RubyGems - devise - Versions diffs - 4.2.0 → 4.4.3 - Mend

devise 4.2.0 → 4.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of devise might be problematic. Click here for more details.

Files changed (225) hide show

checksums.yaml +5 -5
data/.travis.yml +27 -5
data/CHANGELOG.md +65 -0
data/CONTRIBUTING.md +68 -28
data/Gemfile +3 -1
data/Gemfile.lock +79 -83
data/ISSUE_TEMPLATE.md +19 -0
data/MIT-LICENSE +1 -1
data/README.md +108 -11
data/Rakefile +1 -0
data/app/controllers/devise/confirmations_controller.rb +2 -0
data/app/controllers/devise/omniauth_callbacks_controller.rb +4 -2
data/app/controllers/devise/passwords_controller.rb +2 -0
data/app/controllers/devise/registrations_controller.rb +6 -3
data/app/controllers/devise/sessions_controller.rb +3 -1
data/app/controllers/devise/unlocks_controller.rb +2 -0
data/app/controllers/devise_controller.rb +2 -0
data/app/helpers/devise_helper.rb +2 -0
data/app/mailers/devise/mailer.rb +6 -0
data/app/views/devise/confirmations/new.html.erb +1 -1
data/app/views/devise/mailer/email_changed.html.erb +7 -0
data/app/views/devise/passwords/new.html.erb +1 -1
data/app/views/devise/registrations/edit.html.erb +1 -1
data/app/views/devise/registrations/new.html.erb +1 -1
data/app/views/devise/sessions/new.html.erb +1 -1
data/app/views/devise/unlocks/new.html.erb +1 -1
data/config/locales/en.yml +2 -0
data/devise.gemspec +3 -1
data/gemfiles/Gemfile.rails-4.1-stable +3 -1
data/gemfiles/Gemfile.rails-4.1-stable.lock +67 -70
data/gemfiles/Gemfile.rails-4.2-stable +3 -1
data/gemfiles/Gemfile.rails-4.2-stable.lock +69 -73
data/gemfiles/Gemfile.rails-5.0-stable +33 -0
data/gemfiles/Gemfile.rails-5.0-stable.lock +192 -0
data/gemfiles/Gemfile.rails-5.2-rc1 +26 -0
data/gemfiles/Gemfile.rails-5.2-rc1.lock +201 -0
data/guides/bug_report_templates/integration_test.rb +2 -0
data/lib/devise/controllers/helpers.rb +2 -0
data/lib/devise/controllers/rememberable.rb +2 -0
data/lib/devise/controllers/scoped_views.rb +2 -0
data/lib/devise/controllers/sign_in_out.rb +6 -1
data/lib/devise/controllers/store_location.rb +25 -7
data/lib/devise/controllers/url_helpers.rb +2 -0
data/lib/devise/delegator.rb +2 -0
data/lib/devise/encryptor.rb +2 -0
data/lib/devise/failure_app.rb +14 -12
data/lib/devise/hooks/activatable.rb +2 -0
data/lib/devise/hooks/csrf_cleaner.rb +2 -0
data/lib/devise/hooks/forgetable.rb +2 -0
data/lib/devise/hooks/lockable.rb +6 -1
data/lib/devise/hooks/proxy.rb +2 -0
data/lib/devise/hooks/rememberable.rb +2 -0
data/lib/devise/hooks/timeoutable.rb +2 -0
data/lib/devise/hooks/trackable.rb +2 -0
data/lib/devise/mailers/helpers.rb +6 -3
data/lib/devise/mapping.rb +2 -0
data/lib/devise/models/authenticatable.rb +4 -2
data/lib/devise/models/confirmable.rb +53 -17
data/lib/devise/models/database_authenticatable.rb +40 -4
data/lib/devise/models/lockable.rb +8 -2
data/lib/devise/models/omniauthable.rb +2 -0
data/lib/devise/models/recoverable.rb +26 -9
data/lib/devise/models/registerable.rb +2 -0
data/lib/devise/models/rememberable.rb +4 -2
data/lib/devise/models/timeoutable.rb +2 -0
data/lib/devise/models/trackable.rb +7 -0
data/lib/devise/models/validatable.rb +10 -3
data/lib/devise/models.rb +3 -1
data/lib/devise/modules.rb +2 -0
data/lib/devise/omniauth/config.rb +2 -0
data/lib/devise/omniauth/url_helpers.rb +2 -0
data/lib/devise/omniauth.rb +2 -0
data/lib/devise/orm/active_record.rb +2 -0
data/lib/devise/orm/mongoid.rb +2 -0
data/lib/devise/parameter_filter.rb +2 -0
data/lib/devise/parameter_sanitizer.rb +2 -0
data/lib/devise/rails/routes.rb +3 -1
data/lib/devise/rails/warden_compat.rb +2 -0
data/lib/devise/rails.rb +3 -5
data/lib/devise/secret_key_finder.rb +25 -0
data/lib/devise/strategies/authenticatable.rb +2 -0
data/lib/devise/strategies/base.rb +2 -0
