devise_token_auth 1.0.0 → 1.2.2

data/app/models/devise_token_auth/concerns/confirmable_support.rb

@@ -0,0 +1,28 @@
+module DeviseTokenAuth::Concerns::ConfirmableSupport
+  extend ActiveSupport::Concern
+
+  included do
+    # Override standard devise `postpone_email_change?` method
+    # for not to use `will_save_change_to_email?` & `email_changed?` methods.
+    def postpone_email_change?
+      postpone = self.class.reconfirmable &&
+        email_value_in_database != email &&
+        !@bypass_confirmation_postpone &&
+        self.email.present? &&
+        (!@skip_reconfirmation_in_callback || !email_value_in_database.nil?)
+      @bypass_confirmation_postpone = false
+      postpone
+    end
+  end
+
+  protected
+
+  def email_value_in_database
+    rails51 = Rails.gem_version >= Gem::Version.new("5.1.x")
+    if rails51 && respond_to?(:email_in_database)
+      email_in_database
+    else
+      email_was
+    end
+  end
+end

data/app/models/devise_token_auth/concerns/mongoid_support.rb

@@ -0,0 +1,19 @@
+module DeviseTokenAuth::Concerns::MongoidSupport
+  extend ActiveSupport::Concern
+
+  def as_json(options = {})
+    options[:except] = (options[:except] || []) + [:_id]
+    hash = super(options)
+    hash['id'] = to_param
+    hash
+  end
+
+  class_methods do
+    # It's abstract replacement .find_by
+    def dta_find_by(attrs = {})
+      find_by(attrs)
+    rescue Mongoid::Errors::DocumentNotFound
+      nil
+    end
+  end
+end

data/app/models/devise_token_auth/concerns/tokens_serialization.rb

@@ -0,0 +1,31 @@
+module DeviseTokenAuth::Concerns::TokensSerialization
+  extend self
+  # Serialization hash to json
+  def dump(object)
+    JSON.generate(object && object.transform_values do |token|
+      serialize_updated_at(token).compact
+    end.compact)
+  end
+
+  # Deserialization json to hash
+  def load(json)
+    case json
+    when String
+      JSON.parse(json)
+    when NilClass
+      {}
+    else
+      json
+    end
+  end
+
+  private
+
+  def serialize_updated_at(token)
+    updated_at_key = ['updated_at', :updated_at].find(&token.method(:[]))
+
+    return token unless token[updated_at_key].respond_to?(:iso8601)
+
+    token.merge updated_at_key => token[updated_at_key].iso8601
+  end
+end

data/app/models/devise_token_auth/concerns/user.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'bcrypt'
-
 module DeviseTokenAuth::Concerns::User
   extend ActiveSupport::Concern
 
@@ -9,7 +7,7 @@ module DeviseTokenAuth::Concerns::User
     @token_equality_cache ||= {}
 
     key = "#{token_hash}/#{token}"
-    result = @token_equality_cache[key] ||= (::BCrypt::Password.new(token_hash) == token)
+    result = @token_equality_cache[key] ||= DeviseTokenAuth::TokenFactory.token_hash_is_token?(token_hash, token)
     @token_equality_cache = {} if @token_equality_cache.size > 10000
     result
   end
@@ -20,19 +18,21 @@ module DeviseTokenAuth::Concerns::User
       devise_modules.delete(:omniauthable)
     else
       devise :database_authenticatable, :registerable,
-             :recoverable, :trackable, :validatable, :confirmable
+             :recoverable, :validatable, :confirmable
+    end
+
+    if const_defined?('ActiveRecord') && ancestors.include?(ActiveRecord::Base)
+      include DeviseTokenAuth::Concerns::ActiveRecordSupport
     end
 
-    serialize :tokens, JSON unless tokens_has_json_column_type?
+    if const_defined?('Mongoid') && ancestors.include?(Mongoid::Document)
+      include DeviseTokenAuth::Concerns::MongoidSupport
+    end
 
     if DeviseTokenAuth.default_callbacks
       include DeviseTokenAuth::Concerns::UserOmniauthCallbacks
     end
 
