devise_token_auth 0.1.37.beta4 → 0.1.37

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0c1401be1479787b9115c2aa8fd04adab21776de
-  data.tar.gz: 4bf54ad1a795451ae573144a78ba1b414437b223
+  metadata.gz: 7cb47a5fba41d7ebd8bc1d0c8f3ca0efb1895de7
+  data.tar.gz: f249fd363679cb78330361b84b73538c897cf148
 SHA512:
-  metadata.gz: 701cb424a22649841c9c3ece6a60417a1b31869c0b10fab9e38a6861090707cd379aa9cfe4b0d3f85308026ec247445df3347f49f19858a9a78ba48b7752522e
-  data.tar.gz: a94ca49f3d48a15c8af51e4ef502c428059c510088e32f63d3f29a0a4488a4ebab635c0cc8201470044a3bd4089d229b614c6f9ed5bcb3270e0e95fd90c7d101
+  metadata.gz: 70f0be0bdf639d61b7f508d402b13c859250439fd11d9d18332b72c1e8a3a676ed151b90743cb43984e31b14237ad385e333f4672f3cbdc968043e50f09de611
+  data.tar.gz: e53a3f7c326d34c265fe99087441d299f19c711e408f62cae81a486258613c2a40b7eecbb6e9b42b9aa83f09d6bc02d2fc78d30d38d9116ba842f060217796cf

data/README.md

@@ -161,10 +161,11 @@ The following settings are available for configuration in `config/initializers/d
 | **`token_lifespan`** | `2.weeks` | Set the length of your tokens' lifespans. Users will need to re-authenticate after this duration of time has passed since their last login. |
 | **`batch_request_buffer_throttle`** | `5.seconds` | Sometimes it's necessary to make several requests to the API at the same time. In this case, each request in the batch will need to share the same auth token. This setting determines how far apart the requests can be while still using the same auth token. [Read more](#about-batch-requests). |
 | **`omniauth_prefix`** | `"/omniauth"` | This route will be the prefix for all oauth2 redirect callbacks. For example, using the default '/omniauth' setting, the github oauth2 provider will redirect successful authentications to '/omniauth/github/callback'. [Read more](#omniauth-provider-settings). |
-| **`default_confirm_success_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the cilent. |
-| **`default_password_reset_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the cilent. |
+| **`default_confirm_success_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful email confirmation. If this param is set, the API will redirect to this value when no value is provided by the client. |
+| **`default_password_reset_url`** | `nil` | By default this value is expected to be sent by the client so that the API knows where to redirect users after successful password resets. If this param is set, the API will redirect to this value when no value is provided by the client. |
 | **`redirect_whitelist`** | `nil` | As an added security measure, you can limit the URLs to which the API will redirect after email token validation (password reset, email confirmation, etc.). This value should be an array containing exact matches to the client URLs to be visited after validation. |
 | **`enable_standard_devise_support`** | `false` | By default, only Bearer Token authentication is implemented out of the box. If, however, you wish to integrate with legacy Devise authentication, you can do so by enabling this flag. NOTE: This feature is highly experimental! |
+| **`remove_tokens_after_password_reset`** | `false` | By default, old tokens are not invalidated when password is changed. Enable this option if you want to make passwords updates to logout other devices. |
 
 
 Additionally, you can configure other aspects of devise by manually creating the traditional devise.rb file at `config/initializers/devise.rb`. Here are some examples of what you can do in this file:

data/app/controllers/devise_token_auth/application_controller.rb

@@ -4,6 +4,10 @@ module DeviseTokenAuth
 
     protected
 
+    def params_for_resource(resource)
+      devise_parameter_sanitizer.instance_values['permitted'][resource]
+    end
+
     def resource_class(m=nil)
       if m
         mapping = Devise.mappings[m]

data/app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -2,8 +2,8 @@ module DeviseTokenAuth
   class OmniauthCallbacksController < DeviseTokenAuth::ApplicationController
 
     attr_reader :auth_params
-    skip_before_filter :set_user_by_token
-    skip_after_filter :update_auth_header
+    skip_before_action :set_user_by_token
+    skip_after_action :update_auth_header
 
