devise_token_auth 0.1.37.beta4 → 0.1.37

data/config/locales/pl.yml

@@ -1,27 +1,27 @@
 pl:
   devise_token_auth:
     sessions:
-      not_confirmed: "Wiadomość z potwierdzeniem Twojego konta została wysłana na %{email}. Proszę postępować zgodnie z wskazówkami znajdującymi się w wiadomości celem aktywacji konta."
+      not_confirmed: "Wiadomość z potwierdzeniem Twojego konta została wysłana na '%{email}'. Proszę postępować zgodnie z wskazówkami znajdującymi się w wiadomości celem aktywacji konta."
       bad_credentials: "Nieprawidłowe dane logowania. Proszę spróbować ponownie."
       not_supported: "Proszę użyć POST /sign_in do zalogowania. GET nie jest obsługiwany."
       user_not_found: "Użytkownik nie został odnaleziony lub nie jest zalogowany."
     token_validations:
       invalid: "Nieprawidłowe dane logowania."
     registrations:
-      missing_confirm_success_url: "Brak parametru `confirm_success_url`."
-      redirect_url_not_allowed: "Przekierowanie na adres %{redirect_url} nie jest dozwolone."
-      email_already_exists: "Konto z adresem %{email} już istnieje."
-      account_with_uid_destroyed: "Konto z uid %{uid} zostało usunięte."
+      missing_confirm_success_url: "Brak parametru 'confirm_success_url'."
+      redirect_url_not_allowed: "Przekierowanie na adres '%{redirect_url}' nie jest dozwolone."
+      email_already_exists: "Konto z adresem '%{email}' już istnieje."
+      account_with_uid_destroyed: "Konto z uid '%{uid}' zostało usunięte."
       account_to_destroy_not_found: "Nie odnaleziono konta do usunięcia."
       user_not_found: "Użytkownik nie został odnaleziony."
     passwords:
       missing_email: "Musisz wprowadzić adres e-mail."
       missing_redirect_url: "Brak adresu zwrotnego."
-      not_allowed_redirect_url: "Przekierowanie na adres %{redirect_url} nie jest dozwolone."
-      sended: "Wiadomość wysłana na adres %{email} zawiera instrukcje dotyczące zmiany hasła."
+      not_allowed_redirect_url: "Przekierowanie na adres '%{redirect_url}' nie jest dozwolone."
+      sended: "Wiadomość wysłana na adres '%{email}' zawiera instrukcje dotyczące zmiany hasła."
       user_not_found: "Nie odnaleziono użytkownika o adresie '%{email}'."
-      password_not_required: "To konto nie wymaga podania hasła. Zaloguj się używając konta %{provider}."
-      missing_passwords: 'Musisz wypełnić wszystkie pola z etykietą "hasło" oraz "potwierdzenie hasła".'
+      password_not_required: "To konto nie wymaga podania hasła. Zaloguj się używając konta '%{provider}'."
+      missing_passwords: "Musisz wypełnić wszystkie pola z etykietą 'Hasło' oraz 'Potwierdzenie hasła'."
       successfully_updated: "Twoje hasło zostało zaktualizowane."
   errors:
     validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
@@ -37,14 +37,14 @@ pl:
         confirm_account_link: "Potwierdź swoje konto"
       reset_password_instructions:
         subject: "Instrukcje resetowania hasła"
-        request_reset_link_msg: "Ktoś o link do zmiany hasła . Można to zrobić za pośrednictwem linku poniżej ."
+        request_reset_link_msg: "Ktoś o link do zmiany hasła. Można to zrobić za pośrednictwem linku poniżej."
         password_change_link: "Zmień hasło"
-        ignore_mail_msg: "Jeśli jej nie potrzebuję , zignoruj ​​tę wiadomość."
-        no_changes_msg: "Twoje hasło nie zmieni , dopóki dostęp powyższy link i utwórz nowy ."
+        ignore_mail_msg: "Jeśli jej nie potrzebuję, zignoruj ​​tę wiadomość."
+        no_changes_msg: "Twoje hasło nie zmieni, dopóki dostęp powyższy link i utwórz nowy."
       unlock_instructions:
         subject: "Instrukcje do odblokowania"
-        account_lock_msg: "Twoje konto zostało zablokowane z powodu zbyt dużej liczby nieudanych znak w próbach ."
+        account_lock_msg: "Twoje konto zostało zablokowane z powodu zbyt dużej liczby nieudanych znak w próbach."
         unlock_link_msg: "Kliknij poniższy link, aby odblokować konto :"
         unlock_link: "Odblokować konto"
-  hello: halo
-  welcome: witam
+  hello: "halo"
+  welcome: "witam"

