devise_token_auth 0.1.43 → 1.2.0

data/config/locales/ko.yml

@@ -0,0 +1,51 @@
+ko:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "'%{email}'로 주소 인증 메일을 발송했습니다. 계정을 활성화하기 위해서는 반드시 메일의 안내를 따라야 합니다."
+      bad_credentials: "계정 정보가 맞지 않습니다. 다시 시도해 주세요."
+      not_supported: "POST /sign_in to sign in을 사용해주세요. GET은 지원하지 않습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+      invalid: "계정 정보가 맞지 않습니다."
+    registrations:
+      missing_confirm_success_url: "'confirm_success_url' 파라미터가 없습니다."
+      redirect_url_not_allowed: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      email_already_exists: "'%{email}'을 사용하는 계정이 이미 있습니다."
+      account_with_uid_destroyed: " UID가 '%{uid}'인 계정을 삭제했습니다."
+      account_to_destroy_not_found: "삭제할 계정을 찾을 수 없습니다."
+      user_not_found: "유저를 찾을 수 없습니다."
+    omniauth:
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+    passwords:
+      missing_email: "이메일 주소를 입력해야 합니다."
+      missing_redirect_url: "redirect URL이 없습니다."
+      not_allowed_redirect_url: "'%{redirect_url}' 주소로 리다이렉트는 허용하지 않습니다."
+      sended: "'%{email}'로 비밀번호를 재설정하기 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+      password_not_required: "이 계정은 비밀번호가 필요하지 않습니다. '%{provider}'으로 로그인을 진행해 주세요."
+      missing_passwords: "비밀번호와 비밀번호 확인 필드를 반드시 입력해야 합니다."
+      successfully_updated: "비밀번호를 성공적으로 업데이트 했습니다."
+    unlocks:
+      missing_email: "이메일 주소를 반드시 입력해야 합니다."
+      sended: "'%{email}'로 계정 잠금 해제를 위한 안내 메일을 발송했습니다."
+      user_not_found: "'%{email}'을 사용하는 유저를 찾을 수 없습니다."
+  errors:
+    messages:
+      validate_sign_up_params: "요청 값에 알맞은 로그인 데이터를 입력하세요."
+      validate_account_update_params: "요청 값에 알맞은 업데이트 데이터를 입력하세요."
+      not_email: "이메일이 아닙니다."
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "아래의 링크를 이용해 계정 인증을 할 수 있습니다."
+        confirm_account_link: "본인 계정 인증"
+      reset_password_instructions:
+        request_reset_link_msg: "누군가 당신의 비밀번호를 변경하는 링크를 요청했으며, 다음의 링크에서 비밀번호 변경이 가능합니다."
+        password_change_link: "비밀번호 변경"
+        ignore_mail_msg: "비밀번호 변경을 요청하지 않으셨다면 이 메일을 무시하십시오."
+        no_changes_msg: "위 링크에 접속하여 새로운 비밀번호를 생성하기 전까지 귀하의 비밀번호는 변경되지 않습니다."
+      unlock_instructions:
+        account_lock_msg: "로그인 실패 횟수 초과로 귀하의 계정이 잠금 처리되었습니다."
+        unlock_link_msg: "계정 잠금을 해제하려면 아래 링크를 클릭하세요."
+        unlock_link: "계정 잠금 해제"
+  hello: "안녕하세요"
+  welcome: "환영합니다"

data/config/locales/nl.yml

@@ -14,6 +14,8 @@ nl:
       account_with_uid_destroyed: "Account met id '%{uid}' is verwijderd."
       account_to_destroy_not_found: "Te verwijderen account niet gevonden."
       user_not_found: "Gebruiker niet gevonden."
+    omniauth:
+      not_allowed_redirect_url: "Redirect naar '%{redirect_url}' niet toegestaan."
     passwords:
       missing_email: "Je moet een e-mailadres opgeven."
       missing_redirect_url: "Redirect URL ontbreekt."