data/lib/devise/strategies/database_authenticatable.rb +2 -0
data/lib/devise/strategies/rememberable.rb +2 -0
data/lib/devise/test/controller_helpers.rb +4 -1
data/lib/devise/test/integration_helpers.rb +2 -0
data/lib/devise/test_helpers.rb +3 -1
data/lib/devise/time_inflector.rb +2 -0
data/lib/devise/token_generator.rb +2 -0
data/lib/devise/version.rb +3 -1
data/lib/devise.rb +17 -2
data/lib/generators/active_record/devise_generator.rb +15 -2
data/lib/generators/active_record/templates/migration.rb +3 -1
data/lib/generators/active_record/templates/migration_existing.rb +2 -0
data/lib/generators/devise/controllers_generator.rb +2 -0
data/lib/generators/devise/devise_generator.rb +4 -2
data/lib/generators/devise/install_generator.rb +2 -0
data/lib/generators/devise/orm_helpers.rb +7 -1
data/lib/generators/devise/views_generator.rb +7 -8
data/lib/generators/mongoid/devise_generator.rb +2 -0
data/lib/generators/templates/controllers/confirmations_controller.rb +2 -0
data/lib/generators/templates/controllers/omniauth_callbacks_controller.rb +2 -0
data/lib/generators/templates/controllers/passwords_controller.rb +2 -0
data/lib/generators/templates/controllers/registrations_controller.rb +4 -2
data/lib/generators/templates/controllers/sessions_controller.rb +3 -1
data/lib/generators/templates/controllers/unlocks_controller.rb +2 -0
data/lib/generators/templates/devise.rb +10 -1
data/lib/generators/templates/markerb/email_changed.markerb +7 -0
data/lib/generators/templates/markerb/password_change.markerb +2 -2
data/test/controllers/custom_registrations_controller_test.rb +2 -0
data/test/controllers/custom_strategy_test.rb +2 -0
data/test/controllers/helper_methods_test.rb +2 -0
data/test/controllers/helpers_test.rb +5 -3
data/test/controllers/inherited_controller_i18n_messages_test.rb +2 -0
data/test/controllers/internal_helpers_test.rb +2 -0
data/test/controllers/load_hooks_controller_test.rb +2 -0
data/test/controllers/passwords_controller_test.rb +2 -0
data/test/controllers/sessions_controller_test.rb +2 -0
data/test/controllers/url_helpers_test.rb +2 -0
data/test/delegator_test.rb +2 -0
data/test/devise_test.rb +2 -0
data/test/failure_app_test.rb +2 -0
data/test/generators/active_record_generator_test.rb +47 -0
data/test/generators/controllers_generator_test.rb +2 -0
data/test/generators/devise_generator_test.rb +2 -0
data/test/generators/install_generator_test.rb +2 -0
data/test/generators/mongoid_generator_test.rb +2 -0
data/test/generators/views_generator_test.rb +2 -0
data/test/helpers/devise_helper_test.rb +2 -0
data/test/integration/authenticatable_test.rb +10 -2
data/test/integration/confirmable_test.rb +2 -0
data/test/integration/database_authenticatable_test.rb +2 -0
data/test/integration/http_authenticatable_test.rb +8 -0
data/test/integration/lockable_test.rb +5 -3
data/test/integration/mounted_engine_test.rb +2 -0
data/test/integration/omniauthable_test.rb +13 -0
data/test/integration/recoverable_test.rb +2 -0
data/test/integration/registerable_test.rb +2 -0
data/test/integration/rememberable_test.rb +9 -1
data/test/integration/timeoutable_test.rb +2 -0
data/test/integration/trackable_test.rb +7 -0
data/test/mailers/confirmation_instructions_test.rb +2 -0
data/test/mailers/email_changed_test.rb +132 -0
data/test/mailers/mailer_test.rb +20 -0
data/test/mailers/reset_password_instructions_test.rb +2 -0
data/test/mailers/unlock_instructions_test.rb +2 -0
data/test/mapping_test.rb +2 -0
data/test/models/authenticatable_test.rb +2 -0
data/test/models/confirmable_test.rb +30 -0
data/test/models/database_authenticatable_test.rb +15 -1
data/test/models/lockable_test.rb +2 -0
data/test/models/omniauthable_test.rb +2 -0
data/test/models/recoverable_test.rb +13 -1
