loyal_devise 2.1.2 → 2.1.3

data/.gitignore

@@ -8,3 +8,5 @@ rdoc/*
 pkg
 log
 test/tmp/*
+
+/**.gem

data/.travis.yml

@@ -1,15 +1,20 @@
+language: ruby
 script: "bundle exec rake test"
 rvm:
-  - 1.8.7
-  - 1.9.2
   - 1.9.3
-  - ree
+  - 2.0.0
+env:
+  - DEVISE_ORM=mongoid
+  - DEVISE_ORM=active_record
 gemfile:
-  - gemfiles/Gemfile.rails-3.1.x
+  - gemfiles/Gemfile.rails-3.2.x
   - Gemfile
+services:
+  - mongodb
 notifications:
-  recipients:
-    - jose.valim@plataformatec.com.br
-    - carlos@plataformatec.com.br
-    - rodrigo.flores@plataformatec.com.br
-    - rafael.franca@plataformatec.com.br
+  email: false
+  campfire:
+    on_success: change
+    on_failure: always
+    rooms:
+      - secure: "TRiqvuM4i/QmRDWjUSNitE5/P91BOzDkNl53+bZjjtxcISCswZtmECWBR7n9\n3xwqCOU1o2lfohxZ32OHOj/Nj7o+90zWJfWxcv+if0hIXRiil62M5pg0lZUd\nyJ4M5VQ0lSWo5he1OUrXhSabPJeaK3B8yT/tdh+qO5yzR+vb/jc="

data/.yardopts

@@ -0,0 +1,9 @@
+--protected
+--no-private
+--embed-mixin ClassMethods
+-
+README.md
+CHANGELOG.rdoc
+CONTRIBUTING.md
+MIT-LICENSE
+

data/CHANGELOG.rdoc

@@ -1,18 +1,73 @@
-* enhancement
-  * Default minimum password length is now 8 (by @carlosgaldino).
+== 3.0.0.rc
+
+* enhancements
+  * Rails 4 and Strong Parameters compatibility. (@carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino)
+  * Drop support for Rails < 3.2 and Ruby < 1.9.3.
+
+== 2.2.4
+
+* enhancements
+  * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3)
+  * Allow to override path after password resetting (by @worker8)
+  * Add `#skip_confirmation_notification!` method to `Confirmable`. Allows skipping confirmation email without auto-confirming. (by @gregates)
+  * allow_unconfirmed_access_for config from `:confirmable` module can be set to `nil` that means unconfirmed access for unlimited time. (by @nashby)
+  * Support Rails' token strategy on authentication (by @robhurring)
+  * Support explicitly setting the http authentication key via `config.http_authentication_key` (by @neo)
+
+* bug fix
+  * Do not redirect when accessing devise API via JSON. (by @sebastianwr)
+  * Generating scoped devise views now uses the correct scoped shared links partial instead of the default devise one (by @nashby)
+  * Fix inheriting mailer templates from `Devise::Mailer`
+  * Fix a bug when procs are used as default mailer in Devise (by @tomasv)
+
+== 2.2.3
+
+Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/
+
+* bug fix
+  * Require string conversion for all values
+
+== 2.2.2
+
+* bug fix
+  * Fix bug when checking for reconfirmable in templates
+
+== 2.2.1
+
+* bug fix
+  * Fix regression with case_insensitive_keys
+  * Fix regression when password is blank when it is invalid
+
+== 2.2.0
+
+* backwards incompatible changes
+  * `headers_for` is deprecated, customize the mailer directly instead
+  * All mailer methods now expect a second argument with delivery options
+  * Default minimum password length is now 8 (by @carlosgaldino)
+  * Support alternate sign in error message when email record does not exist (this adds a new I18n key to the locale file) (by @gabetax)
+  * DeviseController responds only to HTML requests by default (call `DeviseController.respond_to` or `ApplicationController.respond_to` to add new formats)
+  * Support Mongoid 3 onwards (by @durran)
+
+* enhancements
+  * Fix unlockable which could leak account existence on paranoid mode (by @latortuga)
   * Confirmable now has a confirm_within option to set a period while the confirmation token is still valid (by @promisedlandt)
-  * Make #set_flash_message respect i18n-set resource_name (by @latortuga)
+  * Flash messages in controller now respects `resource_name` (by @latortuga)
   * Separate `sign_in` and `sign_up` on RegistrationsController (by @rubynortheast)
   * Add autofocus to default views (by @Radagaisus)
+  * Unlock user on password reset (by @marcinb)
+  * Allow validation callbacks to apply to virtual attributes (by @latortuga)
 