     # intermediary route for successful omniauth authentication. omniauth does
     # not support multiple models, so we must resort to this terrible hack.
@@ -11,8 +11,8 @@ module DeviseTokenAuth
 
       # derive target redirect route from 'resource_class' param, which was set
       # before authentication.
-      devise_mapping = request.env['omniauth.params']['resource_class'].underscore.to_sym
-      redirect_route = "#{request.protocol}#{request.host_with_port}/#{Devise.mappings[devise_mapping].as_json["path"]}/#{params[:provider]}/callback"
+      devise_mapping = request.env['omniauth.params']['resource_class'].underscore.gsub("/", "_").to_sym
+      redirect_route = "#{request.protocol}#{request.host_with_port}/#{Devise.mappings[devise_mapping].fullpath}/#{params[:provider]}/callback"
 
       # preserve omniauth info for success route. ignore 'extra' in twitter
       # auth response to avoid CookieOverflow.
@@ -86,7 +86,7 @@ module DeviseTokenAuth
 
     # derive allowed params from the standard devise parameter sanitizer
     def whitelisted_params
-      whitelist = devise_parameter_sanitizer.for(:sign_up)
+      whitelist = params_for_resource(:sign_up)
 
       whitelist.inject({}){|coll, key|
         param = omniauth_params[key.to_s]

data/app/controllers/devise_token_auth/passwords_controller.rb

@@ -1,7 +1,7 @@
 module DeviseTokenAuth
   class PasswordsController < DeviseTokenAuth::ApplicationController
-    before_filter :set_user_by_token, :only => [:update]
-    skip_after_filter :update_auth_header, :only => [:create, :edit]
+    before_action :set_user_by_token, :only => [:update]
+    skip_after_action :update_auth_header, :only => [:create, :edit]
 
     # this action is responsible for generating password reset tokens and
     # sending emails
@@ -228,7 +228,7 @@ module DeviseTokenAuth
     end
 
     def password_resource_params
-      params.permit(devise_parameter_sanitizer.for(:account_update))
+      params.permit(*params_for_resource(:account_update))
     end
 
   end

data/app/controllers/devise_token_auth/registrations_controller.rb

@@ -1,9 +1,9 @@
 module DeviseTokenAuth
   class RegistrationsController < DeviseTokenAuth::ApplicationController
-    before_filter :set_user_by_token, :only => [:destroy, :update]
-    before_filter :validate_sign_up_params, :only => :create
-    before_filter :validate_account_update_params, :only => :update
-    skip_after_filter :update_auth_header, :only => [:create, :destroy]
+    before_action :set_user_by_token, :only => [:destroy, :update]
+    before_action :validate_sign_up_params, :only => :create
+    before_action :validate_account_update_params, :only => :update
+    skip_after_action :update_auth_header, :only => [:create, :destroy]
 
     def create
       @resource            = resource_class.new(sign_up_params)
@@ -36,6 +36,7 @@ module DeviseTokenAuth
 
       begin
         # override email confirmation, must be sent manually from ctrl
+        resource_class.set_callback("create", :after, :send_on_create_confirmation_instructions)
         resource_class.skip_callback("create", :after, :send_on_create_confirmation_instructions)
         if @resource.save
           yield @resource if block_given?
@@ -97,11 +98,11 @@ module DeviseTokenAuth
     end
 
     def sign_up_params
-      params.permit(devise_parameter_sanitizer.for(:sign_up))
+      params.permit(*params_for_resource(:sign_up))
     end
 
     def account_update_params
-      params.permit(devise_parameter_sanitizer.for(:account_update))
+      params.permit(*params_for_resource(:account_update))
     end
 
     protected
@@ -195,11 +196,11 @@ module DeviseTokenAuth
     end
 
     def validate_sign_up_params
-      validate_post_data sign_up_params, I18n.t("errors.validate_sign_up_params")
+      validate_post_data sign_up_params, I18n.t("errors.messages.validate_sign_up_params")
     end
 
     def validate_account_update_params
-      validate_post_data account_update_params, I18n.t("errors.validate_account_update_params")
+      validate_post_data account_update_params, I18n.t("errors.messages.validate_account_update_params")
     end
 