-    # can't set default on text fields in mysql, simulate here instead.
-    after_save :set_empty_token_hash
-    after_initialize :set_empty_token_hash
-
     # get rid of dead tokens
     before_save :destroy_expired_tokens
 
@@ -44,6 +44,10 @@ module DeviseTokenAuth::Concerns::User
     def email_changed?; false; end
     def will_save_change_to_email?; false; end
 
+    if DeviseTokenAuth.send_confirmation_email && devise_modules.include?(:confirmable)
+      include DeviseTokenAuth::Concerns::ConfirmableSupport
+    end
+
     def password_required?
       return false unless provider == 'email'
       super
@@ -84,39 +88,25 @@ module DeviseTokenAuth::Concerns::User
       send_devise_notification(:unlock_instructions, raw, opts)
       raw
     end
-  end
 
-  def create_token(client_id: nil, token: nil, expiry: nil, **token_extras)
-    client_id ||= SecureRandom.urlsafe_base64(nil, false)
-    token     ||= SecureRandom.urlsafe_base64(nil, false)
-    expiry    ||= (Time.zone.now + token_lifespan).to_i
+    def create_token(client: nil, lifespan: nil, cost: nil, **token_extras)
+      token = DeviseTokenAuth::TokenFactory.create(client: client, lifespan: lifespan, cost: cost)
 
-    tokens[client_id] = {
-      token: BCrypt::Password.create(token),
-      expiry: expiry
-    }.merge!(token_extras)
+      tokens[token.client] = {
+        token:  token.token_hash,
+        expiry: token.expiry
+      }.merge!(token_extras)
 
-    clean_old_tokens
-
-    [client_id, token, expiry]
-  end
-
-  module ClassMethods
-    protected
+      clean_old_tokens
 
-    def tokens_has_json_column_type?
-      database_exists? && table_exists? && columns_hash['tokens'] && columns_hash['tokens'].type.in?([:json, :jsonb])
-    end
-
-    def database_exists?
-      ActiveRecord::Base.connection_pool.with_connection { |con| con.active? } rescue false
+      token
     end
   end
 
-  def valid_token?(token, client_id = 'default')
-    return false unless tokens[client_id]
-    return true if token_is_current?(token, client_id)
-    return true if token_can_be_reused?(token, client_id)
+  def valid_token?(token, client = 'default')
+    return false unless tokens[client]
+    return true if token_is_current?(token, client)
+    return true if token_can_be_reused?(token, client)
 
     # return false if none of the above conditions are met
     false
@@ -126,10 +116,11 @@ module DeviseTokenAuth::Concerns::User
   # can be passed on from the client
   def send_confirmation_notification?; false; end
 
-  def token_is_current?(token, client_id)
+  def token_is_current?(token, client)
     # ghetto HashWithIndifferentAccess
-    expiry     = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
-    token_hash = tokens[client_id]['token'] || tokens[client_id][:token]
+    expiry     = tokens[client]['expiry'] || tokens[client][:expiry]
+    token_hash = tokens[client]['token'] || tokens[client][:token]
+    previous_token_hash = tokens[client]['previous_token'] || tokens[client][:previous_token]
 
     return true if (
       # ensure that expiry and token are set
@@ -139,58 +130,79 @@ module DeviseTokenAuth::Concerns::User
       DateTime.strptime(expiry.to_s, '%s') > Time.zone.now &&
 
       # ensure that the token is valid
-      DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token)
+      (
+        # check if the latest token matches
+        does_token_match?(token_hash, token) ||
+
+        # check if the previous token matches
+        does_token_match?(previous_token_hash, token)
+      )
     )
   end
 