data/test/models/registerable_test.rb +2 -0
data/test/models/rememberable_test.rb +2 -0
data/test/models/serializable_test.rb +6 -0
data/test/models/timeoutable_test.rb +2 -0
data/test/models/trackable_test.rb +21 -0
data/test/models/validatable_test.rb +4 -2
data/test/models_test.rb +2 -0
data/test/omniauth/config_test.rb +11 -7
data/test/omniauth/url_helpers_test.rb +2 -0
data/test/orm/active_record.rb +9 -2
data/test/orm/mongoid.rb +3 -1
data/test/parameter_sanitizer_test.rb +2 -0
data/test/rails_app/app/active_record/admin.rb +2 -0
data/test/rails_app/app/active_record/shim.rb +2 -0
data/test/rails_app/app/active_record/user.rb +14 -1
data/test/rails_app/app/active_record/user_on_engine.rb +2 -0
data/test/rails_app/app/active_record/user_on_main_app.rb +2 -0
data/test/rails_app/app/active_record/user_with_validations.rb +12 -0
data/test/rails_app/app/active_record/user_without_email.rb +2 -0
data/test/rails_app/app/controllers/admins/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/admins_controller.rb +2 -0
data/test/rails_app/app/controllers/application_controller.rb +2 -0
data/test/rails_app/app/controllers/application_with_fake_engine.rb +2 -0
data/test/rails_app/app/controllers/custom/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/home_controller.rb +3 -1
data/test/rails_app/app/controllers/publisher/registrations_controller.rb +2 -0
data/test/rails_app/app/controllers/publisher/sessions_controller.rb +2 -0
data/test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb +3 -1
data/test/rails_app/app/controllers/users_controller.rb +5 -3
data/test/rails_app/app/helpers/application_helper.rb +2 -0
data/test/rails_app/app/mailers/users/from_proc_mailer.rb +2 -0
data/test/rails_app/app/mailers/users/mailer.rb +2 -0
data/test/rails_app/app/mailers/users/reply_to_mailer.rb +2 -0
data/test/rails_app/app/mongoid/admin.rb +2 -0
data/test/rails_app/app/mongoid/shim.rb +2 -0
data/test/rails_app/app/mongoid/user.rb +11 -0
data/test/rails_app/app/mongoid/user_on_engine.rb +2 -0
data/test/rails_app/app/mongoid/user_on_main_app.rb +2 -0
data/test/rails_app/app/mongoid/user_with_validations.rb +37 -0
data/test/rails_app/app/mongoid/user_without_email.rb +2 -0
data/test/rails_app/config/application.rb +6 -2
data/test/rails_app/config/boot.rb +16 -3
data/test/rails_app/config/environment.rb +2 -0
data/test/rails_app/config/environments/development.rb +2 -0
data/test/rails_app/config/environments/production.rb +2 -0
data/test/rails_app/config/environments/test.rb +2 -0
data/test/rails_app/config/initializers/backtrace_silencers.rb +2 -0
data/test/rails_app/config/initializers/devise.rb +2 -0
data/test/rails_app/config/initializers/inflections.rb +2 -0
data/test/rails_app/config/initializers/secret_token.rb +2 -0
data/test/rails_app/config/initializers/session_store.rb +2 -0
data/test/rails_app/config/routes.rb +2 -0
data/test/rails_app/db/migrate/20100401102949_create_tables.rb +2 -0
data/test/rails_app/db/schema.rb +2 -0
data/test/rails_app/lib/shared_admin.rb +7 -1
data/test/rails_app/lib/shared_user.rb +2 -0
data/test/rails_app/lib/shared_user_without_email.rb +2 -0
data/test/rails_app/lib/shared_user_without_omniauth.rb +2 -0
data/test/rails_test.rb +2 -0
data/test/routes_test.rb +7 -5
data/test/secret_key_finder_test.rb +97 -0
data/test/support/action_controller/record_identifier.rb +2 -0
data/test/support/assertions.rb +2 -0
data/test/support/helpers.rb +6 -0
data/test/support/http_method_compatibility.rb +2 -0
data/test/support/integration.rb +3 -0
data/test/support/webrat/integrations/rails.rb +2 -0
data/test/test/controller_helpers_test.rb +16 -1
data/test/test/integration_helpers_test.rb +2 -0
data/test/test_helper.rb +2 -0
data/test/test_models.rb +2 -0
metadata +23 -5

