devise_token_auth 0.1.43 → 1.2.0

data/test/dummy/db/migrate/20141222035835_devise_token_auth_create_only_email_users.rb

@@ -1,14 +1,16 @@
+# frozen_string_literal: true
+
 include MigrationDatabaseHelper
 
 class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:only_email_users) do |t|
       ## Required
-      t.string :provider, :null => false
-      t.string :uid, :null => false, :default => ""
+      t.string :provider, null: false
+      t.string :uid, null: false, default: ''
 
       ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :encrypted_password, null: false, default: ''
 
       ## Recoverable
       #t.string   :reset_password_token
@@ -17,13 +19,6 @@ class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       #t.datetime :remember_created_at
 
-      ## Trackable
-      #t.integer  :sign_in_count, :default => 0, :null => false
-      #t.datetime :current_sign_in_at
-      #t.datetime :last_sign_in_at
-      #t.string   :current_sign_in_ip
-      #t.string   :last_sign_in_ip
-
       ## Confirmable
       #t.string   :confirmation_token
       #t.datetime :confirmed_at
@@ -52,7 +47,7 @@ class DeviseTokenAuthCreateOnlyEmailUsers < ActiveRecord::Migration[4.2]
     end
 
     add_index :only_email_users, :email
-    add_index :only_email_users, [:uid, :provider],     :unique => true
+    add_index :only_email_users, [:uid, :provider],     unique: true
     #add_index :only_email_users, :reset_password_token, :unique => true
     # add_index :only_email_users, :confirmation_token,   :unique => true
     # add_index :only_email_users, :unlock_token,         :unique => true

data/test/dummy/db/migrate/20141222053502_devise_token_auth_create_unregisterable_users.rb

@@ -1,30 +1,25 @@
+# frozen_string_literal: true
+
 include MigrationDatabaseHelper
 
 class DeviseTokenAuthCreateUnregisterableUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:unregisterable_users) do |t|
       ## Required
-      t.string :provider, :null => false
-      t.string :uid, :null => false, :default => ""
+      t.string :provider, null: false
+      t.string :uid, null: false, default: ''
 
       ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :encrypted_password, null: false, default: ''
 
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.boolean  :allow_password_change, :default => false
+      t.boolean  :allow_password_change, default: false
 
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -53,8 +48,8 @@ class DeviseTokenAuthCreateUnregisterableUsers < ActiveRecord::Migration[4.2]
     end
 
     add_index :unregisterable_users, :email
-    add_index :unregisterable_users, [:uid, :provider],     :unique => true
-    add_index :unregisterable_users, :reset_password_token, :unique => true
+    add_index :unregisterable_users, [:uid, :provider],     unique: true
+    add_index :unregisterable_users, :reset_password_token, unique: true
     # add_index :unregisterable_users, :confirmation_token,   :unique => true
     # add_index :unregisterable_users, :unlock_token,         :unique => true
   end

data/test/dummy/db/migrate/20150708104536_devise_token_auth_create_unconfirmable_users.rb

@@ -1,30 +1,25 @@
+# frozen_string_literal: true
+
 include MigrationDatabaseHelper
 
 class DeviseTokenAuthCreateUnconfirmableUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:unconfirmable_users) do |t|
       ## Required
-      t.string :provider, :null => false
-      t.string :uid, :null => false, :default => ""
+      t.string :provider, null: false
+      t.string :uid, null: false, default: ''
 
       ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :encrypted_password, null: false, default: ''
 
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.boolean  :allow_password_change, :default => false
+      t.boolean  :allow_password_change, default: false
 