-  # allow batch requests to use the previous token
-  def token_can_be_reused?(token, client_id)
+  # check if the hash of received token matches the stored token
+  def does_token_match?(token_hash, token)
+    return false if token_hash.nil?
+
+    DeviseTokenAuth::Concerns::User.tokens_match?(token_hash, token)
+  end
+
+  # allow batch requests to use the last token
+  def token_can_be_reused?(token, client)
     # ghetto HashWithIndifferentAccess
-    updated_at = tokens[client_id]['updated_at'] || tokens[client_id][:updated_at]
-    last_token = tokens[client_id]['last_token'] || tokens[client_id][:last_token]
+    updated_at = tokens[client]['updated_at'] || tokens[client][:updated_at]
+    last_token_hash = tokens[client]['last_token'] || tokens[client][:last_token]
 
     return true if (
       # ensure that the last token and its creation time exist
-      updated_at && last_token &&
+      updated_at && last_token_hash &&
 
-      # ensure that previous token falls within the batch buffer throttle time of the last request
-      Time.parse(updated_at) > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
+      # ensure that last token falls within the batch buffer throttle time of the last request
+      updated_at.to_time > Time.zone.now - DeviseTokenAuth.batch_request_buffer_throttle &&
 
       # ensure that the token is valid
-      ::BCrypt::Password.new(last_token) == token
+      DeviseTokenAuth::TokenFactory.token_hash_is_token?(last_token_hash, token)
     )
   end
 
   # update user's auth token (should happen on each request)
-  def create_new_auth_token(client_id = nil)
+  def create_new_auth_token(client = nil)
     now = Time.zone.now
 
-    client_id, token = create_token(
-      client_id: client_id,
-      expiry: (now + token_lifespan).to_i,
-      last_token: tokens.fetch(client_id, {})['token'],
+    token = create_token(
+      client: client,
+      previous_token: tokens.fetch(client, {})['token'],
+      last_token: tokens.fetch(client, {})['previous_token'],
       updated_at: now
     )
 
-    update_auth_header(token, client_id)
+    update_auth_headers(token.token, token.client)
   end
 
-  def build_auth_header(token, client_id = 'default')
+  def build_auth_headers(token, client = 'default')
     # client may use expiry to prevent validation request if expired
     # must be cast as string or headers will break
-    expiry = tokens[client_id]['expiry'] || tokens[client_id][:expiry]
-
-    {
+    expiry = tokens[client]['expiry'] || tokens[client][:expiry]
+    headers = {
       DeviseTokenAuth.headers_names[:"access-token"] => token,
       DeviseTokenAuth.headers_names[:"token-type"]   => 'Bearer',
-      DeviseTokenAuth.headers_names[:"client"]       => client_id,
+      DeviseTokenAuth.headers_names[:"client"]       => client,
       DeviseTokenAuth.headers_names[:"expiry"]       => expiry.to_s,
       DeviseTokenAuth.headers_names[:"uid"]          => uid
     }
+    headers.merge(build_bearer_token(headers))
+  end
+
+  def build_bearer_token(auth)
+    return {} if DeviseTokenAuth.cookie_enabled # There is no need for the bearer token if it is using cookies
+
+    encoded_token = Base64.strict_encode64(auth.to_json)
+    bearer_token = "Bearer #{encoded_token}"
+    { DeviseTokenAuth.headers_names[:"authorization"] => bearer_token }
   end
 
-  def update_auth_header(token, client_id = 'default')
-    headers = build_auth_header(token, client_id)
+  def update_auth_headers(token, client = 'default')
+    headers = build_auth_headers(token, client)
     clean_old_tokens
     save!
 