data/config/locales/pl.yml

@@ -14,6 +14,8 @@ pl:
       account_with_uid_destroyed: "Konto z uid '%{uid}' zostało usunięte."
       account_to_destroy_not_found: "Nie odnaleziono konta do usunięcia."
       user_not_found: "Użytkownik nie został odnaleziony."
+    omniauth:
+      not_allowed_redirect_url: "Przekierowanie na adres '%{redirect_url}' nie jest dozwolone."
     passwords:
       missing_email: "Musisz wprowadzić adres e-mail."
       missing_redirect_url: "Brak adresu zwrotnego."
@@ -24,9 +26,10 @@ pl:
       missing_passwords: "Musisz wypełnić wszystkie pola z etykietą 'Hasło' oraz 'Potwierdzenie hasła'."
       successfully_updated: "Twoje hasło zostało zaktualizowane."
   errors:
-    validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
-    validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
-    not_email: "nie jest prawidłowym adresem e-mail"
+    messages:
+      validate_sign_up_params: "Proszę dostarczyć odpowiednie dane logowania w ciele zapytania."
+      validate_account_update_params: "Proszę dostarczyć odpowiednie dane aktualizacji konta w ciele zapytania."
+      not_email: "nie jest prawidłowym adresem e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/pt-BR.yml

@@ -14,6 +14,8 @@ pt-BR:
       account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Usuário não encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."

data/config/locales/pt.yml

@@ -14,6 +14,8 @@ pt:
       account_with_uid_destroyed: "A conta com uid '%{uid}' foi excluída."
       account_to_destroy_not_found: "Não foi possível encontrar a conta para exclusão."
       user_not_found: "Utilizador não encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirecionamento para '%{redirect_url}' não permitido."
     passwords:
       missing_email: "Informe o endereço de e-mail."
       missing_redirect_url: "URL para redirecionamento não informada."
@@ -24,9 +26,10 @@ pt:
       missing_passwords: "Preencha a senha e a confirmação de senha."
       successfully_updated: "Senha atualizada com sucesso."
   errors:
-    validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
-    validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
-    not_email: "não é um e-mail"
+    messages:
+      validate_sign_up_params: "Os dados submetidos na requisição de registo são inválidos."
+      validate_account_update_params: "Os dados submetidos para atualização de conta são inválidos."
+      not_email: "não é um e-mail"
   devise:
     mailer:
       confirmation_instructions:

data/config/locales/ro.yml

@@ -14,6 +14,8 @@ ro:
       account_with_uid_destroyed: "Contul cu UID '%{uid}' a fost șters."
       account_to_destroy_not_found: "Nu se poate localiza contul pentru ștergere."
       user_not_found: "Utilizatorul nu a fost găsit."
+    omniauth:
+      not_allowed_redirect_url: "Redirecționarea către '%{redirect_url}' nu este permisă."
     passwords:
       missing_email: "Trebuie să introduci o adresă de e-mail."
       missing_redirect_url: "URL-ul pentru redirecționare lipsește."

data/config/locales/ru.yml

@@ -14,6 +14,8 @@ ru:
       account_with_uid_destroyed: "Учетная запись с uid '%{uid}' удалена."
       account_to_destroy_not_found: "Не удается найти учетную запись для удаления."
       user_not_found: "Пользователь не найден."
+    omniauth:
+      not_allowed_redirect_url: "Переадресация на '%{redirect_url}' не разрешена."
     passwords:
       missing_email: "Вы должны указать адрес электронной почты."
       missing_redirect_url: "Отсутствует адрес переадресации."

data/config/locales/sq.yml

@@ -14,6 +14,8 @@ sq:
       account_with_uid_destroyed: "Llogaria me UID-në '%{uid}' është fshirë."
       account_to_destroy_not_found: "Nuk u gjet llogaria për fshirje."
       user_not_found: "Përdoruesi nuk u gjet."
+    omniauth:
+      not_allowed_redirect_url: "Nuk lejohet shkuarja tek URL-ja '%{redirect_url}'."
     passwords:
       missing_email: "Ju duhet të jepni një email adresë."
       missing_redirect_url: "Mungon URL-ja për ridërgim."