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       # t.string   :confirmation_token
       # t.datetime :confirmed_at
@@ -53,8 +48,8 @@ class DeviseTokenAuthCreateUnconfirmableUsers < ActiveRecord::Migration[4.2]
     end
 
     add_index :unconfirmable_users, :email
-    add_index :unconfirmable_users, [:uid, :provider],     :unique => true
-    add_index :unconfirmable_users, :reset_password_token, :unique => true
+    add_index :unconfirmable_users, [:uid, :provider],     unique: true
+    add_index :unconfirmable_users, :reset_password_token, unique: true
     # add_index :nice_users, :confirmation_token,   :unique => true
     # add_index :nice_users, :unlock_token,         :unique => true
   end

data/test/dummy/db/migrate/20160103235141_devise_token_auth_create_scoped_users.rb

@@ -1,30 +1,25 @@
+# frozen_string_literal: true
+
 include MigrationDatabaseHelper
 
 class DeviseTokenAuthCreateScopedUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:scoped_users) do |t|
       ## Required
-      t.string :provider, :null => false
-      t.string :uid, :null => false, :default => ""
+      t.string :provider, null: false
+      t.string :uid, null: false, default: ''
 
       ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :encrypted_password, null: false, default: ''
 
       ## Recoverable
       t.string   :reset_password_token
       t.datetime :reset_password_sent_at
-      t.boolean  :allow_password_change, :default => false
+      t.boolean  :allow_password_change, default: false
 
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -53,8 +48,8 @@ class DeviseTokenAuthCreateScopedUsers < ActiveRecord::Migration[4.2]
     end
 
     add_index :scoped_users, :email
-    add_index :scoped_users, [:uid, :provider],     :unique => true
-    add_index :scoped_users, :reset_password_token, :unique => true
+    add_index :scoped_users, [:uid, :provider],     unique: true
+    add_index :scoped_users, :reset_password_token, unique: true
     # add_index :scoped_users, :confirmation_token,   :unique => true
     # add_index :scoped_users, :unlock_token,         :unique => true
   end

data/test/dummy/db/migrate/20160629184441_devise_token_auth_create_lockable_users.rb

@@ -1,14 +1,16 @@
+# frozen_string_literal: true
+
 include MigrationDatabaseHelper
 
 class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
   def change
     create_table(:lockable_users) do |t|
       ## Required
-      t.string :provider, :null => false
-      t.string :uid, :null => false, :default => ""
+      t.string :provider, null: false
+      t.string :uid, null: false, default: ''
 
       ## Database authenticatable
-      t.string :encrypted_password, :null => false, :default => ""
+      t.string :encrypted_password, null: false, default: ''
 
       ## Recoverable
       # t.string   :reset_password_token
@@ -18,13 +20,6 @@ class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
       ## Rememberable
       # t.datetime :remember_created_at
 
-      ## Trackable
-      # t.integer  :sign_in_count, :default => 0, :null => false
-      # t.datetime :current_sign_in_at
-      # t.datetime :last_sign_in_at
-      # t.string   :current_sign_in_ip
-      # t.string   :last_sign_in_ip
-
       ## Confirmable
       # t.string   :confirmation_token
       # t.datetime :confirmed_at
@@ -32,7 +27,7 @@ class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
       # t.string   :unconfirmed_email # Only if using reconfirmable
 
       ## Lockable
-      t.integer  :failed_attempts, :default => 0, :null => false # Only if lock strategy is :failed_attempts
+      t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
       t.string   :unlock_token # Only if unlock strategy is :email or :both
       t.datetime :locked_at
 
@@ -53,9 +48,9 @@ class DeviseTokenAuthCreateLockableUsers < ActiveRecord::Migration[4.2]
     end
 
     add_index :lockable_users, :email
-    add_index :lockable_users, [:uid, :provider],     :unique => true
+    add_index :lockable_users, [:uid, :provider],     unique: true
     # add_index :lockable_users, :reset_password_token, :unique => true
     # add_index :lockable_users, :confirmation_token,   :unique => true
-    add_index :lockable_users, :unlock_token,         :unique => true
+    add_index :lockable_users, :unlock_token,         unique: true
   end
 end

data/test/dummy/{tmp/generators/db/migrate/20171014052631_devise_token_auth_create_users.rb → db/migrate/20190924101113_devise_token_auth_create_confirmable_users.rb}