data/config/locales/pt-BR.yml

@@ -8,41 +8,38 @@ pt-BR:
     token_validations:
       invalid: "Dados de login inválidos."
     registrations:
-      missing_confirm_success_url: "Parâmetro `confirm_success_url` não informado."
-      redirect_url_not_allowed: "Redirecionamento para %{redirect_url} não permitido."
-      email_already_exists: "Já existe uma conta com o email %{email}."
-      account_with_uid_destroyed: "A conta com uid %{uid} foi excluída."
+      missing_confirm_success_url: "Parâmetro 'confirm_success_url' não informado."
+      redirect_url_not_allowed: "Redirecionamento para '%{redirect_url}' não permitido."
+      email_already_exists: "Já existe uma conta com o email '%{email}'."
+      account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Usuário não encontrado."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."
-      not_allowed_redirect_url: "Redirecionamento para %{redirect_url} não permitido."
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
       sended: "Você receberá um e-mail com instruções sobre como redefinir sua senha."
       user_not_found: "Não existe um usuário com o e-mail '%{email}'."
-      password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando %{provider}."
+      password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando '%{provider}'."
       missing_passwords: 'Preencha a senha e a confirmação de senha.'
       successfully_updated: "Senha atualizada com sucesso."
   errors:
-    validate_sign_up_params: "Os dados submetidos na requisição de cadastro são inválidos."
-    validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
-    not_email: "não é um e-mail"
     messages:
       already_in_use: "em uso"
+      validate_sign_up_params: "Os dados submetidos na requisição de cadastro são inválidos."
+      validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
+      not_email: "não é um e-mail"
   devise:
     mailer:
       confirmation_instructions:
-        subject: "Instruções de confirmação"
         confirm_link_msg: "Você pode confirmar a sua conta de e-mail através do link abaixo :"
         confirm_account_link: "Confirme conta"
       reset_password_instructions:
-        subject: "Instruções para redefinir sua senha"
         request_reset_link_msg: "Alguém pediu um link para mudar sua senha. Você pode fazer isso através do link abaixo "
         password_change_link: "Alterar a senha"
         ignore_mail_msg: "Se você não pediu isso, por favor, ignore este e-mail."
         no_changes_msg: "Sua senha não será alterada até que você acessar o link acima e criar um novo."
       unlock_instructions:
-        subject: "Instruções de desbloqueio"
         account_lock_msg: "A sua conta foi bloqueada devido a um número excessivo de sinal de sucesso em tentativas."
         unlock_link_msg: "Clique no link abaixo para desbloquear sua conta:"
         unlock_link: "Desbloquear minha conta"

data/config/locales/pt.yml

@@ -8,20 +8,20 @@ pt:
     token_validations:
       invalid: "Dados de login inválidos."
     registrations:
-      missing_confirm_success_url: "Parâmetro `confirm_success_url` não informado."
-      redirect_url_not_allowed: "Redirecionamento para %{redirect_url} não permitido."
-      email_already_exists: "Já existe uma conta com o email %{email}."
-      account_with_uid_destroyed: "A conta com uid %{uid} foi excluída."
+      missing_confirm_success_url: "Parâmetro 'confirm_success_url' não informado."
+      redirect_url_not_allowed: "Redirecionamento para '%{redirect_url}' não permitido."
+      email_already_exists: "Já existe uma conta com o email '%{email}'."
+      account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Utilizador não encontrado."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."
-      not_allowed_redirect_url: "Redirecionamento para %{redirect_url} não permitido."
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
       sended: "Você receberá um e-mail com instruções sobre como redefinir sua senha."
       user_not_found: "Não existe um utilizador com o e-mail '%{email}'."
-      password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando %{provider}."
-      missing_passwords: 'Preencha a senha e a confirmação de senha.'
+      password_not_required: "Esta conta não necessita de uma senha. Faça login utilizando '%{provider}'."
+      missing_passwords: "Preencha a senha e a confirmação de senha."
       successfully_updated: "Senha atualizada com sucesso."
   errors:
     validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."

