Tidy up and update CHANGELOG.

CHANGELOG.rdoc

@@ -18,6 +18,7 @@
   * Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
   * Use ActiveModel#to_key instead of #id
   * sign_out_all_scopes now destroys the whole session
+  * Added insensitive_case_keys that automatically downcases the given keys. By default downcases only e-mail.
 
 * default behavior changes
   * sign_out_all_scopes defaults to true as security measure

lib/devise/models/database_authenticatable.rb

@@ -85,7 +85,7 @@ module Devise
       end
 
       module ClassMethods
-        Devise::Models.config(self, :pepper, :stretches, :case_insensitive_keys)
+        Devise::Models.config(self, :pepper, :stretches)
 
         # We assume this method already gets the sanitized values from the
         # DatabaseAuthenticatable strategy. If you are using this method on

lib/devise/models/validatable.rb

@@ -23,7 +23,8 @@ module Devise
 
         base.class_eval do
           validates_presence_of   :email, :if => :email_required?
-          validates_uniqueness_of :email, :scope => authentication_keys[1..-1], :case_sensitive => false, :allow_blank => true
+          validates_uniqueness_of :email, :scope => authentication_keys[1..-1],
+            :case_sensitive => case_insensitive_keys.exclude?(:email), :allow_blank => true
           validates_format_of     :email, :with  => email_regexp, :allow_blank => true
 
           with_options :if => :password_required? do |v|