data/config/locales/sv.yml

@@ -0,0 +1,52 @@
+sv:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "Ett bekräftelse-email har skickats till '%{email}'. Följ instruktionerna i emailet så kan ditt konto aktiveras"
+      bad_credentials: "Ogiltig login-information. Vänligen försök igen."
+      not_supported: "Använd POST /sign_in för att logga in. GET stöds inte."
+      user_not_found: "Användaren hittades inte eller var inte inloggad."
+    token_validations:
+      invalid: "Ogiltig token-information"
+    registrations:
+      missing_confirm_success_url: "Saknar 'confirm_success_url'-parameter."
+      redirect_url_not_allowed: "Omdirigering till '%{redirect_url}' ej tillåten."
+      email_already_exists: "Det finns redan ett konto för '%{email}'"
+      account_with_uid_destroyed: "Kontot med UID '%{uid}' har tagits bort."
+      account_to_destroy_not_found: "Kunde inte hitta kontot för borttagning."
+      user_not_found: "Användaren hittades ej."
+    omniauth:
+      not_allowed_redirect_url: "Omdirigering till '%{redirect_url}' ej tillåten."
+    passwords:
+      missing_email: "Du måste ange en emailadress."
+      missing_redirect_url: "Saknar en omdirigerings-URL."
+      not_allowed_redirect_url: "Omdirigering till '%{redirect_url}' ej tillåten."
+      sended: "Ett email har skickats till '%{email}' med instruktioner för hur du skapar ett nytt lösenord."
+      user_not_found: "Kunde inte hitta användaren med email '%{email}'."
+      password_not_required: "Det har kontot kräver inget lösenord. Logga in via ditt '%{provider}'-konto istället."
+      missing_passwords: "Du måste fylla i fälten 'Lösenord' och 'Upprepa lösenord'."
+      successfully_updated: "Ditt lösenord har ändrats."
+    unlocks:
+      missing_email: "Du måste ange en emailadress."
+      sended: "Ett email har skickats till '%{email}' med instruktioner för hur du låser upp ditt konto."
+      user_not_found: "Kunde inte hitta användaren med emailadressen '%{email}'."
+  errors:
+    messages:
+      validate_sign_up_params: "Vänligen skicka giltig data för att skapa konto i request-bodyn."
+      validate_account_update_params: "Vänligen skicka giltig data för att uppdatera konto i request-bodyn."
+      not_email: "är inte en emailadress"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "Du kan bekräfta ditt kontos emailadress genom att besöka länken nedan:"
+        confirm_account_link: "Bekräfta mitt konto"
+      reset_password_instructions:
+        request_reset_link_msg: "Någon har begärt en länk för att ändra ditt lösenord. Du kan göra detta via länken nedan."
+        password_change_link: "Byt mitt lösenord"
+        ignore_mail_msg: "Om du inte begärt detta, vänligen bortse från detta mail."
+        no_changes_msg: "Ditt lösenord kommer inte att ändras förrän du använder länken ovan och skapar ett nytt."
+      unlock_instructions:
+        account_lock_msg: "Ditt konto har låsts efter för många misslyckade loginförsök."
+        unlock_link_msg: "Klicka på länken nedan för att låsa upp ditt konto:"
+        unlock_link: "Lås upp mitt konto"
+  hello: "hej"
+  welcome: "välkommen"

data/config/locales/uk.yml

@@ -14,6 +14,8 @@ uk:
       account_with_uid_destroyed: "Акаунт з UID '%{uid}' було видалено."
       account_to_destroy_not_found: "Неможливо знайти акаунт для видалення."
       user_not_found: "Користувача не знайдено"
+    omniauth:
+      not_allowed_redirect_url: "Перенаправлення до '%{redirect_url}' не дозволено."
     passwords:
       missing_email: "Ви маєте ввести email адресу."
       missing_redirect_url: "Немає URL для перенаправлення."

data/config/locales/vi.yml

@@ -14,6 +14,8 @@ vi:
       account_with_uid_destroyed: "Tài khoản với UID '%{uid}' vừa bị phá hủy."
       account_to_destroy_not_found: "Không thể xác định tài khoản cho việc phá hủy."
       user_not_found: "Người dùng không tìm thấy."
+    omniauth:
+      not_allowed_redirect_url: "Chuyển hướng tới '%{redirect_url}' không được phép."
     passwords:
       missing_email: "Bạn cần cung cấp địa chỉ email."
       missing_redirect_url: "Thiếu đường đẫn URL."

data/config/locales/zh-CN.yml

@@ -14,6 +14,8 @@ zh-CN:
       account_with_uid_destroyed: "账号 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "无法找到目标帐号。"
       user_not_found: "找不到帐号。"
+    omniauth:
+      not_allowed_redirect_url: "不支持转向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供邮箱。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-HK.yml

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/config/locales/zh-TW.yml

@@ -16,6 +16,8 @@ zh-TW:
       account_with_uid_destroyed: "帳號 '%{uid}' 已被移除。"
       account_to_destroy_not_found: "無法找到目標帳號。"
       user_not_found: "找不到帳號。"
+    omniauth:
+      not_allowed_redirect_url: "不支援轉向到 '%{redirect_url}'"
     passwords:
       missing_email: "必需提供電郵。"
       missing_redirect_url: "欠缺 redirect URL."