 * bug fix
+  * unconfirmed_email now uses the proper e-mail on salutation
+  * Fix default email_regexp config to not allow spaces (by @kukula)
   * Fix a regression introduced on warden 1.2.1 (by @ejfinneran)
   * Properly camelize omniauth strategies (by @saizai)
   * Do not set flash messages for non navigational requests on session sign out (by @mathieul)
   * Set the proper fields as required on the lockable module (by @nickhoffman)
   * Respects Devise mailer default's reply_to (by @mrchrisadams)
-  * Properly assign resource on sign_in action (by @adammcnamara)
-  * Unlockable could leak account existence on paranoid mode (by @latortuga)
+  * Properly assign resource on `sign_in` related action (by @adammcnamara)
+  * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby)
+  * Properly handle namespaced models on Active Record generator (by @nashby)
 
 == 2.1.2
 

data/CONTRIBUTING.md

@@ -4,9 +4,11 @@
 
 2) If you find a security bug, **DO NOT** submit an issue here. Please send an e-mail to [developers@plataformatec.com.br](mailto:developers@plataformatec.com.br) instead.
 
-3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed. In case it was not, create your report including Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace.
+3) Do a small search on the issues tracker before submitting your issue to see if it was already reported / fixed.
 
-That's it! The more information you give, the more easy it becomes for us to track it down and fix it.
+4) When reporting an issue, include Rails, Devise and Warden versions. If you are getting exceptions, please include the full backtrace.
+
+That's it! The more information you give, the easier it becomes for us to track it down and fix it.
 Ideally, you should provide an application that reproduces the error or a test case to Devise's suite.
 
 Thanks!

data/Gemfile

@@ -1,8 +1,8 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 
 gemspec
 
-gem "rails", "~> 3.2.6"
+gem "rails", "~> 4.0.0.rc1"
 gem "omniauth", "~> 1.0.0"
 gem "omniauth-oauth2", "~> 1.0.0"
 gem "rdoc"
@@ -10,8 +10,8 @@ gem "rdoc"
 group :test do
   gem "omniauth-facebook"
   gem "omniauth-openid", "~> 1.0.1"
-  gem "webrat", "0.7.2", :require => false
-  gem "mocha", :require => false
+  gem "webrat", "0.7.3", :require => false
+  gem "mocha", "~> 0.13.1", :require => false
 end
 
 platforms :jruby do
@@ -22,10 +22,10 @@ end
 
 platforms :ruby do
   gem "sqlite3"
+end
 
+platforms :mri_19, :mri_20 do
   group :mongoid do
-    gem "mongo", "~> 1.3.0"
-    gem "mongoid", "~> 2.0"
-    gem "bson_ext", "~> 1.3.0"
+    gem "mongoid", github: "mongoid/mongoid", branch: "master"
   end
 end