@@ -1,6 +1,7 @@
-class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.1]
+class DeviseTokenAuthCreateConfirmableUsers < ActiveRecord::Migration[5.2]
   def change
-    create_table(:users) do |t|
+    
+    create_table(:confirmable_users) do |t|
       ## Required
       t.string :provider, :null => false, :default => "email"
       t.string :uid, :null => false, :default => ""
@@ -16,13 +17,6 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.1]
       ## Rememberable
       t.datetime :remember_created_at
 
-      ## Trackable
-      t.integer  :sign_in_count, :default => 0, :null => false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
-
       ## Confirmable
       t.string   :confirmation_token
       t.datetime :confirmed_at
@@ -46,10 +40,10 @@ class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.1]
       t.timestamps
     end
 
-    add_index :users, :email,                unique: true
-    add_index :users, [:uid, :provider],     unique: true
-    add_index :users, :reset_password_token, unique: true
-    add_index :users, :confirmation_token,   unique: true
-    # add_index :users, :unlock_token,       unique: true
+    add_index :confirmable_users, :email,                unique: true
+    add_index :confirmable_users, [:uid, :provider],     unique: true
+    add_index :confirmable_users, :reset_password_token, unique: true
+    add_index :confirmable_users, :confirmation_token,   unique: true
+    # add_index :confirmable_users, :unlock_token,       unique: true
   end
 end

data/test/dummy/db/schema.rb

@@ -10,20 +10,16 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160629184441) do
+ActiveRecord::Schema.define(version: 2019_09_24_101113) do
 
-  create_table "evil_users", force: :cascade do |t|
-    t.string "email"
+  create_table "confirmable_users", force: :cascade do |t|
+    t.string "provider", default: "email", null: false
+    t.string "uid", default: "", null: false
     t.string "encrypted_password", default: "", null: false
     t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -31,16 +27,14 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.string "name"
     t.string "nickname"
     t.string "image"
-    t.string "provider"
-    t.string "uid", default: "", null: false
+    t.string "email"
     t.text "tokens"
-    t.string "favorite_color"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.index ["confirmation_token"], name: "index_evil_users_on_confirmation_token", unique: true
-    t.index ["email"], name: "index_evil_users_on_email"
-    t.index ["reset_password_token"], name: "index_evil_users_on_reset_password_token", unique: true
-    t.index ["uid", "provider"], name: "index_evil_users_on_uid_and_provider", unique: true
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["confirmation_token"], name: "index_confirmable_users_on_confirmation_token", unique: true
+    t.index ["email"], name: "index_confirmable_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_confirmable_users_on_reset_password_token", unique: true
+    t.index ["uid", "provider"], name: "index_confirmable_users_on_uid_and_provider", unique: true
   end
 
   create_table "lockable_users", force: :cascade do |t|
@@ -70,11 +64,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.string "reset_password_redirect_url"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -94,35 +83,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.index ["uid", "provider"], name: "index_mangs_on_uid_and_provider", unique: true
   end
 