data/lib/devise_token_auth/blacklist.rb

@@ -0,0 +1,6 @@
+# don't serialize tokens
+if defined? Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION
+  Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION << :tokens
+else
+  Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION << :tokens
+end

data/lib/devise_token_auth/controllers/helpers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module DeviseTokenAuth
   module Controllers
     module Helpers
@@ -26,18 +28,12 @@ module DeviseTokenAuth
         #     before_action ->{ authenticate_blogger! :admin }  # Redirects to the admin login page
         #     current_blogger :user                             # Preferably returns a User if one is signed in
         #
-        def devise_token_auth_group(group_name, opts={})
-          mappings = "[#{ opts[:contains].map { |m| ":#{m}" }.join(',') }]"
+        def devise_token_auth_group(group_name, opts = {})
+          mappings = "[#{opts[:contains].map { |m| ":#{m}" }.join(',')}]"
 
           class_eval <<-METHODS, __FILE__, __LINE__ + 1
             def authenticate_#{group_name}!(favourite=nil, opts={})
               unless #{group_name}_signed_in?
-                mappings = #{mappings}
-                mappings.unshift mappings.delete(favourite.to_sym) if favourite
-                mappings.each do |mapping|
-                  set_user_by_token(mapping)
-                end
-
                 unless current_#{group_name}
                   render_authenticate_error
                 end
@@ -45,12 +41,14 @@ module DeviseTokenAuth
             end
 
             def #{group_name}_signed_in?
-              #{mappings}.any? do |mapping|
-                set_user_by_token(mapping)
-              end
+              !!current_#{group_name}
             end
 
             def current_#{group_name}(favourite=nil)
+              @current_#{group_name} ||= set_group_user_by_token(favourite)
+            end
+            
+            def set_group_user_by_token(favourite)
               mappings = #{mappings}
               mappings.unshift mappings.delete(favourite.to_sym) if favourite
               mappings.each do |mapping|
@@ -73,7 +71,12 @@ module DeviseTokenAuth
             end
 
             if respond_to?(:helper_method)
-              helper_method "current_#{group_name}", "current_#{group_name.to_s.pluralize}", "#{group_name}_signed_in?", "render_authenticate_error"
+              helper_method(
+                "current_#{group_name}",
+                "current_#{group_name.to_s.pluralize}",
+                "#{group_name}_signed_in?",
+                "render_authenticate_error"
+              )
             end
           METHODS
         end
@@ -140,7 +143,12 @@ module DeviseTokenAuth
 
         ActiveSupport.on_load(:action_controller) do
           if respond_to?(:helper_method)
-            helper_method "current_#{mapping}", "#{mapping}_signed_in?", "#{mapping}_session", "render_authenticate_error"
+            helper_method(
+              "current_#{mapping}",
+              "#{mapping}_signed_in?",
+              "#{mapping}_session",
+              'render_authenticate_error'
+            )
           end
         end
       end

data/lib/devise_token_auth/controllers/url_helpers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module DeviseTokenAuth
   module Controllers
     module UrlHelpers

data/lib/devise_token_auth/engine.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 require 'devise_token_auth/rails/routes'
 
 module DeviseTokenAuth
   class Engine < ::Rails::Engine
     isolate_namespace DeviseTokenAuth
 
-    initializer "devise_token_auth.url_helpers" do
+    initializer 'devise_token_auth.url_helpers' do
       Devise.helpers << DeviseTokenAuth::Controllers::Helpers
     end
   end
@@ -12,6 +14,7 @@ module DeviseTokenAuth
   mattr_accessor :change_headers_on_each_request,
                  :max_number_of_devices,
                  :token_lifespan,
+                 :token_cost,
                  :batch_request_buffer_throttle,
                  :omniauth_prefix,
                  :default_confirm_success_url,
@@ -22,11 +25,17 @@ module DeviseTokenAuth
                  :remove_tokens_after_password_reset,
                  :default_callbacks,
                  :headers_names,
-                 :bypass_sign_in
+                 :cookie_enabled,
+                 :cookie_name,
+                 :cookie_attributes,
+                 :bypass_sign_in,
+                 :send_confirmation_email,
+                 :require_client_password_reset_token
 