data/Gemfile.lock

@@ -1,133 +1,141 @@
+GIT
+  remote: git://github.com/mongoid/mongoid.git
+  revision: fe7f43430580860db6d1d89cea27eda24ab60ab1
+  branch: master
+  specs:
+    mongoid (4.0.0)
+      activemodel (~> 4.0.0.rc1)
+      moped (~> 1.4.2)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.22)
+
 PATH
   remote: .
   specs:
-    loyal_devise (2.1.2)
+    devise (3.0.0.rc)
       bcrypt-ruby (~> 3.0)
-      loyal_warden (~> 2.0.0)
       orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      warden (~> 1.2.1)
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.6)
-      actionpack (= 3.2.6)
-      mail (~> 2.4.4)
-    actionpack (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
-      builder (~> 3.0.0)
+    actionmailer (4.0.0.rc1)
+      actionpack (= 4.0.0.rc1)
+      mail (~> 2.5.3)
+    actionpack (4.0.0.rc1)
+      activesupport (= 4.0.0.rc1)
+      builder (~> 3.1.0)
       erubis (~> 2.7.0)
-      journey (~> 1.0.1)
-      rack (~> 1.4.0)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.6)
-      activesupport (= 3.2.6)
-      builder (~> 3.0.0)
-    activerecord (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
-    activesupport (3.2.6)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
-    addressable (2.2.6)
-    arel (3.0.2)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.0.rc1)
+      activesupport (= 4.0.0.rc1)
+      builder (~> 3.1.0)
+    activerecord (4.0.0.rc1)
+      activemodel (= 4.0.0.rc1)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.0.rc1)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.2)
+    activesupport (4.0.0.rc1)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    arel (4.0.0)
+    atomic (1.1.8)
     bcrypt-ruby (3.0.1)
-    bson (1.5.1)
-    bson_ext (1.3.1)
-    builder (3.0.0)
+    builder (3.1.4)
     erubis (2.7.0)
-    faraday (0.7.5)
-      addressable (~> 2.2.6)
-      multipart-post (~> 1.1.3)
-      rack (>= 1.1.0, < 2)
+    faraday (0.8.7)
+      multipart-post (~> 1.1)
     hashie (1.2.0)
-    hike (1.2.1)
-    i18n (0.6.0)
-    journey (1.0.4)
-    json (1.7.3)
-    loyal_warden (2.0.0)
-      rack (>= 1.0)
-    mail (2.4.4)
+    hike (1.2.2)
+    httpauth (0.2.0)
+    i18n (0.6.4)
+    json (1.7.7)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    mail (2.5.3)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.1)
-    mime-types (1.18)
-    mocha (0.10.0)
+    mime-types (1.23)
+    minitest (4.7.4)
+    mocha (0.13.3)
       metaclass (~> 0.0.1)
-    mongo (1.3.1)
-      bson (>= 1.3.1)
-    mongoid (2.3.4)
-      activemodel (~> 3.1)
-      mongo (~> 1.3)
-      tzinfo (~> 0.3.22)
-    multi_json (1.0.4)
-    multipart-post (1.1.4)
-    nokogiri (1.5.0)
-    oauth2 (0.5.1)
-      faraday (~> 0.7.4)
-      multi_json (~> 1.0.3)
-    omniauth (1.0.1)
+    moped (1.4.5)
+    multi_json (1.7.2)
+    multipart-post (1.2.0)
+    nokogiri (1.5.9)
+    oauth2 (0.8.1)
+      faraday (~> 0.8)
+      httpauth (~> 0.1)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      rack (~> 1.2)
+    omniauth (1.0.3)
       hashie (~> 1.2)
       rack
-    omniauth-facebook (1.0.0)
-      omniauth-oauth2 (~> 1.0.0)
-    omniauth-oauth2 (1.0.0)
-      oauth2 (~> 0.5.0)
+    omniauth-facebook (1.4.0)
+      omniauth-oauth2 (~> 1.0.2)
+    omniauth-oauth2 (1.0.3)
+      oauth2 (~> 0.8.0)
       omniauth (~> 1.0)
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
+    origin (1.1.0)
     orm_adapter (0.4.0)
     polyglot (0.3.3)
-    rack (1.4.1)
-    rack-cache (1.2)
-      rack (>= 0.4)
+    rack (1.5.2)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
       ruby-openid (>= 2.1.8)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
+    rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.6)
-      actionmailer (= 3.2.6)
-      actionpack (= 3.2.6)
-      activerecord (= 3.2.6)
-      activeresource (= 3.2.6)
-      activesupport (= 3.2.6)
-      bundler (~> 1.0)
-      railties (= 3.2.6)
-    railties (3.2.6)
-      actionpack (= 3.2.6)
-      activesupport (= 3.2.6)
-      rack-ssl (~> 1.3.2)
+    rails (4.0.0.rc1)
+      actionmailer (= 4.0.0.rc1)
+      actionpack (= 4.0.0.rc1)
+      activerecord (= 4.0.0.rc1)
+      activesupport (= 4.0.0.rc1)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.0.rc1)
+      sprockets-rails (~> 2.0.0.rc4)
+    railties (4.0.0.rc1)
+      actionpack (= 4.0.0.rc1)
+      activesupport (= 4.0.0.rc1)
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (0.9.2.2)
-    rdoc (3.12)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.0.4)
+    rdoc (4.0.1)
       json (~> 1.4)
-    ruby-openid (2.1.8)
-    sprockets (2.1.3)
+    ruby-openid (2.2.3)
+    sprockets (2.9.3)
       hike (~> 1.2)
+      multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.5)
-    thor (0.15.2)
-    tilt (1.3.3)
-    treetop (1.4.10)
+    sprockets-rails (2.0.0.rc4)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.7)
+    thor (0.18.1)
+    thread_safe (0.1.0)
+      atomic
+    tilt (1.4.0)
+    treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.33)
-    webrat (0.7.2)
+    tzinfo (0.3.37)
+    warden (1.2.1)
+      rack (>= 1.0)
+    webrat (0.7.3)
       nokogiri (>= 1.2.0)
       rack (>= 1.0)
       rack-test (>= 0.5.3)
@@ -138,17 +146,15 @@ PLATFORMS
 DEPENDENCIES
   activerecord-jdbc-adapter
   activerecord-jdbcsqlite3-adapter
-  bson_ext (~> 1.3.0)
+  devise!
   jruby-openssl
-  loyal_devise!
-  mocha
-  mongo (~> 1.3.0)
-  mongoid (~> 2.0)
+  mocha (~> 0.13.1)
+  mongoid!
   omniauth (~> 1.0.0)
   omniauth-facebook
   omniauth-oauth2 (~> 1.0.0)
   omniauth-openid (~> 1.0.1)
-  rails (~> 3.2.6)
+  rails (~> 4.0.0.rc1)
   rdoc
   sqlite3
-  webrat (= 0.7.2)
+  webrat (= 0.7.3)