@@ -204,9 +216,9 @@ module DeviseTokenAuth::Concerns::User
     DeviseTokenAuth::Url.generate(base_url, args)
   end
 
-  def extend_batch_buffer(token, client_id)
-    tokens[client_id]['updated_at'] = Time.zone.now
-    update_auth_header(token, client_id)
+  def extend_batch_buffer(token, client)
+    tokens[client]['updated_at'] = Time.zone.now
+    update_auth_headers(token, client)
   end
 
   def confirmed?
@@ -217,16 +229,8 @@ module DeviseTokenAuth::Concerns::User
     as_json(except: %i[tokens created_at updated_at])
   end
 
-  def token_lifespan
-    DeviseTokenAuth.token_lifespan
-  end
-
   protected
 
-  def set_empty_token_hash
-    self.tokens ||= {} if has_attribute?(:tokens)
-  end
-
   def destroy_expired_tokens
     if tokens
       tokens.delete_if do |cid, v|
@@ -237,21 +241,16 @@ module DeviseTokenAuth::Concerns::User
   end
 
   def should_remove_tokens_after_password_reset?
-    if Rails::VERSION::MAJOR <= 5
-      encrypted_password_changed? &&
-        DeviseTokenAuth.remove_tokens_after_password_reset
-    else
-      saved_change_to_encrypted_password? &&
-        DeviseTokenAuth.remove_tokens_after_password_reset
-    end
+    DeviseTokenAuth.remove_tokens_after_password_reset &&
+      (respond_to?(:encrypted_password_changed?) && encrypted_password_changed?)
   end
 
   def remove_tokens_after_password_reset
     return unless should_remove_tokens_after_password_reset?
 
     if tokens.present? && tokens.many?
-      client_id, token_data = tokens.max_by { |cid, v| v[:expiry] || v['expiry'] }
-      self.tokens = { client_id => token_data }
+      client, token_data = tokens.max_by { |cid, v| v[:expiry] || v['expiry'] }
+      self.tokens = { client => token_data }
     end
   end
 

data/app/models/devise_token_auth/concerns/user_omniauth_callbacks.rb

@@ -4,12 +4,12 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
   extend ActiveSupport::Concern
 
   included do
-    validates :email, presence: true,if: :email_provider?
-    validates :email, email: true, allow_nil: true, allow_blank: true, if: :email_provider?
-    validates_presence_of :uid, unless: :email_provider?
+    validates :email, presence: true, if: lambda { uid_and_provider_defined? && email_provider? }
+    validates :email, :devise_token_auth_email => true, allow_nil: true, allow_blank: true, if: lambda { uid_and_provider_defined? && email_provider? }
+    validates_presence_of :uid, if: lambda { uid_and_provider_defined? && !email_provider? }
 
     # only validate unique emails among email registration users
-    validates :email, uniqueness: { scope: :provider }, on: :create, if: :email_provider?
+    validates :email, uniqueness: { case_sensitive: false, scope: :provider }, on: :create, if: lambda { uid_and_provider_defined? && email_provider? }
 
     # keep uid in sync with email
     before_save :sync_uid
@@ -18,11 +18,18 @@ module DeviseTokenAuth::Concerns::UserOmniauthCallbacks
 
   protected
 
+  def uid_and_provider_defined?
+    defined?(provider) && defined?(uid)
+  end
+
   def email_provider?
     provider == 'email'
   end
 
   def sync_uid
-    self.uid = email if provider == 'email'
+    unless self.new_record?
+      return if devise_modules.include?(:confirmable) && !@bypass_confirmation_postpone && postpone_email_change?
+    end
+    self.uid = email if uid_and_provider_defined? && email_provider?
   end
 end

data/app/validators/{email_validator.rb → devise_token_auth_email_validator.rb}

@@ -1,9 +1,17 @@
 # frozen_string_literal: true
 
-class EmailValidator < ActiveModel::EachValidator
+class DeviseTokenAuthEmailValidator < ActiveModel::EachValidator
+  EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
+
+  class << self
+    def validate?(email)
+      email =~ EMAIL_REGEXP
+    end
+  end
+
   def validate_each(record, attribute, value)
-    unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
-      record.errors[attribute] << email_invalid_message
+    unless DeviseTokenAuthEmailValidator.validate?(value)
+      record.errors.add(attribute, email_invalid_message)
     end
   end
 