     def validate_post_data which, message

data/app/controllers/devise_token_auth/sessions_controller.rb

@@ -1,7 +1,7 @@
 # see http://www.emilsoman.com/blog/2013/05/18/building-a-tested/
 module DeviseTokenAuth
   class SessionsController < DeviseTokenAuth::ApplicationController
-    before_filter :set_user_by_token, :only => [:destroy]
+    before_action :set_user_by_token, :only => [:destroy]
     after_action :reset_session, :only => [:destroy]
 
     def new
@@ -53,7 +53,7 @@ module DeviseTokenAuth
     end
 
     def destroy
-      # remove auth instance variables so that after_filter does not run
+      # remove auth instance variables so that after_action does not run
       user = remove_instance_variable(:@resource) if @resource
       client_id = remove_instance_variable(:@client_id) if @client_id
       remove_instance_variable(:@token) if @token
@@ -141,7 +141,7 @@ module DeviseTokenAuth
     private
 
     def resource_params
-      params.permit(devise_parameter_sanitizer.for(:sign_in))
+      params.permit(*params_for_resource(:sign_in))
     end
 
   end

data/app/controllers/devise_token_auth/token_validations_controller.rb

@@ -1,7 +1,7 @@
 module DeviseTokenAuth
   class TokenValidationsController < DeviseTokenAuth::ApplicationController
-    skip_before_filter :assert_is_devise_resource!, :only => [:validate_token]
-    before_filter :set_user_by_token, :only => [:validate_token]
+    skip_before_action :assert_is_devise_resource!, :only => [:validate_token]
+    before_action :set_user_by_token, :only => [:validate_token]
 
     def validate_token
       # @resource will have been set by set_user_token concern

data/app/models/devise_token_auth/concerns/user.rb

@@ -44,6 +44,9 @@ module DeviseTokenAuth::Concerns::User
     # get rid of dead tokens
     before_save :destroy_expired_tokens
 
+    # remove old tokens if password has changed
+    before_save :remove_tokens_after_password_reset
+
     # allows user to change password without current_password
     attr_writer :allow_password_change
     def allow_password_change
@@ -178,12 +181,12 @@ module DeviseTokenAuth::Concerns::User
       last_token: last_token,
       updated_at: Time.now
     }
-	
+
     max_clients = DeviseTokenAuth.max_number_of_devices
     while self.tokens.keys.length > 0 and max_clients < self.tokens.keys.length
       oldest_token = self.tokens.min_by { |cid, v| v[:expiry] || v["expiry"] }
       self.tokens.delete(oldest_token.first)
-    end	
+    end
 
     self.save!
 
@@ -239,7 +242,7 @@ module DeviseTokenAuth::Concerns::User
   # only validate unique email among users that registered by email
   def unique_email_user
     if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
-      errors.add(:email, :already_in_use)
+      errors.add(:email, I18n.t("errors.messages.already_in_use"))
     end
   end
 
@@ -260,4 +263,15 @@ module DeviseTokenAuth::Concerns::User
     end
   end
 
+  def remove_tokens_after_password_reset
+    there_is_more_than_one_token = self.tokens && self.tokens.keys.length > 1
+    should_remove_old_tokens = DeviseTokenAuth.remove_tokens_after_password_reset &&
+                               encrypted_password_changed? && there_is_more_than_one_token
+
+    if should_remove_old_tokens
+      latest_token = self.tokens.max_by { |cid, v| v[:expiry] || v["expiry"] }
+      self.tokens = {latest_token.first => latest_token.last}
+    end
+  end
+
 end

data/app/validators/email_validator.rb

@@ -4,18 +4,18 @@ class EmailValidator < ActiveModel::EachValidator
       record.errors[attribute] << email_invalid_message
     end
   end
-  
+
   private
-  
+
   def email_invalid_message
     # Try strictly set message:
     message = options[:message]
-    
+
     if message.nil?
       # Try DeviceTokenAuth translations or fallback to ActiveModel translations
-      message = I18n.t(:'errors.not_email', default: :'errors.messages.invalid')
+      message = I18n.t(:'errors.messages.not_email', default: :'errors.messages.invalid')
     end
-    
+
     message
-  end  
+  end
 end

