From 986922133327c8ca983570e2c3a45259adf22bd7 Mon Sep 17 00:00:00 2001
From: Rui Venancio <rmvenancio@gmail.com>
Date: Fri, 16 Oct 2015 18:18:06 +0100
Subject: [PATCH 1/3] When you visit the change password link for the second
 time (sent by email), you should be redirected to a 404 page instead of get a
 window with a json message.

This behaviour is also required when you have a wrong password confirmtion link.
---
 .../devise_token_auth/passwords_controller.rb          |  8 +-------
 .../devise_token_auth/passwords_controller_test.rb     | 10 +++++-----
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb
index d917dbb8d..2f74c3d05 100644
--- a/app/controllers/devise_token_auth/passwords_controller.rb
+++ b/app/controllers/devise_token_auth/passwords_controller.rb
@@ -100,7 +100,7 @@ def edit
           config:         params[:config]
         }))
       else
-        render_edit_error
+        raise ActionController::RoutingError.new('Not Found')
       end
     end
 
@@ -174,12 +174,6 @@ def render_create_error
       }, status: @error_status
     end
 
-    def render_edit_error
-      render json: {
-        success: false
-      }, status: 404
-    end
-
     def render_update_error_unauthorized
       render json: {
         success: false,
diff --git a/test/controllers/devise_token_auth/passwords_controller_test.rb b/test/controllers/devise_token_auth/passwords_controller_test.rb
index a2962143c..726bd7875 100644
--- a/test/controllers/devise_token_auth/passwords_controller_test.rb
+++ b/test/controllers/devise_token_auth/passwords_controller_test.rb
@@ -122,13 +122,13 @@ class DeviseTokenAuth::PasswordsControllerTest < ActionController::TestCase
           end
 
           describe 'password reset link failure' do
-            test 'respone should return 404' do
-              xhr :get, :edit, {
-                  reset_password_token: 'bogus',
+            test 'response should return 404' do
+              assert_raises(ActionController::RoutingError) {
+                xhr :get, :edit, {
+                  reset_password_token: "bogus",
                   redirect_url: @mail_redirect_url
+                }
               }
-
-              assert_equal 404, response.status
             end
           end
 

From 9062b5e886034457128e38cc486aee4c16dc65ef Mon Sep 17 00:00:00 2001
From: Brian Carrigan <brian.carrigan@smashingboxes.com>
Date: Fri, 16 Oct 2015 15:38:51 -0400
Subject: [PATCH 2/3] Updated the usage information in the documentation.

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 976044346..787554ed5 100644
--- a/README.md
+++ b/README.md
@@ -135,16 +135,16 @@ The following routes are available for use by your client. These routes live rel
 
 | path | method | purpose |
 |:-----|:-------|:--------|
-| /    | POST   | Email registration. Accepts **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
+| /    | POST   | Email registration. Requires **`email`**, **`password`**, and **`password_confirmation`** params. A verification email will be sent to the email address provided. Accepted params can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. |
 | / | DELETE | Account deletion. This route will destroy users identified by their **`uid`** and **`auth_token`** headers. |
 | / | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are **`password`** and **`password_confirmation`**, but this can be customized using the [`devise_parameter_sanitizer`](https://github.com/plataformatec/devise#strong-parameters) system. If **`config.check_current_password_before_update`** is set to `:attributes` the **`current_password`** param is checked before any update, if it is set to `:password` the **`current_password`** param is checked only if the request updates user password. |
-| /sign_in | POST | Email authentication. Accepts **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login. |
+| /sign_in | POST | Email authentication. Requires **`email`** and **`password`** as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response. |
 | /sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. |
 | /:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. [Read more](#omniauth-authentication). |
 | /:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. [Read more](#omniauth-authentication). |
-| /validate_token | GET | Use this route to validate tokens on return visits to the client. Accepts **`uid`** and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
+| /validate_token | GET | Use this route to validate tokens on return visits to the client. Requires **`uid`**, **`client`**, and **`access-token`** as params. These values should correspond to the columns in your `User` table of the same names. |
 | /password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts **`email`** and **`redirect_url`** as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email. |
-| /password | PUT | Use this route to change users' passwords. Accepts **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
+| /password | PUT | Use this route to change users' passwords. Requires **`password`** and **`password_confirmation`** as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks **`current_password`** if **`config.check_current_password_before_update`** is not set `false` (disabled by default). |
 | /password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain **`reset_password_token`** and **`redirect_url`** params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
 
 [Jump here](#usage-cont) for more usage information.

From 0252300ebd9a1a68e7725be1687626daecfa9196 Mon Sep 17 00:00:00 2001
From: ponyesteves <ajesteves@gmail.com>
Date: Sat, 24 Oct 2015 14:29:08 -0300
Subject: [PATCH 3/3] change default message for already in use error and added
 to english and spanish translation files (en.yml and es.yml)

---
 app/models/devise_token_auth/concerns/user.rb | 2 +-
 config/locales/en.yml                         | 4 +++-
 config/locales/es.yml                         | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
index 379e225ba..4ec8053be 100644
--- a/app/models/devise_token_auth/concerns/user.rb
+++ b/app/models/devise_token_auth/concerns/user.rb
@@ -233,7 +233,7 @@ def token_validation_response
   # only validate unique email among users that registered by email
   def unique_email_user
     if provider == 'email' and self.class.where(provider: 'email', email: email).count > 0
-      errors.add(:email, :already_in_use, default: "address is already in use")
+      errors.add(:email, :already_in_use)
     end
   end
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 93434a352..ca035b555 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -27,4 +27,6 @@ en:
   errors:
     validate_sign_up_params: "Please submit proper sign up data in request body."
     validate_account_update_params: "Please submit proper account update data in request body."
-    not_email: "is not an email"
\ No newline at end of file
+    not_email: "is not an email"
+    message:
+      already_in_use: already in use
\ No newline at end of file
diff --git a/config/locales/es.yml b/config/locales/es.yml
index 9c81f9fd2..018fb6143 100644
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@@ -27,4 +27,6 @@ es:
   errors:
     validate_sign_up_params: "Los datos introducidos en la solicitud de acceso no son válidos."
     validate_account_update_params: "Los datos introducidos en la solicitud de actualización no son válidos."
-    not_email: "no es un correo electrónico"
\ No newline at end of file
+    not_email: "no es un correo electrónico"
+    messages:
+      already_in_use: ya ha sido ocupado
\ No newline at end of file