   self.change_headers_on_each_request       = true
   self.max_number_of_devices                = 10
   self.token_lifespan                       = 2.weeks
+  self.token_cost                           = 10
   self.batch_request_buffer_throttle        = 5.seconds
   self.omniauth_prefix                      = '/omniauth'
   self.default_confirm_success_url          = nil
@@ -36,35 +45,38 @@ module DeviseTokenAuth
   self.enable_standard_devise_support       = false
   self.remove_tokens_after_password_reset   = false
   self.default_callbacks                    = true
-  self.headers_names                        = {:'access-token' => 'access-token',
-                                               :'client' => 'client',
-                                               :'expiry' => 'expiry',
-                                               :'uid' => 'uid',
-                                               :'token-type' => 'token-type' }
+  self.headers_names                        = { 'access-token': 'access-token',
+                                                'client': 'client',
+                                                'expiry': 'expiry',
+                                                'uid': 'uid',
+                                                'token-type': 'token-type' }
+  self.cookie_enabled                       = false
+  self.cookie_name                          = 'auth_cookie'
+  self.cookie_attributes                    = {}
   self.bypass_sign_in                       = true
+  self.send_confirmation_email              = false
+  self.require_client_password_reset_token  = false
 
   def self.setup(&block)
     yield self
 
     Rails.application.config.after_initialize do
       if defined?(::OmniAuth)
-        ::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = self.omniauth_prefix
-
+        ::OmniAuth::config.path_prefix = Devise.omniauth_path_prefix = omniauth_prefix
 
         # Omniauth currently does not pass along omniauth.params upon failure redirect
         # see also: https://github.com/intridea/omniauth/issues/626
         OmniAuth::FailureEndpoint.class_eval do
           def redirect_to_failure
             message_key = env['omniauth.error.type']
-            origin_query_param = env['omniauth.origin'] ? "&origin=#{CGI.escape(env['omniauth.origin'])}" : ""
-            strategy_name_query_param = env['omniauth.error.strategy'] ? "&strategy=#{env['omniauth.error.strategy'].name}" : ""
-            extra_params = env['omniauth.params'] ? "&#{env['omniauth.params'].to_query}" : ""
+            origin_query_param = env['omniauth.origin'] ? "&origin=#{CGI.escape(env['omniauth.origin'])}" : ''
+            strategy_name_query_param = env['omniauth.error.strategy'] ? "&strategy=#{env['omniauth.error.strategy'].name}" : ''
+            extra_params = env['omniauth.params'] ? "&#{env['omniauth.params'].to_query}" : ''
             new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}#{extra_params}"
-            Rack::Response.new(["302 Moved"], 302, 'Location' => new_path).finish
+            Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
           end
         end
 
-
         # Omniauth currently removes omniauth.params during mocked requests
         # see also: https://github.com/intridea/omniauth/pull/812
         OmniAuth::Strategy.class_eval do

data/lib/devise_token_auth/errors.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module DeviseTokenAuth
+  module Errors
+    class NoResourceDefinedError < StandardError; end
+    class InvalidModel < StandardError; end
+  end
+end

data/lib/devise_token_auth/rails/routes.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionDispatch::Routing
   class Mapper
     def mount_devise_token_auth_for(resource, opts)
@@ -6,31 +8,36 @@ module ActionDispatch::Routing
       opts[:skip]        ||= []
 
       # check for ctrl overrides, fall back to defaults
-      sessions_ctrl          = opts[:controllers][:sessions] || "devise_token_auth/sessions"
-      registrations_ctrl     = opts[:controllers][:registrations] || "devise_token_auth/registrations"
-      passwords_ctrl         = opts[:controllers][:passwords] || "devise_token_auth/passwords"
-      confirmations_ctrl     = opts[:controllers][:confirmations] || "devise_token_auth/confirmations"
-      token_validations_ctrl = opts[:controllers][:token_validations] || "devise_token_auth/token_validations"
-      omniauth_ctrl          = opts[:controllers][:omniauth_callbacks] || "devise_token_auth/omniauth_callbacks"
-      unlocks_ctrl           = opts[:controllers][:unlocks] || "devise_token_auth/unlocks"
+      sessions_ctrl          = opts[:controllers].delete(:sessions) || 'devise_token_auth/sessions'
+      registrations_ctrl     = opts[:controllers].delete(:registrations) || 'devise_token_auth/registrations'
+      passwords_ctrl         = opts[:controllers].delete(:passwords) || 'devise_token_auth/passwords'
+      confirmations_ctrl     = opts[:controllers].delete(:confirmations) || 'devise_token_auth/confirmations'
+      token_validations_ctrl = opts[:controllers].delete(:token_validations) || 'devise_token_auth/token_validations'
+      omniauth_ctrl          = opts[:controllers].delete(:omniauth_callbacks) || 'devise_token_auth/omniauth_callbacks'
+      unlocks_ctrl           = opts[:controllers].delete(:unlocks) || 'devise_token_auth/unlocks'
+
+      # check for resource override
+      route                  = opts[:as] || resource.pluralize.underscore.gsub('/', '_')
 