data/config/locales/de.yml

@@ -1,33 +1,33 @@
 de:
   devise_token_auth:
     sessions:
-      not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse %{email} gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
+      not_confirmed: "Ein E-Mail zu Bestätigung wurde an Ihre Adresse '%{email}'' gesendet. Sie müssen den Anleitungsschritten im E-Mail folgen, um Ihren Account zu aktivieren"
       bad_credentials: "Ungültige Anmeldeinformationen. Bitte versuchen Sie es erneut."
       not_supported: "Verwenden Sie POST /sign_in zur Anmeldung. GET wird nicht unterstützt."
       user_not_found: "Benutzer wurde nicht gefunden oder konnte nicht angemeldet werden."
     token_validations:
       invalid: "Ungültige Anmeldeinformationen"
     registrations:
-      missing_confirm_success_url: "Fehlender Paramter `confirm_success_url`."
-      redirect_url_not_allowed: "Weiterleitung zu %{redirect_url} ist nicht gestattet."
-      email_already_exists: "Es gibt bereits einen Account für %{email}."
-      account_with_uid_destroyed: "Account mit der uid %{uid} wurde gelöscht."
+      missing_confirm_success_url: "Fehlender Paramter 'confirm_success_url'."
+      redirect_url_not_allowed: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
+      email_already_exists: "Es gibt bereits einen Account für '%{email}'."
+      account_with_uid_destroyed: "Account mit der uid '%{uid}' wurde gelöscht."
       account_to_destroy_not_found: "Der Account, der gelöscht werden soll, kann nicht gefunden werden."
       user_not_found: "Benutzer kann nicht gefunden werden."
     passwords:
       missing_email: "Sie müssen eine E-Mail Adresse angeben."
       missing_redirect_url: "Es fehlt der URL zu Weiterleitung."
-      not_allowed_redirect_url: "Weiterleitung zu %{redirect_url} ist nicht gestattet."
-      sended: "Ein E-Mail mit Anleitung zum Rücksetzen Ihres Passwortes wurde an %{email} gesendet."
+      not_allowed_redirect_url: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
+      sended: "Ein E-Mail mit Anleitung zum Rücksetzen Ihres Passwortes wurde an '%{email}' gesendet."
       user_not_found: "Der Benutzer mit E-Mail-Adresse '%{email}' kann nicht gefunden werden."
-      password_not_required: "Dieser Account benötigt kein Passwort. Melden Sie Sich stattdessen über Ihren Account bei %{provider} an."
-      missing_passwords: 'Sie müssen die Felder "Passwort" and "Passwortbestätigung" ausfüllen.'
+      password_not_required: "Dieser Account benötigt kein Passwort. Melden Sie Sich stattdessen über Ihren Account bei '%{provider}' an."
+      missing_passwords: "Sie müssen die Felder 'Passwort' and 'Passwortbestätigung' ausfüllen."
       successfully_updated: "Ihr Passwort wurde erfolgreich aktualisiert."
   errors:
-    validate_sign_up_params: "Bitte übermitteln sie vollständige Anmeldeinformationen im Body des Requests."
-    validate_account_update_params: "Bitte übermitteln sie vollständige Informationen zur Aktualisierung im Body des Requests."
-    not_email: "ist keine E-Mail Adresse"
     messages:
+      validate_sign_up_params: "Bitte übermitteln sie vollständige Anmeldeinformationen im Body des Requests."
+      validate_account_update_params: "Bitte übermitteln sie vollständige Informationen zur Aktualisierung im Body des Requests."
+      not_email: "ist keine E-Mail Adresse"
       already_in_use: "bereits in Verwendung"
   devise:
     mailer:

