })
+          assert_equal 302, @response.first
+          assert_equal 'http://sub.test.host/sample/subdomain_users/sign_in', @response.second['Location']
+        end
+      end
+    end
+
     test 'uses the proxy failure message as symbol' do
       call_failure('warden' => OpenStruct.new(message: :invalid))
       assert_equal 'Invalid Email or password.', @request.flash[:alert]

data/test/integration/authenticatable_test.rb

@@ -10,13 +10,13 @@ class AuthenticationSanityTest < Devise::IntegrationTest
   test 'sign in as user should not authenticate admin scope' do
     sign_in_as_user
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'sign in as admin should not authenticate user scope' do
     sign_in_as_admin
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'sign in as both user and admin at same time' do
@@ -31,7 +31,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
       sign_in_as_user
       sign_in_as_admin
       delete destroy_user_session_path
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
       assert warden.authenticated?(:admin)
     end
   end
@@ -42,7 +42,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
       sign_in_as_admin
 
       delete destroy_admin_session_path
-      assert_not warden.authenticated?(:admin)
+      refute warden.authenticated?(:admin)
       assert warden.authenticated?(:user)
     end
   end
@@ -53,8 +53,8 @@ class AuthenticationSanityTest < Devise::IntegrationTest
       sign_in_as_admin
 
       delete destroy_user_session_path
-      assert_not warden.authenticated?(:user)
-      assert_not warden.authenticated?(:admin)
+      refute warden.authenticated?(:user)
+      refute warden.authenticated?(:admin)
     end
   end
 
@@ -64,21 +64,21 @@ class AuthenticationSanityTest < Devise::IntegrationTest
       sign_in_as_admin
 
       delete destroy_admin_session_path
-      assert_not warden.authenticated?(:admin)
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:admin)
+      refute warden.authenticated?(:user)
     end
   end
 
   test 'not signed in as admin should not be able to access admins actions' do
     get admins_path
     assert_redirected_to new_admin_session_path
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'signed in as user should not be able to access admins actions' do
     sign_in_as_user
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
 
     get admins_path
     assert_redirected_to new_admin_session_path
@@ -87,7 +87,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
   test 'signed in as admin should be able to access admin actions' do
     sign_in_as_admin
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     get admins_path
 
@@ -115,7 +115,7 @@ class AuthenticationSanityTest < Devise::IntegrationTest
 
     get root_path
     assert_contain 'Signed out successfully'
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'unauthenticated admin set message on sign out' do
@@ -138,13 +138,13 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'not signed in should not be able to access private route (authenticate denied)' do
     get private_path
     assert_redirected_to new_admin_session_path
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'signed in as user should not be able to access private route restricted to admins (authenticate denied)' do
     sign_in_as_user
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
     get private_path
     assert_redirected_to new_admin_session_path
   end
@@ -152,7 +152,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as admin should be able to access private route restricted to admins (authenticate accepted)' do
     sign_in_as_admin
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     get private_path
 
@@ -164,7 +164,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as inactive admin should not be able to access private/active route restricted to active admins (authenticate denied)' do
     sign_in_as_admin(active: false)
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     assert_raises ActionController::RoutingError do
       get "/private/active"
@@ -174,7 +174,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as active admin should be able to access private/active route restricted to active admins (authenticate accepted)' do
     sign_in_as_admin(active: true)
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     get private_active_path
 
@@ -186,7 +186,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as admin should get admin dashboard (authenticated accepted)' do
     sign_in_as_admin
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     get dashboard_path
 
@@ -198,7 +198,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as user should get user dashboard (authenticated accepted)' do
     sign_in_as_user
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
 
     get dashboard_path
 
@@ -216,7 +216,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as inactive admin should not be able to access dashboard/active route restricted to active admins (authenticated denied)' do
     sign_in_as_admin(active: false)
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     assert_raises ActionController::RoutingError do
       get "/dashboard/active"
@@ -226,7 +226,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in as active admin should be able to access dashboard/active route restricted to active admins (authenticated accepted)' do
     sign_in_as_admin(active: true)
     assert warden.authenticated?(:admin)
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
 
     get dashboard_active_path
 
@@ -238,7 +238,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
   test 'signed in user should not see unauthenticated page (unauthenticated denied)' do
     sign_in_as_user
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
 