       # define devise controller mappings
-      controllers = {:sessions           => sessions_ctrl,
-                     :registrations      => registrations_ctrl,
-                     :passwords          => passwords_ctrl,
-                     :confirmations      => confirmations_ctrl}
+      controllers = opts[:controllers].merge(
+                      sessions: sessions_ctrl,
+                      registrations: registrations_ctrl,
+                      passwords: passwords_ctrl,
+                      confirmations: confirmations_ctrl
+                    )
 
       controllers[:unlocks] = unlocks_ctrl if unlocks_ctrl
 
       # remove any unwanted devise modules
-      opts[:skip].each{|item| controllers.delete(item)}
+      opts[:skip].each{ |item| controllers.delete(item) }
 
-      devise_for resource.pluralize.underscore.gsub('/', '_').to_sym,
-        :class_name  => resource,
-        :module      => :devise,
-        :path        => "#{opts[:at]}",
-        :controllers => controllers,
-        :skip        => opts[:skip] + [:omniauth_callbacks]
+      devise_for route.to_sym,
+                 class_name: resource,
+                 module: :devise,
+                 path: opts[:at].to_s,
+                 controllers: controllers,
+                 skip: opts[:skip] + [:omniauth_callbacks]
 
       unnest_namespace do
         # get full url path as if it were namespaced
@@ -41,8 +48,8 @@ module ActionDispatch::Routing
 
         # clear scope so controller routes aren't namespaced
         @scope = ActionDispatch::Routing::Mapper::Scope.new(
-          path:         "",
-          shallow_path: "",
+          path:         '',
+          shallow_path: '',
           constraints:  {},
           defaults:     {},
           options:      {},
@@ -54,29 +61,29 @@ module ActionDispatch::Routing
 
         devise_scope mapping_name.to_sym do
           # path to verify token validity
-          get "#{full_path}/validate_token", controller: "#{token_validations_ctrl}", action: "validate_token"
+          get "#{full_path}/validate_token", controller: token_validations_ctrl.to_s, action: 'validate_token' if !opts[:skip].include?(:token_validations)
 
           # omniauth routes. only define if omniauth is installed and not skipped.
           if defined?(::OmniAuth) && !opts[:skip].include?(:omniauth_callbacks)
-            match "#{full_path}/failure",             controller: omniauth_ctrl, action: "omniauth_failure", via: [:get]
-            match "#{full_path}/:provider/callback",  controller: omniauth_ctrl, action: "omniauth_success", via: [:get]
+            match "#{full_path}/failure",             controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get]
+            match "#{full_path}/:provider/callback",  controller: omniauth_ctrl, action: 'omniauth_success', via: [:get]
 
-            match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: "redirect_callbacks", via: [:get, :post]
-            match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: "omniauth_failure", via: [:get, :post]
+            match "#{DeviseTokenAuth.omniauth_prefix}/:provider/callback", controller: omniauth_ctrl, action: 'redirect_callbacks', via: [:get, :post]
+            match "#{DeviseTokenAuth.omniauth_prefix}/failure", controller: omniauth_ctrl, action: 'omniauth_failure', via: [:get, :post]
 
             # preserve the resource class thru oauth authentication by setting name of
             # resource as "resource_class" param
-            match "#{full_path}/:provider", to: redirect{|params, request|
+            match "#{full_path}/:provider", to: redirect{ |params, request|
               # get the current querystring
-              qs = CGI::parse(request.env["QUERY_STRING"])
+              qs = CGI::parse(request.env['QUERY_STRING'])
 
               # append name of current resource
-              qs["resource_class"] = [resource]
-              qs["namespace_name"] = [namespace_name] if namespace_name
+              qs['resource_class'] = [resource]
+              qs['namespace_name'] = [namespace_name] if namespace_name
 
               set_omniauth_path_prefix!(DeviseTokenAuth.omniauth_prefix)
 
-              redirect_params = {}.tap {|hash| qs.each{|k, v| hash[k] = v.first}}
+              redirect_params = {}.tap { |hash| qs.each{ |k, v| hash[k] = v.first } }
 
               if DeviseTokenAuth.redirect_whitelist
                 redirect_url = request.params['auth_origin_url']