data/config/locales/en.yml

@@ -1,47 +1,47 @@
 en:
   devise_token_auth:
     sessions:
-      not_confirmed: "A confirmation email was sent to your account at %{email}. You must follow the instructions in the email before your account can be activated"
+      not_confirmed: "A confirmation email was sent to your account at '%{email}'. You must follow the instructions in the email before your account can be activated"
       bad_credentials: "Invalid login credentials. Please try again."
       not_supported: "Use POST /sign_in to sign in. GET is not supported."
       user_not_found: "User was not found or was not logged in."
     token_validations:
       invalid: "Invalid login credentials"
     registrations:
-      missing_confirm_success_url: "Missing `confirm_success_url` param."
-      redirect_url_not_allowed: "Redirect to %{redirect_url} not allowed."
-      email_already_exists: "An account already exists for %{email}"
-      account_with_uid_destroyed: "Account with uid %{uid} has been destroyed."
+      missing_confirm_success_url: "Missing 'confirm_success_url' parameter."
+      redirect_url_not_allowed: "Redirect to '%{redirect_url}' not allowed."
+      email_already_exists: "An account already exists for '%{email}'"
+      account_with_uid_destroyed: "Account with UID '%{uid}' has been destroyed."
       account_to_destroy_not_found: "Unable to locate account for destruction."
       user_not_found: "User not found."
     passwords:
       missing_email: "You must provide an email address."
-      missing_redirect_url: "Missing redirect url."
-      not_allowed_redirect_url: "Redirect to %{redirect_url} not allowed."
-      sended: "An email has been sent to %{email} containing instructions for resetting your password."
+      missing_redirect_url: "Missing redirect URL."
+      not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
+      sended: "An email has been sent to '%{email}' containing instructions for resetting your password."
       user_not_found: "Unable to find user with email '%{email}'."
-      password_not_required: "This account does not require a password. Sign in using your %{provider} account instead."
-      missing_passwords: 'You must fill out the fields labeled "password" and "password confirmation".'
+      password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
+      missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
       successfully_updated: "Your password has been successfully updated."
   errors:
-    validate_sign_up_params: "Please submit proper sign up data in request body."
-    validate_account_update_params: "Please submit proper account update data in request body."
-    not_email: "is not an email"
     messages:
-      already_in_use: already in use
+      already_in_use: "already in use"
+      validate_sign_up_params: "Please submit proper sign up data in request body."
+      validate_account_update_params: "Please submit proper account update data in request body."
+      not_email: "is not an email"
   devise:
     mailer:
       confirmation_instructions:
         confirm_link_msg: "You can confirm your account email through the link below:"
-        confirm_account_link: Confirm my account
+        confirm_account_link: "Confirm my account"
       reset_password_instructions:
         request_reset_link_msg: "Someone has requested a link to change your password. You can do this through the link below."
-        password_change_link: Change my password
+        password_change_link: "Change my password"
         ignore_mail_msg: "If you didn't request this, please ignore this email."
         no_changes_msg: "Your password won't change until you access the link above and create a new one."
       unlock_instructions:
-        account_lock_msg: Your account has been locked due to an excessive number of unsuccessful sign in attempts.
+        account_lock_msg: "Your account has been locked due to an excessive number of unsuccessful sign in attempts."
         unlock_link_msg: "Click the link below to unlock your account:"
-        unlock_link: Unlock my account
-  hello: hello
-  welcome: welcome
+        unlock_link: "Unlock my account"
+  hello: "hello"
+  welcome: "welcome"