data/config/locales/ru.yml

@@ -1,27 +1,27 @@
 ru:
   devise_token_auth:
     sessions:
-      not_confirmed: "Письмо с подтверждением Вашей учетной записи %{email} отправлено на электронную почту. Вы должны следовать инструкциям, приведенным в письме, прежде чем Ваша учетная запись сможет быть активирована"
+      not_confirmed: "Письмо с подтверждением Вашей учетной записи '%{email}' отправлено на электронную почту. Вы должны следовать инструкциям, приведенным в письме, прежде чем Ваша учетная запись сможет быть активирована"
       bad_credentials: "Неверные логин или пароль. Пожалуйста, попробуйте еще раз."
       not_supported: "Используйте POST /sign_in для входа. GET запросы не поддерживаются."
       user_not_found: "Пользователь не найден или не вошел."
     token_validations:
-      invalid: "Неверные данные для входа"
+      invalid: "Неверные логин или пароль."
     registrations:
-      missing_confirm_success_url: "Отсутствует параметр `confirm_success_url`."
-      redirect_url_not_allowed: "Переадресация на %{redirect_url} не разрешена."
-      email_already_exists: "Учетная запись для %{email} уже существует"
-      account_with_uid_destroyed: "Учетная запись с uid %{uid} удалена."
+      missing_confirm_success_url: "Отсутствует параметр 'confirm_success_url'."
+      redirect_url_not_allowed: "Переадресация на '%{redirect_url}' не разрешена."
+      email_already_exists: "Учетная запись для '%{email}' уже существует"
+      account_with_uid_destroyed: "Учетная запись с uid '%{uid}' удалена."
       account_to_destroy_not_found: "Не удается найти учетную запись для удаления."
       user_not_found: "Пользователь не найден."
     passwords:
       missing_email: "Вы должны указать адрес электронной почты."
       missing_redirect_url: "Отсутствует адрес переадресации."
-      not_allowed_redirect_url: "Переадресация на %{redirect_url} не разрешена."
-      sended: "Инструкция по восстановлению пароля отправлена на Вашу электронную почту %{email}."
+      not_allowed_redirect_url: "Переадресация на '%{redirect_url}' не разрешена."
+      sended: "Инструкция по восстановлению пароля отправлена на Вашу электронную почту '%{email}'."
       user_not_found: "Не удается найти пользователя с электронной почтой '%{email}'."
-      password_not_required: "Эта учетная запись не требует пароля. Войдите используя учетную запись %{provider}."
-      missing_passwords: 'Вы должны заполнить поля "пароль" и "повторите пароль".'
+      password_not_required: "Эта учетная запись не требует пароля. Войдите используя учетную запись '%{provider}'."
+      missing_passwords: "Вы должны заполнить поля 'пароль' и 'повторите пароль'."
       successfully_updated: "Ваш пароль успешно обновлён."
   errors:
     validate_sign_up_params: "Пожалуйста, укажите надлежащие данные для регистрации в теле запроса."
@@ -34,18 +34,18 @@ ru:
       confirmation_instructions:
         subject: "Инструкции подтверждения"
         confirm_link_msg: "Вы можете подтвердить ваш адрес электронной почты через ссылку ниже :"
-        confirm_account_link: Подтвердите свой ​​счет
+        confirm_account_link: "Подтвердить свою учетную запись"
       reset_password_instructions:
         subject: "Инструкции для восстановления пароля"
-        request_reset_link_msg: "Кто-то просил ссылку , чтобы изменить пароль . Вы можете сделать это через ссылку ниже."
+        request_reset_link_msg: "Кто-то запросил ссылку на изменение пароля. Вы можете сделать это через ссылку ниже."
         password_change_link: "Изменить пароль"
-        ignore_mail_msg: "If you didn't request this, please ignore this email."
-        no_changes_msg: "Ваш пароль не изменится, пока вы не открыть ссылку выше и создать новый."
+        ignore_mail_msg: "Если Вы не запрашивали это, Вы можете проигнорировать это письмо." 
+        no_changes_msg: "Ваш пароль не изменится, пока вы не откроете ссылку выше и не создадите новый пароль."
       unlock_instructions:
         subject: "Разблокировать Инструкции"
-        account_lock_msg: "Ваш аккаунт был заблокирован из-за чрезмерного количества неудачных попыток в знак ."
-        unlock_link_msg: "Нажмите на ссылку ниже, чтобы разблокировать свой ​​аккаунт :"
-        unlock_link: "Открой свой ​​аккаунт"  
+        account_lock_msg: "Ваш аккаунт был заблокирован из-за чрезмерного количества неудачных попыток входа."
+        unlock_link_msg: "Нажмите на ссылку ниже, чтобы разблокировать свой аккаунт:"
+        unlock_link: "Разблокировать мою учетную запись"
   hello: "Здравствуйте"
-  welcome: "Добро пожаловат"
+  welcome: "Добро пожаловать"
 