     assert_raises ActionController::RoutingError do
       get join_path
@@ -404,13 +404,13 @@ class AuthenticationOthersTest < Devise::IntegrationTest
   test 'handles unverified requests gets rid of caches' do
     swap ApplicationController, allow_forgery_protection: true do
       post exhibit_user_url(1)
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
 
       sign_in_as_user
       assert warden.authenticated?(:user)
 
       post exhibit_user_url(1)
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
       assert_equal "User is not authenticated", response.body
     end
   end
@@ -473,7 +473,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
   test 'uses the mapping from router' do
     sign_in_as_user visit: "/as/sign_in"
     assert warden.authenticated?(:user)
-    assert_not warden.authenticated?(:admin)
+    refute warden.authenticated?(:admin)
   end
 
   test 'sign in with xml format returns xml response' do
@@ -515,14 +515,14 @@ class AuthenticationOthersTest < Devise::IntegrationTest
     sign_in_as_user
     delete destroy_user_session_path(format: 'xml')
     assert_response :no_content
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'sign out with json format returns no content' do
     sign_in_as_user
     delete destroy_user_session_path(format: 'json')
     assert_response :no_content
-    assert_not warden.authenticated?(:user)
+    refute warden.authenticated?(:user)
   end
 
   test 'sign out with non-navigational format via XHR does not redirect' do
@@ -530,7 +530,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
       sign_in_as_admin
       get destroy_sign_out_via_get_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "application/json,text/javascript,*/*" } # NOTE: Bug is triggered by combination of XHR and */*.
       assert_response :no_content
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -540,7 +540,7 @@ class AuthenticationOthersTest < Devise::IntegrationTest
       sign_in_as_user
       delete destroy_user_session_path, xhr: true, headers: { "HTTP_ACCEPT" => "text/html,*/*" }
       assert_response :redirect
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 end
@@ -550,7 +550,7 @@ class AuthenticationKeysTest < Devise::IntegrationTest
     swap Devise, authentication_keys: [:subdomain] do
       sign_in_as_user
       assert_contain "Invalid Subdomain or password."
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -579,7 +579,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
         sign_in_as_user
       end
 
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -589,7 +589,7 @@ class AuthenticationRequestKeysTest < Devise::IntegrationTest
     swap Devise, request_keys: [:subdomain] do
       sign_in_as_user
       assert_contain "Invalid Email or password."
-      assert_not warden.authenticated?(:user)
+      refute warden.authenticated?(:user)
     end
   end
 
@@ -612,7 +612,7 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
   test 'allow sign out via delete when sign_out_via provides only delete' do
     sign_in!(:sign_out_via_delete)
     delete destroy_sign_out_via_delete_session_path
-    assert_not warden.authenticated?(:sign_out_via_delete)
+    refute warden.authenticated?(:sign_out_via_delete)
   end
 
   test 'do not allow sign out via get when sign_out_via provides only delete' do
@@ -626,7 +626,7 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
   test 'allow sign out via post when sign_out_via provides only post' do
     sign_in!(:sign_out_via_post)
     post destroy_sign_out_via_post_session_path
-    assert_not warden.authenticated?(:sign_out_via_post)
+    refute warden.authenticated?(:sign_out_via_post)
   end
 
   test 'do not allow sign out via get when sign_out_via provides only post' do
@@ -640,13 +640,13 @@ class AuthenticationSignOutViaTest < Devise::IntegrationTest
   test 'allow sign out via delete when sign_out_via provides delete and post' do
     sign_in!(:sign_out_via_delete_or_post)
     delete destroy_sign_out_via_delete_or_post_session_path
-    assert_not warden.authenticated?(:sign_out_via_delete_or_post)
+    refute warden.authenticated?(:sign_out_via_delete_or_post)
   end
 
   test 'allow sign out via post when sign_out_via provides delete and post' do
     sign_in!(:sign_out_via_delete_or_post)
     post destroy_sign_out_via_delete_or_post_session_path
-    assert_not warden.authenticated?(:sign_out_via_delete_or_post)
+    refute warden.authenticated?(:sign_out_via_delete_or_post)
   end
 
   test 'do not allow sign out via get when sign_out_via provides delete and post' do