data/app/views/devise_token_auth/omniauth_external_window.html.erb

@@ -15,7 +15,7 @@
             Cordova / PhoneGap)
       */
 
-      var data = JSON.parse(decodeURIComponent('<%= URI::escape( @data.to_json ) %>'));
+      var data = JSON.parse(decodeURIComponent('<%= ERB::Util.url_encode( @data.to_json ) %>'));
 
       window.addEventListener("message", function(ev) {
         if (ev.data === "requestCredentials") {

data/config/locales/da-DK.yml

@@ -14,6 +14,8 @@ da-DK:
       account_with_uid_destroyed: "Kontoen med UID '%{uid}' er slettet."
       account_to_destroy_not_found: "Kan ikke finde kontoen som skal slettes."
       user_not_found: "Brugeren ikke fundet."
+    omniauth:
+      not_allowed_redirect_url: "Omdirigering til '%{redirect_url}' er ikke tilladt."
     passwords:
       missing_email: "Du skal udfylde email feltet."
       missing_redirect_url: "Der er ingen omdirigeringsadresse."

data/config/locales/de.yml

@@ -14,6 +14,8 @@ de:
       account_with_uid_destroyed: "Account mit der uid '%{uid}' wurde gelöscht."
       account_to_destroy_not_found: "Der zu löschende Account kann nicht gefunden werden."
       user_not_found: "Benutzer kann nicht gefunden werden."
+    omniauth:
+      not_allowed_redirect_url: "Weiterleitung zu '%{redirect_url}' ist nicht gestattet."
     passwords:
       missing_email: "Sie müssen eine E-Mail-Adresse angeben."
       missing_redirect_url: "Es fehlt die URL zu Weiterleitung."

data/config/locales/en.yml

@@ -14,11 +14,14 @@ en:
       account_with_uid_destroyed: "Account with UID '%{uid}' has been destroyed."
       account_to_destroy_not_found: "Unable to locate account for destruction."
       user_not_found: "User not found."
+    omniauth:
+      not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
     passwords:
       missing_email: "You must provide an email address."
       missing_redirect_url: "Missing redirect URL."
       not_allowed_redirect_url: "Redirect to '%{redirect_url}' not allowed."
       sended: "An email has been sent to '%{email}' containing instructions for resetting your password."
+      sended_paranoid: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes."
       user_not_found: "Unable to find user with email '%{email}'."
       password_not_required: "This account does not require a password. Sign in using your '%{provider}' account instead."
       missing_passwords: "You must fill out the fields labeled 'Password' and 'Password confirmation'."
@@ -26,7 +29,14 @@ en:
     unlocks:
       missing_email: "You must provide an email address."
       sended: "An email has been sent to '%{email}' containing instructions for unlocking your account."
+      sended_paranoid: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes."
+      user_not_found: "Unable to find user with email '%{email}'."
+    confirmations:
+      sended: "An email has been sent to '%{email}' containing instructions for confirming your account."
+      sended_paranoid: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
       user_not_found: "Unable to find user with email '%{email}'."
+      missing_email: "You must provide an email address."
+
   errors:
     messages:
       validate_sign_up_params: "Please submit proper sign up data in request body."

data/config/locales/es.yml

@@ -14,6 +14,8 @@ es:
       account_with_uid_destroyed: "La cuenta con el identificador '%{uid}' se ha eliminado."
       account_to_destroy_not_found: "No se puede encontrar la cuenta a borrar."
       user_not_found: "Usuario no encontrado."
+    omniauth:
+      not_allowed_redirect_url: "Redirección hacia '%{redirect_url}' no esta permitida."
     passwords:
       missing_email: "Debe incluir un correo electrónico."
       missing_redirect_url: "Falta el Url de redirección."