data/config/locales/zh-HK.yml

@@ -0,0 +1,49 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+zh-TW:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "您將在幾分鐘後收到一封電子郵件'%{email}'，內有驗證帳號的步驟說明。"
+      bad_credentials: "不正確的登入資料。請重試。"
+      not_supported: "請使用 POST /sign_in 進行登入. GET 是不支援的."
+      user_not_found: "未能找到帳號或未能成功登入。"
+    token_validations:
+      invalid: "不正確的登入資料。"
+    registrations:
+      missing_confirm_success_url: "欠缺數值 'confirm_success_url'"
+      redirect_url_not_allowed: "不支援轉向到'%{redirect_url}'"
+      email_already_exists: "電郵'%{email}'已被使用"
+      account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
+      account_to_destroy_not_found: "無法找到目標帳號。"
+      user_not_found: "找不到帳號。"
+    passwords:
+      missing_email: "必需提供電郵。"
+      missing_redirect_url: "欠缺 redirect URL."
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
+      sended: "您將在幾分鐘後收到一封電子郵件'%{email}，內含可重新設定密碼連結的電子郵件。"
+      user_not_found: "找不到帳號 '%{email}'。"
+      password_not_required: "這不是一個需要密碼的帳號. 請使用 '%{provider}' 進行登入"
+      missing_passwords: "必需填寫'密碼'與'確認密碼'。"
+      successfully_updated: "您的密碼已被修改。"
+  errors:
+    messages:
+      already_in_use: "已被使用。"
+      validate_sign_up_params: "請在request body中填入有效的註冊內容"
+      validate_account_update_params: "請在request body中填入有效的更新帳號資料"
+      not_email: "這不是一個合適的電郵。"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "可以使用下面連結確定你的電郵"
+        confirm_account_link: "確定你的帳號"
+      reset_password_instructions:
+        request_reset_link_msg: "已申請修改您的密碼，你可以用下面連結進入"
+        password_change_link: "修改我的密碼"
+        ignore_mail_msg: "如你沒有申請，請忽略"
+        no_changes_msg: "在你點擊上面連結前，你的密碼都沒有改變"
+      unlock_instructions:
+        account_lock_msg: "由於多失敗登入，我們已鎖定你的帳號"
+        unlock_link_msg: "可以使用下面連結解鎖你的帳號"
+        unlock_link: "解鎖帳號"
+  hello: "你好"
+  welcome: "歡迎"