data/config/locales/es.yml

@@ -1,50 +1,50 @@
 es:
   devise_token_auth:
     sessions:
-      not_confirmed: "Un correo electrónico de confirmación de su cuenta ha sido enviado a %{email}. Por favor, siga las instrucciones para validar su cuenta"
+      not_confirmed: "Un correo electrónico de confirmación de su cuenta ha sido enviado a '%{email}'. Por favor, siga las instrucciones para validar su cuenta"
       bad_credentials: "Identidad o contraseña no válida."
       not_supported: "Use POST /sign_in para la conexión. GET no esta disponible."
       user_not_found: "Usuario desconocido o no está conectado."
     token_validations:
       invalid: "Identidad o contraseña no válida."
     registrations:
-      missing_confirm_success_url: "El parámetro `confirm_success_url` no esta presente."
-      redirect_url_not_allowed: "Redirección hacia %{redirect_url} no esta permitida."
-      email_already_exists: "Una cuenta ya existe con este correo electrónico: %{email}"
-      account_with_uid_destroyed: "La cuenta con el identificador %{uid} se ha eliminado."
+      missing_confirm_success_url: "El parámetro 'confirm_success_url' no esta presente."
+      redirect_url_not_allowed: "Redirección hacia '%{redirect_url}' no esta permitida."
+      email_already_exists: "Una cuenta ya existe con este correo electrónico '%{email}'"
+      account_with_uid_destroyed: "La cuenta con el identificador '%{uid}' se ha eliminado."
       account_to_destroy_not_found: "No se puede encontrar la cuenta a borrar."
       user_not_found: "Usuario no encontrado."
     passwords:
       missing_email: "Debe incluir un correo electrónico."
       missing_redirect_url: "Falta el Url de redirección."
-      not_allowed_redirect_url: "Redirección hacia %{redirect_url} no esta permitida."
-      sended: "Un correo electrónico ha sido enviado a %{email} con las instrucciones para restablecer su contraseña."
-      user_not_found: "No se pudo encontrar un usuario con este correo electrónico: '%{email}'."
-      password_not_required: "Esta cuenta no requiere contraseña. Iniciar sesión utilizando %{provider}."
-      missing_passwords: 'Debe llenar los campos "contraseña" y "confirmación de contraseña".'
+      not_allowed_redirect_url: "Redirección hacia '%{redirect_url}' no esta permitida."
+      sended: "Un correo electrónico ha sido enviado a '%{email}' con las instrucciones para restablecer su contraseña."
+      user_not_found: "No se pudo encontrar un usuario con este correo electrónico '%{email}'."
+      password_not_required: "Esta cuenta no requiere contraseña. Iniciar sesión utilizando '%{provider}'."
+      missing_passwords: "Debe llenar los campos 'Contraseña' y 'Confirmación de contraseña'."
       successfully_updated: "Su contraseña ha sido actualizada con éxito."
   errors:
-    validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
-    validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
-    not_email: "no es un correo electrónico"
     messages:
-      already_in_use: ya ha sido ocupado
+      validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
+      validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
+      not_email: "no es un correo electrónico"
+      already_in_use: "ya ha sido ocupado"
   devise:
     mailer:
       confirmation_instructions:
-        subject: Instrucciones de confirmación
+        subject: "Instrucciones de confirmación"
         confirm_link_msg: "Para confirmar su cuenta ingrese en el siguiente link:"
-        confirm_account_link: Confirmar cuenta
+        confirm_account_link: "Confirmar cuenta"
       reset_password_instructions:
-        subject: Instrucciones para restablecer su contraseña
+        subject: "Instrucciones para restablecer su contraseña"
         request_reset_link_msg: "Ha solicitado un cambio de contraseña. Para continuar ingrese en el siguiente link:"
-        password_change_link: Cambiar contraseña
-        ignore_mail_msg: Por favor ignore este mensaje si no ha solicitado esta acción.
+        password_change_link: "Cambiar contraseña"
+        ignore_mail_msg: "Por favor ignore este mensaje si no ha solicitado esta acción."
         no_changes_msg: "Importante: Su contraseña no será actualizada a menos que ingrese en el link."
       unlock_instructions:
-        subject: Instrucciones de desbloqueo
-        account_lock_msg: Su cuenta ha sido bloqueada debido a sucesivos intentos de ingresos fallidos
+        subject: "Instrucciones de desbloqueo"
+        account_lock_msg: "Su cuenta ha sido bloqueada debido a sucesivos intentos de ingresos fallidos"
         unlock_link_msg: "Para desbloquear su cuenta ingrese en el siguiente link:"
-        unlock_link: Desbloquear cuenta  
-  hello: hola
-  welcome: bienvenido
+        unlock_link: "Desbloquear cuenta"
+  hello: "hola"
+  welcome: "bienvenido"