data/test/generators/active_record_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "test_helper"
 if DEVISE_ORM == :active_record
@@ -13,6 +15,20 @@ if DEVISE_ORM == :active_record
       assert_migration "db/migrate/devise_create_monsters.rb", /def change/
     end
+    test "all files are properly created with changed db/migrate path in application configuration" do
+      old_paths = Rails.application.config.paths["db/migrate"]
+      Rails.application.config.paths.add "db/migrate", with: "db2/migrate"
+      run_generator %w(monster)
+      if Rails.version >= '5.0.3'
+        assert_migration "db2/migrate/devise_create_monsters.rb", /def change/
+      else
+        assert_migration "db/migrate/devise_create_monsters.rb", /def change/
+      end
+      Rails.application.config.paths["db/migrate"] = old_paths
+    end
     test "all files for namespaced model are properly created" do
       run_generator %w(admin/monster)
       assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/
@@ -25,6 +41,23 @@ if DEVISE_ORM == :active_record
       assert_migration "db/migrate/add_devise_to_monsters.rb"
     end
+    test "update model migration when model exists with changed db/migrate path in application configuration" do
+      old_paths = Rails.application.config.paths["db/migrate"]
+      Rails.application.config.paths.add "db/migrate", with: "db2/migrate"
+      run_generator %w(monster)
+      assert_file "app/models/monster.rb"
+      run_generator %w(monster)
+      if Rails.version >= '5.0.3'
+        assert_migration "db2/migrate/add_devise_to_monsters.rb"
+      else
+        assert_migration "db/migrate/add_devise_to_monsters.rb"
+      end
+      Rails.application.config.paths["db/migrate"] = old_paths
+    end
     test "all files are properly deleted" do
       run_generator %w(monster)
       run_generator %w(monster)
@@ -43,6 +76,20 @@ if DEVISE_ORM == :active_record
       assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :current_sign_in_ip/
       assert_migration "db/migrate/devise_create_monsters.rb", /t.string   :last_sign_in_ip/
     end
+    test "do NOT add primary key type when NOT specified in rails generator" do
+      run_generator %w(monster)
+      assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/
+    end
+    test "add primary key type with rails 5 when specified in rails generator" do
+      run_generator ["monster", "--primary_key_type=uuid"]
+      if Rails.version.start_with? '5'
+        assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters, id: :uuid do/
+      else
+        assert_migration "db/migrate/devise_create_monsters.rb", /create_table :monsters do/
+      end
+    end
   end
   module RailsEngine