data/config/locales/fr.yml

@@ -14,6 +14,8 @@ fr:
       account_with_uid_destroyed: "Le compte avec l'identifiant '%{uid}' a été supprimé."
       account_to_destroy_not_found: "Le compte à supprimer est introuvable."
       user_not_found: "Utilisateur introuvable."
+    omniauth:
+      not_allowed_redirect_url: "Redirection vers '%{redirect_url}' n'est pas autorisée."
     passwords:
       missing_email: "Vous devez soumettre un e-mail."
       missing_redirect_url: "URL de redirection manquante."

data/config/locales/he.yml

@@ -0,0 +1,52 @@
+he:
+  devise_token_auth:
+    sessions:
+      not_confirmed: "הודעת אישור נשלחה לחשבון שלך בכתובת '%{email}'. עליך לפעול לפי ההנחיות שבדוא\"ל לפני הפעלת החשבון שלך"
+      bad_credentials: "נתוני כניסה שגויים. בבקשה נסה שוב."
+      not_supported: "השתמש ב- POST / sign_in כדי להיכנס. GET אינו נתמך."
+      user_not_found: "המשתמש לא נמצא או לא היה מחובר."
+    token_validations:
+      invalid: "נתוני כניסה שגויים"
+    registrations:
+      missing_confirm_success_url: "חסר פרמטר 'confirm_success_url'."
+      redirect_url_not_allowed: "הפניה אל '%{redirect_url}' אינה מותרת."
+      email_already_exists: "כבר קיים חשבון עבור '%{email}'"
+      account_with_uid_destroyed: "חשבון עם UID '%{uid}' הושמד."
+      account_to_destroy_not_found: "לא ניתן לאתר חשבון להשמדה."
+      user_not_found: "המשתמש לא נמצא."
+    omniauth:
+      not_allowed_redirect_url: "הפניה אל '%{redirect_url}' אינה מותרת."
+    passwords:
+      missing_email: "עליך לספק כתובת דוא\"ל."
+      missing_redirect_url: "כתובת אתר להפניה מחדש חסרה."
+      not_allowed_redirect_url: "הפניה אל '%{redirect_url}' אינה מותרת."
+      sended: "אימייל נשלח ל '%{email}' המכיל הוראות לאיפוס הסיסמה שלך."
+      user_not_found: "לא ניתן למצוא משתמש עם הדוא\"ל '%{email}'."
+      password_not_required: "חשבון זה אינו דורש סיסמה. במקום זאת, השתמש בחשבון '%{provider}' שלך."
+      missing_passwords: "עליך למלא את השדות 'סיסמה' ו'אישור סיסמה'."
+      successfully_updated: "הסיסמה שלך עודכנה בהצלחה."
+    unlocks:
+      missing_email: "עליך לספק כתובת דוא\"ל."
+      sended: "הודעת אימייל נשלחה אל '%{email}' המכילה הוראות לביטול הנעילה של חשבונך."
+      user_not_found: "ניתן למצוא את המשתמש עם הדוא\"ל '%{email}'"
+  errors:
+    messages:
+      validate_sign_up_params: "שלח נתוני רישום תקינים בגוף הבקשה."
+      validate_account_update_params: "שלחו בבקשה נתוני עדכון חשבון תקינים בגוף הבקשה."
+      not_email: "אינו דוא\"ל"
+  devise:
+    mailer:
+      confirmation_instructions:
+        confirm_link_msg: "תוכל לאשר את כתובת הדוא\"ל של החשבון שלך באמצעות הקישור הבא:"
+        confirm_account_link: "אשר את החשבון שלי"
+      reset_password_instructions:
+        request_reset_link_msg: "מישהו ביקש קישור לשינוי הסיסמה שלך. תוכל לעשות זאת באמצעות הקישור הבא."
+        password_change_link: "שנה את הסיסמה שלי"
+        ignore_mail_msg: "אם לא ביקשת זאת, התעלם מדוא\"ל זה."
+        no_changes_msg: "הסיסמה שלך לא תשתנה עד שתגיע לקישור שלמעלה ותיצור סיסמה חדשה."
+      unlock_instructions:
+        account_lock_msg: "החשבון שלך ננעל עקב מספר מופרז של ניסיונות כניסה לא מוצלחים."
+        unlock_link_msg: "לחץ על הקישור למטה כדי לבטל את נעילת החשבון שלך:"
+        unlock_link: "בטל את הנעילה של החשבון שלי"
+  hello: "שלום"
+  welcome: "ברוך הבא"