data/config/locales/zh-TW.yml

@@ -0,0 +1,49 @@
+# Additional translations at https://github.com/plataformatec/devise/wiki/I18n
+
+zh-TW:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "您將在幾分鐘後收到一封電子郵件'%{email}'，內有驗證帳號的步驟說明。"
+      bad_credentials: "不正確的登入資料。請重試。"
+      not_supported: "請使用 POST /sign_in 進行登入. GET 是不支援的."
+      user_not_found: "未能找到帳號或未能成功登入。"
+    token_validations:
+      invalid: "不正確的登入資料。"
+    registrations:
+      missing_confirm_success_url: "欠缺數值 'confirm_success_url'"
+      redirect_url_not_allowed: "不支援轉向到'%{redirect_url}'"
+      email_already_exists: "電郵'%{email}'已被使用"
+      account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
+      account_to_destroy_not_found: "無法找到目標帳號。"
+      user_not_found: "找不到帳號。"
+    passwords:
+      missing_email: "必需提供電郵。"
+      missing_redirect_url: "欠缺 redirect URL."
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
+      sended: "您將在幾分鐘後收到一封電子郵件'%{email}，內含可重新設定密碼連結的電子郵件。"
+      user_not_found: "找不到帳號 '%{email}'。"
+      password_not_required: "這不是一個需要密碼的帳號. 請使用 '%{provider}' 進行登入"
+      missing_passwords: "必需填寫'密碼'與'確認密碼'。"
+      successfully_updated: "您的密碼已被修改。"
+  errors:
+    messages:
+      already_in_use: "已被使用。"
+      validate_sign_up_params: "請在request body中填入有效的註冊內容"
+      validate_account_update_params: "請在request body中填入有效的更新帳號資料"
+      not_email: "這不是一個合適的電郵。"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "可以使用下面連結確定你的電郵"
+        confirm_account_link: "確定你的帳號"
+      reset_password_instructions:
+        request_reset_link_msg: "已申請修改您的密碼，你可以用下面連結進入"
+        password_change_link: "修改我的密碼"
+        ignore_mail_msg: "如你沒有申請，請忽略"
+        no_changes_msg: "在你點擊上面連結前，你的密碼都沒有改變"
+      unlock_instructions:
+        account_lock_msg: "由於多失敗登入，我們已鎖定你的帳號"
+        unlock_link_msg: "可以使用下面連結解鎖你的帳號"
+        unlock_link: "解鎖帳號"
+  hello: "你好"
+  welcome: "歡迎"

data/lib/devise_token_auth/controllers/helpers.rb

@@ -21,8 +21,8 @@ module DeviseTokenAuth
         #     current_bloggers       # Currently signed in user and admin
         #
         #   Use:
-        #     before_filter :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
-        #     before_filter ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
+        #     before_action :authenticate_blogger!              # Redirects unless either a user or an admin are authenticated
+        #     before_action ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
         #     current_blogger :user                             # Preferably returns a User if one is signed in
         #
         def devise_token_auth_group(group_name, opts={})
@@ -61,7 +61,9 @@ module DeviseTokenAuth
               end.compact
             end
 
-            helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+            if respond_to?(:helper_method)
+              helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?"
+            end
           METHODS
         end
 
@@ -72,7 +74,7 @@ module DeviseTokenAuth
       end
 
       # Define authentication filters and accessor helpers based on mappings.
-      # These filters should be used inside the controllers as before_filters,
+      # These filters should be used inside the controllers as before_actions,
       # so you can control the scope of the user who should be signed in to
       # access that specific controller/action.
       # Example:
@@ -92,8 +94,8 @@ module DeviseTokenAuth
       #     admin_session       # Session data available only to the admin scope
       #
       #   Use:
-      #     before_filter :authenticate_user!  # Tell devise to use :user map
-      #     before_filter :authenticate_admin! # Tell devise to use :admin map
+      #     before_action :authenticate_user!  # Tell devise to use :user map
+      #     before_action :authenticate_admin! # Tell devise to use :admin map
       #
       def self.define_helpers(mapping) #:nodoc:
         mapping = mapping.name
@@ -121,7 +123,9 @@ module DeviseTokenAuth
         METHODS
 