data/test/generators/controllers_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "test_helper"
 class ControllersGeneratorTest < Rails::Generators::TestCase

data/test/generators/devise_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 require "generators/devise/devise_generator"

data/test/generators/install_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "test_helper"
 class InstallGeneratorTest < Rails::Generators::TestCase

data/test/generators/mongoid_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "test_helper"
 if DEVISE_ORM == :mongoid

data/test/generators/views_generator_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "test_helper"
 class ViewsGeneratorTest < Rails::Generators::TestCase

data/test/helpers/devise_helper_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class DeviseHelperTest < Devise::IntegrationTest

data/test/integration/authenticatable_test.rb CHANGED Viewed

@@ -1,6 +1,14 @@
+# frozen_string_literal: true
 require 'test_helper'
 class AuthenticationSanityTest < Devise::IntegrationTest
+  test 'sign in should not run model validations' do
+    sign_in_as_user
+    refute User.validations_performed
+  end
   test 'home should be accessible without sign in' do
     visit '/'
     assert_response :success
@@ -245,7 +253,7 @@ class AuthenticationRoutesRestrictions < Devise::IntegrationTest
     end
   end
-  test 'not signed in users should see unautheticated page (unauthenticated accepted)' do
+  test 'not signed in users should see unauthenticated page (unauthenticated accepted)' do
     get join_path
     assert_response :success
@@ -369,7 +377,7 @@ class AuthenticationWithScopedViewsTest < Devise::IntegrationTest
     end
   end
-  test 'renders the scoped view if turned on in an specific controller' do
+  test 'renders the scoped view if turned on in a specific controller' do
     begin
       Devise::SessionsController.scoped_views = true
       assert_raise Webrat::NotFoundError do

data/test/integration/confirmable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class ConfirmationTest < Devise::IntegrationTest

data/test/integration/database_authenticatable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class DatabaseAuthenticationTest < Devise::IntegrationTest

data/test/integration/http_authenticatable_test.rb CHANGED Viewed

@@ -1,6 +1,14 @@
+# frozen_string_literal: true
 require 'test_helper'
 class HttpAuthenticationTest < Devise::IntegrationTest
+  test 'sign in with HTTP should not run model validations' do
+    sign_in_as_new_user_with_http
+    refute User.validations_performed
+  end
   test 'handles unverified requests gets rid of caches but continues signed in' do
     swap ApplicationController, allow_forgery_protection: true do
       create_user

data/test/integration/lockable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class LockTest < Devise::IntegrationTest
@@ -172,7 +174,7 @@ class LockTest < Devise::IntegrationTest
     assert_equal response.body, {}.to_json
   end
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is locked" do
+  test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is locked" do
     swap Devise, paranoid: true do
       user = create_user(locked: true)
@@ -187,7 +189,7 @@ class LockTest < Devise::IntegrationTest
     end
   end
-  test "in paranoid mode, when trying to unlock an user that exists it should not say that it exists if it is not locked" do
+  test "in paranoid mode, when trying to unlock a user that exists it should not say that it exists if it is not locked" do
     swap Devise, paranoid: true do
       user = create_user(locked: false)
@@ -202,7 +204,7 @@ class LockTest < Devise::IntegrationTest
     end
   end
-  test "in paranoid mode, when trying to unlock an user that does not exists it should not say that it does not exists" do
+  test "in paranoid mode, when trying to unlock a user that does not exists it should not say that it does not exists" do
     swap Devise, paranoid: true do
       visit new_user_session_path
       click_link "Didn't receive unlock instructions?"