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2009-2012 Plataformatec. http://plataformatec.com.br
+Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,6 +1,10 @@
-## Devise
+![Devise Logo](https://raw.github.com/plataformatec/devise/master/devise.png)
 
-[![Build Status](https://secure.travis-ci.org/plataformatec/devise.png)](http://travis-ci.org/plataformatec/devise) [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/plataformatec/devise)
+By [Plataformatec](http://plataformatec.com.br/).
+
+[![Gem Version](https://fury-badge.herokuapp.com/rb/devise.png)](http://badge.fury.io/rb/devise)
+[![Build Status](https://api.travis-ci.org/plataformatec/devise.png?branch=master)](http://travis-ci.org/plataformatec/devise)
+[![Code Climate](https://codeclimate.com/github/plataformatec/devise.png)](https://codeclimate.com/github/plataformatec/devise)
 
 This README is [also available in a friendly navigable format](http://devise.plataformatec.com.br/).
 
@@ -11,7 +15,7 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-It's composed of 12 modules:
+It's composed of 11 modules:
 
 * [Database Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/DatabaseAuthenticatable): encrypts and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
 * [Token Authenticatable](http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable): signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
@@ -53,7 +57,7 @@ You can view the Devise documentation in RDoc format here:
 
 http://rubydoc.info/github/plataformatec/devise/master/frames
 
-If you need to use Devise with Rails 2.3, you can always run "gem server" from the command line after you install the gem to access the old documentation.
+If you need to use Devise with previous versions of Rails, you can always run "gem server" from the command line after you install the gem to access the old documentation.
 
 ### Example applications
 
@@ -86,7 +90,7 @@ Once you have solidified your understanding of Rails and authentication mechanis
 
 ## Getting started
 
-Devise 2.0 works with Rails 3.1 onwards. You can add it to your Gemfile with:
+Devise 3.0 works with Rails 3.2 onwards. You can add it to your Gemfile with:
 
 ```ruby
 gem 'devise'
@@ -106,7 +110,7 @@ The generator will install an initializer which describes ALL Devise's configura
 rails generate devise MODEL
 ```
 
-Replace MODEL by the class name used for the applications users, it's frequently 'User' but could also be 'Admin'. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run "rake db:migrate" as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller.
+Replace MODEL by the class name used for the applications users, it's frequently `User` but could also be `Admin`. This will create a model (if one does not exist) and configure it with default Devise modules. Next, you'll usually run `rake db:migrate` as the generator will have created a migration file (if your ORM supports them). This generator also configures your config/routes.rb file to point to the Devise controller.
 
 Note that you should re-start your app here if you've already started it. Otherwise you'll run into strange errors like users being unable to login and the route helpers being undefined.
 