data/config/locales/it.yml

@@ -14,6 +14,8 @@ it:
       account_with_uid_destroyed: "L'account con UID '%{uid}' è stato eliminato."
       account_to_destroy_not_found: "Impossibile trovare l'account da eliminare."
       user_not_found: "Utente non trovato."
+    omniauth:
+      not_allowed_redirect_url: "Redirezione a '%{redirect_url}' non consentita."
     passwords:
       missing_email: "Devi fornire un indirizzo email."
       missing_redirect_url: "Redirect URL mancante."

data/config/locales/ja.yml

@@ -14,27 +14,41 @@ ja:
       account_with_uid_destroyed: "'%{uid}' のアカウントは削除されました。"
       account_to_destroy_not_found: "削除するアカウントが見つかりません。"
       user_not_found: "ユーザーが見つかりません。"
+    omniauth:
+      not_allowed_redirect_url:  "'%{redirect_url}' へのリダイレクトは許可されていません。"
     passwords:
       missing_email: "メールアドレスが与えられていません。"
       missing_redirect_url: "リダイレクト URL が与えられていません。"
       not_allowed_redirect_url: "'%{redirect_url}' へのリダイレクトは許可されていません。"
       sended: "'%{email}' にパスワードリセットの案内が送信されました。"
+      sended_paranoid: "すでにメールアドレスがデータベースに登録されている場合、 数分後にパスワード再発行用のリンクを記載したメールをお送りします。"
       user_not_found: "メールアドレス '%{email}' のユーザーが見つかりません。"
       password_not_required: "このアカウントはパスワードを要求していません。'%{provider}' を利用してログインしてください。"
       missing_passwords: "'Password', 'Password confirmation' パラメータが与えられていません。"
       successfully_updated: "パスワードの更新に成功しました。"
+    unlocks:
+      missing_email: "メールアドレスが与えられていません。"
+      sended: "%{email}' にアカウントのロックを解除する方法を記載したメールが送信されました。"
+      sended_paranoid: "アカウントが存在する場合、数分後にロックを解除する方法を記載したメールをお送りします。"
+      user_not_found: "メールアドレス '%{email}' を持つユーザーが見つかりません。"
+    confirmations:
+      sended: "'%{email}' にアカウントの確認方法を記載したメールが送信されました。"
+      sended_paranoid: "すでにメールアドレスがデータベースに登録されている場合、数分後にメールアドレスの確認方法を記載したメールをお送りします。"
+      user_not_found: "メールアドレス '%{email}' を持つユーザーが見つかりません。"
+      missing_email: "メールアドレスが与えられていません。"
+
   errors:
     messages:
       validate_sign_up_params: "リクエストボディに適切なアカウント新規登録データを送信してください。"
       validate_account_update_params: "リクエストボディに適切なアカウント更新のデータを送信してください。"
-      not_email: "はメールアドレスではありません"
+      not_email: "は有効ではありません"
   devise:
     mailer:
       confirmation_instructions:
         confirm_link_msg: "下記のリンクからアカウントを有効化できます:"
         confirm_account_link: "アカウントを有効化する"
       reset_password_instructions:
-        request_reset_link_msg: "パスワード変更のリクエストが送信されました。下記のリンクからパスワードの変更をできます。"
+        request_reset_link_msg: "パスワード変更のリクエストが送信されました。下記のリンクからパスワードの変更ができます。"
         password_change_link: "パスワードを変更する"
         ignore_mail_msg: "もしこの内容に覚えがない場合は、このメールを無視してください。"
         no_changes_msg: "上記のリンクにアクセスして新しいパスワードを作成するまで、現在のパスワードは変更されません。"