data/test/integration/mounted_engine_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class MyMountableEngine

data/test/integration/omniauthable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
@@ -40,6 +42,17 @@ class OmniauthableIntegrationTest < Devise::IntegrationTest
     end
   end
+  test "omniauth sign in should not run model validations" do
+    stub_action!(:sign_in_facebook) do
+      create_user
+      visit "/users/sign_in"
+      click_link "Sign in with FaceBook"
+      assert warden.authenticated?(:user)
+      refute User.validations_performed
+    end
+  end
   test "can access omniauth.auth in the env hash" do
     visit "/users/sign_in"
     click_link "Sign in with FaceBook"

data/test/integration/recoverable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class PasswordTest < Devise::IntegrationTest

data/test/integration/registerable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class RegistrationTest < Devise::IntegrationTest

data/test/integration/rememberable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class RememberMeTest < Devise::IntegrationTest
@@ -10,7 +12,13 @@ class RememberMeTest < Devise::IntegrationTest
   end
   def generate_signed_cookie(raw_cookie)
-    request = Devise.rails5? ? ActionDispatch::TestRequest.create : ActionDispatch::TestRequest.new
+    request = if Devise::Test.rails51? || Devise::Test.rails52?
+      ActionController::TestRequest.create(Class.new) # needs a "controller class"
+    elsif Devise::Test.rails5?
+      ActionController::TestRequest.create
+    else
+      ActionController::TestRequest.new
+    end
     request.cookie_jar.signed['raw_cookie'] = raw_cookie
     request.cookie_jar['raw_cookie']
   end

data/test/integration/timeoutable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class SessionTimeoutTest < Devise::IntegrationTest

data/test/integration/trackable_test.rb CHANGED Viewed

@@ -1,6 +1,13 @@
+# frozen_string_literal: true
 require 'test_helper'
 class TrackableHooksTest < Devise::IntegrationTest
+  test "trackable should not run model validations" do
+    sign_in_as_user
+    refute User.validations_performed
+  end
   test "current and last sign in timestamps are updated on each sign in" do
     user = create_user

data/test/mailers/confirmation_instructions_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class ConfirmationInstructionsTest < ActionMailer::TestCase

