Upgrade devise and devise-two-factor, remove devise-async

Devise (3.5.4 => 4.1.1) Changelog:
https://github.com/plataformatec/devise/blob/master/CHANGELOG.md

devise-two-factor (2.0.1 => 3.0.0) Changelog:
https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md

These are reliant on each other, so they have to be upgraded together.

devise-async is no longer necessary as Devise 4.1 fixes a bug with the
ActiveJob integration.

2 files changed, 2 insertions, 2 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1429ee40bb7..144febcea12 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -232,7 +232,7 @@ class ApplicationController < ActionController::Base
   end
 
   def configure_permitted_parameters
-    devise_parameter_sanitizer.for(:sign_in) { |u| u.permit(:username, :email, :password, :login, :remember_me, :otp_attempt) }
+    devise_parameter_sanitizer.permit(:sign_in, keys: [:username, :email, :password, :login, :remember_me, :otp_attempt])
   end
 
   def hexdigest(string)
diff --git a/app/models/user.rb b/app/models/user.rb
index 6a09b78455b..b5f478b3865 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -27,7 +27,7 @@ class User < ActiveRecord::Base
   devise :two_factor_backupable, otp_number_of_backup_codes: 10
   serialize :otp_backup_codes, JSON
 
-  devise :lockable, :async, :recoverable, :rememberable, :trackable,
+  devise :lockable, :recoverable, :rememberable, :trackable,
     :validatable, :omniauthable, :confirmable, :registerable
 
   attr_accessor :force_random_password