-  create_table "nice_users", force: :cascade do |t|
-    t.string "provider", null: false
-    t.string "uid", default: "", null: false
-    t.string "encrypted_password", default: "", null: false
-    t.string "reset_password_token"
-    t.datetime "reset_password_sent_at"
-    t.boolean "allow_password_change", default: false
-    t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
-    t.string "confirmation_token"
-    t.datetime "confirmed_at"
-    t.datetime "confirmation_sent_at"
-    t.string "unconfirmed_email"
-    t.string "name"
-    t.string "nickname"
-    t.string "image"
-    t.string "email"
-    t.text "tokens"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.index ["email"], name: "index_nice_users_on_email"
-    t.index ["reset_password_token"], name: "index_nice_users_on_reset_password_token", unique: true
-    t.index ["uid", "provider"], name: "index_nice_users_on_uid_and_provider", unique: true
-  end
-
   create_table "only_email_users", force: :cascade do |t|
     t.string "provider", null: false
     t.string "uid", default: "", null: false
@@ -146,11 +106,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -175,11 +130,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "name"
     t.string "nickname"
     t.string "image"
@@ -200,11 +150,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.datetime "reset_password_sent_at"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"
@@ -229,11 +174,6 @@ ActiveRecord::Schema.define(version: 20160629184441) do
     t.string "reset_password_redirect_url"
     t.boolean "allow_password_change", default: false
     t.datetime "remember_created_at"
-    t.integer "sign_in_count", default: 0, null: false
-    t.datetime "current_sign_in_at"
-    t.datetime "last_sign_in_at"
-    t.string "current_sign_in_ip"
-    t.string "last_sign_in_ip"
     t.string "confirmation_token"
     t.datetime "confirmed_at"
     t.datetime "confirmation_sent_at"

data/test/dummy/lib/migration_database_helper.rb

@@ -1,3 +1,17 @@
+# frozen_string_literal: true
+
+# polyfill Rails >= 5 versioned migrations
+
+unless ActiveRecord::Migration.respond_to?(:[])
+  module ActiveRecord
+    class Migration
+      def self.[](_version)
+        self
+      end
+    end
+  end
+end
+
 module MigrationDatabaseHelper
   def json_supported_database?
     (postgres? && postgres_correct_version?) || (mysql? && mysql_correct_version?)
@@ -26,4 +40,4 @@ module MigrationDatabaseHelper
   def database_version
     ActiveRecord::Base.connection.select_value('SELECT VERSION()')
   end
-end
+end

data/test/dummy/tmp/generators/app/controllers/application_controller.rb

@@ -0,0 +1,6 @@
+            class ApplicationController < ActionController::Base
+        include DeviseTokenAuth::Concerns::SetUserByToken
+              def whatever
+                'whatever'
+              end
+            end

data/test/dummy/tmp/generators/app/models/azpire/v1/human_resource/user.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class Azpire::V1::HumanResource::User
+  include Mongoid::Document
+  include Mongoid::Timestamps
+  include Mongoid::Locker
+
+  field :locker_locked_at, type: Time
+  field :locker_locked_until, type: Time
+
+  locker locked_at_field: :locker_locked_at,
+         locked_until_field: :locker_locked_until
+
+  ## Database authenticatable
+  field :email,              type: String, default: ''
+  field :encrypted_password, type: String, default: ''
+
+  ## Recoverable
+  field :reset_password_token,        type: String
+  field :reset_password_sent_at,      type: Time
+  field :reset_password_redirect_url, type: String
+  field :allow_password_change,       type: Boolean, default: false
+
+  ## Rememberable
+  field :remember_created_at, type: Time
+
+  ## Confirmable
+  field :confirmation_token,   type: String
+  field :confirmed_at,         type: Time
+  field :confirmation_sent_at, type: Time
+  field :unconfirmed_email,    type: String # Only if using reconfirmable
+
+  ## Lockable
+  # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts
+  # field :unlock_token,    type: String # Only if unlock strategy is :email or :both
+  # field :locked_at,       type: Time
+
+  ## Required
+  field :provider, type: String
+  field :uid,      type: String, default: ''
+
+  ## Tokens
+  field :tokens, type: Hash, default: {}
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
+  include DeviseTokenAuth::Concerns::User
+
+  index({ email: 1 }, { name: 'email_index', unique: true, background: true })
+  index({ reset_password_token: 1 }, { name: 'reset_password_token_index', unique: true, sparse: true, background: true })
+  index({ confirmation_token: 1 }, { name: 'confirmation_token_index', unique: true, sparse: true, background: true })
+  index({ uid: 1, provider: 1}, { name: 'uid_provider_index', unique: true, background: true })
+  # index({ unlock_token: 1 }, { name: 'unlock_token_index', unique: true, sparse: true, background: true })
+end

data/test/dummy/tmp/generators/config/initializers/devise_token_auth.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 DeviseTokenAuth.setup do |config|
   # By default the authorization headers will change after each request. The
   # client is responsible for keeping track of the changing tokens. Change
@@ -9,6 +11,11 @@ DeviseTokenAuth.setup do |config|
   # determines how long tokens will remain valid after they are issued.
   # config.token_lifespan = 2.weeks
 