@@ -139,7 +143,7 @@ user_session
 After signing in a user, confirming the account or updating the password, Devise will look for a scoped root path to redirect. Example: For a :user resource, it will use `user_root_path` if it exists, otherwise default `root_path` will be used. This means that you need to set the root inside your routes:
 
 ```ruby
-root :to => "home#index"
+root to: "home#index"
 ```
 
 You can also overwrite `after_sign_in_path_for` and `after_sign_out_path_for` to customize your redirect hooks.
@@ -172,34 +176,57 @@ devise :database_authenticatable, :registerable, :confirmable, :recoverable, :st
 
 Besides :stretches, you can define :pepper, :encryptor, :confirm_within, :remember_for, :timeout_in, :unlock_in and other values. For details, see the initializer file that was created when you invoked the "devise:install" generator described above.
 
-### Configuring multiple models
+### Strong Parameters
 
-Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps:
+When you customize your own views, you may end up adding new attributes to forms. Rails 4 moved the parameter sanitization from the model to the controller, causing Devise to handle this concern at the controller as well.
+
+There are just three actions in Devise that allows any set of parameters to be passed down to the model, therefore requiring sanitization. Their names and the permited parameters by default are:
+
+* `sign_in` (`Devise::SessionsController#new`) - Permits only the authentication keys (like `email`)
+* `sign_up` (`Devise::RegistrationsController#create`) - Permits authentication keys plus `password` and `password_confirmation`
+* `account_update` (`Devise::RegistrationsController#update`) - Permits authentication keys plus `password`, `password_confirmation` and `current_password`
+
+In case you want to customize the permitted parameters (the lazy way™) you can do with a simple before filter in your `ApplicationController`:
 
 ```ruby
-# Create a migration with the required fields
-create_table :admins do |t|
-  t.string :email
-  t.string :encrypted_password
-  t.timestamps
+class ApplicationController < ActionController::Base
+  before_filter :configure_permitted_parameters, if: :devise_controller?
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email) }
+  end
 end
+```
 
-# Inside your Admin model
-devise :database_authenticatable, :timeoutable
+If you have multiple roles, you may want to set up different parameter sanitizer per role. In this case, we recommend inheriting from `Devise::ParameterSanitizer` and add your own logic:
 
-# Inside your routes
-devise_for :admins
+```ruby
+class User::ParameterSanitizer < Devise::ParameterSanitizer
+  def sign_in
+    default_params.permit(:username, :email)
+  end
+end
+```
 
-# Inside your protected controller
-before_filter :authenticate_admin!
+And then configure your controllers to use it:
 
-# Inside your controllers and views
-admin_signed_in?
-current_admin
-admin_session
+```ruby
+class ApplicationController < ActionController::Base
+  protected
+
+  def devise_parameter_sanitizer
+    if resource_class.is_a?(User)
+      User::ParameterSanitizer.new(User, :user, params)
+    else
+      super # Use the default one
+    end
+  end
+end
 ```
 
-On the other hand, you can simply run the generator!
+The example above overrides the permitted parameters for the user to be both `:username` and `:email`. The non-lazy way to configure parameters would be by defining the before filter above in a custom controller. We detail how to configure and customize controllers in some sections below.
 
 ### Configuring views
 
@@ -223,29 +250,31 @@ rails generate devise:views users
 
 If the customization at the views level is not enough, you can customize each controller by following these steps:
 
-1) Create your custom controller, for example a Admins::SessionsController:
+1. Create your custom controller, for example a `Admins::SessionsController`:  
 
-```ruby
-class Admins::SessionsController < Devise::SessionsController
-end
-```
+    ```ruby
+    class Admins::SessionsController < Devise::SessionsController
+    end
+    ```
 
-2) Tell the router to use this controller:
+    Note that in the above example, the controller needs to be created in the `app/controller/admins/` directory.
 
-```ruby
-devise_for :admins, :controllers => { :sessions => "admins/sessions" }
-```
+2. Tell the router to use this controller:
+
+    ```ruby
+    devise_for :admins, :controllers => { :sessions => "admins/sessions" }
+    ```
 
-3) And since we changed the controller, it won't use the "devise/sessions" views, so remember to copy "devise/sessions" to "admin/sessions".
+3. And since we changed the controller, it won't use the `"devise/sessions"` views, so remember to copy `"devise/sessions"` to `"admin/sessions"`.
 
-Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call "flash[:notice]" and "flash[:alert]" as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display.
+    Remember that Devise uses flash messages to let users know if sign in was successful or failed. Devise expects your application to call `"flash[:notice]"` and `"flash[:alert]"` as appropriate. Do not print the entire flash hash, print specific keys or at least remove the `:timedout` key from the hash as Devise adds this key in some circumstances, this key is not meant for display.
 
 ### Configuring routes
 
 Devise also ships with default routes. If you need to customize them, you should probably be able to do it through the devise_for method. It accepts several options like :class_name, :path_prefix and so on, including the possibility to change path names for I18n:
 
 ```ruby
-devise_for :users, :path => "usuarios", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' }
+devise_for :users, :path => "auth", :path_names => { :sign_in => 'login', :sign_out => 'logout', :password => 'secret', :confirmation => 'verification', :unlock => 'unblock', :registration => 'register', :sign_up => 'cmon_let_me_in' }
 ```
 
 Be sure to check `devise_for` documentation for details.
@@ -330,28 +359,61 @@ sign_out @user         # sign_out(resource)
 
 There are two things that is important to keep in mind:
 
-1) These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
+1. These helpers are not going to work for integration tests driven by Capybara or Webrat. They are meant to be used with functional tests only. Instead, fill in the form or explicitly set the user in session;
 
-2) If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
+2. If you are testing Devise internal controllers or a controller that inherits from Devise's, you need to tell Devise which mapping should be used before a request. This is necessary because Devise gets this information from router, but since functional tests do not pass through the router, it needs to be told explicitly. For example, if you are testing the user scope, simply do:
 
+    ```ruby
     @request.env["devise.mapping"] = Devise.mappings[:user]
     get :new
+    ```
 
 ### Omniauth
 
-Devise comes with Omniauth support out of the box to authenticate from other providers. You can read more about Omniauth support in the wiki:
+Devise comes with Omniauth support out of the box to authenticate with other providers. To use it, just specify your omniauth configuration in `config/initializers/devise.rb`:
+
+```ruby
+config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
+```
+
+You can read more about Omniauth support in the wiki:
 
 * https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
 
-### Other ORMs
+### Configuring multiple models
 
-Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file.
+Devise allows you to set up as many roles as you want. For example, you may have a User model and also want an Admin model with just authentication and timeoutable features. If so, just follow these steps:
 
-### Migrating from other solutions
+```ruby
+# Create a migration with the required fields
+create_table :admins do |t|
+  t.string :email
+  t.string :encrypted_password
+  t.timestamps
+end
 
-Devise implements encryption strategies for Clearance, Authlogic and Restful-Authentication. To make use of these strategies, you need set the desired encryptor in the encryptor initializer config option and add :encryptable to your model. You might also need to rename your encrypted password and salt columns to match Devise's fields (encrypted_password and password_salt).
+# Inside your Admin model
+devise :database_authenticatable, :timeoutable
 
-## Troubleshooting
+# Inside your routes
+devise_for :admins
+
+# Inside your protected controller
+before_filter :authenticate_admin!
+
+# Inside your controllers and views
+admin_signed_in?
+current_admin
+admin_session
+```
+
+On the other hand, you can simply run the generator!
+
+### Other ORMs
+
+Devise supports ActiveRecord (default) and Mongoid. To choose other ORM, you just need to require it in the initializer file.
+
+## Additional information
 
 ### Heroku
 
@@ -363,8 +425,6 @@ config.assets.initialize_on_precompile = false
 
 Read more about the potential issues at http://guides.rubyonrails.org/asset_pipeline.html
 
-## Additional information
-
 ### Warden
 
 Devise is based on Warden, which is a general Rack authentication framework created by Daniel Neighman. We encourage you to read more about Warden here:
@@ -385,4 +445,6 @@ https://github.com/plataformatec/devise/contributors
 
 ## License
 
-MIT License. Copyright 2012 Plataformatec. http://plataformatec.com.br
+MIT License. Copyright 2009-2013 Plataformatec. http://plataformatec.com.br
+
+You are not granted rights or licenses to the trademarks of the Plataformatec, including without limitation the Devise name or logo.