         ActiveSupport.on_load(:action_controller) do
-          helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+          if respond_to?(:helper_method)
+            helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session"
+          end
         end
       end
     end

data/lib/devise_token_auth/engine.rb

@@ -18,7 +18,8 @@ module DeviseTokenAuth
                  :default_password_reset_url,
                  :redirect_whitelist,
                  :check_current_password_before_update,
-                 :enable_standard_devise_support
+                 :enable_standard_devise_support,
+                 :remove_tokens_after_password_reset
 
   self.change_headers_on_each_request       = true
   self.max_number_of_devices                = 10
@@ -30,6 +31,7 @@ module DeviseTokenAuth
   self.redirect_whitelist                   = nil
   self.check_current_password_before_update = false
   self.enable_standard_devise_support       = false
+  self.remove_tokens_after_password_reset   = false
 
   def self.setup(&block)
     yield self

data/lib/devise_token_auth/rails/routes.rb

@@ -33,6 +33,9 @@ module ActionDispatch::Routing
         # get full url path as if it were namespaced
         full_path = "#{@scope[:path]}/#{opts[:at]}"
 
+        # get namespace name
+        namespace_name = @scope[:as]
+
         # clear scope so controller routes aren't namespaced
         @scope = ActionDispatch::Routing::Mapper::Scope.new(
           path:         "",
@@ -43,7 +46,10 @@ module ActionDispatch::Routing
           parent:       nil
         )
 
-        devise_scope resource.underscore.gsub('/', '_').to_sym do
+        mapping_name = resource.underscore.gsub('/', '_')
+        mapping_name = "#{namespace_name}_#{mapping_name}" if namespace_name
+
+        devise_scope mapping_name.to_sym do
           # path to verify token validity
           get "#{full_path}/validate_token", controller: "#{token_validations_ctrl}", action: "validate_token"
 

data/lib/devise_token_auth/version.rb

@@ -1,3 +1,3 @@
 module DeviseTokenAuth
-  VERSION = "0.1.37.beta4"
+  VERSION = "0.1.37"
 end

data/lib/generators/devise_token_auth/templates/devise_token_auth.rb

@@ -24,7 +24,7 @@ DeviseTokenAuth.setup do |config|
   # redirect successful authentications to '/omniauth/github/callback'
   # config.omniauth_prefix = "/omniauth"
 
-  # By defult sending current password is not needed for the password update.
+  # By default sending current password is not needed for the password update.
   # Uncomment to enforce current_password param to be checked before all
   # attribute updates. Set it to :password if you want it to be checked only if
   # password is updated.
@@ -34,4 +34,4 @@ DeviseTokenAuth.setup do |config|
   # If, however, you wish to integrate with legacy Devise authentication, you can
   # do so by enabling this flag. NOTE: This feature is highly experimental!
   # enable_standard_devise_support = false
-end
+end

data/test/controllers/demo_user_controller_test.rb

@@ -284,6 +284,48 @@ class DemoUserControllerTest < ActionDispatch::IntegrationTest
         end
       end
 
+      describe 'successful password change' do
+        before do
+          DeviseTokenAuth.remove_tokens_after_password_reset = true
+
+          # adding one more token to simulate another logged in device
+          @old_auth_headers = @auth_headers
+          @auth_headers = @resource.create_new_auth_token
+          age_token(@resource, @client_id)
+          assert @resource.tokens.count > 1
+
+          # password changed from new device
+          @resource.update_attributes({
+            password: 'newsecret123',
+            password_confirmation: 'newsecret123'
+          })
+
+          get '/demo/members_only', {}, @auth_headers
+        end
+
+        after do
+          DeviseTokenAuth.remove_tokens_after_password_reset = false
+        end
+
+        it 'should have only one token' do
+          assert_equal 1, @resource.tokens.count
+        end
+
+        it 'new request should be successful' do
+          assert 200, response.status
+        end
+
+        describe 'another device should not be abble to login' do
+
+          it 'should return forbidden status' do
+            get '/demo/members_only', {}, @old_auth_headers
+            assert 401, response.status
+          end
+          
+        end
+
+      end
+
     end
 
     describe 'enable_standard_devise_support' do