+  # Limiting the token_cost to just 4 in testing will increase the performance of
+  # your test suite dramatically. The possible cost value is within range from 4
+  # to 31. It is recommended to not use a value more than 10 in other environments.
+  config.token_cost = Rails.env.test? ? 4 : 10
+
   # Sets the max number of concurrent devices per user, which is 10 by default.
   # After this limit is reached, the oldest tokens will be removed.
   # config.max_number_of_devices = 10
@@ -45,4 +52,9 @@ DeviseTokenAuth.setup do |config|
   # If, however, you wish to integrate with legacy Devise authentication, you can
   # do so by enabling this flag. NOTE: This feature is highly experimental!
   # config.enable_standard_devise_support = false
+
+  # By default DeviseTokenAuth will not send confirmation email, even when including
+  # devise confirmable module. If you want to use devise confirmable module and
+  # send email, set it to true. (This is a setting for compatibility)
+  # config.send_confirmation_email = true
 end

data/test/factories/users.rb

@@ -0,0 +1,41 @@
+FactoryBot.define do
+  factory :user do
+    email { Faker::Internet.unique.safe_email }
+    password { Faker::Internet.password }
+    provider { 'email' }
+
+    transient do
+      allow_unconfirmed_period { Time.now.utc - Devise.allow_unconfirmed_access_for }
+    end
+
+    trait :with_nickname do
+      nickname { Faker::Internet.username }
+    end
+
+    trait :confirmed do
+      after(:create) { |user| user.confirm }
+    end
+
+    # confirmation period is expired
+    trait :unconfirmed do
+      after(:create) do |user, evaluator|
+        user.update_attribute(:confirmation_sent_at, evaluator.allow_unconfirmed_period - 1.day )
+      end
+    end
+
+    trait :facebook do
+      uid { Faker::Number.number }
+      provider { 'facebook' }
+    end
+
+    trait :locked do
+      after(:create) { |user| user.lock_access! }
+    end
+
+    factory :lockable_user, class: 'LockableUser'
+    factory :mang_user, class: 'Mang'
+    factory :only_email_user, class: 'OnlyEmailUser'
+    factory :scoped_user, class: 'ScopedUser'
+    factory :confirmable_user, class: 'ConfirmableUser'
+  end
+end

data/test/lib/devise_token_auth/blacklist_test.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::BlacklistTest < ActiveSupport::TestCase
+  if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+    describe Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  else
+    describe Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION do
+      test 'should include :tokens' do
+        assert Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION.include?(:tokens)
+      end
+    end
+  end
+end

data/test/lib/devise_token_auth/rails/custom_routes_test.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class DeviseTokenAuth::CustomRoutesTest < ActiveSupport::TestCase
+  after do
+    Rails.application.reload_routes!
+  end
+  test 'custom controllers' do
+    class ActionDispatch::Routing::Mapper
+        include Mocha::ParameterMatchers
+    end
+    Rails.application.routes.draw do
+      self.expects(:devise_for).with(
+        :users,
+        has_entries(
+          controllers: has_entries(
+            invitations: "custom/invitations", foo: "custom/foo"
+          )
+        )
+      )
+
+      mount_devise_token_auth_for 'User', at: 'my_custom_users', controllers: {
+        invitations: 'custom/invitations',
+        foo: 'custom/foo'
+      }
+    end
+  end
+end