data/config/locales/fr.yml

@@ -1,34 +1,34 @@
 fr:
   devise_token_auth:
     sessions:
-      not_confirmed: "Un e-mail de confirmation de votre compte a été envoyé à %{email}. Merci de suivre les instructions afin de valider votre compte"
+      not_confirmed: "Un e-mail de confirmation de votre compte a été envoyé à '%{email}'. Merci de suivre les instructions afin de valider votre compte"
       bad_credentials: "Mot de passe ou identifiant invalide."
       not_supported: "Utilisez POST /sign_in pour la connexion. GET n'est pas supporté."
       user_not_found: "L'utilisateur est inconnu ou n'est pas connecté."
     token_validations:
       invalid: "Mot de passe ou identifiant invalide."
     registrations:
-      missing_confirm_success_url: "Le paramètre `confirm_success_url` est manquant."
-      redirect_url_not_allowed: "Redirection vers %{redirect_url} n'est pas autorisée."
-      email_already_exists: "Un compte existe déjà avec cette addresse e-mail: %{email}"
-      account_with_uid_destroyed: "Le compte avec l'identifiant %{uid} a été supprimé."
+      missing_confirm_success_url: "Le paramètre 'confirm_success_url' est manquant."
+      redirect_url_not_allowed: "Redirection vers '%{redirect_url}' n'est pas autorisée."
+      email_already_exists: "Un compte existe déjà avec l'adresse e-mail suivante '%{email}'"
+      account_with_uid_destroyed: "Le compte avec l'identifiant '%{uid}' a été supprimé."
       account_to_destroy_not_found: "Le compte à supprimer est introuvable."
       user_not_found: "Utilisateur introuvable."
     passwords:
       missing_email: "Vous devez soumettre un e-mail."
       missing_redirect_url: "URL de redirection manquante."
-      not_allowed_redirect_url: "Redirection vers %{redirect_url} n'est pas autorisée."
-      sended: "Un e-mail a été envoyé à %{email} avec les instructions de réinitialisation du mot de passe."
-      user_not_found: "Impossible de trouver l'utilisateur avec l'adresse e-mail: '%{email}'."
-      password_not_required: "Ce compte ne demande pas de mot de passe. Connectez vous en utilisant %{provider}."
-      missing_passwords: 'Vous devez remplir les champs "mot de passe" et "confirmation de mot de passe".'
+      not_allowed_redirect_url: "Redirection vers '%{redirect_url}' n'est pas autorisée."
+      sended: "Un e-mail a été envoyé à '%{email}' avec les instructions de réinitialisation du mot de passe."
+      user_not_found: "Impossible de trouver l'utilisateur avec l'adresse e-mail suivante '%{email}'."
+      password_not_required: "Ce compte ne demande pas de mot de passe. Connectez vous en utilisant '%{provider}'."
+      missing_passwords: "Vous devez remplir les champs 'Mot de passe' et 'Confirmation de mot de passe'."
       successfully_updated: "Votre mot de passe a été correctement mis à jour."
   errors:
-    validate_sign_up_params: "Les données d'inscription dans le corps de la requête ne sont pas valides."
-    validate_account_update_params: "Les données de mise à jour dans le corps de la requête ne sont pas valides."
-    not_email: "n'est pas une adresse e-mail"
     messages:
-      already_in_use: "déjà utilisé"
+      already_in_use: "déjà utilisé(e)"
+      validate_sign_up_params: "Les données d'inscription dans le corps de la requête ne sont pas valides."
+      validate_account_update_params: "Les données de mise à jour dans le corps de la requête ne sont pas valides."
+      not_email: "n'est pas une adresse e-mail"
   devise:
     mailer:
       confirmation_instructions:
@@ -43,8 +43,8 @@ fr:
         no_changes_msg: "Votre mot de passe ne changera pas tant que vous n'accédez pas au lien ci-dessus pour en créer un nouveau."
       unlock_instructions:
         subject: "Instructions de déblocage"
-        account_lock_msg: "Votre compte a été bloqué en raison de nombreuses tentatives de connection erronées."
+        account_lock_msg: "Votre compte a été bloqué en raison de nombreuses tentatives de connexion erronées."
         unlock_link_msg: "Cliquez sur le lien ci-dessous pour déverrouiller votre compte:"
         unlock_link: "Déverrouiller mon compte"
-  hello: bonjour
-  welcome: bienvenue
+  hello: "bonjour"
+  welcome: "bienvenue"