data/test/mailers/email_changed_test.rb ADDED Viewed

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+require 'test_helper'
+class EmailChangedTest < ActionMailer::TestCase
+  def setup
+    setup_mailer
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'test@example.com'
+    Devise.send_email_changed_notification = true
+  end
+  def teardown
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
+    Devise.send_email_changed_notification = false
+  end
+  def user
+    @user ||= create_user.tap { |u|
+      @original_user_email = u.email
+      u.update_attributes!(email: 'new-email@example.com')
+    }
+  end
+  def mail
+    @mail ||= begin
+      user
+      ActionMailer::Base.deliveries.last
+    end
+  end
+  test 'email sent after changing the user email' do
+    assert_not_nil mail
+  end
+  test 'content type should be set to html' do
+    assert mail.content_type.include?('text/html')
+  end
+  test 'send email changed to the original user email' do
+    mail
+    assert_equal [@original_user_email], mail.to
+  end
+  test 'set up sender from configuration' do
+    assert_equal ['test@example.com'], mail.from
+  end
+  test 'set up sender from custom mailer defaults' do
+    Devise.mailer = 'Users::Mailer'
+    assert_equal ['custom@example.com'], mail.from
+  end
+  test 'set up sender from custom mailer defaults with proc' do
+    Devise.mailer = 'Users::FromProcMailer'
+    assert_equal ['custom@example.com'], mail.from
+  end
+  test 'custom mailer renders parent mailer template' do
+    Devise.mailer = 'Users::Mailer'
+    assert_present mail.body.encoded
+  end
+  test 'set up reply to as copy from sender' do
+    assert_equal ['test@example.com'], mail.reply_to
+  end
+  test 'set up reply to as different if set in defaults' do
+    Devise.mailer = 'Users::ReplyToMailer'
+    assert_equal ['custom@example.com'], mail.from
+    assert_equal ['custom_reply_to@example.com'], mail.reply_to
+  end
+  test 'set up subject from I18n' do
+    store_translations :en, devise: { mailer: { email_changed: { subject: 'Email Has Changed' } } } do
+      assert_equal 'Email Has Changed', mail.subject
+    end
+  end
+  test 'subject namespaced by model' do
+    store_translations :en, devise: { mailer: { email_changed: { user_subject: 'User Email Has Changed' } } } do
+      assert_equal 'User Email Has Changed', mail.subject
+    end
+  end
+  test 'body should have user info' do
+    body = mail.body.encoded
+    assert_match "Hello #{@original_user_email}", body
+    assert_match "has been changed to #{user.email}", body
+  end
+end
+class EmailChangedReconfirmationTest < ActionMailer::TestCase
+  def setup
+    setup_mailer
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'test@example.com'
+    Devise.send_email_changed_notification = true
+  end
+  def teardown
+    Devise.mailer = 'Devise::Mailer'
+    Devise.mailer_sender = 'please-change-me@config-initializers-devise.com'
+    Devise.send_email_changed_notification = false
+  end
+  def admin
+    @admin ||= create_admin.tap { |u|
+      @original_admin_email = u.email
+      u.update_attributes!(email: 'new-email@example.com')
+    }
+  end
+  def mail
+    @mail ||= begin
+      admin
+      ActionMailer::Base.deliveries[-2]
+    end
+  end
+  test 'send email changed to the original user email' do
+    mail
+    assert_equal [@original_admin_email], mail.to
+  end
+  test 'body should have unconfirmed user info' do
+    body = mail.body.encoded
+    assert_match admin.email, body
+    assert_match "is being changed to #{admin.unconfirmed_email}", body
+  end
+end

data/test/mailers/mailer_test.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require "test_helper"
+class MailerTest < ActionMailer::TestCase
+  test "pass given block to #mail call" do
+    class TestMailer < Devise::Mailer
+      def confirmation_instructions(record, token, opts = {})
+        @token = token
+        devise_mail(record, :confirmation_instructions, opts) do |format|
+          format.html(content_transfer_encoding: "7bit")
+        end
+      end
+    end
+    mail = TestMailer.confirmation_instructions(create_user, "confirmation-token")
+    assert mail.content_transfer_encoding, "7bit"
+  end
+end

data/test/mailers/reset_password_instructions_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class ResetPasswordInstructionsTest < ActionMailer::TestCase

data/test/mailers/unlock_instructions_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class UnlockInstructionsTest < ActionMailer::TestCase

data/test/mapping_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class FakeRequest < Struct.new(:path_info, :params)

data/test/models/authenticatable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class AuthenticatableTest < ActiveSupport::TestCase

data/test/models/confirmable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class ConfirmableTest < ActiveSupport::TestCase
@@ -6,6 +8,17 @@ class ConfirmableTest < ActiveSupport::TestCase
     setup_mailer
   end
+  test 'should set callbacks to send the mail' do
+    if DEVISE_ORM == :active_record
+      defined_callbacks = User._commit_callbacks.map(&:filter)
+      assert_includes defined_callbacks, :send_on_create_confirmation_instructions
+      assert_includes defined_callbacks, :send_reconfirmation_instructions
+    elsif DEVISE_ORM == :mongoid
+      assert_includes User._create_callbacks.map(&:filter), :send_on_create_confirmation_instructions
+      assert_includes User._update_callbacks.map(&:filter), :send_reconfirmation_instructions
+    end
+  end
   test 'should generate confirmation token after creating a record' do
     assert_nil new_user.confirmation_token
     assert_not_nil create_user.confirmation_token
@@ -516,4 +529,21 @@ class ReconfirmableTest < ActiveSupport::TestCase
     admin.save
     assert admin.pending_reconfirmation?
   end
+  test 'should notify previous email on email change when configured' do
+    swap Devise, send_email_changed_notification: true do
+      admin = create_admin
+      original_email = admin.email
+      assert_difference 'ActionMailer::Base.deliveries.size', 2 do
+        assert admin.update_attributes(email: 'new-email@example.com')
+      end
+      assert_equal original_email, ActionMailer::Base.deliveries[-2]['to'].to_s
+      assert_equal 'new-email@example.com', ActionMailer::Base.deliveries[-1]['to'].to_s
+      assert_email_not_sent do
+        assert admin.confirm
+      end
+    end
+  end
 end

data/test/models/database_authenticatable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 require 'test_models'
 require 'digest/sha1'
@@ -236,12 +238,24 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
     end
   end
-  test 'should email on password change when configured' do
+  test 'should notify previous email on email change when configured' do
+    swap Devise, send_email_changed_notification: true do
+      user = create_user
+      original_email = user.email
+      assert_email_sent original_email do
+        assert user.update_attributes(email: 'new-email@example.com')
+      end
+      assert_match original_email, ActionMailer::Base.deliveries.last.body.encoded
+    end
+  end
+  test 'should notify email on password change when configured' do
     swap Devise, send_password_change_notification: true do
       user = create_user
       assert_email_sent user.email do
         assert user.update_attributes(password: 'newpass', password_confirmation: 'newpass')
       end
+      assert_match user.email, ActionMailer::Base.deliveries.last.body.encoded
     end
   end

data/test/models/lockable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class LockableTest < ActiveSupport::TestCase

data/test/models/omniauthable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class OmniauthableTest < ActiveSupport::TestCase

data/test/models/recoverable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class RecoverableTest < ActiveSupport::TestCase
@@ -184,6 +186,16 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_equal raw, reset_password_user.reset_password_token
   end
+  test 'should return a new record with errors if password is not provided' do
+    user = create_user
+    raw  = user.send_reset_password_instructions
+    reset_password_user = User.reset_password_by_token(reset_password_token: raw)
+    refute reset_password_user.errors.empty?
+    assert_match "can't be blank", reset_password_user.errors[:password].join
+    assert_equal raw, reset_password_user.reset_password_token
+  end
   test 'should reset successfully user password given the new password and confirmation' do
     user = create_user
     old_password = user.password
@@ -245,7 +257,7 @@ class RecoverableTest < ActiveSupport::TestCase
   end
   test 'should return nil if a user based on the raw token is not found' do
-    assert_equal User.with_reset_password_token('random-token'), nil
+    assert_nil User.with_reset_password_token('random-token')
   end
 end

data/test/models/registerable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class RegisterableTest < ActiveSupport::TestCase

data/test/models/rememberable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class RememberableTest < ActiveSupport::TestCase

data/test/models/serializable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class SerializableTest < ActiveSupport::TestCase
@@ -40,6 +42,10 @@ class SerializableTest < ActiveSupport::TestCase
     assert_no_match(/confirmation_token/, @user.inspect)
   end
+  test 'should accept frozen options' do
+    assert_key "username", @user.as_json({only: :username}.freeze)["user"]
+  end
   def assert_key(key, subject)
     assert subject.key?(key), "Expected #{subject.inspect} to have key #{key.inspect}"
   end

data/test/models/timeoutable_test.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'test_helper'
 class TimeoutableTest < ActiveSupport::TestCase